Date: Thursday, February 14, 2019 @ 08:59:57 Author: lcarlier Revision: 432175
upgpkg: lib32-cairo 1.16.0-2 fix CVE-2018-19876 Added: lib32-cairo/trunk/0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch Modified: lib32-cairo/trunk/PKGBUILD -----------------------------------------------------------------+ 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch | 32 ++++++++++ PKGBUILD | 11 ++- 2 files changed, 40 insertions(+), 3 deletions(-) Added: 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch =================================================================== --- 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch (rev 0) +++ 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch 2019-02-14 08:59:57 UTC (rev 432175) @@ -0,0 +1,32 @@ +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos <cgar...@igalia.com> +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 + +Signed-off-by: Laurent Carlier <lordhea...@gmail.com> +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61b4..981973f78 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + +-- +2.20.1 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-02-14 07:43:45 UTC (rev 432174) +++ PKGBUILD 2019-02-14 08:59:57 UTC (rev 432175) @@ -2,7 +2,7 @@ pkgname=lib32-cairo pkgver=1.16.0 -pkgrel=1 +pkgrel=2 pkgdesc="2D graphics library with support for multiple output devices (32-bit)" url="https://cairographics.org/" arch=(x86_64) @@ -12,8 +12,10 @@ makedepends=(lib32-librsvg lib32-gtk2 gtk-doc valgrind git) checkdepends=(ttf-dejavu gsfonts) _commit=3ad43122b21a3299dd729dc8462d6b8f7f01142d # tags/1.16.0^0 -source=("git+https://gitlab.freedesktop.org/cairo/cairo.git#commit=$_commit") -sha1sums=('SKIP') +source=("git+https://gitlab.freedesktop.org/cairo/cairo.git#commit=$_commit" + 0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch) +sha1sums=('SKIP' + '9850a5b06e300055676ad1f5dfa90ecba0fe623c') pkgver() { cd cairo @@ -23,6 +25,9 @@ prepare() { cd cairo + # CVE-2018-19876 + patch -Np1 -i ../0001-ft-Use-FT_Done_MM_Var-instead-of-free-when-available.patch + # Update gtk-doc cp /usr/share/aclocal/gtk-doc.m4 build/aclocal.gtk-doc.m4 cp /usr/share/gtk-doc/data/gtk-doc.make build/Makefile.am.gtk-doc