pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/cairo patches for CVE-2016-9082, CVE-2017-747...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/22b7fbb57350
branches:  trunk
changeset: 369290:22b7fbb57350
user:      spz <spz%pkgsrc.org@localhost>
date:      Thu Sep 28 00:57:25 2017 +0000

description:
patches for CVE-2016-9082, CVE-2017-7475 and CVE-2017-9814 from the
upstream bug database

diffstat:

 graphics/cairo/Makefile.common             |   3 +-
 graphics/cairo/distinfo                    |   5 +-
 graphics/cairo/patches/patch-CVE-2016-9082 |  94 +++++++++++++++++++++++++++++
 graphics/cairo/patches/patch-CVE-2017-7475 |  15 ++++
 graphics/cairo/patches/patch-CVE-2017-9814 |  96 ++++++++++++++++++++++++++++++
 5 files changed, 211 insertions(+), 2 deletions(-)

diffs (249 lines):

diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/Makefile.common
--- a/graphics/cairo/Makefile.common    Thu Sep 28 00:26:49 2017 +0000
+++ b/graphics/cairo/Makefile.common    Thu Sep 28 00:57:25 2017 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.common,v 1.11 2017/06/20 11:19:14 wiz Exp $
+# $NetBSD: Makefile.common,v 1.12 2017/09/28 00:57:25 spz Exp $
 #
 # used by graphics/cairo/Makefile
 # used by graphics/cairo-gobject/Makefile
 
 DISTNAME=      cairo-1.14.10
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  http://cairographics.org/releases/
 EXTRACT_SUFX=  .tar.xz
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/distinfo
--- a/graphics/cairo/distinfo   Thu Sep 28 00:26:49 2017 +0000
+++ b/graphics/cairo/distinfo   Thu Sep 28 00:57:25 2017 +0000
@@ -1,9 +1,12 @@
-$NetBSD: distinfo,v 1.85 2017/06/20 11:19:14 wiz Exp $
+$NetBSD: distinfo,v 1.86 2017/09/28 00:57:25 spz Exp $
 
 SHA1 (cairo-1.14.10.tar.xz) = 28c59d85d6b790c21b8b59ece73a6a1dda28d69a
 RMD160 (cairo-1.14.10.tar.xz) = c50d540033688e7371b2bffbe116ea70c4d2ffc2
 SHA512 (cairo-1.14.10.tar.xz) = a381d97e6046da0012eb5595118efb95ff02e3e84310682e458b503ebf22d6b2663bcc1391980768bb9cd02ae809b8df2e11d6200b48745dc5ec824c342b5852
 Size (cairo-1.14.10.tar.xz) = 36251788 bytes
+SHA1 (patch-CVE-2016-9082) = b5020e37e7c5e589a47d053a9d51e26137986c12
+SHA1 (patch-CVE-2017-7475) = 0d4d8eea7cc63b959960a37fcdb0fd3ce31342e1
+SHA1 (patch-CVE-2017-9814) = 8679fb7820998a46089f1cc0e65ef5fba6b510c6
 SHA1 (patch-aa) = b01bc60f77a7122b0c0d0d9b25ad512bac7c190c
 SHA1 (patch-ab) = 11f7e0e59bd5c51a8fdacb48dcf2f2fefdf3b768
 SHA1 (patch-ac) = 1785bbef6bcab4781bf89e1b986a7eb96e5f2b64
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/patches/patch-CVE-2016-9082
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/cairo/patches/patch-CVE-2016-9082        Thu Sep 28 00:57:25 2017 +0000
@@ -0,0 +1,94 @@
+$NetBSD: patch-CVE-2016-9082,v 1.1 2017/09/28 00:57:25 spz Exp $
+
+from https://bugs.freedesktop.org/attachment.cgi?id=127421
+
+--- boilerplate/cairo-boilerplate.c.orig       2017-06-15 22:13:55.000000000 +0000
++++ boilerplate/cairo-boilerplate.c
+@@ -42,6 +42,7 @@
+ #undef CAIRO_VERSION_H
+ #include "../cairo-version.h"
+ 
++#include <stddef.h>
+ #include <stdlib.h>
+ #include <ctype.h>
+ #include <assert.h>
+@@ -976,7 +977,8 @@ cairo_surface_t *
+ cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file)
+ {
+     char format;
+-    int width, height, stride;
++    int width, height;
++    ptrdiff_t stride;
+     int x, y;
+     unsigned char *data;
+     cairo_surface_t *image = NULL;
+
+--- src/cairo-image-compositor.c.orig  2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-image-compositor.c
+@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_rendere
+     pixman_image_t *src, *mask;
+     union {
+       struct fill {
+-          int stride;
++          ptrdiff_t stride;
+           uint8_t *data;
+           uint32_t pixel;
+       } fill;
+@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_rendere
+       struct finish {
+           cairo_rectangle_int_t extents;
+           int src_x, src_y;
+-          int stride;
++          ptrdiff_t stride;
+           uint8_t *data;
+       } mask;
+     } u;
+
+--- src/cairo-image-surface-private.h.orig     2017-06-09 06:46:49.000000000 +0000
++++ src/cairo-image-surface-private.h
+@@ -71,7 +71,7 @@ struct _cairo_image_surface {
+ 
+     int width;
+     int height;
+-    int stride;
++    ptrdiff_t stride;
+     int depth;
+ 
+     unsigned owns_data : 1;
+
+--- src/cairo-mesh-pattern-rasterizer.c.orig   2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-mesh-pattern-rasterizer.c
+@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int wid
+       tg += tg >> 16;
+       tb += tb >> 16;
+ 
+-      *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) |
++      *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) |
+           ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24);
+     }
+ }
+
+--- src/cairo-png.c.orig       2017-06-15 21:44:32.000000000 +0000
++++ src/cairo-png.c
+@@ -671,7 +671,7 @@ read_png (struct png_read_closure_t *png
+     }
+ 
+     for (i = 0; i < png_height; i++)
+-        row_pointers[i] = &data[i * stride];
++        row_pointers[i] = &data[i * (ptrdiff_t)stride];
+ 
+     png_read_image (png, row_pointers);
+     png_read_end (png, info);
+
+--- src/cairo-script-surface.c.orig    2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-script-surface.c
+@@ -1201,7 +1201,8 @@ static cairo_status_t
+ _write_image_surface (cairo_output_stream_t *output,
+                     const cairo_image_surface_t *image)
+ {
+-    int stride, row, width;
++    int row, width;
++    ptrdiff_t stride;
+     uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE];
+     uint8_t *rowdata;
+     uint8_t *data;
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/patches/patch-CVE-2017-7475
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/cairo/patches/patch-CVE-2017-7475        Thu Sep 28 00:57:25 2017 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-CVE-2017-7475,v 1.1 2017/09/28 00:57:25 spz Exp $
+
+from https://bugs.freedesktop.org/attachment.cgi?id=131213
+
+--- src/cairo-ft-font.c.orig   2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-ft-font.c
+@@ -1146,7 +1146,7 @@ _get_bitmap_surface (FT_Bitmap                *bi
+     width = bitmap->width;
+     height = bitmap->rows;
+ 
+-    if (width == 0 || height == 0) {
++    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+       *surface = (cairo_image_surface_t *)
+           cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+       return (*surface)->base.status;
diff -r 89a0c6d376e3 -r 22b7fbb57350 graphics/cairo/patches/patch-CVE-2017-9814
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/cairo/patches/patch-CVE-2017-9814        Thu Sep 28 00:57:25 2017 +0000
@@ -0,0 +1,96 @@
+$NetBSD: patch-CVE-2017-9814,v 1.1 2017/09/28 00:57:25 spz Exp $
+
+relevant part of https://bugs.freedesktop.org/attachment.cgi?id=132563
+
+--- src/cairo-truetype-subset.c.orig   2017-06-15 22:13:55.000000000 +0000
++++ src/cairo-truetype-subset.c
+@@ -187,7 +187,7 @@ _cairo_truetype_font_create (cairo_scale
+     if (unlikely (status))
+       return status;
+ 
+-    font = malloc (sizeof (cairo_truetype_font_t));
++    font = _cairo_malloc (sizeof (cairo_truetype_font_t));
+     if (unlikely (font == NULL))
+       return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ 
+@@ -236,7 +236,7 @@ _cairo_truetype_font_create (cairo_scale
+ 
+     /* If the PS name is not found, create a CairoFont-x-y name. */
+     if (font->base.ps_name == NULL) {
+-        font->base.ps_name = malloc (30);
++        font->base.ps_name = _cairo_malloc (30);
+         if (unlikely (font->base.ps_name == NULL)) {
+           status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+             goto fail3;
+@@ -611,7 +611,7 @@ cairo_truetype_font_write_glyf_table (ca
+     else
+       size = sizeof (int32_t) * (font->num_glyphs_in_face + 1);
+ 
+-    u.bytes = malloc (size);
++    u.bytes = _cairo_malloc (size);
+     if (unlikely (u.bytes == NULL))
+       return _cairo_truetype_font_set_error (font, CAIRO_STATUS_NO_MEMORY);
+ 
+@@ -1184,7 +1184,7 @@ cairo_truetype_subset_init_internal (cai
+     truetype_subset->descent = (double)font->base.descent/font->base.units_per_em;
+ 
+     if (length) {
+-      truetype_subset->data = malloc (length);
++      truetype_subset->data = _cairo_malloc (length);
+       if (unlikely (truetype_subset->data == NULL)) {
+           status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+           goto fail4;
+@@ -1197,7 +1197,7 @@ cairo_truetype_subset_init_internal (cai
+ 
+     if (num_strings) {
+       offsets_length = num_strings * sizeof (unsigned long);
+-      truetype_subset->string_offsets = malloc (offsets_length);
++      truetype_subset->string_offsets = _cairo_malloc (offsets_length);
+       if (unlikely (truetype_subset->string_offsets == NULL)) {
+           status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+           goto fail5;
+@@ -1285,7 +1285,7 @@ _cairo_truetype_reverse_cmap (cairo_scal
+       return CAIRO_INT_STATUS_UNSUPPORTED;
+ 
+     size = be16_to_cpu (map->length);
+-    map = malloc (size);
++    map = _cairo_malloc (size);
+     if (unlikely (map == NULL))
+       return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ 
+@@ -1438,7 +1438,7 @@ find_name (tt_name_t *name, int name_id,
+             be16_to_cpu (record->encoding) == encoding &&
+           (language == -1 || be16_to_cpu (record->language) == language)) {
+ 
+-          str = malloc (be16_to_cpu (record->length) + 1);
++          str = _cairo_malloc (be16_to_cpu (record->length) + 1);
+           if (str == NULL)
+               return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ 
+@@ -1465,7 +1465,7 @@ find_name (tt_name_t *name, int name_id,
+       for (i = 0; i < u_len; i++)
+           size += _cairo_ucs4_to_utf8 (be16_to_cpu(u[i]), NULL);
+ 
+-      utf8 = malloc (size + 1);
++      utf8 = _cairo_malloc (size + 1);
+       if (utf8 == NULL) {
+           status =_cairo_error (CAIRO_STATUS_NO_MEMORY);
+           goto fail;
+@@ -1500,7 +1500,7 @@ find_name (tt_name_t *name, int name_id,
+       }
+     }
+     if (has_tag) {
+-      p = malloc (len - 6);
++      p = _cairo_malloc (len - 6);
+       if (unlikely (p == NULL)) {
+           status =_cairo_error (CAIRO_STATUS_NO_MEMORY);
+           goto fail;
+@@ -1545,7 +1545,7 @@ _cairo_truetype_read_font_name (cairo_sc
+     if (status)
+       return status;
+ 
+-    name = malloc (size);
++    name = _cairo_malloc (size);
+     if (name == NULL)
+         return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ 



Home | Main Index | Thread Index | Old Index