diff options
Diffstat (limited to 'meta/recipes-graphics/cairo')
4 files changed, 76 insertions, 0 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch new file mode 100644 index 0000000000..4252a5663b --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | CVE: CVE-2018-19876 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
4 | |||
5 | From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 | ||
6 | From: Carlos Garcia Campos <cgarcia@igalia.com> | ||
7 | Date: Mon, 19 Nov 2018 12:33:07 +0100 | ||
8 | Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in | ||
9 | cairo_ft_apply_variations | ||
10 | |||
11 | Fixes a crash when using freetype >= 2.9 | ||
12 | --- | ||
13 | src/cairo-ft-font.c | 4 ++++ | ||
14 | 1 file changed, 4 insertions(+) | ||
15 | |||
16 | diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c | ||
17 | index 325dd61b4..981973f78 100644 | ||
18 | --- a/src/cairo-ft-font.c | ||
19 | +++ b/src/cairo-ft-font.c | ||
20 | @@ -2393,7 +2393,11 @@ skip: | ||
21 | done: | ||
22 | free (coords); | ||
23 | free (current_coords); | ||
24 | +#if HAVE_FT_DONE_MM_VAR | ||
25 | + FT_Done_MM_Var (face->glyph->library, ft_mm_var); | ||
26 | +#else | ||
27 | free (ft_mm_var); | ||
28 | +#endif | ||
29 | } | ||
30 | } | ||
31 | |||
32 | -- | ||
33 | 2.11.0 | ||
34 | |||
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch new file mode 100644 index 0000000000..5232cf70c6 --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | |||
@@ -0,0 +1,19 @@ | |||
1 | There is a potential infinite-loop in function _arc_error_normalized(). | ||
2 | |||
3 | CVE: CVE-2019-6461 | ||
4 | Upstream-Status: Pending | ||
5 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
6 | |||
7 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c | ||
8 | index 390397bae..f9249dbeb 100644 | ||
9 | --- a/src/cairo-arc.c | ||
10 | +++ b/src/cairo-arc.c | ||
11 | @@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) | ||
12 | do { | ||
13 | angle = M_PI / i++; | ||
14 | error = _arc_error_normalized (angle); | ||
15 | - } while (error > tolerance); | ||
16 | + } while (error > tolerance && error > __DBL_EPSILON__); | ||
17 | |||
18 | return angle; | ||
19 | } | ||
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch new file mode 100644 index 0000000000..4e4598c5b5 --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | There is an assertion in function _cairo_arc_in_direction(). | ||
2 | |||
3 | CVE: CVE-2019-6462 | ||
4 | Upstream-Status: Pending | ||
5 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
6 | |||
7 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c | ||
8 | index 390397bae..1bde774a4 100644 | ||
9 | --- a/src/cairo-arc.c | ||
10 | +++ b/src/cairo-arc.c | ||
11 | @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, | ||
12 | if (cairo_status (cr)) | ||
13 | return; | ||
14 | |||
15 | - assert (angle_max >= angle_min); | ||
16 | + if (angle_max < angle_min) | ||
17 | + return; | ||
18 | |||
19 | if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { | ||
20 | angle_max = fmod (angle_max - angle_min, 2 * M_PI); | ||
diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb index cdef023198..c2628ae0ca 100644 --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/meta/recipes-graphics/cairo/cairo_1.16.0.bb | |||
@@ -24,6 +24,9 @@ DEPENDS = "fontconfig glib-2.0 libpng pixman zlib" | |||
24 | 24 | ||
25 | SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ | 25 | SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ |
26 | file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ | 26 | file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ |
27 | file://CVE-2018-19876.patch \ | ||
28 | file://CVE-2019-6461.patch \ | ||
29 | file://CVE-2019-6462.patch \ | ||
27 | " | 30 | " |
28 | 31 | ||
29 | SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" | 32 | SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" |