Hello community, here is the log from the commit of package cairo for openSUSE:Factory checked in at 2017-06-12 15:08:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cairo (Old) and /work/SRC/openSUSE:Factory/.cairo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cairo" Mon Jun 12 15:08:16 2017 rev:76 rq:501744 version:1.15.4 Changes: -------- --- /work/SRC/openSUSE:Factory/cairo/cairo.changes 2017-03-22 23:05:27.404790348 +0100 +++ /work/SRC/openSUSE:Factory/.cairo.new/cairo.changes 2017-06-12 15:08:17.960661542 +0200 @@ -1,0 +2,7 @@ +Wed Jun 7 10:06:55 UTC 2017 - [email protected] + +- Add cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff to + fix a segfault in get_bitmap_surface due to malformed font + (bsc#1036789, fdo#100763, CVE-2017-7475). + +------------------------------------------------------------------- New: ---- cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cairo.spec ++++++ --- /var/tmp/diff_new_pack.l9IP08/_old 2017-06-12 15:08:19.252479180 +0200 +++ /var/tmp/diff_new_pack.l9IP08/_new 2017-06-12 15:08:19.252479180 +0200 @@ -31,6 +31,8 @@ Patch0: cairo-xlib-endianness.patch # PATCH-FIX-UPSTREAM cairo-pdf-fixes.patch fdo#99630 [email protected] -- Three minor pdf fixes from upstream git. Patch1: cairo-pdf-fixes.patch +# PATCH-FIX-UPSTREAM cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff [email protected] -- Fix segfault in get_bitmap_surface +Patch2: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff BuildRequires: gtk-doc BuildRequires: pkg-config BuildRequires: pkgconfig(fontconfig) @@ -103,9 +105,9 @@ %package tools Summary: Utilities for cairo, a Vector Graphics Library with Cross-Device Output Support -# We need an explicit requires since nothing links to the cairo library License: GPL-3.0+ Group: Development/Libraries/X11 +# We need an explicit requires since nothing links to the cairo library Requires: libcairo2 = %{version} # Named changed during development of 11.4 Provides: %{name}-utils = %{version} @@ -138,6 +140,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %configure \ ++++++ cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff ++++++ Index: cairo-1.15.4/src/cairo-ft-font.c =================================================================== --- cairo-1.15.4.orig/src/cairo-ft-font.c +++ cairo-1.15.4/src/cairo-ft-font.c @@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap *bi width = bitmap->width; height = bitmap->rows; - if (width == 0 || height == 0) { + if (width == 0 || height == 0 || bitmap->buffer == NULL) { *surface = (cairo_image_surface_t *) cairo_image_surface_create_for_data (NULL, format, 0, 0, 0); return (*surface)->base.status;
