pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/cairo patches for CVE-2016-9082, CVE-2017-747...
details: https://anonhg.NetBSD.org/pkgsrc/rev/22b7fbb57350
branches: trunk
changeset: 369290:22b7fbb57350
user: spz <spz%pkgsrc.org@localhost>
date: Thu Sep 28 00:57:25 2017 +0000
description:
patches for CVE-2016-9082, CVE-2017-7475 and CVE-2017-9814 from the
upstream bug database
diffstat:
graphics/cairo/Makefile.common | 3 +-
graphics/cairo/distinfo | 5 +-
graphics/cairo/patches/patch-CVE-2016-9082 | 94 +++++++++++++++++++++++++++++
graphics/cairo/patches/patch-CVE-2017-7475 | 15 ++++
graphics/cairo/patches/patch-CVE-2017-9814 | 96 ++++++++++++++++++++++++++++++
5 files changed, 211 insertions(+), 2 deletions(-)
diffs (249 lines):
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/Makefile.common
--- a/graphics/cairo/Makefile.common Thu Sep 28 00:26:49 2017 +0000
+++ b/graphics/cairo/Makefile.common Thu Sep 28 00:57:25 2017 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.common,v 1.11 2017/06/20 11:19:14 wiz Exp $
+# $NetBSD: Makefile.common,v 1.12 2017/09/28 00:57:25 spz Exp $
#
# used by graphics/cairo/Makefile
# used by graphics/cairo-gobject/Makefile
DISTNAME= cairo-1.14.10
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= http://cairographics.org/releases/
EXTRACT_SUFX= .tar.xz
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/distinfo
--- a/graphics/cairo/distinfo Thu Sep 28 00:26:49 2017 +0000
+++ b/graphics/cairo/distinfo Thu Sep 28 00:57:25 2017 +0000
@@ -1,9 +1,12 @@
-$NetBSD: distinfo,v 1.85 2017/06/20 11:19:14 wiz Exp $
+$NetBSD: distinfo,v 1.86 2017/09/28 00:57:25 spz Exp $
SHA1 (cairo-1.14.10.tar.xz) = 28c59d85d6b790c21b8b59ece73a6a1dda28d69a
RMD160 (cairo-1.14.10.tar.xz) = c50d540033688e7371b2bffbe116ea70c4d2ffc2
SHA512 (cairo-1.14.10.tar.xz) = a381d97e6046da0012eb5595118efb95ff02e3e84310682e458b503ebf22d6b2663bcc1391980768bb9cd02ae809b8df2e11d6200b48745dc5ec824c342b5852
Size (cairo-1.14.10.tar.xz) = 36251788 bytes
+SHA1 (patch-CVE-2016-9082) = b5020e37e7c5e589a47d053a9d51e26137986c12
+SHA1 (patch-CVE-2017-7475) = 0d4d8eea7cc63b959960a37fcdb0fd3ce31342e1
+SHA1 (patch-CVE-2017-9814) = 8679fb7820998a46089f1cc0e65ef5fba6b510c6
SHA1 (patch-aa) = b01bc60f77a7122b0c0d0d9b25ad512bac7c190c
SHA1 (patch-ab) = 11f7e0e59bd5c51a8fdacb48dcf2f2fefdf3b768
SHA1 (patch-ac) = 1785bbef6bcab4781bf89e1b986a7eb96e5f2b64
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/patches/patch-CVE-2016-9082
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/cairo/patches/patch-CVE-2016-9082 Thu Sep 28 00:57:25 2017 +0000
@@ -0,0 +1,94 @@
+$NetBSD: patch-CVE-2016-9082,v 1.1 2017/09/28 00:57:25 spz Exp $
+
+from https://bugs.freedesktop.org/attachment.cgi?id=127421
+
+--- boilerplate/cairo-boilerplate.c.orig 2017-06-15 22:13:55.000000000 +0000
++++ boilerplate/cairo-boilerplate.c
+@@ -42,6 +42,7 @@
+ #undef CAIRO_VERSION_H
+ #include "../cairo-version.h"
+
++#include <stddef.h>
+ #include <stdlib.h>
+ #include <ctype.h>
+ #include <assert.h>
+@@ -976,7 +977,8 @@ cairo_surface_t *
+ cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file)
+ {
+ char format;
+- int width, height, stride;
++ int width, height;
++ ptrdiff_t stride;
+ int x, y;
+ unsigned char *data;
+ cairo_surface_t *image = NULL;
+
+--- src/cairo-image-compositor.c.orig 2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-image-compositor.c
+@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_rendere
+ pixman_image_t *src, *mask;
+ union {
+ struct fill {
+- int stride;
++ ptrdiff_t stride;
+ uint8_t *data;
+ uint32_t pixel;
+ } fill;
+@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_rendere
+ struct finish {
+ cairo_rectangle_int_t extents;
+ int src_x, src_y;
+- int stride;
++ ptrdiff_t stride;
+ uint8_t *data;
+ } mask;
+ } u;
+
+--- src/cairo-image-surface-private.h.orig 2017-06-09 06:46:49.000000000 +0000
++++ src/cairo-image-surface-private.h
+@@ -71,7 +71,7 @@ struct _cairo_image_surface {
+
+ int width;
+ int height;
+- int stride;
++ ptrdiff_t stride;
+ int depth;
+
+ unsigned owns_data : 1;
+
+--- src/cairo-mesh-pattern-rasterizer.c.orig 2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-mesh-pattern-rasterizer.c
+@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int wid
+ tg += tg >> 16;
+ tb += tb >> 16;
+
+- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) |
++ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) |
+ ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24);
+ }
+ }
+
+--- src/cairo-png.c.orig 2017-06-15 21:44:32.000000000 +0000
++++ src/cairo-png.c
+@@ -671,7 +671,7 @@ read_png (struct png_read_closure_t *png
+ }
+
+ for (i = 0; i < png_height; i++)
+- row_pointers[i] = &data[i * stride];
++ row_pointers[i] = &data[i * (ptrdiff_t)stride];
+
+ png_read_image (png, row_pointers);
+ png_read_end (png, info);
+
+--- src/cairo-script-surface.c.orig 2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-script-surface.c
+@@ -1201,7 +1201,8 @@ static cairo_status_t
+ _write_image_surface (cairo_output_stream_t *output,
+ const cairo_image_surface_t *image)
+ {
+- int stride, row, width;
++ int row, width;
++ ptrdiff_t stride;
+ uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE];
+ uint8_t *rowdata;
+ uint8_t *data;
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/patches/patch-CVE-2017-7475
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/cairo/patches/patch-CVE-2017-7475 Thu Sep 28 00:57:25 2017 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-CVE-2017-7475,v 1.1 2017/09/28 00:57:25 spz Exp $
+
+from https://bugs.freedesktop.org/attachment.cgi?id=131213
+
+--- src/cairo-ft-font.c.orig 2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-ft-font.c
+@@ -1146,7 +1146,7 @@ _get_bitmap_surface (FT_Bitmap *bi
+ width = bitmap->width;
+ height = bitmap->rows;
+
+- if (width == 0 || height == 0) {
++ if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ *surface = (cairo_image_surface_t *)
+ cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ return (*surface)->base.status;
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/patches/patch-CVE-2017-9814
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/cairo/patches/patch-CVE-2017-9814 Thu Sep 28 00:57:25 2017 +0000
@@ -0,0 +1,96 @@
+$NetBSD: patch-CVE-2017-9814,v 1.1 2017/09/28 00:57:25 spz Exp $
+
+relevant part of https://bugs.freedesktop.org/attachment.cgi?id=132563
+
+--- src/cairo-truetype-subset.c.orig 2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-truetype-subset.c
+@@ -187,7 +187,7 @@ _cairo_truetype_font_create (cairo_scale
+ if (unlikely (status))
+ return status;
+
+- font = malloc (sizeof (cairo_truetype_font_t));
++ font = _cairo_malloc (sizeof (cairo_truetype_font_t));
+ if (unlikely (font == NULL))
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+
+@@ -236,7 +236,7 @@ _cairo_truetype_font_create (cairo_scale
+
+ /* If the PS name is not found, create a CairoFont-x-y name. */
+ if (font->base.ps_name == NULL) {
+- font->base.ps_name = malloc (30);
++ font->base.ps_name = _cairo_malloc (30);
+ if (unlikely (font->base.ps_name == NULL)) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ goto fail3;
+@@ -611,7 +611,7 @@ cairo_truetype_font_write_glyf_table (ca
+ else
+ size = sizeof (int32_t) * (font->num_glyphs_in_face + 1);
+
+- u.bytes = malloc (size);
++ u.bytes = _cairo_malloc (size);
+ if (unlikely (u.bytes == NULL))
+ return _cairo_truetype_font_set_error (font, CAIRO_STATUS_NO_MEMORY);
+
+@@ -1184,7 +1184,7 @@ cairo_truetype_subset_init_internal (cai
+ truetype_subset->descent = (double)font->base.descent/font->base.units_per_em;
+
+ if (length) {
+- truetype_subset->data = malloc (length);
++ truetype_subset->data = _cairo_malloc (length);
+ if (unlikely (truetype_subset->data == NULL)) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ goto fail4;
+@@ -1197,7 +1197,7 @@ cairo_truetype_subset_init_internal (cai
+
+ if (num_strings) {
+ offsets_length = num_strings * sizeof (unsigned long);
+- truetype_subset->string_offsets = malloc (offsets_length);
++ truetype_subset->string_offsets = _cairo_malloc (offsets_length);
+ if (unlikely (truetype_subset->string_offsets == NULL)) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ goto fail5;
+@@ -1285,7 +1285,7 @@ _cairo_truetype_reverse_cmap (cairo_scal
+ return CAIRO_INT_STATUS_UNSUPPORTED;
+
+ size = be16_to_cpu (map->length);
+- map = malloc (size);
++ map = _cairo_malloc (size);
+ if (unlikely (map == NULL))
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+
+@@ -1438,7 +1438,7 @@ find_name (tt_name_t *name, int name_id,
+ be16_to_cpu (record->encoding) == encoding &&
+ (language == -1 || be16_to_cpu (record->language) == language)) {
+
+- str = malloc (be16_to_cpu (record->length) + 1);
++ str = _cairo_malloc (be16_to_cpu (record->length) + 1);
+ if (str == NULL)
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+
+@@ -1465,7 +1465,7 @@ find_name (tt_name_t *name, int name_id,
+ for (i = 0; i < u_len; i++)
+ size += _cairo_ucs4_to_utf8 (be16_to_cpu(u[i]), NULL);
+
+- utf8 = malloc (size + 1);
++ utf8 = _cairo_malloc (size + 1);
+ if (utf8 == NULL) {
+ status =_cairo_error (CAIRO_STATUS_NO_MEMORY);
+ goto fail;
+@@ -1500,7 +1500,7 @@ find_name (tt_name_t *name, int name_id,
+ }
+ }
+ if (has_tag) {
+- p = malloc (len - 6);
++ p = _cairo_malloc (len - 6);
+ if (unlikely (p == NULL)) {
+ status =_cairo_error (CAIRO_STATUS_NO_MEMORY);
+ goto fail;
+@@ -1545,7 +1545,7 @@ _cairo_truetype_read_font_name (cairo_sc
+ if (status)
+ return status;
+
+- name = malloc (size);
++ name = _cairo_malloc (size);
+ if (name == NULL)
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+
Home |
Main Index |
Thread Index |
Old Index