diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/gtk.scm | 92 | ||||
-rw-r--r-- | gnu/packages/patches/cairo-CVE-2018-19876.patch | 37 | ||||
-rw-r--r-- | gnu/packages/patches/cairo-CVE-2020-35492.patch | 49 |
4 files changed, 41 insertions, 139 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index fc05786287..73f3ffbcf5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -878,8 +878,6 @@ dist_patch_DATA = \ %D%/packages/patches/bpftrace-disable-bfd-disasm.patch \ %D%/packages/patches/busybox-CVE-2021-28831.patch \ %D%/packages/patches/byobu-writable-status.patch \ - %D%/packages/patches/cairo-CVE-2018-19876.patch \ - %D%/packages/patches/cairo-CVE-2020-35492.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-remove-test-sqlite.patch \ %D%/packages/patches/calibre-remove-test-unrar.patch \ diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 4c7b253060..d9adfe28ea 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -123,67 +123,57 @@ tools have full access to view and control running applications.") (define-public cairo (package - (name "cairo") - (version "1.16.0") - (replacement cairo/fixed) - (source (origin - (method url-fetch) - (uri (string-append "https://cairographics.org/releases/cairo-" - version ".tar.xz")) - (sha256 - (base32 - "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy")))) - (build-system gnu-build-system) - (propagated-inputs - `(("fontconfig" ,fontconfig) - ("freetype" ,freetype) - ("glib" ,glib) - ("libpng" ,libpng) - ("libx11" ,libx11) - ("libxext" ,libxext) - ("libxrender" ,libxrender) - ("pixman" ,pixman))) - (inputs - `(("ghostscript" ,ghostscript) - ("libspectre" ,libspectre) - ("poppler" ,poppler) - ("xorgproto" ,xorgproto) - ("zlib" ,zlib))) - (native-inputs - `(("pkg-config" ,pkg-config) - ("python" ,python-wrapper))) + (name "cairo") + (version "1.16.0") + (source + (origin + (method url-fetch) + (uri + (string-append "https://cairographics.org/releases/cairo-" + version ".tar.xz")) + (sha256 + (base32 "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy")))) + (build-system gnu-build-system) (arguments - `(#:tests? #f ; see http://lists.gnu.org/archive/html/bug-guix/2013-06/msg00085.html - #:configure-flags '("--enable-tee" ;needed for GNU Icecat - "--enable-xml" ;for cairo-xml support - "--disable-static"))) - (synopsis "2D graphics library") - (description - "Cairo is a 2D graphics library with support for multiple output devices. -Currently supported output targets include the X Window System (via both -Xlib and XCB), Quartz, Win32, image buffers, PostScript, PDF, and SVG file + `(#:tests? #f ; see http://lists.gnu.org/archive/html/bug-guix/2013-06/msg00085.html + #:configure-flags + (list + "--enable-tee" ;needed for GNU Icecat + "--enable-xml" ;for cairo-xml support + "--disable-static"))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("python" ,python-wrapper))) + (inputs + `(("ghostscript" ,ghostscript) + ("libspectre" ,libspectre) + ("poppler" ,poppler) + ("xorgproto" ,xorgproto) + ("zlib" ,zlib))) + (propagated-inputs + `(("fontconfig" ,fontconfig) + ("freetype" ,freetype) + ("glib" ,glib) + ("libpng" ,libpng) + ("libx11" ,libx11) + ("libxext" ,libxext) + ("libxrender" ,libxrender) + ("pixman" ,pixman))) + (synopsis "2D graphics library") + (description "Cairo is a 2D graphics library with support for multiple output +devices. Currently supported output targets include the X Window System (via +both Xlib and XCB), Quartz, Win32, image buffers, PostScript, PDF, and SVG file output. Experimental backends include OpenGL, BeOS, OS/2, and DirectFB. - Cairo is designed to produce consistent output on all output media while taking advantage of display hardware acceleration when available eg. through the X Render Extension). - The cairo API provides operations similar to the drawing operators of PostScript and PDF. Operations in cairo including stroking and filling cubic Bézier splines, transforming and compositing translucent images, and antialiased text rendering. All drawing operations can be transformed by any affine transformation (scale, rotation, shear, etc.).") - (license license:lgpl2.1) ; or Mozilla Public License 1.1 - (home-page "https://cairographics.org/"))) - -(define cairo/fixed - (package - (inherit cairo) - (source (origin - (inherit (package-source cairo)) - (patches (append (search-patches "cairo-CVE-2018-19876.patch" - "cairo-CVE-2020-35492.patch") - (origin-patches (package-source cairo)))))))) + (home-page "https://cairographics.org/") + (license license:lgpl2.1))) ; or Mozilla Public License 1.1 (define-public cairo-sans-poppler ;; Variant used to break the dependency cycle between Poppler and Cairo. diff --git a/gnu/packages/patches/cairo-CVE-2018-19876.patch b/gnu/packages/patches/cairo-CVE-2018-19876.patch deleted file mode 100644 index c0fba2ecaa..0000000000 --- a/gnu/packages/patches/cairo-CVE-2018-19876.patch +++ /dev/null @@ -1,37 +0,0 @@ -Copied from Debian. - -From: Carlos Garcia Campos <cgarcia@igalia.com> -Date: Mon, 19 Nov 2018 12:33:07 +0100 -Subject: ft: Use FT_Done_MM_Var instead of free when available in - cairo_ft_apply_variations - -Fixes a crash when using freetype >= 2.9 - -[This is considered to be security-sensitive because WebKitGTK+ sets its -own memory allocator, which is not compatible with system free(), making -this a remotely triggerable denial of service or memory corruption.] - -Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645 -Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 -Bug-Debian: https://bugs.debian.org/916389 -Bug-CVE: CVE-2018-19876 ---- - src/cairo-ft-font.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c -index 325dd61..981973f 100644 ---- a/src/cairo-ft-font.c -+++ b/src/cairo-ft-font.c -@@ -2393,7 +2393,11 @@ skip: - done: - free (coords); - free (current_coords); -+#if HAVE_FT_DONE_MM_VAR -+ FT_Done_MM_Var (face->glyph->library, ft_mm_var); -+#else - free (ft_mm_var); -+#endif - } - } - diff --git a/gnu/packages/patches/cairo-CVE-2020-35492.patch b/gnu/packages/patches/cairo-CVE-2020-35492.patch deleted file mode 100644 index e8b90fa5c5..0000000000 --- a/gnu/packages/patches/cairo-CVE-2020-35492.patch +++ /dev/null @@ -1,49 +0,0 @@ -Copied from Debian. - -From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 -From: Heiko Lewin <heiko.lewin@worldiety.de> -Date: Tue, 15 Dec 2020 16:48:19 +0100 -Subject: [PATCH] Fix mask usage in image-compositor - -[trimmed test case, since not used in Debian build] - ---- - src/cairo-image-compositor.c | 8 ++-- - ---- cairo-1.16.0.orig/src/cairo-image-compositor.c -+++ cairo-1.16.0/src/cairo-image-compositor.c -@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende - unsigned num_spans) - { - cairo_image_span_renderer_t *r = abstract_renderer; -- uint8_t *m; -+ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); - int x0; - - if (num_spans == 0) - return CAIRO_STATUS_SUCCESS; - - x0 = spans[0].x; -- m = r->_buf; -+ m = base; - do { - int len = spans[1].x - spans[0].x; - if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { -@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende - spans[0].x, y, - spans[1].x - spans[0].x, h); - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else if (spans[0].coverage == 0x0) { - if (spans[0].x != x0) { -@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende - #endif - } - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else { - *m++ = spans[0].coverage; |