summaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r--meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch45
-rw-r--r--meta/recipes-graphics/cairo/cairo_1.16.0.bb (renamed from meta/recipes-graphics/cairo/cairo_1.14.12.bb)8
2 files changed, 3 insertions, 50 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch b/meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch
deleted file mode 100644
index 7d02ab9474..0000000000
--- a/meta/recipes-graphics/cairo/cairo/0001-cairo-Fix-CVE-2017-9814.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From 042421e9e3d266ad0bb7805132041ef51ad3234d Mon Sep 17 00:00:00 2001
2From: Adrian Johnson <ajohnson@redneon.com>
3Date: Wed, 16 Aug 2017 22:52:35 -0400
4Subject: [PATCH] cairo: Fix CVE-2017-9814
5
6The bug happens because in some scenarios the variable size can
7have a value of 0 at line 1288. And malloc(0) is not returning
8NULL as some people could expect:
9
10 https://stackoverflow.com/questions/1073157/zero-size-malloc
11
12malloc(0) returns the smallest chunk possible. So the line 1290
13with the return is not execute. And the execution continues with
14an invalid map.
15
16Since the size is 0 the variable map is not initialized correctly
17at load_trutype_table. So, later when the variable map is accessed
18previous values from a freed chunk are used. This could allows an
19attacker to control the variable map.
20
21This patch have not merge in upstream now.
22
23Upstream-Status: Backport [https://bugs.freedesktop.org/show_bug.cgi?id=101547]
24CVE: CVE-2017-9814
25Signed-off-by: Dengke Du <dengke.du@windriver.com>
26---
27 src/cairo-truetype-subset.c | 2 +-
28 1 file changed, 1 insertion(+), 1 deletion(-)
29
30diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
31index e3449a0..f77d11c 100644
32--- a/src/cairo-truetype-subset.c
33+++ b/src/cairo-truetype-subset.c
34@@ -1285,7 +1285,7 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font,
35 return CAIRO_INT_STATUS_UNSUPPORTED;
36
37 size = be16_to_cpu (map->length);
38- map = malloc (size);
39+ map = _cairo_malloc (size);
40 if (unlikely (map == NULL))
41 return _cairo_error (CAIRO_STATUS_NO_MEMORY);
42
43--
442.8.1
45
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.12.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb
index ad6745f60d..3e176930cc 100644
--- a/meta/recipes-graphics/cairo/cairo_1.14.12.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.16.0.bb
@@ -24,11 +24,10 @@ DEPENDS = "fontconfig glib-2.0 libpng pixman zlib"
24 24
25SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ 25SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
26 file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ 26 file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
27 file://0001-cairo-Fix-CVE-2017-9814.patch \
28 " 27 "
29 28
30SRC_URI[md5sum] = "9f0db9dbfca0966be8acd682e636d165" 29SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552"
31SRC_URI[sha256sum] = "8c90f00c500b2299c0a323dd9beead2a00353752b2092ead558139bd67f7bf16" 30SRC_URI[sha256sum] = "5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331"
32 31
33inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script 32inherit autotools pkgconfig upstream-version-is-even gtk-doc multilib_script
34 33
@@ -81,7 +80,6 @@ DESCRIPTION_cairo-perf-utils = "The Cairo library performance utilities"
81FILES_${PN} = "${libdir}/libcairo.so.*" 80FILES_${PN} = "${libdir}/libcairo.so.*"
82FILES_${PN}-gobject = "${libdir}/libcairo-gobject.so.*" 81FILES_${PN}-gobject = "${libdir}/libcairo-gobject.so.*"
83FILES_${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*" 82FILES_${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*"
84FILES_${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so.*" 83FILES_${PN}-perf-utils = "${bindir}/cairo-trace* ${libdir}/cairo/*.la ${libdir}/cairo/libcairo-trace.so"
85FILES_${PN}-dev += "${libdir}/cairo/*.so"
86 84
87BBCLASSEXTEND = "native nativesdk" 85BBCLASSEXTEND = "native nativesdk"