diff options
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r-- | meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch | 45 | ||||
-rw-r--r-- | meta/recipes-graphics/cairo/cairo_1.16.0.bb (renamed from meta/recipes-graphics/cairo/cairo_1.14.12.bb) | 8 |
2 files changed, 3 insertions, 50 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch b/meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch deleted file mode 100644 index 7d02ab9474..0000000000 --- a/meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | From 042421e9e3d266ad0bb7805132041ef51ad3234d Mon Sep 17 00:00:00 2001 | ||
2 | From: Adrian Johnson <ajohnson@redneon.com> | ||
3 | Date: Wed, 16 Aug 2017 22:52:35 -0400 | ||
4 | Subject: [PATCH] cairo: Fix CVE-2017-9814 | ||
5 | |||
6 | The bug happens because in some scenarios the variable size can | ||
7 | have a value of 0 at line 1288. And malloc(0) is not returning | ||
8 | NULL as some people could expect: | ||
9 | |||
10 | https://stackoverflow.com/questions/1073157/zero-size-malloc | ||
11 | |||
12 | malloc(0) returns the smallest chunk possible. So the line 1290 | ||
13 | with the return is not execute. And the execution continues with | ||
14 | an invalid map. | ||
15 | |||
16 | Since the size is 0 the variable map is not initialized correctly | ||
17 | at load_trutype_table. So, later when the variable map is accessed | ||
18 | previous values from a freed chunk are used. This could allows an | ||
19 | attacker to control the variable map. | ||
20 | |||
21 | This patch have not merge in upstream now. | ||
22 | |||
23 | Upstream-Status: Backport [https://bugs.freedesktop.org/show_bug.cgi?id=101547] | ||
24 | CVE: CVE-2017-9814 | ||
25 | Signed-off-by: Dengke Du <dengke.du@windriver.com> | ||
26 | --- | ||
27 | src/cairo-truetype-subset.c | 2 +- | ||
28 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
29 | |||
30 | diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c | ||
31 | index e3449a0..f77d11c 100644 | ||
32 | --- a/src/cairo-truetype-subset.c | ||
33 | +++ b/src/cairo-truetype-subset.c | ||
34 | @@ -1285,7 +1285,7 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font, | ||
35 | return CAIRO_INT_STATUS_UNSUPPORTED; | ||
36 | |||
37 | size = be16_to_cpu (map->length); | ||
38 | - map = malloc (size); | ||
39 | + map = _cairo_malloc (size); | ||
40 | if (unlikely (map == NULL)) | ||
41 | return _cairo_error (CAIRO_STATUS_NO_MEMORY); | ||
42 | |||
43 | -- | ||
44 | 2.8.1 | ||
45 | |||
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.12.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb index ad6745f60d..3e176930cc 100644 --- a/meta/recipes-graphics/cairo/cairo_1.14.12.bb +++ b/meta/recipes-graphics/cairo/cairo_1.16.0.bb | |||
@@ -24,11 +24,10 @@ DEPENDS = "fontconfig glib-2.0 libpng pixman zlib" | |||
24 | 24 | ||
25 | SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ | 25 | SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ |
26 | file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ | 26 | file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ |
27 | file://0001-cairo-Fix-CVE-2017-9814.patch \ | ||
28 | " | 27 | " |
29 | 28 | ||
30 | SRC_URI[md5sum] = "9f0db9dbfca0966be8acd682e636d165" | 29 | SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" |
31 | SRC_URI[sha256sum] = "8c90f00c500b2299c0a323dd9beead2a00353752b2092ead558139bd67f7bf16" | 30 | SRC_URI[sha256sum] = "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331" |
32 | 31 | ||
33 | inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script | 32 | inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script |
34 | 33 | ||
@@ -81,7 +80,6 @@ DESCRIPTION_cairo-perf-utils = "The Cairo library performance utilities" | |||
81 | FILES_${PN} = "${libdir}/libcairo.so.*" | 80 | FILES_${PN} = "${libdir}/libcairo.so.*" |
82 | FILES_${PN}-gobject = "${libdir}/libcairo-gobject.so.*" | 81 | FILES_${PN}-gobject = "${libdir}/libcairo-gobject.so.*" |
83 | FILES_${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*" | 82 | FILES_${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*" |
84 | FILES_${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so.*" | 83 | FILES_${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so" |
85 | FILES_${PN}-dev += "${libdir}/cairo/*.so" | ||
86 | 84 | ||
87 | BBCLASSEXTEND = "native nativesdk" | 85 | BBCLASSEXTEND = "native nativesdk" |