ports/compat-32 (3.4): [notify] cairo-32: updated to 1.15.14. Fix for CVE-2017-9814

crux at crux.nu crux at crux.nu
Sun Oct 7 04:17:23 UTC 2018


commit d8075839a1bf72302def3f65d4c6c67aa05fee39
Author: Danny Rawlins <monster.romster at gmail.com>
Date:   Sun Oct 7 14:54:02 2018 +1100

    [notify] cairo-32: updated to 1.15.14. Fix for CVE-2017-9814

diff --git a/cairo-32/.footprint b/cairo-32/.footprint
index 2dc8de3..805478d 100644
--- a/cairo-32/.footprint
+++ b/cairo-32/.footprint
@@ -12,19 +12,19 @@ drwxr-xr-x	root/root	usr/lib32/cairo/
 -rwxr-xr-x	root/root	usr/lib32/cairo/libcairo-trace.so
 -rw-r--r--	root/root	usr/lib32/libcairo-gobject.a
 -rwxr-xr-x	root/root	usr/lib32/libcairo-gobject.la
-lrwxrwxrwx	root/root	usr/lib32/libcairo-gobject.so -> libcairo-gobject.so.2.11512.0
-lrwxrwxrwx	root/root	usr/lib32/libcairo-gobject.so.2 -> libcairo-gobject.so.2.11512.0
--rwxr-xr-x	root/root	usr/lib32/libcairo-gobject.so.2.11512.0
+lrwxrwxrwx	root/root	usr/lib32/libcairo-gobject.so -> libcairo-gobject.so.2.11514.0
+lrwxrwxrwx	root/root	usr/lib32/libcairo-gobject.so.2 -> libcairo-gobject.so.2.11514.0
+-rwxr-xr-x	root/root	usr/lib32/libcairo-gobject.so.2.11514.0
 -rw-r--r--	root/root	usr/lib32/libcairo-script-interpreter.a
 -rwxr-xr-x	root/root	usr/lib32/libcairo-script-interpreter.la
-lrwxrwxrwx	root/root	usr/lib32/libcairo-script-interpreter.so -> libcairo-script-interpreter.so.2.11512.0
-lrwxrwxrwx	root/root	usr/lib32/libcairo-script-interpreter.so.2 -> libcairo-script-interpreter.so.2.11512.0
--rwxr-xr-x	root/root	usr/lib32/libcairo-script-interpreter.so.2.11512.0
+lrwxrwxrwx	root/root	usr/lib32/libcairo-script-interpreter.so -> libcairo-script-interpreter.so.2.11514.0
+lrwxrwxrwx	root/root	usr/lib32/libcairo-script-interpreter.so.2 -> libcairo-script-interpreter.so.2.11514.0
+-rwxr-xr-x	root/root	usr/lib32/libcairo-script-interpreter.so.2.11514.0
 -rw-r--r--	root/root	usr/lib32/libcairo.a
 -rwxr-xr-x	root/root	usr/lib32/libcairo.la
-lrwxrwxrwx	root/root	usr/lib32/libcairo.so -> libcairo.so.2.11512.0
-lrwxrwxrwx	root/root	usr/lib32/libcairo.so.2 -> libcairo.so.2.11512.0
--rwxr-xr-x	root/root	usr/lib32/libcairo.so.2.11512.0
+lrwxrwxrwx	root/root	usr/lib32/libcairo.so -> libcairo.so.2.11514.0
+lrwxrwxrwx	root/root	usr/lib32/libcairo.so.2 -> libcairo.so.2.11514.0
+-rwxr-xr-x	root/root	usr/lib32/libcairo.so.2.11514.0
 drwxr-xr-x	root/root	usr/lib32/pkgconfig/
 -rw-r--r--	root/root	usr/lib32/pkgconfig/cairo-fc.pc
 -rw-r--r--	root/root	usr/lib32/pkgconfig/cairo-ft.pc
diff --git a/cairo-32/.signature b/cairo-32/.signature
index 059c7a3..21f041d 100644
--- a/cairo-32/.signature
+++ b/cairo-32/.signature
@@ -1,5 +1,7 @@
 untrusted comment: verify with /etc/ports/compat-32.pub
-RWSwxGo/zH7eXQlAlqCZELnyY12yAwFz/iyIfBzWYCs0wSXMyd8D+jdp2hNtrktePsGAW4xvUGiId8m1Im+0UV9shhHuo9UEEA0=
-SHA256 (Pkgfile) = ea300be13efb04f7cc8de4b0d79b3e65bf10f8fff071e041bbd78622913c98b2
-SHA256 (.footprint) = e6a5f8f6beed07fdd7961c8a631d438b2290c3182a7820a09bf1445e3be44069
-SHA256 (cairo-1.15.12.tar.xz) = 7623081b94548a47ee6839a7312af34e9322997806948b6eec421a8c6d0594c9
+RWSwxGo/zH7eXUlrY+5CqmpGr8XHV91bJmGdFdGjK5Wxg7skZZKsX5U/+PjOpi+OKkcnmfuFj90b3gc3TdzKmwqtxJ4MS5Mbqg0=
+SHA256 (Pkgfile) = fcc3a2bf325ac7871bc4ccafa3f10f115035a9014e84d8061b862807f310b197
+SHA256 (.footprint) = 352459022f9aaba91ad8afc92559d8d09798221d1650193e02e2615ff02ea715
+SHA256 (cairo-1.15.14.tar.xz) = 16566b6c015a761bb0b7595cf879b77f8de85f90b443119083c4c2769b93298d
+SHA256 (cairo-xlib-endianness.patch) = 58d39311edee6d8ddf76deac1d2e3526b4c02d4aa1f35a6ca16ff50c8e65429f
+SHA256 (cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff) = 4c8b8095a41f244ddfbc9b24e2f73a6fd8d697f43903617e0519b95b27b30726
diff --git a/cairo-32/Pkgfile b/cairo-32/Pkgfile
index 4e0aef4..812311d 100644
--- a/cairo-32/Pkgfile
+++ b/cairo-32/Pkgfile
@@ -4,13 +4,18 @@
 # Depends on: cairo fontconfig-32 glib-32 xorg-libpixman-32 xorg-libxext-32 xorg-libxrender-32 xorg-xcb-util-32
 
 name=cairo-32
-version=1.15.12
+version=1.15.14
 release=1
-source=(https://cairographics.org/snapshots/${name%-*}-$version.tar.xz)
+source=(https://cairographics.org/snapshots/${name%-*}-$version.tar.xz
+	cairo-xlib-endianness.patch
+	cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff)
 
 build() {
 	cd ${name%-*}-$version
 
+	patch -p1 -i $SRC/cairo-xlib-endianness.patch
+	patch -p1 -i $SRC/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
+
 	./configure --prefix=/usr \
 		--libdir=/usr/lib32 \
 		--enable-xcb=yes \
diff --git a/cairo-32/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff b/cairo-32/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
new file mode 100644
index 0000000..29e2b5e
--- /dev/null
+++ b/cairo-32/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
@@ -0,0 +1,13 @@
+Index: cairo-1.15.4/src/cairo-ft-font.c
+===================================================================
+--- cairo-1.15.4.orig/src/cairo-ft-font.c
++++ cairo-1.15.4/src/cairo-ft-font.c
+@@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap		     *bi
+     width = bitmap->width;
+     height = bitmap->rows;
+ 
+-    if (width == 0 || height == 0) {
++    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ 	*surface = (cairo_image_surface_t *)
+ 	    cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ 	return (*surface)->base.status;
diff --git a/cairo-32/cairo-xlib-endianness.patch b/cairo-32/cairo-xlib-endianness.patch
new file mode 100644
index 0000000..68086d1
--- /dev/null
+++ b/cairo-32/cairo-xlib-endianness.patch
@@ -0,0 +1,15 @@
+--- cairo/src/cairo-xlib-render-compositor.c	2013-04-12 11:22:48.010384018 +0200
++++ cairo/src/cairo-xlib-render-compositor.c.new	2013-04-12 11:23:54.362925287 +0200
+@@ -1318,10 +1318,10 @@
+ 	    }
+ 	    n = new;
+ 	    d = (uint32_t *) data;
+-	    do {
++	    while (c--) {
+ 		*n++ = bswap_32 (*d);
+ 		d++;
+-	    } while (--c);
++	    }
+ 	    data = (uint8_t *) new;
+ 	}
+ 	break;


More information about the CRUX mailing list