Hello community, here is the log from the commit of package cairo for openSUSE:Factory checked in at 2017-09-13 21:40:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cairo (Old) and /work/SRC/openSUSE:Factory/.cairo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cairo" Wed Sep 13 21:40:35 2017 rev:79 rq:520690 version:1.15.8 Changes: -------- --- /work/SRC/openSUSE:Factory/cairo/cairo.changes 2017-06-28 10:32:20.876808694 +0200 +++ /work/SRC/openSUSE:Factory/.cairo.new/cairo.changes 2017-09-13 21:40:51.521354392 +0200 @@ -1,0 +2,30 @@ +Wed Aug 30 14:35:46 UTC 2017 - [email protected] + +- Update to version 1.15.8: + + This small snapshot provides new colored emoji glyph support, + and a handful of minor fixes. For a complete log of changes, + please see + http://cairographics.org/releases/ChangeLog.1.15.8 + + Features and Enhancements: Support colored emoji glyphs, stored + as PNG images in OpenType fonts. + + Bug Fixes: + - pdf: + . Fix internal links pointing to other pages, by + pre-calculating page heights so that link positions can be + calculated more accurately. + . Don't emit /PageLabel dict when no labels defined. + - image: Fix crash on negative lengths. + - win32: Fix initialization of mutexes for static builds. + - font: + . Fix color font loading on big-endian systems. + . Fix color font support infinite-loop with empty glyphs. + - Fix off by one check in cairo-image-info.c. +- Drop cairo-fix-off-by-one-check.patch: Fixed upstream. +- Run spec-cleaner, modernize spec. +- Rename 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch + to cairo-image-prevent-invalid-ptr-access.patch. +- Pass enable-gtk-doc instead of disable-gtk-doc to configure, we + already have the gtk-doc BuildRequires in place so I can only + assume that this was an honest error. + +------------------------------------------------------------------- Old: ---- 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch cairo-1.15.6.tar.xz cairo-fix-off-by-one-check.patch New: ---- cairo-1.15.8.tar.xz cairo-image-prevent-invalid-ptr-access.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cairo.spec ++++++ --- /var/tmp/diff_new_pack.cYQUVv/_old 2017-09-13 21:40:52.941154624 +0200 +++ /var/tmp/diff_new_pack.cYQUVv/_new 2017-09-13 21:40:52.941154624 +0200 @@ -19,10 +19,10 @@ %define build_xcb_backend 1 %define build_gl_backend 1 Name: cairo -Version: 1.15.6 +Version: 1.15.8 Release: 0 Summary: Vector Graphics Library with Cross-Device Output Support -License: LGPL-2.1+ or MPL-1.1 +License: LGPL-2.1+ OR MPL-1.1 Group: Development/Libraries/C and C++ Url: http://cairographics.org/ Source: http://cairographics.org/snapshots/%{name}-%{version}.tar.xz @@ -31,12 +31,10 @@ Patch0: cairo-xlib-endianness.patch # PATCH-FIX-UPSTREAM cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff [email protected] -- Fix segfault in get_bitmap_surface Patch1: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff -# PATCH-FIX-UPSTREAM cairo-fix-off-by-one-check.patch fdo#101427 [email protected] -- Fix off by one check in cairo-image-info.c -Patch2: cairo-fix-off-by-one-check.patch -# PATCH-FIX-UPSTREAM 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch bsc#1007255 fdo#98165 CVE-2016-9082 [email protected] -- Fix segfault when using >4GB images -Patch3: 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch +# PATCH-FIX-UPSTREAM cairo-image-prevent-invalid-ptr-access.patch bsc#1007255 fdo#98165 CVE-2016-9082 [email protected] -- Fix segfault when using >4GB images +Patch2: cairo-image-prevent-invalid-ptr-access.patch BuildRequires: gtk-doc -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: pkgconfig(fontconfig) BuildRequires: pkgconfig(freetype2) BuildRequires: pkgconfig(gobject-2.0) @@ -45,7 +43,6 @@ BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) BuildRequires: pkgconfig(xrender) -BuildRoot: %{_tmppath}/%{name}-%{version}-build # These libraries are needed only for tests. # Do not enable tests in build systems, it causes build loop! #BuildRequires: librsvg-devel poppler-devel @@ -66,7 +63,7 @@ %package -n libcairo2 Summary: Vector Graphics Library with Cross-Device Output Support -License: LGPL-2.1+ or MPL-1.1 +License: LGPL-2.1+ OR MPL-1.1 Group: System/Libraries Provides: cairo = %{version} Obsoletes: cairo < %{version} @@ -80,7 +77,7 @@ %package -n libcairo-gobject2 Summary: Vector Graphics Library with Cross-Device Output Support -License: LGPL-2.1+ or MPL-1.1 +License: LGPL-2.1+ OR MPL-1.1 Group: System/Libraries %description -n libcairo-gobject2 @@ -95,7 +92,7 @@ %package -n libcairo-script-interpreter2 Summary: Vector Graphics Library with Cross-Device Output Support -License: LGPL-2.1+ or MPL-1.1 +License: LGPL-2.1+ OR MPL-1.1 Group: System/Libraries %description -n libcairo-script-interpreter2 @@ -126,7 +123,7 @@ %package devel Summary: Development environment for cairo -License: LGPL-2.1+ or MPL-1.1 +License: LGPL-2.1+ OR MPL-1.1 Group: Development/Libraries/X11 Requires: libcairo-gobject2 = %{version} Requires: libcairo-script-interpreter2 = %{version} @@ -143,7 +140,6 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 %build %configure \ @@ -161,42 +157,33 @@ --enable-xcb \ %endif --enable-xlib \ - --disable-gtk-doc \ + --enable-gtk-doc \ --disable-static make %{?_smp_mflags} V=1 %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install find %{buildroot} -type f -name "*.la" -delete -print %post -n libcairo2 -p /sbin/ldconfig - %postun -n libcairo2 -p /sbin/ldconfig - %post -n libcairo-gobject2 -p /sbin/ldconfig - %postun -n libcairo-gobject2 -p /sbin/ldconfig - %post -n libcairo-script-interpreter2 -p /sbin/ldconfig - %postun -n libcairo-script-interpreter2 -p /sbin/ldconfig %files -n libcairo2 -%defattr(-, root, root) -%doc AUTHORS COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1 ChangeLog NEWS README +%license COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1 %{_libdir}/libcairo.so.* %files -n libcairo-gobject2 -%defattr(-, root, root) %{_libdir}/libcairo-gobject.so.2* %files -n libcairo-script-interpreter2 -%defattr(-, root, root) %doc util/cairo-script/COPYING %{_libdir}/libcairo-script-interpreter.so.* %files tools -%defattr(-, root, root) %doc util/cairo-trace/COPYING util/cairo-trace/COPYING-GPL-3 %{_bindir}/cairo-sphinx %{_bindir}/cairo-trace @@ -206,8 +193,7 @@ %{_libdir}/cairo/libcairo-trace.so %files devel -%defattr(-, root, root) -%doc PORTING_GUIDE +%doc AUTHORS ChangeLog NEWS PORTING_GUIDE README %doc %{_datadir}/gtk-doc/html/cairo %{_includedir}/cairo/ %{_libdir}/*.so ++++++ cairo-1.15.6.tar.xz -> cairo-1.15.8.tar.xz ++++++ /work/SRC/openSUSE:Factory/cairo/cairo-1.15.6.tar.xz /work/SRC/openSUSE:Factory/.cairo.new/cairo-1.15.8.tar.xz differ: char 27, line 1 ++++++ cairo-image-prevent-invalid-ptr-access.patch ++++++ >From c812d1c1935cccf096a60ad904e640fdc83bd41c Mon Sep 17 00:00:00 2001 From: Adrian Johnson <[email protected]> Date: Thu, 20 Oct 2016 21:12:30 +1030 Subject: [PATCH] image: prevent invalid ptr access for > 4GB images Image data is often accessed using: image->data + y * image->stride On 64-bit achitectures if the image data is > 4GB, this computation will overflow since both y and stride are 32-bit types. https://bugs.freedesktop.org/show_bug.cgi?id=98165 --- boilerplate/cairo-boilerplate.c | 4 +++- src/cairo-image-compositor.c | 4 ++-- src/cairo-image-surface-private.h | 2 +- src/cairo-mesh-pattern-rasterizer.c | 2 +- src/cairo-png.c | 2 +- src/cairo-script-surface.c | 3 ++- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c index 7fdbf79..4804dea 100644 --- a/boilerplate/cairo-boilerplate.c +++ b/boilerplate/cairo-boilerplate.c @@ -42,6 +42,7 @@ #undef CAIRO_VERSION_H #include "../cairo-version.h" +#include <stddef.h> #include <stdlib.h> #include <ctype.h> #include <assert.h> @@ -976,7 +977,8 @@ cairo_surface_t * cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file) { char format; - int width, height, stride; + int width, height; + ptrdiff_t stride; int x, y; unsigned char *data; cairo_surface_t *image = NULL; diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c index 48072f8..3ca0006 100644 --- a/src/cairo-image-compositor.c +++ b/src/cairo-image-compositor.c @@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer { pixman_image_t *src, *mask; union { struct fill { - int stride; + ptrdiff_t stride; uint8_t *data; uint32_t pixel; } fill; @@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer { struct finish { cairo_rectangle_int_t extents; int src_x, src_y; - int stride; + ptrdiff_t stride; uint8_t *data; } mask; } u; diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h index 8ca694c..7e78d61 100644 --- a/src/cairo-image-surface-private.h +++ b/src/cairo-image-surface-private.h @@ -71,7 +71,7 @@ struct _cairo_image_surface { int width; int height; - int stride; + ptrdiff_t stride; int depth; unsigned owns_data : 1; diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c index 1b63ca8..e7f0db6 100644 --- a/src/cairo-mesh-pattern-rasterizer.c +++ b/src/cairo-mesh-pattern-rasterizer.c @@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride, tg += tg >> 16; tb += tb >> 16; - *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) | + *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) | ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24); } } diff --git a/src/cairo-png.c b/src/cairo-png.c index 562b743..aa8c227 100644 --- a/src/cairo-png.c +++ b/src/cairo-png.c @@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure) } for (i = 0; i < png_height; i++) - row_pointers[i] = &data[i * stride]; + row_pointers[i] = &data[i * (ptrdiff_t)stride]; png_read_image (png, row_pointers); png_read_end (png, info); diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c index ea0117d..91e4baa 100644 --- a/src/cairo-script-surface.c +++ b/src/cairo-script-surface.c @@ -1202,7 +1202,8 @@ static cairo_status_t _write_image_surface (cairo_output_stream_t *output, const cairo_image_surface_t *image) { - int stride, row, width; + int row, width; + ptrdiff_t stride; uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE]; uint8_t *rowdata; uint8_t *data; -- 2.1.4
