[arch-commits] Commit in cairo/trunk (2 files)
Laurent Carlier
lcarlier at archlinux.org
Thu Feb 14 08:55:34 UTC 2019
Date: Thursday, February 14, 2019 @ 08:55:33
Author: lcarlier
Revision: 346259
upgpkg: cairo 1.16.0-2
fix CVE-2018-19876
Added:
cairo/trunk/0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
Modified:
cairo/trunk/PKGBUILD
-----------------------------------------------------------------+
0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch | 32 ++++++++++
PKGBUILD | 11 ++-
2 files changed, 40 insertions(+), 3 deletions(-)
Added: 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
===================================================================
--- 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch (rev 0)
+++ 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch 2019-02-14 08:55:33 UTC (rev 346259)
@@ -0,0 +1,32 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia at igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+
+Signed-off-by: Laurent Carlier <lordheavym at gmail.com>
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+ free (coords);
+ free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+ free (ft_mm_var);
++#endif
+ }
+ }
+
+--
+2.20.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-02-14 08:55:17 UTC (rev 346258)
+++ PKGBUILD 2019-02-14 08:55:33 UTC (rev 346259)
@@ -3,7 +3,7 @@
pkgname=cairo
pkgver=1.16.0
-pkgrel=1
+pkgrel=2
pkgdesc="2D graphics library with support for multiple output devices"
url="https://cairographics.org/"
arch=(x86_64)
@@ -12,8 +12,10 @@
makedepends=(librsvg gtk2 poppler-glib libspectre gtk-doc valgrind git)
checkdepends=(ttf-dejavu gsfonts)
_commit=3ad43122b21a3299dd729dc8462d6b8f7f01142d # tags/1.16.0^0
-source=("git+https://gitlab.freedesktop.org/cairo/cairo.git#commit=$_commit")
-sha1sums=('SKIP')
+source=("git+https://gitlab.freedesktop.org/cairo/cairo.git#commit=$_commit"
+ 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch)
+sha1sums=('SKIP'
+ '9850a5b06e300055676ad1f5dfa90ecba0fe623c')
pkgver() {
cd cairo
@@ -23,6 +25,9 @@
prepare() {
cd cairo
+ # CVE-2018-19876
+ patch -Np1 -i ../0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
+
# Update gtk-doc
cp /usr/share/aclocal/gtk-doc.m4 build/aclocal.gtk-doc.m4
cp /usr/share/gtk-doc/data/gtk-doc.make build/Makefile.am.gtk-doc
More information about the arch-commits
mailing list