diff options
| author | 宋文武 <iyzsong@member.fsf.org> | 2021-04-22 19:21:51 +0800 |
|---|---|---|
| committer | 宋文武 <iyzsong@member.fsf.org> | 2021-04-23 18:27:26 +0800 |
| commit | 2ab4f4c950ffa7ca40271a534cb3bed997672138 (patch) | |
| tree | 60a900d36a2dd87b6e0f098f16cf0d535019c6cf /gnu/packages/patches/cairo-CVE-2020-35492.patch | |
| parent | a738a663a99ea63078cbba63d9b267e123f475d5 (diff) | |
| download | guix-2ab4f4c950ffa7ca40271a534cb3bed997672138.tar.gz | |
gnu: cairo: Reintroduce security patches [security fixes].
Two patches were accidentally removed in commit f94cdc86f644984ca83164d40b17e7eed6e22091. * gnu/packages/patches/cairo-CVE-2018-19876.patch, gnu/packages/patches/cairo-CVE-2020-35492.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gtk.scm (cairo)[patches]: Apply them.
Diffstat (limited to 'gnu/packages/patches/cairo-CVE-2020-35492.patch')
| -rw-r--r-- | gnu/packages/patches/cairo-CVE-2020-35492.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/cairo-CVE-2020-35492.patch b/gnu/packages/patches/cairo-CVE-2020-35492.patch new file mode 100644 index 0000000000..e8b90fa5c5 --- /dev/null +++ b/gnu/packages/patches/cairo-CVE-2020-35492.patch @@ -0,0 +1,49 @@ +Copied from Debian. + +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <heiko.lewin@worldiety.de> +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +[trimmed test case, since not used in Debian build] + +--- + src/cairo-image-compositor.c | 8 ++-- + +--- cairo-1.16.0.orig/src/cairo-image-compositor.c ++++ cairo-1.16.0/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; |