aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/cairo-CVE-2018-19876.patch
blob: c0fba2ecaa77230e8ff4dec2e015553a2c5f548b (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

Copied from Debian.

From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 19 Nov 2018 12:33:07 +0100
Subject: ft: Use FT_Done_MM_Var instead of free when available in
 cairo_ft_apply_variations

Fixes a crash when using freetype >= 2.9

[This is considered to be security-sensitive because WebKitGTK+ sets its
own memory allocator, which is not compatible with system free(), making
this a remotely triggerable denial of service or memory corruption.]

Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645
Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
Bug-Debian: https://bugs.debian.org/916389
Bug-CVE: CVE-2018-19876
---
 src/cairo-ft-font.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index 325dd61..981973f 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -2393,7 +2393,11 @@ skip:
 done:
         free (coords);
         free (current_coords);
+#if HAVE_FT_DONE_MM_VAR
+        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
+#else
         free (ft_mm_var);
+#endif
     }
 }
generated by cgit
ion keys for guix gc....* po/*/*.po (guix/scripts/gc.scm): Round MiBs in user feedback. Signed-off-by: Florian Pelz <pelzflorian@pelzflorian.de> Remco van 't Veer 2023-05-31nls: Update translations....* doc/guix-cookbook.texi (Top): Mention Slovak. Florian Pelz 2023-04-08nls: Make sure gnu/home/services/*.scm files are translatable....* po/guix/POTFILES.in: Add missing gnu/home/services/*.scm files. Ludovic Courtès 2023-03-16gnu: home: services: Add home-kodi-service-type....* gnu/home/services/media.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/guix/POTFILES.in: Likewise. * doc/guix.texi (Media Home Services): Document it in new subsection. Jan (janneke) Nieuwenhuizen 2023-03-16gnu: home: services: Add home-znc-service-type....* gnu/home/services/messaging.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * po/guix/POTFILES.in: Likewise. * doc/guix.texi (Messaging Home Services): Document it in new subsection. Jan (janneke) Nieuwenhuizen 2023-03-07nls: Fix more Texinfo Italiano....po/guix/it.po: Fix `@esempio`, `@sempio`, `@fine`. Julien Lepiller 2023-03-07nls: Update translations.Julien Lepiller 2023-02-26nls: Fix more Texinfo Italiano....* po/guix/it.po: Fix ‘@opzione’, ‘@comando’. Tobias Geerinckx-Rice 2023-02-26nls: Fix typo in Italian translation....I will, of course, fix this in Weblate or find someone who can, but this currently breaks ‘guix system search cups’. * po/guix/it.po: Fix ‘@dnf’ typo. Reported by tux_life in #guix: https://issues.guix.gnu.org/61961 Tobias Geerinckx-Rice 2023-02-03gnu: Remove key-mon.scm....The file is empty. * gnu/packages/key-mon.scm: Remove file. * gnu/local.mk (GNU_SYSTEM_MODULES): Remove it. * po/packages/POTFILES.in: Remove it. Julien Lepiller 2023-01-05nls: Update translations....* po/guix/ka.po: New file. * po/guix/LINGUAS: Add it. * po/packages/uk.po: New file. * po/packages/LINGUAS: Add it. Julien Lepiller 2022-12-15doc: Use VM image file name consistently....Previously, what "/tmp/qemu-image" refers to could be unclear at first. * doc/guix.texi (Running Guix in a VM): Use the original image file name instead of /tmp/qemu-image. * po/doc/guix-manual.de.po, po/doc/guix-manual.es.po, po/doc/guix-manual.fr.po, po/doc/guix-manual.pt_BR.po, po/doc/guix-manual.ru.po, po/doc/guix-manual.zh_CN.po: Adjust accordingly. Ludovic Courtès 2022-12-04nls: Update translations....po/packages/vi.po: New file. po/packages/LINGUAS: Add it. Julien Lepiller 2022-11-20scripts: Use translations for guix.pot for service descriptions....Previously, service descriptions appeared in both guix.pot and packages.pot, but only translations of packages.pot were used. Now, translations are only done with guix.pot. This is better, because translators are more likely to translate guix.pot, and is also easier, because files in gnu/{home/,}services need to be in po/guix/POTFILES.in anyway and po/guix/Makevars already acts on the 'description' keyword because of lint checkers. * guix/scripts/home.scm (service-type-description-string): Use translations from guix.pot. * guix/scripts/system/search.scm (service-type-description-string) (service-type->recutils): Likewise. * po/packages/POTFILES.in: Move files in gnu/services to ... * po/guix/POTFILES.in: ... here. pelzflorian (Florian Pelz) 2022-11-15installer: Report known-unsupported PCI devices....* gnu/installer/hardware.scm: New file. * gnu/local.mk (INSTALLER_MODULES): Add it. * po/guix/POTFILES.in: Add it. * gnu/installer.scm (installer-steps): Pass #:pci-database to the 'welcome' step procedure. * gnu/installer/newt.scm (welcome-page): Add #:pci-database and pass it to 'run-welcome-page'. * gnu/installer/newt/welcome.scm (check-hardware-support): Add #:pci-database. Enumerate unsupported PCI devices and run an error page when unsupported devices are found. (run-welcome-page): Add #:pci-database and pass it to 'check-hardware-support' and to the recursive call. * gnu/installer/record.scm (<installer>)[welcome-page]: Adjust comment. * doc/guix.texi (Hardware Considerations): Mention it. Ludovic Courtès 2022-11-04nls: Update translations....* po/guix/lt.po: New file. * po/guix/LINGUAS: Add lt. Julien Lepiller