From a2a01827dc0ac3b851a265505f6b7184c6388dcd5fe95ddb18e9bcbf8838e8f4 Mon Sep 17 00:00:00 2001 From: Luciano Santos Date: Thu, 21 Jun 2018 04:08:19 +0000 Subject: [PATCH] Accepting request 618162 from home:zhengqiang:branches:GNOME:Factory - Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (boo#1049092, CVE-2017-9814, fdo#101547). OBS-URL: https://build.opensuse.org/request/show/618162 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/cairo?expand=0&rev=141 --- ...cairo-malloc.patch => cairo-CVE-2017-9814.patch | 14 ++++++++++++++ cairo.changes | 6 +++--- cairo.spec | 4 ++-- 3 files changed, 19 insertions(+), 5 deletions(-) rename replace-malloc-with-cairo-malloc.patch => cairo-CVE-2017-9814.patch (99%) diff --git a/replace-malloc-with-cairo-malloc.patch b/cairo-CVE-2017-9814.patch similarity index 99% rename from replace-malloc-with-cairo-malloc.patch rename to cairo-CVE-2017-9814.patch index 95131ab..9a2b2b3 100644 --- a/replace-malloc-with-cairo-malloc.patch +++ b/cairo-CVE-2017-9814.patch @@ -1,3 +1,17 @@ +From 199823938780c8e50099b627d3e9137acba7a263 Mon Sep 17 00:00:00 2001 +From: Adrian Johnson +Date: Sat, 8 Jul 2017 09:28:03 +0930 +Subject: [PATCH] Use _cairo_malloc instead of malloc + +_cairo_malloc(0) always returns NULL, but has not been used +consistently. This patch replaces many calls to malloc() with +_cairo_malloc(). + +Fixes: fdo# 101547 +CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299 +Reviewed-by: Bryce Harrington +--- + diff --git a/boilerplate/cairo-boilerplate-cogl.c b/boilerplate/cairo-boilerplate-cogl.c index e39ad33..f653109 100644 --- a/boilerplate/cairo-boilerplate-cogl.c diff --git a/cairo.changes b/cairo.changes index 1939b21..6f6cacf 100644 --- a/cairo.changes +++ b/cairo.changes @@ -1,9 +1,9 @@ ------------------------------------------------------------------- Wed Jun 20 06:26:30 UTC 2018 - qzheng@suse.com -- Add replace-malloc-with-cairo-malloc.patch: - replace malloc with _cairo_malloc and check cmap size before - allocating (boo#1049092, CVE-2017-9814). +- Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc + and check cmap size before allocating (boo#1049092, + CVE-2017-9814, fdo#101547). ------------------------------------------------------------------- Tue Apr 24 21:00:53 UTC 2018 - bjorn.lie@gmail.com diff --git a/cairo.spec b/cairo.spec index f751218..72b2ddd 100644 --- a/cairo.spec +++ b/cairo.spec @@ -33,8 +33,8 @@ Patch0: cairo-xlib-endianness.patch Patch1: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff # PATCH-FIX-UPSTREAM cairo-fix-assertion-failure-in-freetype-backend.patch fdo#105746 -- Fix assertion failure in the freetype backend Patch2: cairo-fix-assertion-failure-in-freetype-backend.patch -# PATCH-FIX-UPSTREAM replace-malloc-with-cairo-malloc.patch qzheng@suse.com -- replace malloc with _cairo_malloc and check cmap size before allocating. -Patch3: replace-malloc-with-cairo-malloc.patch +# PATCH-FIX-UPSTREAM cairo-CVE-2017-9814.patch boo#1049092 CVE-2017-9814 fdo#101547 qzheng@suse.com -- Replace malloc with _cairo_malloc and check cmap size before allocating. +Patch3: cairo-CVE-2017-9814.patch BuildRequires: gtk-doc BuildRequires: pkgconfig BuildRequires: pkgconfig(fontconfig)