bc16eacc99
* gnu/packages/patches/cairo-CVE-2018-19876.patch, gnu/packages/patches/cairo-CVE-2020-35492.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gtk.scm (cairo)[replacement]: New field. (cairo/fixed): New variable. (cairo-xcb): Use package/inherit.
37 lines
1.1 KiB
Diff
37 lines
1.1 KiB
Diff
Copied from Debian.
|
|
|
|
From: Carlos Garcia Campos <cgarcia@igalia.com>
|
|
Date: Mon, 19 Nov 2018 12:33:07 +0100
|
|
Subject: ft: Use FT_Done_MM_Var instead of free when available in
|
|
cairo_ft_apply_variations
|
|
|
|
Fixes a crash when using freetype >= 2.9
|
|
|
|
[This is considered to be security-sensitive because WebKitGTK+ sets its
|
|
own memory allocator, which is not compatible with system free(), making
|
|
this a remotely triggerable denial of service or memory corruption.]
|
|
|
|
Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645
|
|
Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
|
|
Bug-Debian: https://bugs.debian.org/916389
|
|
Bug-CVE: CVE-2018-19876
|
|
---
|
|
src/cairo-ft-font.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
|
|
index 325dd61..981973f 100644
|
|
--- a/src/cairo-ft-font.c
|
|
+++ b/src/cairo-ft-font.c
|
|
@@ -2393,7 +2393,11 @@ skip:
|
|
done:
|
|
free (coords);
|
|
free (current_coords);
|
|
+#if HAVE_FT_DONE_MM_VAR
|
|
+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
|
|
+#else
|
|
free (ft_mm_var);
|
|
+#endif
|
|
}
|
|
}
|
|
|