summaryrefslogtreecommitdiff
path: root/user/cairo
diff options
context:
space:
mode:
authorA. Wilcox <awilcox@wilcox-tech.com>2019-06-21 23:38:53 +0000
committerA. Wilcox <awilcox@wilcox-tech.com>2019-06-21 23:38:53 +0000
commitfd45ed897742614bd2867cb46578557beb820026 (patch)
tree8eaa82bc50ad1a89272b146743ec1544163d48f3 /user/cairo
parent86d0de126ffdebdb8cee9581ce51c16a6f20b58b (diff)
parent332e0a40fabc1c4047a631273e5d5df46cbf4bb2 (diff)
downloadpackages-fd45ed897742614bd2867cb46578557beb820026.tar.gz
packages-fd45ed897742614bd2867cb46578557beb820026.tar.bz2
packages-fd45ed897742614bd2867cb46578557beb820026.tar.xz
packages-fd45ed897742614bd2867cb46578557beb820026.zip
Merge branch 'cve' into 'master'
CVE bumps: part one See merge request !249
Diffstat (limited to 'user/cairo')
-rw-r--r--user/cairo/APKBUILD13
-rw-r--r--user/cairo/CVE-2018-19876.patch30
2 files changed, 38 insertions, 5 deletions
diff --git a/user/cairo/APKBUILD b/user/cairo/APKBUILD
index 36e88f395..bfb290d7b 100644
--- a/user/cairo/APKBUILD
+++ b/user/cairo/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer:
pkgname=cairo
pkgver=1.16.0
-pkgrel=0
+pkgrel=1
pkgdesc="A vector graphics library"
url="https://cairographics.org/"
arch="all"
@@ -18,10 +18,14 @@ _ultver="2016-04-23"
source="https://cairographics.org/releases/$pkgname-$pkgver.tar.xz
fontconfig-ultimate-$_ultver.tar.gz::https://github.com/bohoomil/fontconfig-ultimate/archive/$_ultver.tar.gz
musl-stacksize.patch
+ CVE-2018-19876.patch
"
+# secfixes:
+# 1.16.0-r1:
+# - CVE-2018-19876
+
prepare() {
- cd "$builddir"
default_prepare
# infinality
@@ -32,7 +36,6 @@ prepare() {
}
build() {
- cd "$builddir"
autoreconf -vif
./configure \
--build=$CBUILD \
@@ -58,7 +61,6 @@ build() {
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
@@ -78,4 +80,5 @@ tools() {
sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz
d8185f4ec74f44c4746acf7e79bba7ff7ffd9d35bdabeb25e10b4e12825942d910931aa857f1645e5c8185bcb40a1f1ffe1e7e647428e9ea66618b2aec52fac3 fontconfig-ultimate-2016-04-23.tar.gz
-86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch"
+86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch
+9020c596caa54a2ac435d5dae0f121d36d3c3f34d487b9c1032665b1bd15813506adf31984e34b5dd328ee0e068de0627e1d061230758328cae4fa993c3a9209 CVE-2018-19876.patch"
diff --git a/user/cairo/CVE-2018-19876.patch b/user/cairo/CVE-2018-19876.patch
new file mode 100644
index 000000000..33731e4fc
--- /dev/null
+++ b/user/cairo/CVE-2018-19876.patch
@@ -0,0 +1,30 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+ free (coords);
+ free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+ free (ft_mm_var);
++#endif
+ }
+ }
+
+--
+2.21.0
+