diff --git a/CVE-2019-6461.patch b/CVE-2019-6461.patch deleted file mode 100644 index 976d307a9a390737c28e6644fb7ac9e3a4e39863..0000000000000000000000000000000000000000 --- a/CVE-2019-6461.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/src/cairo-arc.c b/src/cairo-arc.c -index 390397bae..1bde774a4 100644 ---- a/src/cairo-arc.c -+++ b/src/cairo-arc.c -@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr, - if (cairo_status (cr)) - return; - -- assert (angle_max >= angle_min); -+ if (angle_max < angle_min) -+ return; - - if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) { - angle_max = fmod (angle_max - angle_min, 2 * M_PI); diff --git a/backport-ft-Use-normal-font-size-when-detecting-the-format.patch b/backport-ft-Use-normal-font-size-when-detecting-the-format.patch deleted file mode 100644 index e1a060b21f6c2e48517762b6d01aebe0b93e7ca3..0000000000000000000000000000000000000000 --- a/backport-ft-Use-normal-font-size-when-detecting-the-format.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 2766d9feeccd5d66e346b0abab38726b8e0aa1e9 Mon Sep 17 00:00:00 2001 -From: Adrian Johnson -Date: Tue, 7 Mar 2023 19:40:21 +1030 -Subject: [PATCH] ft: Use normal font size when detecting the format - -The format may depend on the font size. - -Fixes #643 - -Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/2766d9feeccd5d66e346b0abab38726b8e0aa1e9 -Conflict:NA ---- - src/cairo-ft-font.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c -index 22a6a622b..89af6193d 100644 ---- a/src/cairo-ft-font.c -+++ b/src/cairo-ft-font.c -@@ -3314,11 +3314,13 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t *scaled_font, - if (scaled_font->unscaled->have_color && scaled_font->base.options.color_mode != CAIRO_COLOR_MODE_NO_COLOR) - color_flag = FT_LOAD_COLOR; - #endif -+ /* Ensure use_em_size = FALSE as the format (bitmap or outline) -+ * may change with the size. */ - status = _cairo_ft_scaled_glyph_load_glyph (scaled_font, - scaled_glyph, - face, - load_flags | color_flag, -- !hint_metrics, -+ FALSE, - vertical_layout); - if (unlikely (status)) - return status; -@@ -3344,6 +3346,18 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t *scaled_font, - glyph_priv->format = CAIRO_FT_GLYPH_TYPE_BITMAP; - } - -+ /* If hinting is off, load the glyph with font size set the the em size. */ -+ if (!hint_metrics) { -+ status = _cairo_ft_scaled_glyph_load_glyph (scaled_font, -+ scaled_glyph, -+ face, -+ load_flags | color_flag, -+ TRUE, -+ vertical_layout); -+ if (unlikely (status)) -+ return status; -+ } -+ - _cairo_ft_scaled_glyph_get_metrics (scaled_font, - face, - vertical_layout, -@@ -3369,6 +3383,7 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t *scaled_font, - } - - if (glyph_priv->format == CAIRO_FT_GLYPH_TYPE_COLR_V1) { -+ /* Restore font size if previously loaded at em_size. */ - if (!hint_metrics) { - status = _cairo_ft_scaled_glyph_load_glyph (scaled_font, - scaled_glyph, --- -GitLab \ No newline at end of file diff --git a/backport-tee-Fix-cairo-wrapper-functions.patch b/backport-tee-Fix-cairo-wrapper-functions.patch deleted file mode 100644 index ebda282be0a87f615faade62ec47ef07f6c0ee41..0000000000000000000000000000000000000000 --- a/backport-tee-Fix-cairo-wrapper-functions.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 5e42a5277eddafd312a73e355d7775a4401dae4e Mon Sep 17 00:00:00 2001 -From: Emmanuele Bassi -Date: Fri, 3 Feb 2023 15:40:12 +0100 -Subject: [PATCH] tee: Fix cairo wrapper functions - -Follow-up to !391 to apply the same changes to the (disabled by default) -tee surface. - -Fixes: #634 -Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/5e42a5277eddafd312a73e355d7775a4401dae4e -Conflict:NA ---- - src/cairo-tee-surface.c | 24 ++++++++++++++---------- - 1 file changed, 14 insertions(+), 10 deletions(-) - -diff --git a/src/cairo-tee-surface.c b/src/cairo-tee-surface.c -index 7a94c9bca..4994a5a60 100644 ---- a/src/cairo-tee-surface.c -+++ b/src/cairo-tee-surface.c -@@ -220,12 +220,12 @@ _cairo_tee_surface_paint (void *abstract_surface, - num_slaves = _cairo_array_num_elements (&surface->slaves); - slaves = _cairo_array_index (&surface->slaves, 0); - for (n = 0; n < num_slaves; n++) { -- status = _cairo_surface_wrapper_paint (&slaves[n], op, source, clip); -+ status = _cairo_surface_wrapper_paint (&slaves[n], op, source, 0, clip); - if (unlikely (status)) - return status; - } - -- return _cairo_surface_wrapper_paint (&surface->master, op, source, clip); -+ return _cairo_surface_wrapper_paint (&surface->master, op, source, 0, clip); - } - - static cairo_int_status_t -@@ -244,13 +244,17 @@ _cairo_tee_surface_mask (void *abstract_surface, - slaves = _cairo_array_index (&surface->slaves, 0); - for (n = 0; n < num_slaves; n++) { - status = _cairo_surface_wrapper_mask (&slaves[n], -- op, source, mask, clip); -+ op, source, 0, -+ mask, 0, -+ clip); - if (unlikely (status)) - return status; - } - - return _cairo_surface_wrapper_mask (&surface->master, -- op, source, mask, clip); -+ op, source, 0, -+ mask, 0, -+ clip); - } - - static cairo_int_status_t -@@ -274,7 +278,7 @@ _cairo_tee_surface_stroke (void *abstract_surface, - slaves = _cairo_array_index (&surface->slaves, 0); - for (n = 0; n < num_slaves; n++) { - status = _cairo_surface_wrapper_stroke (&slaves[n], -- op, source, -+ op, source, 0, - path, style, - ctm, ctm_inverse, - tolerance, antialias, -@@ -284,7 +288,7 @@ _cairo_tee_surface_stroke (void *abstract_surface, - } - - return _cairo_surface_wrapper_stroke (&surface->master, -- op, source, -+ op, source, 0, - path, style, - ctm, ctm_inverse, - tolerance, antialias, -@@ -310,7 +314,7 @@ _cairo_tee_surface_fill (void *abstract_surface, - slaves = _cairo_array_index (&surface->slaves, 0); - for (n = 0; n < num_slaves; n++) { - status = _cairo_surface_wrapper_fill (&slaves[n], -- op, source, -+ op, source, 0, - path, fill_rule, - tolerance, antialias, - clip); -@@ -319,7 +323,7 @@ _cairo_tee_surface_fill (void *abstract_surface, - } - - return _cairo_surface_wrapper_fill (&surface->master, -- op, source, -+ op, source, 0, - path, fill_rule, - tolerance, antialias, - clip); -@@ -361,7 +365,7 @@ _cairo_tee_surface_show_text_glyphs (void *abstract_surface, - for (n = 0; n < num_slaves; n++) { - memcpy (glyphs_copy, glyphs, sizeof (cairo_glyph_t) * num_glyphs); - status = _cairo_surface_wrapper_show_text_glyphs (&slaves[n], op, -- source, -+ source, 0, - utf8, utf8_len, - glyphs_copy, num_glyphs, - clusters, num_clusters, -@@ -374,7 +378,7 @@ _cairo_tee_surface_show_text_glyphs (void *abstract_surface, - - memcpy (glyphs_copy, glyphs, sizeof (cairo_glyph_t) * num_glyphs); - status = _cairo_surface_wrapper_show_text_glyphs (&surface->master, op, -- source, -+ source, 0, - utf8, utf8_len, - glyphs_copy, num_glyphs, - clusters, num_clusters, --- -GitLab diff --git a/backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch b/backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch deleted file mode 100644 index 86af1f26f3473ac41f064f475081153203621dbc..0000000000000000000000000000000000000000 --- a/backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 10cc34f521cf272f881bbad9a6fc4e794cca8687 Mon Sep 17 00:00:00 2001 -From: Adrian Johnson -Date: Sat, 13 May 2023 18:51:40 +0930 -Subject: [PATCH] ft: don't use scaled_glyph->dev_private to store data - -It is also used by the xlib surface. - -Fixes #778 -Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/10cc34f521cf272f881bbad9a6fc4e794cca8687 -Conflict:NA ---- - src/cairo-ft-font.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c -index 834e4ba31..76c9e008f 100644 ---- a/src/cairo-ft-font.c -+++ b/src/cairo-ft-font.c -@@ -2600,6 +2600,7 @@ _cairo_ft_scaled_glyph_set_foreground_color (cairo_ft_scaled_font_t *scaled_font - static cairo_int_status_t - _cairo_ft_scaled_glyph_init_surface (cairo_ft_scaled_font_t *scaled_font, - cairo_scaled_glyph_t *scaled_glyph, -+ cairo_ft_glyph_private_t *glyph_priv, - cairo_scaled_glyph_info_t info, - FT_Face face, - const cairo_color_t *foreground_color, -@@ -2611,7 +2612,6 @@ _cairo_ft_scaled_glyph_init_surface (cairo_ft_scaled_font_t *scaled_font, - cairo_status_t status; - cairo_image_surface_t *surface; - cairo_bool_t uses_foreground_color = FALSE; -- cairo_ft_glyph_private_t *glyph_priv = scaled_glyph->dev_private; - - /* Only one info type at a time handled in this function */ - assert (info == CAIRO_SCALED_GLYPH_INFO_COLOR_SURFACE || info == CAIRO_SCALED_GLYPH_INFO_SURFACE); -@@ -3302,7 +3302,6 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t *scaled_font, - _cairo_scaled_glyph_attach_private (scaled_glyph, &glyph_priv->base, - &ft_glyph_private_key, - _cairo_ft_glyph_fini); -- scaled_glyph->dev_private = glyph_priv; - - /* We need to load color to determine if this is a color format. */ - int color_flag = 0; -@@ -3461,8 +3460,8 @@ _cairo_ft_scaled_glyph_init (void *abstract_font, - goto FAIL; - } - -- /* scaled_glyph->dev_private is intialized by _cairo_ft_scaled_glyph_init_metrics() */ -- glyph_priv = scaled_glyph->dev_private; -+ glyph_priv = (cairo_ft_glyph_private_t *) _cairo_scaled_glyph_find_private (scaled_glyph, -+ &ft_glyph_private_key); - assert (glyph_priv != NULL); - - if (info & CAIRO_SCALED_GLYPH_INFO_RECORDING_SURFACE) { -@@ -3514,6 +3513,7 @@ _cairo_ft_scaled_glyph_init (void *abstract_font, - } else { - status = _cairo_ft_scaled_glyph_init_surface (scaled_font, - scaled_glyph, -+ glyph_priv, - CAIRO_SCALED_GLYPH_INFO_COLOR_SURFACE, - face, - foreground_color, -@@ -3527,6 +3527,7 @@ _cairo_ft_scaled_glyph_init (void *abstract_font, - if (info & CAIRO_SCALED_GLYPH_INFO_SURFACE) { - status = _cairo_ft_scaled_glyph_init_surface (scaled_font, - scaled_glyph, -+ glyph_priv, - CAIRO_SCALED_GLYPH_INFO_SURFACE, - face, - NULL, /* foreground color */ --- -GitLab diff --git a/bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch b/bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch deleted file mode 100644 index 73bfa9084563cc846750534127bc7690a723ed74..0000000000000000000000000000000000000000 --- a/bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 1f39cb2e344ddaac89da743a926d06c60e08614b Mon Sep 17 00:00:00 2001 -From: sun_hai_10 -Date: Wed, 14 Jun 2023 15:37:22 +0800 -Subject: [PATCH] cairo truetype reverse cmap detected memory leaks - ---- - src/cairo-truetype-subset.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c -index 6cef4ee..472294f 100644 ---- a/src/cairo-truetype-subset.c -+++ b/src/cairo-truetype-subset.c -@@ -1311,8 +1311,10 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font, - - /* A Format 4 cmap contains 8 uint16_t numbers and 4 arrays of - * uint16_t each num_segments long. */ -- if (size < (8 + 4*num_segments)*sizeof(uint16_t)) -- return CAIRO_INT_STATUS_UNSUPPORTED; -+ if (size < (8 + 4*num_segments)*sizeof(uint16_t)) { -+ status = CAIRO_INT_STATUS_UNSUPPORTED; -+ goto fail; -+ } - - end_code = map->endCount; - start_code = &(end_code[num_segments + 1]); --- -2.23.0 - diff --git a/bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch b/bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch deleted file mode 100644 index 918c3b0f9b596bfa0d768434ee596ee62b64287e..0000000000000000000000000000000000000000 --- a/bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 4e515dd14a67b9069610e4a10baee300fb08421a Mon Sep 17 00:00:00 2001 -From: sun_hai_10 -Date: Wed, 14 Jun 2023 16:44:30 +0800 -Subject: [PATCH] fix heap buffer overflow in cairo_cff_parse_charstring - ---- - src/cairo-cff-subset.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c -index 64fc69e..c94a4d0 100644 ---- a/src/cairo-cff-subset.c -+++ b/src/cairo-cff-subset.c -@@ -1789,7 +1789,13 @@ cairo_cff_font_subset_charstrings_and_subroutines (cairo_cff_font_t *font) - } else { - glyph = font->scaled_font_subset->glyphs[i]; - } -- element = _cairo_array_index (&font->charstrings_index, glyph); -+ -+ cairo_array_t *array = &font->charstrings_index; -+ element = _cairo_array_index (array, glyph); -+ if (element == NULL) -+ return CAIRO_INT_STATUS_NO_MEMORY; -+ if (array->element_size < element->length) -+ return CAIRO_INT_STATUS_UNSUPPORTED; - status = cff_index_append (&font->charstrings_subset_index, - element->data, - element->length); --- -2.23.0 - diff --git a/bugfix-fix-read-memory-access.patch b/bugfix-fix-read-memory-access.patch deleted file mode 100644 index 07640875e8b94912e29c0b56590f9d85334248a5..0000000000000000000000000000000000000000 --- a/bugfix-fix-read-memory-access.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e8fef3b8f84afb1a0ae7a9ae81f43c91ac7b3b79 Mon Sep 17 00:00:00 2001 -From: sun_hai_10 -Date: Wed, 14 Jun 2023 15:52:58 +0800 -Subject: [PATCH] fix read memory access - ---- - src/cairo-cff-subset.c | 2 ++ - src/cairo-type1-subset.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c -index fce4195..64fc69e 100644 ---- a/src/cairo-cff-subset.c -+++ b/src/cairo-cff-subset.c -@@ -1412,6 +1412,8 @@ cairo_cff_font_subset_dict_string(cairo_cff_font_t *font, - return CAIRO_STATUS_SUCCESS; - - element = _cairo_array_index (&font->strings_index, sid - NUM_STD_STRINGS); -+ if (element == NULL) -+ return CAIRO_STATUS_NO_MEMORY; - sid = NUM_STD_STRINGS + _cairo_array_num_elements (&font->strings_subset_index); - status = cff_index_append (&font->strings_subset_index, element->data, element->length); - if (unlikely (status)) -diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c -index 068b59e..22182af 100644 ---- a/src/cairo-type1-subset.c -+++ b/src/cairo-type1-subset.c -@@ -1229,6 +1229,8 @@ cairo_type1_font_subset_for_each_glyph (cairo_type1_font_subset_t *font, - - /* Skip binary data and |- or ND token. */ - p = skip_token (charstring + charstring_length, dict_end); -+ if (p == NULL) -+ return CAIRO_INT_STATUS_NO_MEMORY; - while (p < dict_end && _cairo_isspace(*p)) - p++; - --- -2.23.0 - diff --git a/cairo-1.17.8.tar.xz b/cairo-1.18.0.tar.xz similarity index 80% rename from cairo-1.17.8.tar.xz rename to cairo-1.18.0.tar.xz index 4006ce2e3e0a6a4cacf4005f2362660c296fc823..ef0ca44e2c924ea53ca9c87b156549ad78a6eb92 100644 Binary files a/cairo-1.17.8.tar.xz and b/cairo-1.18.0.tar.xz differ diff --git a/cairo.spec b/cairo.spec index 54b551ea73ba9977c0cccaad268e4f27d0fb13a3..098202e5ec362f71c9166d704a5396841948625f 100644 --- a/cairo.spec +++ b/cairo.spec @@ -1,21 +1,11 @@ Name: cairo -Version: 1.17.8 +Version: 1.18.0 Release: 1 Summary: A 2D graphics library License: LGPLv2 or MPLv1.1 URL: http://cairographics.org Source0: http://cairographics.org/snapshots/%{name}-%{version}.tar.xz -Patch6000: CVE-2019-6461.patch - -Patch9000: bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch -Patch9001: bugfix-fix-read-memory-access.patch -Patch9002: bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch - -Patch6001: backport-tee-Fix-cairo-wrapper-functions.patch -Patch6002: backport-ft-Use-normal-font-size-when-detecting-the-format.patch -Patch6003: backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch - BuildRequires: gcc gcc-c++ gtk-doc meson BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(pixman-1) >= 0.36.0 @@ -92,8 +82,7 @@ This package contains tools for working with the cairo graphics library. -Dtee=enabled \ -Dtests=disabled \ -Dxcb=enabled \ - -Dxlib=enabled \ - -Dxml=disabled + -Dxlib=enabled %meson_build %install @@ -148,11 +137,16 @@ This package contains tools for working with the cairo graphics library. %{_libdir}/pkgconfig/cairo-gobject.pc %files tools -%{_bindir}/cairo-sphinx %{_bindir}/cairo-trace %{_libdir}/cairo/ %changelog +* Wed Dec 27 2023 Paul Thomas - 1.18.0-1 +- Type: requirement +- ID: NA +- SUG: NA +- DESC: update to 1.18.0 + * Wed Jul 26 2023 zhangqiumiao - 1.17.8-1 - Type:bugfix - ID:NA