From 082f0089f6daa1c3026d565877ffbee51aa3afac Mon Sep 17 00:00:00 2001 From: jinzhimin369 Date: Thu, 17 Sep 2020 18:00:32 +0800 Subject: [PATCH] fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462 --- CVE-2018-19876.patch | 30 ++++++++++++++++++++++++++++++ CVE-2019-6461.patch | 14 ++++++++++++++ CVE-2019-6462.patch | 13 +++++++++++++ cairo.spec | 12 +++++++++++- 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 CVE-2018-19876.patch create mode 100644 CVE-2019-6461.patch create mode 100644 CVE-2019-6462.patch diff --git a/CVE-2018-19876.patch b/CVE-2018-19876.patch new file mode 100644 index 0000000..484a07c --- /dev/null +++ b/CVE-2018-19876.patch @@ -0,0 +1,30 @@ +From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 +From: Carlos Garcia Campos +Date: Thu, 17 Sep 2020 15:55:42 -0400 +Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61..b63258d 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + +-- +2.23.0 + diff --git a/CVE-2019-6461.patch b/CVE-2019-6461.patch new file mode 100644 index 0000000..976d307 --- /dev/null +++ b/CVE-2019-6461.patch @@ -0,0 +1,14 @@ +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index 390397bae..1bde774a4 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, + if (cairo_status (cr)) + return; + +- assert (angle_max >= angle_min); ++ if (angle_max < angle_min) ++ return; + + if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { + angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/CVE-2019-6462.patch b/CVE-2019-6462.patch new file mode 100644 index 0000000..8d82d14 --- /dev/null +++ b/CVE-2019-6462.patch @@ -0,0 +1,13 @@ +diff --git a/src/cairo-arc.c b/src/cairo-arc.c +index 390397bae..f9249dbeb 100644 +--- a/src/cairo-arc.c ++++ b/src/cairo-arc.c +@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) + do { + angle = M_PI / i++; + error = _arc_error_normalized (angle); +- } while (error > tolerance); ++ } while (error > tolerance && error > __DBL_EPSILON__); + + return angle; + } diff --git a/cairo.spec b/cairo.spec index 45216bf..a77d2f8 100644 --- a/cairo.spec +++ b/cairo.spec @@ -2,12 +2,16 @@ Name: cairo Version: 1.15.14 -Release: 4 +Release: 5 Summary: A 2D graphics library License: LGPLv2 or MPLv1.1 URL: http://cairographics.org Source0: http://cairographics.org/snapshots/%{name}-%{version}.tar.xz +Patch1: CVE-2018-19876.patch +Patch2: CVE-2019-6461.patch +Patch3: CVE-2019-6462.patch + BuildRequires: pkgconfig glib2-devel librsvg2-devel BuildRequires: libXrender-devel libX11-devel libpng-devel libxml2-devel BuildRequires: pixman-devel >= 0.30.0 @@ -76,6 +80,12 @@ find $RPM_BUILD_ROOT -name '*.la' -delete %{_bindir}/cairo-trace %changelog +* Fri Sep 18 2020 yanglu - 1.15.14-5 +- Type:cves +- ID:CVE-2018-19876 CVE-2019-6461 CVE-2019-6462 +- SUG:NA +- DESC: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462 + * Tue Aug 18 2020 chenyaqiang - 1.15.14-4 - rebuild for package build -- Gitee