From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 18 May 2022 10:20:38 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nrEv7-0008oT-Py for lore@lore.pengutronix.de; Wed, 18 May 2022 10:20:38 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nrEv6-0003mv-LJ; Wed, 18 May 2022 10:20:36 +0200 Received: from mail-eopbgr80088.outbound.protection.outlook.com ([40.107.8.88] helo=EUR04-VI1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nrEul-0003mQ-M0 for ptxdist@pengutronix.de; Wed, 18 May 2022 10:20:17 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bucwPg+hrB13eCiZxsi+KEAdjM7hPTsaBGAI50NuSIhjPcshptC9Tnw542a/GjTX9H3eaKJb4OTFHM+syr5PxdlicKkx4HBM45V/baLMUDpNg4LtPEZuuSfWHsi25WByHATn1dG7kB1s5PZ9zPVGvo2KuxBUqt0V6JL5yBBH7QWnF+QjyosfMpGC0BFEszanPdnRhlT6e9cr691lcyLnnMMjgUOtAH5J2N3i27E4dPxXp046dP/1zCY26zSqe951QN7WOvfgju2i3AOitJsH8+uNI3AoIh6GDJgHUxCDUxE8kGtKw/i8aDInranE2fTWC8OzNzL//wPjUd+rOHA74A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tf+GJn8a6jCazENZDrjKQhC4CywQ3dLdWdHqyhHC3Yg=; b=CNW3FDaIxSSus8lLP8rTsOgsGeGUXDoARpKCavmLc/p+/hYJSGaWsKQ3/mee2fHqun3U7WukGWz9u1Z/abB6UwI1/h/O+M9mnkZsH2Pj8y0vjmG648vgaTt0i+mOW7GcbNY5RXzK9Q8TppoGPYisJKKlL1DWia/PszUmjdkBvY8ZqskfO0ppnghYRAQeyaZ6LPYR5eB2qpBOTFee+fiBHZ/G+hjicZtZCcqXGbS81SzBJe6rgHOEWG6Bmte1B0RyiME8tZZ2gK+iRGJhzltxSo29EpumjWCpMewN6Gor18nkUxuFN/DZ1iHJeQdxAzuLM4+/rcBH+GTyZQm0Ks7ORA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tf+GJn8a6jCazENZDrjKQhC4CywQ3dLdWdHqyhHC3Yg=; b=EU1QG6gk8gozAQaaUrzvPyYbPrJecN2SByV71C1d9cPKFXBsk0TbSHzNK6TM2loQ0GEH1HLk8KaJ93byio50MdCmYylmnozq9fZyS/XanWtijPkFnAFoO4GIXpeqcf8QTgySjFQl4SmMWBbDD5Izi38bRXB3HML01c76VBvupgU= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AS8P251MB0807.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:524::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.18; Wed, 18 May 2022 08:20:13 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af%9]) with mapi id 15.20.5273.014; Wed, 18 May 2022 08:20:12 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Wed, 18 May 2022 10:20:05 +0200 Message-Id: <20220518082005.1474409-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: OL1P279CA0004.NORP279.PROD.OUTLOOK.COM (2603:10a6:e10:12::9) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5a9d3f4d-dfba-46ab-fb3b-08da38a73af0 X-MS-TrafficTypeDiagnostic: AS8P251MB0807:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 96rM2YonOUPtCPkeS1pg3OHWeQ/iNNzQy2gDm5Cvh57GX+q9bLnjmNKOg9E2VK66Ql1EL/xUwxnaJZja0J4bFhcKe/TpLFlBpTh+aZlVmjOQQcV3Qm5psYgB43OB7SAma81MGYelj49UQdONrYq58SahgKGio7uuSaH4ibjcLbAyedk6yFymBHBxwvmfVwi8zXjB57OSC7TUN9OIwVIZK2Tgu+t7mj6cD7pKaGzSHJSzCjrZqj7XbBT1aM8Qwcrz2thck/vunHpM3FuRfM2JlEJ0F13lFnj2KLGPGCRwdt1Wad8WDY6wPtdLMwaIuQ4GKa36FmIE8x/qXPMKLCW0xp5plfJbWLb6n8j8/PCCvOByQ41S4z3lre+vqfpwc/eIAO6bq4W2qI1nXA2V4i0XQENl3qy7Fkq1qZUHU1u4J42TydmQdSXdz9UJw0EfrONaBTv1yTdRUQSLFRw00Ua3OUVZc3SzSHxHWEO9WppKqJUv1jqWIKTSqLBz+s9ayRrXiXWkAFyHB3tH010IO3Ftw5HZtys3paEnhF9FhvZnUaP1fezWlcz3lytdgAqgdpjoDNTGo8CM4Z3O6ROuNpF6X/hEls4h0A9z8rvSvP29mtO9pBuJ13egSDE3kbKOssIN5btnkzFYUOeTk83O6Jd2tqUSA4RmHQYq89kcPftvvZlhyr+609JrZxd3tCbqAPRQ78FM4BXl2I/XAFJzgF3E4w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(396003)(39830400003)(346002)(376002)(136003)(366004)(316002)(36756003)(2906002)(8936002)(186003)(1076003)(52116002)(6666004)(508600001)(6506007)(83380400001)(6486002)(38350700002)(2616005)(44832011)(86362001)(66946007)(66476007)(5660300002)(38100700002)(6916009)(26005)(66556008)(41300700001)(8676002)(19627235002)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?tTdGSSFMvd+f7CR+fnqXqHhC8g3QGdmWnDSshtq71Dk3NrEgBUd07Rm/7qlX?= =?us-ascii?Q?AybL+WLs8HEhi9Of3PsDMVpfwe6CzlpEQ7UR2H9HHNKMLRGRr6KyT+P6jyzI?= =?us-ascii?Q?xr0ZYmpb4Uq0fuIMO8wBzEK1H9A/iPaYgv3mq07iDxA07uYx9KsPYONcDPuB?= =?us-ascii?Q?qgZun733GAMASMnlMtTgNNHUjjV4YKf/kHFh2k4OVBov2H9h9E5jYuE8euS3?= =?us-ascii?Q?d23cwOng3lHjx0SQYdrUi7NIXi2hyjs4mzG8W2fsrmSmfXrjV6Pc/Wcr8VUB?= =?us-ascii?Q?/7e83+mnMaZmiFNaGZ039tWY0fJd7OiRfgcNiNV7917qdbnZ8qMJpcXy4MGn?= =?us-ascii?Q?8ESte4xIeRV2oFY3TJHyHj2jiCDGW/vfEDTCCX1frm1jsPX6elPhNjbQAd8H?= =?us-ascii?Q?RXz7t/mEqhdyHFA0c+Wstc9Fn+p6BiB8a7xHYbn0n2kKCz3V/ituvcC4qXQP?= =?us-ascii?Q?xT8ozKYXpMHOPEBkplUSDRtzK0WrxvfROpfOXJwwKe4TeMIzwKZjh/lvu/TK?= =?us-ascii?Q?pz7tlYowGeKeIBp4QlrCgtct+Mr7cjWDxNJN0Nl82SLLdbW7cpc4CXj4ghcI?= =?us-ascii?Q?K45w0amBOk//Z1Luhg4edo1Ul9VeyqjlL5VuTQueBLIfFkhw1GY8SKYoqOxS?= =?us-ascii?Q?bZs9KKrO2dFEQRaRR2NXrIORtSvoqZir9wJtyZCsh0LbErpeLVFriToNkYY9?= =?us-ascii?Q?Qm1owysX3k/5Qi9sQulLA+9e8Lg8ypLWRECrWYLtcAbauNGExYmsYBN1DL4s?= =?us-ascii?Q?KC6kN3lyuHsJwoT7OcGaFh8cD9U1BVy5qbzFbpVpPU4qhNa5XUdnoXgq9w5u?= =?us-ascii?Q?7flBRJ1cBdu6Q0dGFEoKZCS2j+LEzh6uWW2mLccRc7W4wYwsdovJK67bOwcU?= =?us-ascii?Q?WSkpW02GFPwkViL++8iQkQBtVFxzeNKSNhKozjkCjlZAg8puwaxxKzOk4pEj?= =?us-ascii?Q?V+0MIJYGc1YGVzxqAaY3M7kmOcUqxyB64ObtZwbZT5zBcORa2ADoUJeiLw56?= =?us-ascii?Q?ac1if9TVv1xWSO8jNZ+u/3uwKLj6tINlfBPTAQTbo/uQqbx9NIexpLoY3aHl?= =?us-ascii?Q?yWsndPez5q3gjbsdaz3A4c+mYYHRiereUNWJQbMMG8C0ySHsptj8UMxGurso?= =?us-ascii?Q?UNjjlXgHdegQEhWMId8K7jGgVv0JIfPDtPhU1bfhMHs4y8GtVtmGvIK2knlj?= =?us-ascii?Q?21OeN4bicZ9Vf5lcv3uu23OtONIkGURWPXTmUwngcev3PvoaOdy1Vf6TC17V?= =?us-ascii?Q?oc6zevqGIuTdSKU2V+kj8N3HVTp7y7be1sEPQGihjGNE1dPoXCmAkS0OXlbV?= =?us-ascii?Q?OKPUy2Y5aMbPTEjTb60QsSknXVVRHJzmZ5HqZ0jJuJpLWgLyvuBoKgP5OG/m?= =?us-ascii?Q?QcxMQOvNjmLhr0SSmjMb1IX3enuI1FSgaIFuPFcVGHzBxVqM+UDxZIbi/D0x?= =?us-ascii?Q?37PydaGfdQ9cfNuHc/TIQ1jrLEipn169sfOGpPmIPJI7Z2AjSSqZAzPxMYNh?= =?us-ascii?Q?9SmNkPtVQRB5Vz//PohsoHa+QoWfxR1Ggsr4DOh5zl9kRUsA7RIPFW/wE3qn?= =?us-ascii?Q?Y875E9Thx2NkBHQVFIBB2Fj/UeISdgOxTqVRAVV3VX1DUlb1+z0k1DnWgwvg?= =?us-ascii?Q?Sd7mU+AtjpbxDDl/X6S1PfXz3BumuqTggwrG/riSeqmt01zRDpMLsNErTmXU?= =?us-ascii?Q?Lq4OlNwlB/gD481ZKYwz28tcooG75EEMkzFYy/V4couJRqblpVw9fnJjK0nU?= =?us-ascii?Q?lDk5IlpW8NFUfltRNzBZ7DPe/1GO310=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a9d3f4d-dfba-46ab-fb3b-08da38a73af0 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2022 08:20:12.7475 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZqFNAFWXA3qbZ72tuzncbjyLZ8YYEgvJunCMVLZ+1tm+dWgC+xEuQ3MQ5oCFZ95D85cqjsFtc/s20L61GD6Jsya8M2+IzTa2Is+zkC9zSv4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P251MB0807 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH v3] cairo: Fix CVEs X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false * Plug CVEs: CVE-2017-7475, CVE-2018-19876, CVE-2019-6461, CVE-2019-6462, CVE-2020-35492. Signed-off-by: Christian Melki --- ...-of-Service-Attack-due-to-Logical-Pr.patch | 32 ++++++++++ ...76-Upstream-Status-Backport-Signed-o.patch | 36 +++++++++++ ...tial-infinite-loop-in-function-_arc_.patch | 29 +++++++++ ...rtion-in-function-_cairo_arc_in_dire.patch | 29 +++++++++ .../0008-Fix-stack-buffer-overflow.patch | 59 +++++++++++++++++++ patches/cairo-1.16.0/series | 7 ++- 6 files changed, 191 insertions(+), 1 deletion(-) create mode 100644 patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch create mode 100644 patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch create mode 100644 patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch create mode 100644 patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch create mode 100644 patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch diff --git a/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch b/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch new file mode 100644 index 000000000..cc9add93c --- /dev/null +++ b/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch @@ -0,0 +1,32 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:03:07 +0200 +Subject: [PATCH] Cairo: Fix Denial-of-Service Attack due to Logical Problem in + Program + +https://bugs.freedesktop.org/show_bug.cgi?id=100763 + +CVE: CVE-2017-7475 +Upstream-Status: Submitted + +Signed-off-by: Fan Xin + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-ft-font.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61b47b1..7de310ac5531 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -1207,7 +1207,7 @@ _get_bitmap_surface (FT_Bitmap *bitmap, + width = bitmap->width; + height = bitmap->rows; + +- if (width == 0 || height == 0) { ++ if (width == 0 || height == 0 || bitmap->buffer == NULL) { + *surface = (cairo_image_surface_t *) + cairo_image_surface_create_for_data (NULL, format, 0, 0, 0); + return (*surface)->base.status; diff --git a/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch b/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch new file mode 100644 index 000000000..7eb9f9a9b --- /dev/null +++ b/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch @@ -0,0 +1,36 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:06:54 +0200 +Subject: [PATCH] CVE: CVE-2018-19876 Upstream-Status: Backport Signed-off-by: + Ross Burton + +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 7de310ac5531..51eff850a924 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + diff --git a/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch b/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch new file mode 100644 index 000000000..42fa25a1b --- /dev/null +++ b/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch @@ -0,0 +1,29 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:09:24 +0200 +Subject: [PATCH] There is a potential infinite-loop in function + _arc_error_normalized(). + +CVE: CVE-2019-6461 +Upstream-Status: Pending +Signed-off-by: Ross Burton + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-arc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index 390397bae104..f9249dbeb3c8 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && error > __DBL_EPSILON__); + + return angle; + } diff --git a/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch b/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch new file mode 100644 index 000000000..9a64b69c2 --- /dev/null +++ b/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch @@ -0,0 +1,29 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:10:14 +0200 +Subject: [PATCH] There is an assertion in function _cairo_arc_in_direction(). + +CVE: CVE-2019-6462 +Upstream-Status: Pending +Signed-off-by: Ross Burton + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-arc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index f9249dbeb3c8..1bde774a418d 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; + +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; + + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch b/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch new file mode 100644 index 000000000..2ed134b8b --- /dev/null +++ b/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch @@ -0,0 +1,59 @@ +From: Christian Melki +Date: Tue, 17 May 2022 11:10:57 +0200 +Subject: [PATCH] Fix stack buffer overflow. + +CVE: CVE-2020-35492 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +The patch was imported from the Yocto project. + +Signed-off-by: Christian Melki +--- + src/cairo-image-compositor.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index bbf4cf2281da..2352c478e6f0 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; diff --git a/patches/cairo-1.16.0/series b/patches/cairo-1.16.0/series index dc125547f..0904871d9 100644 --- a/patches/cairo-1.16.0/series +++ b/patches/cairo-1.16.0/series @@ -3,4 +3,9 @@ 0001-only-build-GL-surface-tests-if-GLX-is-enabled.patch 0002-Makefile.sources-move-font-variations.c-a-test-code-.patch 0003-regrouping-of-test-sources-with-new-fc_font_test_sou.patch -# dfb78163a7d65338b42965982e516176 - git-ptx-patches magic +0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch +0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch +0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch +0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch +0008-Fix-stack-buffer-overflow.patch +# 1e1d9f93062b124d13fb5d535d4df3e1 - git-ptx-patches magic -- 2.34.1