diff options
Diffstat (limited to 'meta/recipes-graphics/cairo/cairo')
5 files changed, 1 insertions, 134 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch deleted file mode 100644 index 4252a5663b..0000000000 --- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch +++ /dev/null @@ -1,34 +0,0 @@ -CVE: CVE-2018-19876 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 -From: Carlos Garcia Campos <cgarcia@igalia.com> -Date: Mon, 19 Nov 2018 12:33:07 +0100 -Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in - cairo_ft_apply_variations - -Fixes a crash when using freetype >= 2.9 ---- - src/cairo-ft-font.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c -index 325dd61b4..981973f78 100644 ---- a/src/cairo-ft-font.c -+++ b/src/cairo-ft-font.c -@@ -2393,7 +2393,11 @@ skip: - done: - free (coords); - free (current_coords); -+#if HAVE_FT_DONE_MM_VAR -+ FT_Done_MM_Var (face->glyph->library, ft_mm_var); -+#else - free (ft_mm_var); -+#endif - } - } - --- -2.11.0 - diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch deleted file mode 100644 index 5232cf70c6..0000000000 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ /dev/null @@ -1,19 +0,0 @@ -There is a potential infinite-loop in function _arc_error_normalized(). - -CVE: CVE-2019-6461 -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..f9249dbeb 100644 ---- a/src/cairo-arc.c -+++ b/src/cairo-arc.c -@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) - do { - angle = M_PI / i++; - error = _arc_error_normalized (angle); -- } while (error > tolerance); -+ } while (error > tolerance && error > __DBL_EPSILON__); - - return angle; - } diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch deleted file mode 100644 index 4e4598c5b5..0000000000 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch +++ /dev/null @@ -1,20 +0,0 @@ -There is an assertion in function _cairo_arc_in_direction(). - -CVE: CVE-2019-6462 -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 ---- a/src/cairo-arc.c -+++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; - -- assert (angle_max >= angle_min); -+ if (angle_max < angle_min) -+ return; - - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch b/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch deleted file mode 100644 index fb6ce5cfdf..0000000000 --- a/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix stack buffer overflow. - -CVE: CVE-2020-35492 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 -From: Heiko Lewin <heiko.lewin@worldiety.de> -Date: Tue, 15 Dec 2020 16:48:19 +0100 -Subject: [PATCH] Fix mask usage in image-compositor - ---- - src/cairo-image-compositor.c | 8 ++-- - test/Makefile.sources | 1 + - test/bug-image-compositor.c | 39 ++++++++++++++++++++ - test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes - 4 files changed, 44 insertions(+), 4 deletions(-) - create mode 100644 test/bug-image-compositor.c - create mode 100644 test/reference/bug-image-compositor.ref.png - -diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c -index 79ad69f68..4f8aaed99 100644 ---- a/src/cairo-image-compositor.c -+++ b/src/cairo-image-compositor.c -@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, - unsigned num_spans) - { - cairo_image_span_renderer_t *r = abstract_renderer; -- uint8_t *m; -+ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); - int x0; - - if (num_spans == 0) - return CAIRO_STATUS_SUCCESS; - - x0 = spans[0].x; -- m = r->_buf; -+ m = base; - do { - int len = spans[1].x - spans[0].x; - if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { -@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, - spans[0].x, y, - spans[1].x - spans[0].x, h); - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else if (spans[0].coverage == 0x0) { - if (spans[0].x != x0) { -@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, - #endif - } - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else { - *m++ = spans[0].coverage; --- diff --git a/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff index 7aaad2eedd..6c761bf2a7 100644 --- a/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff +++ b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff @@ -3,7 +3,7 @@ Cairo: Fix Denial-of-Service Attack due to Logical Problem in Program https://bugs.freedesktop.org/show_bug.cgi?id=100763 CVE: CVE-2017-7475 -Upstream-Status: Submitted +Upstream-Status: Submitted [https://gitlab.freedesktop.org/cairo/cairo/-/issues/80] Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> |