diff options
author | A. Wilcox <awilcox@wilcox-tech.com> | 2019-06-21 23:38:53 +0000 |
---|---|---|
committer | A. Wilcox <awilcox@wilcox-tech.com> | 2019-06-21 23:38:53 +0000 |
commit | fd45ed897742614bd2867cb46578557beb820026 (patch) | |
tree | 8eaa82bc50ad1a89272b146743ec1544163d48f3 /user/cairo | |
parent | 86d0de126ffdebdb8cee9581ce51c16a6f20b58b (diff) | |
parent | 332e0a40fabc1c4047a631273e5d5df46cbf4bb2 (diff) | |
download | packages-fd45ed897742614bd2867cb46578557beb820026.tar.gz packages-fd45ed897742614bd2867cb46578557beb820026.tar.bz2 packages-fd45ed897742614bd2867cb46578557beb820026.tar.xz packages-fd45ed897742614bd2867cb46578557beb820026.zip |
Merge branch 'cve' into 'master'
CVE bumps: part one
See merge request !249
Diffstat (limited to 'user/cairo')
-rw-r--r-- | user/cairo/APKBUILD | 13 | ||||
-rw-r--r-- | user/cairo/CVE-2018-19876.patch | 30 |
2 files changed, 38 insertions, 5 deletions
diff --git a/user/cairo/APKBUILD b/user/cairo/APKBUILD index 36e88f395..bfb290d7b 100644 --- a/user/cairo/APKBUILD +++ b/user/cairo/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: pkgname=cairo pkgver=1.16.0 -pkgrel=0 +pkgrel=1 pkgdesc="A vector graphics library" url="https://cairographics.org/" arch="all" @@ -18,10 +18,14 @@ _ultver="2016-04-23" source="https://cairographics.org/releases/$pkgname-$pkgver.tar.xz fontconfig-ultimate-$_ultver.tar.gz::https://github.com/bohoomil/fontconfig-ultimate/archive/$_ultver.tar.gz musl-stacksize.patch + CVE-2018-19876.patch " +# secfixes: +# 1.16.0-r1: +# - CVE-2018-19876 + prepare() { - cd "$builddir" default_prepare # infinality @@ -32,7 +36,6 @@ prepare() { } build() { - cd "$builddir" autoreconf -vif ./configure \ --build=$CBUILD \ @@ -58,7 +61,6 @@ build() { } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -78,4 +80,5 @@ tools() { sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz d8185f4ec74f44c4746acf7e79bba7ff7ffd9d35bdabeb25e10b4e12825942d910931aa857f1645e5c8185bcb40a1f1ffe1e7e647428e9ea66618b2aec52fac3 fontconfig-ultimate-2016-04-23.tar.gz -86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch" +86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch +9020c596caa54a2ac435d5dae0f121d36d3c3f34d487b9c1032665b1bd15813506adf31984e34b5dd328ee0e068de0627e1d061230758328cae4fa993c3a9209 CVE-2018-19876.patch" diff --git a/user/cairo/CVE-2018-19876.patch b/user/cairo/CVE-2018-19876.patch new file mode 100644 index 000000000..33731e4fc --- /dev/null +++ b/user/cairo/CVE-2018-19876.patch @@ -0,0 +1,30 @@ +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos <cgarcia@igalia.com> +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61b4..981973f78 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + +-- +2.21.0 + |