Package: cairo / 1.14.0-2.1+deb8u2

Metadata

Package Version Patches format
cairo 1.14.0-2.1+deb8u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_build_perf_utils.patch | (download)

build/configure.ac.features | 1 1 + 0 - 0 !
configure.ac | 5 5 + 0 - 0 !
perf/Makefile.am | 14 14 + 0 - 0 !
3 files changed, 20 insertions(+)

 build cairo-perf-utils as part of then normal build process.
02_am maintainer mode.patch | (download)

configure.ac | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
03_export symbols.patch | (download)

src/Makefile.am | 2 1 + 1 - 0 !
util/cairo-gobject/Makefile.am | 2 1 + 1 - 0 !
util/cairo-script/Makefile.am | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

---
06_hurd map noreserve.patch | (download)

test/cairo-test-trace.c | 4 4 + 0 - 0 !
util/cairo-sphinx/sphinx.c | 4 4 + 0 - 0 !
2 files changed, 8 insertions(+)

---
0005 CFF Fix unaligned access.patch | (download)

src/cairo-cff-subset.c | 35 19 + 16 - 0 !
src/cairo-image-info.c | 32 13 + 19 - 0 !
src/cairoint.h | 26 26 + 0 - 0 !
3 files changed, 58 insertions(+), 35 deletions(-)

 [patch 5/9] cff: fix unaligned access

Debian bug 712836 reported bus errors in cff subsetting when
running on a sparc. This is because unlike truetype, all data
in the compact font format is not aligned.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712836

0008 tor scan converter can t do_fullrow when intersectio.patch | (download)

src/cairo-tor-scan-converter.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 8/9] tor-scan-converter: can't do_fullrow when intersection in
 row + 0.5subrow

the active edges list must be left sorted at the next possible use
and since full_row does not deal with intersections it is not usable
when there is an intersection in the top half of the next row first
subrow

Reported-and-tested-by: Matthew Leach
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=85151
0009 CVE 2016 3190.patch | (download)

src/cairo-image-compositor.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 image: fix crash in _fill_xrgb32_lerp_opaque_spans

If a span length is negative don't go out of bounds processing the fill
data.

Patch thanks to Ilya Sakhnenko <ilia.softway@gmail.com> on mailing list.

Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>

CVE 2016 9082.patch | (download)

boilerplate/cairo-boilerplate.c | 4 3 + 1 - 0 !
src/cairo-image-compositor.c | 4 2 + 2 - 0 !
src/cairo-image-surface-private.h | 2 1 + 1 - 0 !
src/cairo-mesh-pattern-rasterizer.c | 2 1 + 1 - 0 !
src/cairo-png.c | 2 1 + 1 - 0 !
src/cairo-script-surface.c | 3 2 + 1 - 0 !
6 files changed, 10 insertions(+), 7 deletions(-)

 [patch] image: prevent invalid ptr access for > 4gb images

Image data is often accessed using:

  image->data + y * image->stride

On 64-bit achitectures if the image data is > 4GB, this computation
will overflow since both y and stride are 32-bit types.

https://bugs.freedesktop.org/show_bug.cgi?id=98165