[notify] cairo: added patch for CVE-2018-19876

2018-12-07 19:05:39 +01:00 · 2018-12-07 19:05:39 +01:00 · 338c32af62
commit 338c32af62
parent a4704073ad
3 changed files with 37 additions and 4 deletions
--- a/cairo/.signature
+++ b/cairo/.signature
@ -1,7 +1,8 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/ahT5oSapCdtnpsdHrwAUFnFeMvCHzbPc+ZsHSUEAhucCrLgqbOUCm1WdGsbKfUlByOnTorbpfGZEI6J+n6qQQg=
-SHA256 (Pkgfile) = b9fbbaae137a53c4936f3be9be3e5ca35ce0b6e6217bc4e6ee8421be2e049d6a
+RWSE3ohX2g5d/aRdo2GC/KehluvfBx78PLXc0AEhALgCmzRD6UGCiZB/TW0M3AOTMrw3t/zA6SDoO48d18J4hJuWPTSWuEDTDwo=
+SHA256 (Pkgfile) = 671d81bf11fb22522d8f2b23aa11ba1c9255edcc1ad86d4e3ebdef4d79dd127d
 SHA256 (.footprint) = 742a6524df8abaf10bc5b1bc5ffc934be8e2302c233bf44112a26e466fb0eb86
 SHA256 (cairo-1.16.0.tar.xz) = 5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331
 SHA256 (cairo-xlib-endianness.patch) = 58d39311edee6d8ddf76deac1d2e3526b4c02d4aa1f35a6ca16ff50c8e65429f
 SHA256 (cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff) = 4c8b8095a41f244ddfbc9b24e2f73a6fd8d697f43903617e0519b95b27b30726
+SHA256 (CVE-2018-19876.patch) = 78923093cd9b80a4d604e4141ae553f1aa4521d59a9aed8735d1e1be9cca3d99
--- a/cairo/CVE-2018-19876.patch
+++ b/cairo/CVE-2018-19876.patch
@ -0,0 +1,30 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+         free (coords);
+         free (current_coords);
+#if HAVE_FT_DONE_MM_VAR
+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
+#else
+         free (ft_mm_var);
+#endif
+     }
+ }
+ 
+-- 
+2.18.1
+
--- a/cairo/Pkgfile
+++ b/cairo/Pkgfile
@ -5,15 +5,17 @@

 name=cairo
 version=1.16.0
-release=1
+release=2
 source=(https://cairographics.org/releases/cairo-$version.tar.xz
 	cairo-xlib-endianness.patch
-	cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff)
+	cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
+	CVE-2018-19876.patch)

 build() {
        cd $name-$version
        patch -p1 -i $SRC/cairo-xlib-endianness.patch
        patch -p1 -i $SRC/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
+	patch -p1 -i $SRC/CVE-2018-19876.patch

        ./configure --prefix=/usr \
                --enable-xcb=yes \