diff options
| author | Fredrik Rinnestam <fredrik@crux.nu> | 2018-12-07 19:05:39 +0100 |
|---|---|---|
| committer | Fredrik Rinnestam <fredrik@crux.nu> | 2018-12-07 19:05:53 +0100 |
| commit | 338c32af62d1f326a02fa452873e170f85aa57c8 (patch) | |
| tree | c84578deb5be9d29c91534f96d6ae1368b749410 /cairo | |
| parent | a4704073ad3dcecb8067c77cb6825271745f1a73 (diff) | |
| download | opt-338c32af62d1f326a02fa452873e170f85aa57c8.tar.gz opt-338c32af62d1f326a02fa452873e170f85aa57c8.tar.xz | |
[notify] cairo: added patch for CVE-2018-19876
Diffstat (limited to 'cairo')
| -rw-r--r-- | cairo/.signature | 5 | ||||
| -rw-r--r-- | cairo/CVE-2018-19876.patch | 30 | ||||
| -rw-r--r-- | cairo/Pkgfile | 6 |
3 files changed, 37 insertions, 4 deletions
diff --git a/cairo/.signature b/cairo/.signature index 51eca3c96..b356d882e 100644 --- a/cairo/.signature +++ b/cairo/.signature @@ -1,7 +1,8 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/ahT5oSapCdtnpsdHrwAUFnFeMvCHzbPc+ZsHSUEAhucCrLgqbOUCm1WdGsbKfUlByOnTorbpfGZEI6J+n6qQQg= -SHA256 (Pkgfile) = b9fbbaae137a53c4936f3be9be3e5ca35ce0b6e6217bc4e6ee8421be2e049d6a +RWSE3ohX2g5d/aRdo2GC/KehluvfBx78PLXc0AEhALgCmzRD6UGCiZB/TW0M3AOTMrw3t/zA6SDoO48d18J4hJuWPTSWuEDTDwo= +SHA256 (Pkgfile) = 671d81bf11fb22522d8f2b23aa11ba1c9255edcc1ad86d4e3ebdef4d79dd127d SHA256 (.footprint) = 742a6524df8abaf10bc5b1bc5ffc934be8e2302c233bf44112a26e466fb0eb86 SHA256 (cairo-1.16.0.tar.xz) = 5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331 SHA256 (cairo-xlib-endianness.patch) = 58d39311edee6d8ddf76deac1d2e3526b4c02d4aa1f35a6ca16ff50c8e65429f SHA256 (cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff) = 4c8b8095a41f244ddfbc9b24e2f73a6fd8d697f43903617e0519b95b27b30726 +SHA256 (CVE-2018-19876.patch) = 78923093cd9b80a4d604e4141ae553f1aa4521d59a9aed8735d1e1be9cca3d99 diff --git a/cairo/CVE-2018-19876.patch b/cairo/CVE-2018-19876.patch new file mode 100644 index 000000000..c9cd71f4a --- /dev/null +++ b/cairo/CVE-2018-19876.patch @@ -0,0 +1,30 @@ +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos <cgarcia@igalia.com> +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61b4..981973f78 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + +-- +2.18.1 + diff --git a/cairo/Pkgfile b/cairo/Pkgfile index d581d1708..764da24db 100644 --- a/cairo/Pkgfile +++ b/cairo/Pkgfile @@ -5,15 +5,17 @@ name=cairo version=1.16.0 -release=1 +release=2 source=(https://cairographics.org/releases/cairo-$version.tar.xz cairo-xlib-endianness.patch - cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff) + cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ + CVE-2018-19876.patch) build() { cd $name-$version patch -p1 -i $SRC/cairo-xlib-endianness.patch patch -p1 -i $SRC/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff + patch -p1 -i $SRC/CVE-2018-19876.patch ./configure --prefix=/usr \ --enable-xcb=yes \ |