packages/cairo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:cce69f46224dc94cfce6cd393c9186b9961cd800
Branches Tags
packages:main
...
compare: packages:84385fd36a817efe7287cb2b3b8d1e9b0255b732
Branches Tags
packages:main

10 Commits
cce69f4622 ... 84385fd36a

Author SHA1 Message Date
openeuler-ci-bot
84385fd36a !32 Add a BuildRquires for gcc 
From: @liuyumeng1
Reviewed-by: @shirely16,@yanan-rock
Signed-off-by: @yanan-rock
 2021-06-01 10:43:54 +08:00
renmingshuai
28ae11ad0e Add a BuildRequires for gcc 2021-06-01 10:24:52 +08:00
openeuler-ci-bot
bfa98f265f !24 fix cve-2020-35492 
From: @kerongw
Reviewed-by: @yanan-rock
Signed-off-by: @yanan-rock
 2021-04-16 10:58:55 +08:00
xwx934056
ebda33c47e fix cve-2020-35492 2021-04-15 19:29:24 +08:00
openeuler-ci-bot
5005914258 !19 rm cairo-1.15.14.tar.xz CVE-2018-19876 
From: @yangl777
Reviewed-by: @orange-snn
Signed-off-by: @orange-snn
 2020-10-15 10:07:09 +08:00
s17723959267
889e731473 rm cairo-1.15.14.tar.xz CVE-2018-19876 2020-10-15 09:54:24 +08:00
openeuler-ci-bot
c80c0e6ba1 !18 Version upgrade to 1.16.0 
From: @yangl777
Reviewed-by: @orange-snn
Signed-off-by: @orange-snn
 2020-10-15 09:16:15 +08:00
s17723959267
490d2c5017 version upgrade 2020-10-14 11:25:54 +08:00
openeuler-ci-bot
0521e2bf41 !13 fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462 
From: @yangl777
Reviewed-by: @orange-snn
Signed-off-by: @orange-snn
 2020-09-18 14:27:58 +08:00
jinzhimin369
2d5a74bcf8 fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462 2020-09-18 14:17:11 +08:00
9 changed files with 369 additions and 2 deletions
Show Stats Expand all files Collapse all files

56
0001-Set-default-LCD-filter-to-FreeType-s-default.patch Normal file
View File

@ -0,0 +1,56 @@
From 12a5b7384f35d9a3f4c6b151fac4857444db3d6a Mon Sep 17 00:00:00 2001
From: Nikolaus Waxweiler <madigens@gmail.com>
Date: Sat, 10 Nov 2018 16:44:23 +0000
Subject: [PATCH] Set default LCD filter to FreeType's default
---
src/cairo-ft-font.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index 325dd61b4..3c47dc12e 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -1404,7 +1404,7 @@ _render_glyph_outline (FT_Face face,
cairo_image_surface_t **surface)
{
int rgba = FC_RGBA_UNKNOWN;
- int lcd_filter = FT_LCD_FILTER_LEGACY;
+ int lcd_filter = FT_LCD_FILTER_DEFAULT;
FT_GlyphSlot glyphslot = face->glyph;
FT_Outline *outline = &glyphslot->outline;
FT_Bitmap bitmap;
@@ -1439,13 +1439,13 @@ _render_glyph_outline (FT_Face face,
case CAIRO_LCD_FILTER_NONE:
lcd_filter = FT_LCD_FILTER_NONE;
break;
- case CAIRO_LCD_FILTER_DEFAULT:
case CAIRO_LCD_FILTER_INTRA_PIXEL:
lcd_filter = FT_LCD_FILTER_LEGACY;
break;
case CAIRO_LCD_FILTER_FIR3:
lcd_filter = FT_LCD_FILTER_LIGHT;
break;
+ case CAIRO_LCD_FILTER_DEFAULT:
case CAIRO_LCD_FILTER_FIR5:
lcd_filter = FT_LCD_FILTER_DEFAULT;
break;
@@ -3416,7 +3416,6 @@ _cairo_ft_font_options_substitute (const cairo_font_options_t *options,
case CAIRO_LCD_FILTER_NONE:
lcd_filter = FT_LCD_FILTER_NONE;
break;
- case CAIRO_LCD_FILTER_DEFAULT:
case CAIRO_LCD_FILTER_INTRA_PIXEL:
lcd_filter = FT_LCD_FILTER_LEGACY;
break;
@@ -3424,6 +3423,7 @@ _cairo_ft_font_options_substitute (const cairo_font_options_t *options,
lcd_filter = FT_LCD_FILTER_LIGHT;
break;
default:
+ case CAIRO_LCD_FILTER_DEFAULT:
case CAIRO_LCD_FILTER_FIR5:
lcd_filter = FT_LCD_FILTER_DEFAULT;
break;
--
2.19.1

30
0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch Normal file
View File

@ -0,0 +1,30 @@
From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 19 Nov 2018 12:33:07 +0100
Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
cairo_ft_apply_variations
Fixes a crash when using freetype >= 2.9
---
src/cairo-ft-font.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index 325dd61b4..981973f78 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -2393,7 +2393,11 @@ skip:
done:
free (coords);
free (current_coords);
+#if HAVE_FT_DONE_MM_VAR
+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
+#else
free (ft_mm_var);
+#endif
}
}
--
2.19.2

56
0003-cairo-composite_color_glyphs.patch Normal file
View File

@ -0,0 +1,56 @@
From 79ad01724161502e8d9d2bd384ff1f0174e5df6e Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Thu, 30 May 2019 07:30:55 -0400
Subject: [PATCH] Fix a thinko in composite_color_glyphs
We can't just move around the contents of the
passed-in string, we need to make a copy. This
was showing up as memory corruption in pango.
See https://gitlab.gnome.org/GNOME/pango/issues/346
---
src/cairo-surface.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/cairo-surface.c b/src/cairo-surface.c
index c30f84087..e112b660a 100644
--- a/src/cairo-surface.c
+++ b/src/cairo-surface.c
@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
const cairo_clip_t *clip)
{
cairo_int_status_t status;
+ char *utf8_copy = NULL;
TRACE ((stderr, "%s\n", __FUNCTION__));
if (unlikely (surface->status))
@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
status = CAIRO_INT_STATUS_UNSUPPORTED;
if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
+ utf8_copy = malloc (sizeof (char) * utf8_len);
+ memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
+ utf8 = utf8_copy;
+
status = composite_color_glyphs (surface, op,
source,
(char *)utf8, &utf8_len,
@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
if (num_glyphs == 0)
goto DONE;
}
+ else
+ utf8_copy = NULL;
/* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
* show_text_glyphs. Keep in synch. */
@@ -2918,6 +2925,9 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
surface->serial++;
}
+ if (utf8_copy)
+ free (utf8_copy);
+
return _cairo_surface_set_error (surface, status);
}

116
0004-cff-Allow-empty-array-of-operands-for-certain-operat.patch Normal file
View File

@ -0,0 +1,116 @@
From ef959bc76e65ea0b0d4ba3ee50dfbce31c3484ad Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Fri, 27 Mar 2020 19:39:46 +0100
Subject: [PATCH] cff: Allow empty array of operands for certain operators
Operators BlueValues, OtherBlues, FamilyBlues, FamilyOtherBlues,
StemSnapH and StemSnapV have operands of type delta which can be
a number or an array of delta-encoded numbers. This array can be
empty according to freetype developers.
This commit checks whether current operator is among those listed
and permits empty operand in such case.
---
src/cairo-cff-subset.c | 78 ++++++++++++++++++++++++++----------------
1 file changed, 49 insertions(+), 29 deletions(-)
diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
index 37727eddb..fce4195e9 100644
--- a/src/cairo-cff-subset.c
+++ b/src/cairo-cff-subset.c
@@ -56,30 +56,36 @@
/* CFF Dict Operators. If the high byte is 0 the command is encoded
* with a single byte. */
-#define BASEFONTNAME_OP 0x0c16
-#define CIDCOUNT_OP 0x0c22
-#define CHARSET_OP 0x000f
-#define CHARSTRINGS_OP 0x0011
-#define COPYRIGHT_OP 0x0c00
-#define DEFAULTWIDTH_OP 0x0014
-#define ENCODING_OP 0x0010
-#define FAMILYNAME_OP 0x0003
-#define FDARRAY_OP 0x0c24
-#define FDSELECT_OP 0x0c25
-#define FONTBBOX_OP 0x0005
-#define FONTMATRIX_OP 0x0c07
-#define FONTNAME_OP 0x0c26
-#define FULLNAME_OP 0x0002
-#define LOCAL_SUB_OP 0x0013
-#define NOMINALWIDTH_OP 0x0015
-#define NOTICE_OP 0x0001
-#define POSTSCRIPT_OP 0x0c15
-#define PRIVATE_OP 0x0012
-#define ROS_OP 0x0c1e
-#define UNIQUEID_OP 0x000d
-#define VERSION_OP 0x0000
-#define WEIGHT_OP 0x0004
-#define XUID_OP 0x000e
+#define BASEFONTNAME_OP 0x0c16
+#define CIDCOUNT_OP 0x0c22
+#define CHARSET_OP 0x000f
+#define CHARSTRINGS_OP 0x0011
+#define COPYRIGHT_OP 0x0c00
+#define DEFAULTWIDTH_OP 0x0014
+#define ENCODING_OP 0x0010
+#define FAMILYNAME_OP 0x0003
+#define FDARRAY_OP 0x0c24
+#define FDSELECT_OP 0x0c25
+#define FONTBBOX_OP 0x0005
+#define FONTMATRIX_OP 0x0c07
+#define FONTNAME_OP 0x0c26
+#define FULLNAME_OP 0x0002
+#define LOCAL_SUB_OP 0x0013
+#define NOMINALWIDTH_OP 0x0015
+#define NOTICE_OP 0x0001
+#define POSTSCRIPT_OP 0x0c15
+#define PRIVATE_OP 0x0012
+#define ROS_OP 0x0c1e
+#define UNIQUEID_OP 0x000d
+#define VERSION_OP 0x0000
+#define WEIGHT_OP 0x0004
+#define XUID_OP 0x000e
+#define BLUEVALUES_OP 0x0006
+#define OTHERBLUES_OP 0x0007
+#define FAMILYBLUES_OP 0x0008
+#define FAMILYOTHERBLUES_OP 0x0009
+#define STEMSNAPH_OP 0x0c0c
+#define STEMSNAPV_OP 0x0c0d
#define NUM_STD_STRINGS 391
@@ -615,13 +621,27 @@ cff_dict_create_operator (int operator,
return _cairo_error (CAIRO_STATUS_NO_MEMORY);
_cairo_dict_init_key (op, operator);
- op->operand = _cairo_malloc (size);
- if (unlikely (op->operand == NULL)) {
- free (op);
- return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ if (size != 0) {
+ op->operand = _cairo_malloc (size);
+ if (unlikely (op->operand == NULL)) {
+ free (op);
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ }
+ memcpy (op->operand, operand, size);
+ } else {
+ op->operand = NULL;
+ /* Delta-encoded arrays can be empty. */
+ if (operator != BLUEVALUES_OP &&
+ operator != OTHERBLUES_OP &&
+ operator != FAMILYBLUES_OP &&
+ operator != FAMILYOTHERBLUES_OP &&
+ operator != STEMSNAPH_OP &&
+ operator != STEMSNAPV_OP) {
+ free (op);
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ }
}
- memcpy (op->operand, operand, size);
op->operand_length = size;
op->operand_offset = -1;
--
2.26.0

14
CVE-2019-6461.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
index 390397bae..1bde774a4 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
if (cairo_status (cr))
return;
- assert (angle_max >= angle_min);
+ if (angle_max < angle_min)
+ return;
if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
angle_max = fmod (angle_max - angle_min, 2 * M_PI);

13
CVE-2019-6462.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
index 390397bae..f9249dbeb 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
do {
angle = M_PI / i++;
error = _arc_error_normalized (angle);
- } while (error > tolerance);
+ } while (error > tolerance && error > __DBL_EPSILON__);
return angle;
}

51
backport-CVE-2020-35492.patch Normal file
View File

@ -0,0 +1,51 @@
From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
From: Heiko Lewin <heiko.lewin@worldiety.de>
Date: Tue, 15 Dec 2020 16:48:19 +0100
Subject: [PATCH] Fix mask usage in image-compositor
Conflict:NA
Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be
---
src/cairo-image-compositor.c | 8 ++--
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
index 79ad69f68..4f8aaed99 100644
--- a/src/cairo-image-compositor.c
+++ b/src/cairo-image-compositor.c
@@ -2610,14 +2610,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
unsigned num_spans)
{
cairo_image_span_renderer_t *r = abstract_renderer;
- uint8_t *m;
+ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
int x0;
if (num_spans == 0)
return CAIRO_STATUS_SUCCESS;
x0 = spans[0].x;
- m = r->_buf;
+ m = base;
do {
int len = spans[1].x - spans[0].x;
if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
spans[0].x, y,
spans[1].x - spans[0].x, h);
- m = r->_buf;
+ m = base;
x0 = spans[1].x;
} else if (spans[0].coverage == 0x0) {
if (spans[0].x != x0) {
@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
#endif
}
- m = r->_buf;
+ m = base;
x0 = spans[1].x;
} else {
*m++ = spans[0].coverage;

BIN
cairo-1.15.14.tar.xz → cairo-1.16.0.tar.xz
View File

Binary file not shown.

35
cairo.spec
View File

@ -1,13 +1,23 @@
%global cairogl --disable-gl
Name: cairo
Version: 1.15.14
Version: 1.16.0
Release: 4
Summary: A 2D graphics library
License: LGPLv2 or MPLv1.1
URL: http://cairographics.org
Source0: http://cairographics.org/snapshots/%{name}-%{version}.tar.xz
Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz
Patch0001: 0001-Set-default-LCD-filter-to-FreeType-s-default.patch
Patch0002: 0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
Patch0003: 0003-cairo-composite_color_glyphs.patch
Patch0004: 0004-cff-Allow-empty-array-of-operands-for-certain-operat.patch
Patch0005: CVE-2019-6461.patch
Patch0006: CVE-2019-6462.patch
Patch6001: backport-CVE-2020-35492.patch
BuildRequires: gcc
BuildRequires: pkgconfig glib2-devel librsvg2-devel
BuildRequires: libXrender-devel libX11-devel libpng-devel libxml2-devel
BuildRequires: pixman-devel >= 0.30.0
@ -76,6 +86,27 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
%{_bindir}/cairo-trace
%changelog
* Tue Jun 1 2021 liuyumeng <liuyumeng5@huawei.com> - 1.16.0-4
- Add a BuildRequires for gcc
* Thu Apr 15 2021 wangkerong <wangkerong@huawei.com> - 1.16.0-3
- Type:cve
- ID:CVE-2020-35492
- SUG:NA
- DESC: fix CVE-2020-35492
* Thu Oct 15 2020 yanglu <yanglu60@huawei.com> - 1.16.0-2
- remove cairo-1.15.14.tar.xz CVE-2018-19876
* Wed Oct 14 2020 yanglu <yanglu60@huawei.com> - 1.16.0-1
- Version upgrade
* Fri Sep 18 2020 yanglu <yanglu60@huawei.com> - 1.15.14-5
- Type:cves
- ID:CVE-2018-19876 CVE-2019-6461 CVE-2019-6462
- SUG:NA
- DESC: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462
* Tue Aug 18 2020 chenyaqiang <chenyaqiang@huawei.com> - 1.15.14-4
- rebuild for package build