Commit 608f65b2 authored by Leonardo Arena's avatar Leonardo Arena

main/cairo: security fix (CVE-2018-19876)

Fixes #9748
parent 69b77bf7
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cairo
pkgver=1.16.0
pkgrel=0
pkgrel=1
pkgdesc="A vector graphics library"
url="https://cairographics.org/"
arch="all"
......@@ -14,9 +14,14 @@ makedepends="$depends_dev zlib-dev expat-dev glib-dev libpng-dev autoconf automa
subpackages="$pkgname-dev $pkgname-doc $pkgname-gobject $pkgname-tools $pkgname-dbg"
source="https://cairographics.org/releases/cairo-$pkgver.tar.xz
musl-stacksize.patch
CVE-2018-19876.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 1.16.0-r1:
# - CVE-2018-19876
build() {
cd "$builddir"
./configure \
......@@ -62,4 +67,5 @@ tools() {
}
sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz
86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch"
86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch
8f13cdcae0f134e04778cf5915f858fb8d5357a7e0a454791c93d1566935b985ec66dfe1683cd0b74a1cb44a130923d7a27cf006f3fc70b9bee93abd58a55aa3 CVE-2018-19876.patch"
From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 19 Nov 2018 12:33:07 +0100
Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
cairo_ft_apply_variations
Fixes a crash when using freetype >= 2.9
---
src/cairo-ft-font.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index 325dd61b4..981973f78 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -2393,7 +2393,11 @@ skip:
done:
free (coords);
free (current_coords);
+#if HAVE_FT_DONE_MM_VAR
+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
+#else
free (ft_mm_var);
+#endif
}
}
--
2.18.1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment