Accepting request 501744 from GNOME:Factory

1 OBS-URL: https://build.opensuse.org/request/show/501744 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cairo?expand=0&rev=76
2017-06-12 13:08:16 +00:00 · 2017-06-12 13:08:16 +00:00 · f63bbcd76c
commit f63bbcd76c
parent 9ccd396fa5 733e01cc36
3 changed files with 24 additions and 1 deletions
--- a/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
+++ b/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
@ -0,0 +1,13 @@
+Index: cairo-1.15.4/src/cairo-ft-font.c
+===================================================================
+--- cairo-1.15.4.orig/src/cairo-ft-font.c
+++ cairo-1.15.4/src/cairo-ft-font.c
+@@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap		     *bi
+     width = bitmap->width;
+     height = bitmap->rows;
+ 
+-    if (width == 0 || height == 0) {
+    if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ 	*surface = (cairo_image_surface_t *)
+ 	    cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ 	return (*surface)->base.status;
--- a/cairo.changes
+++ b/cairo.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jun  7 10:06:55 UTC 2017 - alarrosa@suse.com
+
+- Add cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff to
+  fix a segfault in get_bitmap_surface due to malformed font
+  (bsc#1036789, fdo#100763, CVE-2017-7475).
+
 -------------------------------------------------------------------
 Wed Mar  8 19:41:41 UTC 2017 - zaitor@opensuse.org

--- a/cairo.spec
+++ b/cairo.spec
@ -31,6 +31,8 @@ Source99:       baselibs.conf
 Patch0:         cairo-xlib-endianness.patch
 # PATCH-FIX-UPSTREAM cairo-pdf-fixes.patch fdo#99630 zaitor@opensuse.org -- Three minor pdf fixes from upstream git.
 Patch1:         cairo-pdf-fixes.patch
+# PATCH-FIX-UPSTREAM cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff alarrosa@suse.com -- Fix segfault in get_bitmap_surface
+Patch2:         cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
 BuildRequires:  gtk-doc
 BuildRequires:  pkg-config
 BuildRequires:  pkgconfig(fontconfig)
@ -103,9 +105,9 @@ hardware acceleration when available.

 %package tools
 Summary:        Utilities for cairo, a Vector Graphics Library with Cross-Device Output Support
-# We need an explicit requires since nothing links to the cairo library
 License:        GPL-3.0+
 Group:          Development/Libraries/X11
+# We need an explicit requires since nothing links to the cairo library
 Requires:       libcairo2 = %{version}
 # Named changed during  development of 11.4
 Provides:       %{name}-utils = %{version}
@ -138,6 +140,7 @@ cairo.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %build
 %configure \