pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2021Q1] pkgsrc/graphics/cairo



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue May 25 14:54:36 UTC 2021

Modified Files:
        pkgsrc/graphics/cairo [pkgsrc-2021Q1]: Makefile distinfo
Added Files:
        pkgsrc/graphics/cairo/patches [pkgsrc-2021Q1]:
            patch-src_cairo-image-compositor.c

Log Message:
Pullup ticket #6460 - requested by nia
graphics/cairo: security fix

Revisions pulled up:
- graphics/cairo/Makefile                                       1.149
- graphics/cairo/distinfo                                       1.90
- graphics/cairo/patches/patch-src_cairo-image-compositor.c     1.1

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Tue May 25 07:29:42 UTC 2021

   Modified Files:
        pkgsrc/graphics/cairo: Makefile distinfo
   Added Files:
        pkgsrc/graphics/cairo/patches: patch-src_cairo-image-compositor.c

   Log Message:
   cairo: apply patch for CVE-2020-35492, bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.147.6.1 pkgsrc/graphics/cairo/Makefile
cvs rdiff -u -r1.89 -r1.89.6.1 pkgsrc/graphics/cairo/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/graphics/cairo/patches/patch-src_cairo-image-compositor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/cairo/Makefile
diff -u pkgsrc/graphics/cairo/Makefile:1.147 pkgsrc/graphics/cairo/Makefile:1.147.6.1
--- pkgsrc/graphics/cairo/Makefile:1.147        Mon Aug 17 20:17:27 2020
+++ pkgsrc/graphics/cairo/Makefile      Tue May 25 14:54:36 2021
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.147 2020/08/17 20:17:27 leot Exp $
+# $NetBSD: Makefile,v 1.147.6.1 2021/05/25 14:54:36 bsiegert Exp $
 
 .include "../../graphics/cairo/Makefile.common"
 
-PKGREVISION=   2
+PKGREVISION=   4
 
 TEST_TARGET=                   check
 

Index: pkgsrc/graphics/cairo/distinfo
diff -u pkgsrc/graphics/cairo/distinfo:1.89 pkgsrc/graphics/cairo/distinfo:1.89.6.1
--- pkgsrc/graphics/cairo/distinfo:1.89 Thu Jul  9 14:38:55 2020
+++ pkgsrc/graphics/cairo/distinfo      Tue May 25 14:54:36 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.89 2020/07/09 14:38:55 leot Exp $
+$NetBSD: distinfo,v 1.89.6.1 2021/05/25 14:54:36 bsiegert Exp $
 
 SHA1 (cairo-1.16.0.tar.xz) = 00e81842ae5e81bb0343108884eb5205be0eac14
 RMD160 (cairo-1.16.0.tar.xz) = cfd2ef6ec55b267e04600f6b1e36bb07f2566b35
@@ -9,3 +9,4 @@ SHA1 (patch-ab) = 11f7e0e59bd5c51a8fdacb
 SHA1 (patch-ac) = 1785bbef6bcab4781bf89e1b986a7eb96e5f2b64
 SHA1 (patch-ad) = a1068a37113b162ccfe14d7f1bd0baa9df7e5530
 SHA1 (patch-src_cairo-ft-font.c) = 97288d79380473869f1049c1d8955a2f6fa3d178
+SHA1 (patch-src_cairo-image-compositor.c) = 83337d8211083d77b061c43b69da2b61080776d9

Added files:

Index: pkgsrc/graphics/cairo/patches/patch-src_cairo-image-compositor.c
diff -u /dev/null pkgsrc/graphics/cairo/patches/patch-src_cairo-image-compositor.c:1.1.2.2
--- /dev/null   Tue May 25 14:54:36 2021
+++ pkgsrc/graphics/cairo/patches/patch-src_cairo-image-compositor.c    Tue May 25 14:54:36 2021
@@ -0,0 +1,45 @@
+$NetBSD: patch-src_cairo-image-compositor.c,v 1.1.2.2 2021/05/25 14:54:36 bsiegert Exp $
+
+Fix mask usage in image-compositor
+
+https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/85
+https://gitlab.freedesktop.org/cairo/cairo/-/issues/437
+https://nvd.nist.gov/vuln/detail/CVE-2020-35492
+
+--- src/cairo-image-compositor.c.orig  2018-08-17 01:10:53.000000000 +0000
++++ src/cairo-image-compositor.c
+@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende
+                   unsigned num_spans)
+ {
+     cairo_image_span_renderer_t *r = abstract_renderer;
+-    uint8_t *m;
++    uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+     int x0;
+ 
+     if (num_spans == 0)
+       return CAIRO_STATUS_SUCCESS;
+ 
+     x0 = spans[0].x;
+-    m = r->_buf;
++    m = base;
+     do {
+       int len = spans[1].x - spans[0].x;
+       if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende
+                                     spans[0].x, y,
+                                     spans[1].x - spans[0].x, h);
+ 
+-          m = r->_buf;
++          m = base;
+           x0 = spans[1].x;
+       } else if (spans[0].coverage == 0x0) {
+           if (spans[0].x != x0) {
+@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende
+ #endif
+           }
+ 
+-          m = r->_buf;
++          m = base;
+           x0 = spans[1].x;
+       } else {
+           *m++ = spans[0].coverage;



Home | Main Index | Thread Index | Old Index