[ptxdist] [PATCH v3] cairo: Fix CVEs

[ptxdist] [PATCH v3] cairo: Fix CVEs

[Christian Melki]

* Plug CVEs: CVE-2017-7475, CVE-2018-19876, CVE-2019-6461,
CVE-2019-6462, CVE-2020-35492.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 ...-of-Service-Attack-due-to-Logical-Pr.patch | 32 ++++++++++
 ...76-Upstream-Status-Backport-Signed-o.patch | 36 +++++++++++
 ...tial-infinite-loop-in-function-_arc_.patch | 29 +++++++++
 ...rtion-in-function-_cairo_arc_in_dire.patch | 29 +++++++++
 .../0008-Fix-stack-buffer-overflow.patch      | 59 +++++++++++++++++++
 patches/cairo-1.16.0/series                   |  7 ++-
 6 files changed, 191 insertions(+), 1 deletion(-)
 create mode 100644 patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
 create mode 100644 patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
 create mode 100644 patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
 create mode 100644 patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
 create mode 100644 patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch

diff --git a/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch b/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
new file mode 100644
index 000000000..cc9add93c
--- /dev/null
+++ b/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
@@ -0,0 +1,32 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:03:07 +0200
+Subject: [PATCH] Cairo: Fix Denial-of-Service Attack due to Logical Problem in
+ Program
+
+https://bugs.freedesktop.org/show_bug.cgi?id=100763
+
+CVE: CVE-2017-7475
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-ft-font.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b47b1..7de310ac5531 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -1207,7 +1207,7 @@ _get_bitmap_surface (FT_Bitmap		     *bitmap,
+     width = bitmap->width;
+     height = bitmap->rows;
+ 
+-    if (width == 0 || height == 0) {
++    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ 	*surface = (cairo_image_surface_t *)
+ 	    cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ 	return (*surface)->base.status;
diff --git a/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch b/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
new file mode 100644
index 000000000..7eb9f9a9b
--- /dev/null
+++ b/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
@@ -0,0 +1,36 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:06:54 +0200
+Subject: [PATCH] CVE: CVE-2018-19876 Upstream-Status: Backport Signed-off-by:
+ Ross Burton <ross.burton@intel.com>
+
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 7de310ac5531..51eff850a924 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+         free (coords);
+         free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+         free (ft_mm_var);
++#endif
+     }
+ }
+ 
diff --git a/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch b/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
new file mode 100644
index 000000000..42fa25a1b
--- /dev/null
+++ b/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
@@ -0,0 +1,29 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:09:24 +0200
+Subject: [PATCH] There is a potential infinite-loop in function
+ _arc_error_normalized().
+
+CVE: CVE-2019-6461
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-arc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae104..f9249dbeb3c8 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+     do {
+ 	angle = M_PI / i++;
+ 	error = _arc_error_normalized (angle);
+-    } while (error > tolerance);
++    } while (error > tolerance && error > __DBL_EPSILON__);
+ 
+     return angle;
+ }
diff --git a/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch b/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
new file mode 100644
index 000000000..9a64b69c2
--- /dev/null
+++ b/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
@@ -0,0 +1,29 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:10:14 +0200
+Subject: [PATCH] There is an assertion in function _cairo_arc_in_direction().
+
+CVE: CVE-2019-6462
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-arc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index f9249dbeb3c8..1bde774a418d 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t	  *cr,
+     if (cairo_status (cr))
+         return;
+ 
+-    assert (angle_max >= angle_min);
++    if (angle_max < angle_min)
++       return;
+ 
+     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ 	angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch b/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch
new file mode 100644
index 000000000..2ed134b8b
--- /dev/null
+++ b/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch
@@ -0,0 +1,59 @@
+From: Christian Melki <christian.melki@t2data.com>
+Date: Tue, 17 May 2022 11:10:57 +0200
+Subject: [PATCH] Fix stack buffer overflow.
+
+CVE: CVE-2020-35492
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 16:48:19 +0100
+Subject: [PATCH] Fix mask usage in image-compositor
+
+The patch was imported from the Yocto project.
+
+Signed-off-by: Christian Melki <christian.melki@t2data.com>
+---
+ src/cairo-image-compositor.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index bbf4cf2281da..2352c478e6f0 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ 		    unsigned num_spans)
+ {
+     cairo_image_span_renderer_t *r = abstract_renderer;
+-    uint8_t *m;
++    uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+     int x0;
+ 
+     if (num_spans == 0)
+ 	return CAIRO_STATUS_SUCCESS;
+ 
+     x0 = spans[0].x;
+-    m = r->_buf;
++    m = base;
+     do {
+ 	int len = spans[1].x - spans[0].x;
+ 	if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ 				      spans[0].x, y,
+ 				      spans[1].x - spans[0].x, h);
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else if (spans[0].coverage == 0x0) {
+ 	    if (spans[0].x != x0) {
+@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ #endif
+ 	    }
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else {
+ 	    *m++ = spans[0].coverage;
diff --git a/patches/cairo-1.16.0/series b/patches/cairo-1.16.0/series
index dc125547f..0904871d9 100644
--- a/patches/cairo-1.16.0/series
+++ b/patches/cairo-1.16.0/series
@@ -3,4 +3,9 @@
 0001-only-build-GL-surface-tests-if-GLX-is-enabled.patch
 0002-Makefile.sources-move-font-variations.c-a-test-code-.patch
 0003-regrouping-of-test-sources-with-new-fc_font_test_sou.patch
-# dfb78163a7d65338b42965982e516176  - git-ptx-patches magic
+0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
+0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
+0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
+0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
+0008-Fix-stack-buffer-overflow.patch
+# 1e1d9f93062b124d13fb5d535d4df3e1  - git-ptx-patches magic
-- 
2.34.1

Re: [ptxdist] [APPLIED] cairo: Fix CVEs

[Michael Olbrich]

Thanks, applied as 0f6b26a4fede60cbbd05adc5a96807951ec80632.

Michael

[sent from post-receive hook]

On Wed, 25 May 2022 11:45:18 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> * Plug CVEs: CVE-2017-7475, CVE-2018-19876, CVE-2019-6461,
> CVE-2019-6462, CVE-2020-35492.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20220518082005.1474409-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch b/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
> new file mode 100644
> index 000000000000..cc9add93cc7b
> --- /dev/null
> +++ b/patches/cairo-1.16.0/0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
> @@ -0,0 +1,32 @@
> +From: Christian Melki <christian.melki@t2data.com>
> +Date: Tue, 17 May 2022 11:03:07 +0200
> +Subject: [PATCH] Cairo: Fix Denial-of-Service Attack due to Logical Problem in
> + Program
> +
> +https://bugs.freedesktop.org/show_bug.cgi?id=100763
> +
> +CVE: CVE-2017-7475
> +Upstream-Status: Submitted
> +
> +Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
> +
> +The patch was imported from the Yocto project.
> +
> +Signed-off-by: Christian Melki <christian.melki@t2data.com>
> +---
> + src/cairo-ft-font.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
> +index 325dd61b47b1..7de310ac5531 100644
> +--- a/src/cairo-ft-font.c
> ++++ b/src/cairo-ft-font.c
> +@@ -1207,7 +1207,7 @@ _get_bitmap_surface (FT_Bitmap		     *bitmap,
> +     width = bitmap->width;
> +     height = bitmap->rows;
> + 
> +-    if (width == 0 || height == 0) {
> ++    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
> + 	*surface = (cairo_image_surface_t *)
> + 	    cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
> + 	return (*surface)->base.status;
> diff --git a/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch b/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
> new file mode 100644
> index 000000000000..7eb9f9a9b14b
> --- /dev/null
> +++ b/patches/cairo-1.16.0/0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
> @@ -0,0 +1,36 @@
> +From: Christian Melki <christian.melki@t2data.com>
> +Date: Tue, 17 May 2022 11:06:54 +0200
> +Subject: [PATCH] CVE: CVE-2018-19876 Upstream-Status: Backport Signed-off-by:
> + Ross Burton <ross.burton@intel.com>
> +
> +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
> +From: Carlos Garcia Campos <cgarcia@igalia.com>
> +Date: Mon, 19 Nov 2018 12:33:07 +0100
> +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
> + cairo_ft_apply_variations
> +
> +Fixes a crash when using freetype >= 2.9
> +
> +The patch was imported from the Yocto project.
> +
> +Signed-off-by: Christian Melki <christian.melki@t2data.com>
> +---
> + src/cairo-ft-font.c | 4 ++++
> + 1 file changed, 4 insertions(+)
> +
> +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
> +index 7de310ac5531..51eff850a924 100644
> +--- a/src/cairo-ft-font.c
> ++++ b/src/cairo-ft-font.c
> +@@ -2393,7 +2393,11 @@ skip:
> + done:
> +         free (coords);
> +         free (current_coords);
> ++#if HAVE_FT_DONE_MM_VAR
> ++        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
> ++#else
> +         free (ft_mm_var);
> ++#endif
> +     }
> + }
> + 
> diff --git a/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch b/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
> new file mode 100644
> index 000000000000..42fa25a1b51c
> --- /dev/null
> +++ b/patches/cairo-1.16.0/0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
> @@ -0,0 +1,29 @@
> +From: Christian Melki <christian.melki@t2data.com>
> +Date: Tue, 17 May 2022 11:09:24 +0200
> +Subject: [PATCH] There is a potential infinite-loop in function
> + _arc_error_normalized().
> +
> +CVE: CVE-2019-6461
> +Upstream-Status: Pending
> +Signed-off-by: Ross Burton <ross.burton@intel.com>
> +
> +The patch was imported from the Yocto project.
> +
> +Signed-off-by: Christian Melki <christian.melki@t2data.com>
> +---
> + src/cairo-arc.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/cairo-arc.c b/src/cairo-arc.c
> +index 390397bae104..f9249dbeb3c8 100644
> +--- a/src/cairo-arc.c
> ++++ b/src/cairo-arc.c
> +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
> +     do {
> + 	angle = M_PI / i++;
> + 	error = _arc_error_normalized (angle);
> +-    } while (error > tolerance);
> ++    } while (error > tolerance && error > __DBL_EPSILON__);
> + 
> +     return angle;
> + }
> diff --git a/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch b/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
> new file mode 100644
> index 000000000000..9a64b69c2d0a
> --- /dev/null
> +++ b/patches/cairo-1.16.0/0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
> @@ -0,0 +1,29 @@
> +From: Christian Melki <christian.melki@t2data.com>
> +Date: Tue, 17 May 2022 11:10:14 +0200
> +Subject: [PATCH] There is an assertion in function _cairo_arc_in_direction().
> +
> +CVE: CVE-2019-6462
> +Upstream-Status: Pending
> +Signed-off-by: Ross Burton <ross.burton@intel.com>
> +
> +The patch was imported from the Yocto project.
> +
> +Signed-off-by: Christian Melki <christian.melki@t2data.com>
> +---
> + src/cairo-arc.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/src/cairo-arc.c b/src/cairo-arc.c
> +index f9249dbeb3c8..1bde774a418d 100644
> +--- a/src/cairo-arc.c
> ++++ b/src/cairo-arc.c
> +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t	  *cr,
> +     if (cairo_status (cr))
> +         return;
> + 
> +-    assert (angle_max >= angle_min);
> ++    if (angle_max < angle_min)
> ++       return;
> + 
> +     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
> + 	angle_max = fmod (angle_max - angle_min, 2 * M_PI);
> diff --git a/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch b/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch
> new file mode 100644
> index 000000000000..2ed134b8b9a0
> --- /dev/null
> +++ b/patches/cairo-1.16.0/0008-Fix-stack-buffer-overflow.patch
> @@ -0,0 +1,59 @@
> +From: Christian Melki <christian.melki@t2data.com>
> +Date: Tue, 17 May 2022 11:10:57 +0200
> +Subject: [PATCH] Fix stack buffer overflow.
> +
> +CVE: CVE-2020-35492
> +Upstream-Status: Backport
> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> +
> +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
> +From: Heiko Lewin <heiko.lewin@worldiety.de>
> +Date: Tue, 15 Dec 2020 16:48:19 +0100
> +Subject: [PATCH] Fix mask usage in image-compositor
> +
> +The patch was imported from the Yocto project.
> +
> +Signed-off-by: Christian Melki <christian.melki@t2data.com>
> +---
> + src/cairo-image-compositor.c | 8 ++++----
> + 1 file changed, 4 insertions(+), 4 deletions(-)
> +
> +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
> +index bbf4cf2281da..2352c478e6f0 100644
> +--- a/src/cairo-image-compositor.c
> ++++ b/src/cairo-image-compositor.c
> +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
> + 		    unsigned num_spans)
> + {
> +     cairo_image_span_renderer_t *r = abstract_renderer;
> +-    uint8_t *m;
> ++    uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
> +     int x0;
> + 
> +     if (num_spans == 0)
> + 	return CAIRO_STATUS_SUCCESS;
> + 
> +     x0 = spans[0].x;
> +-    m = r->_buf;
> ++    m = base;
> +     do {
> + 	int len = spans[1].x - spans[0].x;
> + 	if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
> +@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
> + 				      spans[0].x, y,
> + 				      spans[1].x - spans[0].x, h);
> + 
> +-	    m = r->_buf;
> ++	    m = base;
> + 	    x0 = spans[1].x;
> + 	} else if (spans[0].coverage == 0x0) {
> + 	    if (spans[0].x != x0) {
> +@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
> + #endif
> + 	    }
> + 
> +-	    m = r->_buf;
> ++	    m = base;
> + 	    x0 = spans[1].x;
> + 	} else {
> + 	    *m++ = spans[0].coverage;
> diff --git a/patches/cairo-1.16.0/series b/patches/cairo-1.16.0/series
> index dc125547febc..0904871d96f6 100644
> --- a/patches/cairo-1.16.0/series
> +++ b/patches/cairo-1.16.0/series
> @@ -3,4 +3,9 @@
>  0001-only-build-GL-surface-tests-if-GLX-is-enabled.patch
>  0002-Makefile.sources-move-font-variations.c-a-test-code-.patch
>  0003-regrouping-of-test-sources-with-new-fc_font_test_sou.patch
> -# dfb78163a7d65338b42965982e516176  - git-ptx-patches magic
> +0004-Cairo-Fix-Denial-of-Service-Attack-due-to-Logical-Pr.patch
> +0005-CVE-CVE-2018-19876-Upstream-Status-Backport-Signed-o.patch
> +0006-There-is-a-potential-infinite-loop-in-function-_arc_.patch
> +0007-There-is-an-assertion-in-function-_cairo_arc_in_dire.patch
> +0008-Fix-stack-buffer-overflow.patch
> +# 1e1d9f93062b124d13fb5d535d4df3e1  - git-ptx-patches magic
> diff --git a/rules/host-cairo.make b/rules/host-cairo.make
> index e49ab9a6f4c4..aa5c24cec8a0 100644
> --- a/rules/host-cairo.make
> +++ b/rules/host-cairo.make
> @@ -25,9 +25,6 @@ HOST_CAIRO_CONF_OPT	:= \
>  	$(HOST_AUTOCONF) \
>  	--enable-shared \
>  	--disable-static \
> -	--disable-gtk-doc \
> -	--disable-gtk-doc-html \
> -	--disable-gtk-doc-pdf \
>  	--enable-atomic \
>  	--disable-gcov \
>  	--disable-valgrind \