pool/cairo
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 618162 from home:zhengqiang:branches:GNOME:Factory

Browse Source 
- Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc
  and check cmap size before allocating (boo#1049092,
  CVE-2017-9814, fdo#101547).

OBS-URL: https://build.opensuse.org/request/show/618162
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/cairo?expand=0&rev=141
This commit is contained in:
Luciano Santos 2018-06-21 04:08:19 +00:00 committed by Git OBS Bridge
parent 888239feb2
commit a2a01827dc
3 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
replace-malloc-with-cairo-malloc.patch → cairo-CVE-2017-9814.patch
View File

@ -1,3 +1,17 @@
From 199823938780c8e50099b627d3e9137acba7a263 Mon Sep 17 00:00:00 2001
From: Adrian Johnson <ajohnson@redneon.com>
Date: Sat, 8 Jul 2017 09:28:03 +0930
Subject: [PATCH] Use _cairo_malloc instead of malloc
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
---
diff --git a/boilerplate/cairo-boilerplate-cogl.c b/boilerplate/cairo-boilerplate-cogl.c
index e39ad33..f653109 100644
--- a/boilerplate/cairo-boilerplate-cogl.c

6
cairo.changes
View File

@ -1,9 +1,9 @@
-------------------------------------------------------------------
Wed Jun 20 06:26:30 UTC 2018 - qzheng@suse.com
- Add replace-malloc-with-cairo-malloc.patch:
replace malloc with _cairo_malloc and check cmap size before
allocating (boo#1049092, CVE-2017-9814).
- Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc
and check cmap size before allocating (boo#1049092,
CVE-2017-9814, fdo#101547).
-------------------------------------------------------------------
Tue Apr 24 21:00:53 UTC 2018 - bjorn.lie@gmail.com

4
cairo.spec
View File

@ -33,8 +33,8 @@ Patch0: cairo-xlib-endianness.patch
Patch1: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
# PATCH-FIX-UPSTREAM cairo-fix-assertion-failure-in-freetype-backend.patch fdo#105746 -- Fix assertion failure in the freetype backend
Patch2: cairo-fix-assertion-failure-in-freetype-backend.patch
# PATCH-FIX-UPSTREAM replace-malloc-with-cairo-malloc.patch qzheng@suse.com -- replace malloc with _cairo_malloc and check cmap size before allocating.
Patch3: replace-malloc-with-cairo-malloc.patch
# PATCH-FIX-UPSTREAM cairo-CVE-2017-9814.patch boo#1049092 CVE-2017-9814 fdo#101547 qzheng@suse.com -- Replace malloc with _cairo_malloc and check cmap size before allocating.
Patch3: cairo-CVE-2017-9814.patch
BuildRequires: gtk-doc
BuildRequires: pkgconfig
BuildRequires: pkgconfig(fontconfig)