aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/cairo-CVE-2020-35492.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/cairo-CVE-2020-35492.patch')
-rw-r--r--gnu/packages/patches/cairo-CVE-2020-35492.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/gnu/packages/patches/cairo-CVE-2020-35492.patch b/gnu/packages/patches/cairo-CVE-2020-35492.patch
new file mode 100644
index 0000000000..e8b90fa5c5
--- /dev/null
+++ b/gnu/packages/patches/cairo-CVE-2020-35492.patch
@@ -0,0 +1,49 @@
+Copied from Debian.
+
+From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 16:48:19 +0100
+Subject: [PATCH] Fix mask usage in image-compositor
+
+[trimmed test case, since not used in Debian build]
+
+---
+ src/cairo-image-compositor.c | 8 ++--
+
+--- cairo-1.16.0.orig/src/cairo-image-compositor.c
++++ cairo-1.16.0/src/cairo-image-compositor.c
+@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende
+ unsigned num_spans)
+ {
+ cairo_image_span_renderer_t *r = abstract_renderer;
+- uint8_t *m;
++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+ int x0;
+
+ if (num_spans == 0)
+ return CAIRO_STATUS_SUCCESS;
+
+ x0 = spans[0].x;
+- m = r->_buf;
++ m = base;
+ do {
+ int len = spans[1].x - spans[0].x;
+ if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende
+ spans[0].x, y,
+ spans[1].x - spans[0].x, h);
+
+- m = r->_buf;
++ m = base;
+ x0 = spans[1].x;
+ } else if (spans[0].coverage == 0x0) {
+ if (spans[0].x != x0) {
+@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende
+ #endif
+ }
+
+- m = r->_buf;
++ m = base;
+ x0 = spans[1].x;
+ } else {
+ *m++ = spans[0].coverage;
s/education.scm (childsplay): Likewise. * gnu/packages/emacs-xyz.scm (emacs-hyperbole): Likewise. (emacs-haskell-mode): Likewise. (emacs-auctex): Likewise. (emacs-ggtags): Likewise. (emacs-graphviz-dot-mode): Likewise. (emacs-flycheck-grammalecte): Likewise. (emacs-counsel-notmuch): Likewise. (emacspeak): Likewise. (emacs-exwm): Likewise. (emacs-exwm-x): Likewise. (emacs-treemacs): Likewise. (emacs-telega): Likewise. (emacs-exiftool): Likewise. * gnu/packages/emulators.scm (higan): Likewise. * gnu/packages/engineering.scm (freehdl): Likewise. (librepcb): Likewise. * gnu/packages/entr.scm (entr): Likewise. * gnu/packages/file-systems.scm (libeatmydata): Likewise. (xfstests): Likewise. (mergerfs): Likewise. (mergerfs-tools): Likewise. * gnu/packages/finance.scm (monero-gui): Likewise. * gnu/packages/flashing-tools.scm (flashrom): Likewise. * gnu/packages/fontutils.scm (fontforge): Likewise. * gnu/packages/game-development.scm (python2-renpy): Likewise. * gnu/packages/games.scm (opensurge): Likewise. (xboard): Likewise. (hyperrogue): Likewise. (flare-game): Likewise. (chessx): Likewise. * gnu/packages/geo.scm (grass): Likewise. * gnu/packages/glib.scm (glib): Likewise. * gnu/packages/gnome.scm (mm-common): Likewise. (network-manager-openvpn): Likewise. (network-manager-vpnc): Likewise. (network-manager-openconnect): Likewise. (apostrophe): Likewise. * gnu/packages/gnupg.scm (pius): Likewise. (jetring): Likewise. * gnu/packages/gnuzilla.scm (icedove): Likewise. * gnu/packages/golang.scm (go-1.4): Likewise. * gnu/packages/graphviz.scm (xdot): Likewise. * gnu/packages/guile-xyz.scm (jupyter-guile-kernel): Likewise. * gnu/packages/haskell-xyz.scm (ghc-hindent): Likewise. * gnu/packages/ibus.scm (ibus): Likewise. * gnu/packages/image.scm (phockup): Likewise. * gnu/packages/irc.scm (quassel): Likewise. * gnu/packages/java.scm (drip): Likewise. (ant-bootstrap): Likewise. (tla2tools): Likewise. * gnu/packages/julia.scm (julia): Likewise. * gnu/packages/less.scm (lesspipe): Likewise. * gnu/packages/libreoffice.scm (libreoffice): Likewise. * gnu/packages/linux.scm (fuse): Likewise. (lm-sensors): Likewise. (bluez): Likewise. (fakeroot): Likewise. (inputattach): Likewise. * gnu/packages/lisp-xyz.scm (sbcl-cl-diskspace): Likewise. * gnu/packages/lisp.scm (lisp-repl-core-dumper): Likewise. * gnu/packages/lua.scm (fennel): Likewise. * gnu/packages/lxde.scm (spacefm): Likewise. * gnu/packages/mail.scm (public-inbox): Likewise. * gnu/packages/maths.scm (hdf-java): Likewise. (maxima): Likewise. (frama-c): Likewise. * gnu/packages/messaging.scm (libgadu): Likewise. * gnu/packages/music.scm (denemo): Likewise. (curseradio): Likewise. * gnu/packages/netpbm.scm (netpbm): Likewise. * gnu/packages/networking.scm (blueman): Likewise. (squid): Likewise. (aircrack-ng): Likewise. * gnu/packages/node.scm (node): Likewise. (node-llparse-frontend-bootstrap): Likewise. (node-llparse-bootstrap): Likewise. (llhttp-bootstrap): Likewise. (node-lts): Likewise. * gnu/packages/ocaml.scm (ocaml-4.11): Likewise. (opam): Likewise. (ocaml-graph): Likewise. * gnu/packages/orpheus.scm (orpheus): Likewise. * gnu/packages/password-utils.scm (password-store): Likewise. * gnu/packages/python.scm (pypy3): Likewise. * gnu/packages/qt.scm (qt5ct): Likewise. * gnu/packages/radio.scm (libosmo-dsp): Likewise. * gnu/packages/ruby.scm (ruby-pandoc-ruby): Likewise. * gnu/packages/rust.scm (rust-1.30): Likewise. * gnu/packages/screen.scm (byobu): Likewise. * gnu/packages/statistics.scm (r-with-tests): Likewise. * gnu/packages/suckless.scm (surf): Likewise. * gnu/packages/syndication.scm (gfeeds): Likewise. * gnu/packages/telephony.scm (mumble): Likewise. * gnu/packages/terminals.scm (alacritty): Likewise. * gnu/packages/tex.scm (texlive-bin): Likewise. * gnu/packages/uml.scm (plantuml): Likewise. * gnu/packages/version-control.scm (python-git-multimail): Likewise. (gitolite): Likewise. (hg-commitsigs): Likewise. (git-when-merged): Likewise. (git-imerge): Likewise. (gita): Likewise. * gnu/packages/video.scm (you-get): Likewise. * gnu/packages/vim.scm (eovim): Likewise. * gnu/packages/virtualization.scm (qemu): Likewise. (virt-manager): Likewise. (criu): Likewise. * gnu/packages/vpn.scm (strongswan): Likewise. (xl2tpd): Likewise. * gnu/packages/wm.scm (i3lock-fancy): Likewise. * gnu/packages/wxwidgets.scm (python-wxpython): Likewise. (python2-wxpython): Likewise. * gnu/packages/xdisorg.scm (autorandr): Likewise. * gnu/packages/xorg.scm (hackneyed-x11-cursors): Likewise. (v86d): Likewise. (mkfontdir): Likewise. (xpra): Likewise. Ludovic Courtès 2021-06-14gnu: Rename qtbase to qtbase-5....This change was automated via the following command: $ git ls-files | xargs sed -i 's/,qtbase)/,qtbase-5)/g' $ git ls-files | xargs sed -i 's/inherit qtbase)/inherit qtbase-5)/g' $ git ls-files | xargs sed -i 's/package-version qtbase)/package-version qtbase-5)/g' $ git checkout etc # to clear some spurious changes This is done so the qtbase package can be upgraded to version 6 in the following commit. Maxim Cournoyer 2021-04-14gnu: Add srecord....* gnu/packages/flashing-tools.scm (srecord): New variable. Ricardo Wurmus 2020-11-30gnu: dfu-util: Update to 0.10....* gnu/packages/flashing-tools.scm (dfu-util): Update to 0.10. Tobias Geerinckx-Rice 2020-07-12gnu: Remove ".git" from "https://github/…/….git"....Until now, 'lookup-origin' and thus 'lookup-origin-revision' in (guix swh) would sometimes return #f for these because the ".git" URLs are redirects to the non-".git" URLs. Consequently, 'guix lint -c archival' would keep saying "scheduled Software Heritage archival"; likewise, the fallback download code would fail. * gnu/packages/ada.scm, gnu/packages/admin.scm, gnu/packages/aidc.scm, gnu/packages/algebra.scm, gnu/packages/android.scm, gnu/packages/animation.scm, gnu/packages/arcan.scm, gnu/packages/assembly.scm, gnu/packages/audio.scm, gnu/packages/authentication.scm, gnu/packages/avr.scm, gnu/packages/axoloti.scm, gnu/packages/backup.scm, gnu/packages/bash.scm, gnu/packages/benchmark.scm, gnu/packages/bioconductor.scm, gnu/packages/bioinformatics.scm, gnu/packages/bittorrent.scm, gnu/packages/boost.scm, gnu/packages/build-tools.scm, gnu/packages/c.scm, gnu/packages/calendar.scm, gnu/packages/cdrom.scm, gnu/packages/check.scm, gnu/packages/chemistry.scm, gnu/packages/chez.scm, gnu/packages/clojure.scm, gnu/packages/code.scm, gnu/packages/compression.scm, gnu/packages/compton.scm, gnu/packages/coq.scm, gnu/packages/cpp.scm, gnu/packages/cran.scm, gnu/packages/crypto.scm, gnu/packages/curl.scm, gnu/packages/databases.scm, gnu/packages/datastructures.scm, gnu/packages/debug.scm, gnu/packages/disk.scm, gnu/packages/distributed.scm, gnu/packages/django.scm, gnu/packages/dlang.scm, gnu/packages/dns.scm, gnu/packages/docker.scm, gnu/packages/education.scm, gnu/packages/efi.scm, gnu/packages/elixir.scm, gnu/packages/emacs-xyz.scm, gnu/packages/embedded.scm, gnu/packages/emulators.scm, gnu/packages/engineering.scm, gnu/packages/erlang.scm, gnu/packages/fabric-management.scm, gnu/packages/file-systems.scm, gnu/packages/finance.scm, gnu/packages/firmware.scm, gnu/packages/flashing-tools.scm, gnu/packages/fonts.scm, gnu/packages/fontutils.scm, gnu/packages/fpga.scm, gnu/packages/game-development.scm, gnu/packages/games.scm, gnu/packages/genealogy.scm, gnu/packages/genimage.scm, gnu/packages/geo.scm, gnu/packages/gimp.scm, gnu/packages/gl.scm, gnu/packages/gnome-xyz.scm, gnu/packages/gnome.scm, gnu/packages/gnuzilla.scm, gnu/packages/golang.scm, gnu/packages/gpodder.scm, gnu/packages/graph.scm, gnu/packages/graphics.scm, gnu/packages/graphviz.scm, gnu/packages/groff.scm, gnu/packages/groovy.scm, gnu/packages/gtk.scm, gnu/packages/guile-xyz.scm, gnu/packages/guile.scm, gnu/packages/hardware.scm, gnu/packages/haskell-apps.scm, gnu/packages/haskell-xyz.scm, gnu/packages/hexedit.scm, gnu/packages/i2p.scm, gnu/packages/ibus.scm, gnu/packages/image-processing.scm, gnu/packages/image-viewers.scm, gnu/packages/image.scm, gnu/packages/ipfs.scm, gnu/packages/java-graphics.scm, gnu/packages/java-maths.scm, gnu/packages/java.scm, gnu/packages/javascript.scm, gnu/packages/jrnl.scm, gnu/packages/julia.scm, gnu/packages/jupyter.scm, gnu/packages/kodi.scm, gnu/packages/language.scm, gnu/packages/lego.scm, gnu/packages/less.scm, gnu/packages/libusb.scm, gnu/packages/linux.scm, gnu/packages/lirc.scm, gnu/packages/lisp-xyz.scm, gnu/packages/llvm.scm, gnu/packages/logging.scm, gnu/packages/lolcode.scm, gnu/packages/lua.scm, gnu/packages/lxde.scm, gnu/packages/lxqt.scm, gnu/packages/machine-learning.scm, gnu/packages/mail.scm, gnu/packages/markup.scm, gnu/packages/maths.scm, gnu/packages/maven.scm, gnu/packages/mes.scm, gnu/packages/messaging.scm, gnu/packages/monitoring.scm, gnu/packages/mpd.scm, gnu/packages/music.scm, gnu/packages/networking.scm, gnu/packages/node-xyz.scm, gnu/packages/ocaml.scm, gnu/packages/ocr.scm, gnu/packages/onc-rpc.scm, gnu/packages/opencl.scm, gnu/packages/opencog.scm, gnu/packages/pantheon.scm, gnu/packages/password-utils.scm, gnu/packages/patchutils.scm, gnu/packages/pdf.scm, gnu/packages/perl6.scm, gnu/packages/phabricator.scm, gnu/packages/popt.scm, gnu/packages/printers.scm, gnu/packages/prolog.scm, gnu/packages/protobuf.scm, gnu/packages/pulseaudio.scm, gnu/packages/python-crypto.scm, gnu/packages/python-web.scm, gnu/packages/python-xyz.scm, gnu/packages/qt.scm, gnu/packages/radio.scm, gnu/packages/rails.scm, gnu/packages/rdf.scm, gnu/packages/rednotebook.scm, gnu/packages/rpc.scm, gnu/packages/rsync.scm, gnu/packages/ruby.scm, gnu/packages/rust.scm, gnu/packages/scheme.scm, gnu/packages/screen.scm, gnu/packages/security-token.scm, gnu/packages/selinux.scm, gnu/packages/serialization.scm, gnu/packages/shells.scm, gnu/packages/shellutils.scm, gnu/packages/simh.scm, gnu/packages/sml.scm, gnu/packages/ssh.scm, gnu/packages/statistics.scm, gnu/packages/stenography.scm, gnu/packages/sync.scm, gnu/packages/syncthing.scm, gnu/packages/synergy.scm, gnu/packages/telephony.scm, gnu/packages/terminals.scm, gnu/packages/tex.scm, gnu/packages/texinfo.scm, gnu/packages/text-editors.scm, gnu/packages/textutils.scm, gnu/packages/time.scm, gnu/packages/tmux.scm, gnu/packages/tor.scm, gnu/packages/toys.scm, gnu/packages/version-control.scm, gnu/packages/video.scm, gnu/packages/vim.scm, gnu/packages/virtualization.scm, gnu/packages/vlang.scm, gnu/packages/vnc.scm, gnu/packages/vpn.scm, gnu/packages/web-browsers.scm, gnu/packages/web.scm, gnu/packages/wireservice.scm, gnu/packages/wm.scm, gnu/packages/wxwidgets.scm, gnu/packages/xdisorg.scm, gnu/packages/xml.scm, gnu/packages/xorg.scm, tests/lint.scm: Remove trailing ".git" from 'git-reference' URL. Ludovic Courtès