From d32338a9ed13fb5b44f38a4c6dbfc7407bc6739a Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 21 Jun 2019 10:09:22 -0400 Subject: user/cairo: patch for CVE-2018-19876 --- user/cairo/APKBUILD | 13 ++++++++----- user/cairo/CVE-2018-19876.patch | 30 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 user/cairo/CVE-2018-19876.patch (limited to 'user/cairo') diff --git a/user/cairo/APKBUILD b/user/cairo/APKBUILD index 36e88f395..bfb290d7b 100644 --- a/user/cairo/APKBUILD +++ b/user/cairo/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: pkgname=cairo pkgver=1.16.0 -pkgrel=0 +pkgrel=1 pkgdesc="A vector graphics library" url="https://cairographics.org/" arch="all" @@ -18,10 +18,14 @@ _ultver="2016-04-23" source="https://cairographics.org/releases/$pkgname-$pkgver.tar.xz fontconfig-ultimate-$_ultver.tar.gz::https://github.com/bohoomil/fontconfig-ultimate/archive/$_ultver.tar.gz musl-stacksize.patch + CVE-2018-19876.patch " +# secfixes: +# 1.16.0-r1: +# - CVE-2018-19876 + prepare() { - cd "$builddir" default_prepare # infinality @@ -32,7 +36,6 @@ prepare() { } build() { - cd "$builddir" autoreconf -vif ./configure \ --build=$CBUILD \ @@ -58,7 +61,6 @@ build() { } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -78,4 +80,5 @@ tools() { sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz d8185f4ec74f44c4746acf7e79bba7ff7ffd9d35bdabeb25e10b4e12825942d910931aa857f1645e5c8185bcb40a1f1ffe1e7e647428e9ea66618b2aec52fac3 fontconfig-ultimate-2016-04-23.tar.gz -86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch" +86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch +9020c596caa54a2ac435d5dae0f121d36d3c3f34d487b9c1032665b1bd15813506adf31984e34b5dd328ee0e068de0627e1d061230758328cae4fa993c3a9209 CVE-2018-19876.patch" diff --git a/user/cairo/CVE-2018-19876.patch b/user/cairo/CVE-2018-19876.patch new file mode 100644 index 000000000..33731e4fc --- /dev/null +++ b/user/cairo/CVE-2018-19876.patch @@ -0,0 +1,30 @@ +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61b4..981973f78 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + +-- +2.21.0 + -- cgit v1.2.3-70-g09d2