!48 update to version 1.18.0

From: @paulthomas100199 Reviewed-by: @open-bot Signed-off-by: @open-bot
2023-12-29 07:16:23 +00:00 · 2023-12-29 07:16:23 +00:00 · 5b1697d814
commit 5b1697d814
parent 360365efcd d4e94c3f37
9 changed files with 8 additions and 371 deletions
--- a/CVE-2019-6461.patch
+++ b/CVE-2019-6461.patch
@ -1,14 +0,0 @@
 diff --git a/src/cairo-arc.c b/src/cairo-arc.c
 index 390397bae..1bde774a4 100644
 --- a/src/cairo-arc.c
 +++ b/src/cairo-arc.c
@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t	  *cr,
     if (cairo_status (cr))
         return;
 -    assert (angle_max >= angle_min);
 +    if (angle_max < angle_min)
 +       return;
     if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
 	angle_max = fmod (angle_max - angle_min, 2 * M_PI);
--- a/backport-ft-Use-normal-font-size-when-detecting-the-format.patch
+++ b/backport-ft-Use-normal-font-size-when-detecting-the-format.patch
@ -1,63 +0,0 @@
 From 2766d9feeccd5d66e346b0abab38726b8e0aa1e9 Mon Sep 17 00:00:00 2001
 From: Adrian Johnson <ajohnson@redneon.com>
 Date: Tue, 7 Mar 2023 19:40:21 +1030
 Subject: [PATCH] ft: Use normal font size when detecting the format
 The format may depend on the font size.
 Fixes #643
 Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/2766d9feeccd5d66e346b0abab38726b8e0aa1e9
 Conflict:NA
 ---
 src/cairo-ft-font.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)
 diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
 index 22a6a622b..89af6193d 100644
 --- a/src/cairo-ft-font.c
 +++ b/src/cairo-ft-font.c
@@ -3314,11 +3314,13 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t  *scaled_font,
     if (scaled_font->unscaled->have_color && scaled_font->base.options.color_mode != CAIRO_COLOR_MODE_NO_COLOR)
 	color_flag = FT_LOAD_COLOR;
 #endif
 +    /* Ensure use_em_size = FALSE as the format (bitmap or outline)
 +     * may change with the size. */
     status = _cairo_ft_scaled_glyph_load_glyph (scaled_font,
 						scaled_glyph,
 						face,
 						load_flags | color_flag,
 -						!hint_metrics,
 +						FALSE,
 						vertical_layout);
     if (unlikely (status))
 	return status;
@@ -3344,6 +3346,18 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t  *scaled_font,
 	 glyph_priv->format =  CAIRO_FT_GLYPH_TYPE_BITMAP;
     }
 +    /* If hinting is off, load the glyph with font size set the the em size. */
 +    if (!hint_metrics) {
 +	status = _cairo_ft_scaled_glyph_load_glyph (scaled_font,
 +						    scaled_glyph,
 +						    face,
 +						    load_flags | color_flag,
 +						    TRUE,
 +						    vertical_layout);
 +	if (unlikely (status))
 +	    return status;
 +    }
 +
     _cairo_ft_scaled_glyph_get_metrics (scaled_font,
 					face,
 					vertical_layout,
@@ -3369,6 +3383,7 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t  *scaled_font,
     }
     if (glyph_priv->format == CAIRO_FT_GLYPH_TYPE_COLR_V1) {
 +	/* Restore font size if previously loaded at em_size. */
 	if (!hint_metrics) {
 	    status = _cairo_ft_scaled_glyph_load_glyph (scaled_font,
 							scaled_glyph,
 -- 
 GitLab
--- a/backport-tee-Fix-cairo-wrapper-functions.patch
+++ b/backport-tee-Fix-cairo-wrapper-functions.patch
@ -1,110 +0,0 @@
 From 5e42a5277eddafd312a73e355d7775a4401dae4e Mon Sep 17 00:00:00 2001
 From: Emmanuele Bassi <ebassi@gnome.org>
 Date: Fri, 3 Feb 2023 15:40:12 +0100
 Subject: [PATCH] tee: Fix cairo wrapper functions
 Follow-up to !391 to apply the same changes to the (disabled by default)
 tee surface.
 Fixes: #634
 Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/5e42a5277eddafd312a73e355d7775a4401dae4e
 Conflict:NA
 ---
 src/cairo-tee-surface.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)
 diff --git a/src/cairo-tee-surface.c b/src/cairo-tee-surface.c
 index 7a94c9bca..4994a5a60 100644
 --- a/src/cairo-tee-surface.c
 +++ b/src/cairo-tee-surface.c
@@ -220,12 +220,12 @@ _cairo_tee_surface_paint (void			*abstract_surface,
     num_slaves = _cairo_array_num_elements (&surface->slaves);
     slaves = _cairo_array_index (&surface->slaves, 0);
     for (n = 0; n < num_slaves; n++) {
 -	status = _cairo_surface_wrapper_paint (&slaves[n], op, source, clip);
 +	status = _cairo_surface_wrapper_paint (&slaves[n], op, source, 0, clip);
 	if (unlikely (status))
 	    return status;
     }
 -    return _cairo_surface_wrapper_paint (&surface->master, op, source, clip);
 +    return _cairo_surface_wrapper_paint (&surface->master, op, source, 0, clip);
 }
 static cairo_int_status_t
@@ -244,13 +244,17 @@ _cairo_tee_surface_mask (void			*abstract_surface,
     slaves = _cairo_array_index (&surface->slaves, 0);
     for (n = 0; n < num_slaves; n++) {
 	status = _cairo_surface_wrapper_mask (&slaves[n],
 -					      op, source, mask, clip);
 +					      op, source, 0,
 +                                              mask, 0,
 +                                              clip);
 	if (unlikely (status))
 	    return status;
     }
     return _cairo_surface_wrapper_mask (&surface->master,
 -					op, source, mask, clip);
 +					op, source, 0,
 +                                        mask, 0,
 +                                        clip);
 }
 static cairo_int_status_t
@@ -274,7 +278,7 @@ _cairo_tee_surface_stroke (void				*abstract_surface,
     slaves = _cairo_array_index (&surface->slaves, 0);
     for (n = 0; n < num_slaves; n++) {
 	status = _cairo_surface_wrapper_stroke (&slaves[n],
 -						op, source,
 +						op, source, 0,
 						path, style,
 						ctm, ctm_inverse,
 						tolerance, antialias,
@@ -284,7 +288,7 @@ _cairo_tee_surface_stroke (void				*abstract_surface,
     }
     return _cairo_surface_wrapper_stroke (&surface->master,
 -					  op, source,
 +					  op, source, 0,
 					  path, style,
 					  ctm, ctm_inverse,
 					  tolerance, antialias,
@@ -310,7 +314,7 @@ _cairo_tee_surface_fill (void				*abstract_surface,
     slaves = _cairo_array_index (&surface->slaves, 0);
     for (n = 0; n < num_slaves; n++) {
 	status = _cairo_surface_wrapper_fill (&slaves[n],
 -					      op, source,
 +					      op, source, 0,
 					      path, fill_rule,
 					      tolerance, antialias,
 					      clip);
@@ -319,7 +323,7 @@ _cairo_tee_surface_fill (void				*abstract_surface,
     }
     return _cairo_surface_wrapper_fill (&surface->master,
 -					op, source,
 +					op, source, 0,
 					path, fill_rule,
 					tolerance, antialias,
 					clip);
@@ -361,7 +365,7 @@ _cairo_tee_surface_show_text_glyphs (void		    *abstract_surface,
     for (n = 0; n < num_slaves; n++) {
 	memcpy (glyphs_copy, glyphs, sizeof (cairo_glyph_t) * num_glyphs);
 	status = _cairo_surface_wrapper_show_text_glyphs (&slaves[n], op,
 -							  source,
 +							  source, 0,
 							  utf8, utf8_len,
 							  glyphs_copy, num_glyphs,
 							  clusters, num_clusters,
@@ -374,7 +378,7 @@ _cairo_tee_surface_show_text_glyphs (void		    *abstract_surface,
     memcpy (glyphs_copy, glyphs, sizeof (cairo_glyph_t) * num_glyphs);
     status = _cairo_surface_wrapper_show_text_glyphs (&surface->master, op,
 -						      source,
 +						      source, 0,
 						      utf8, utf8_len,
 						      glyphs_copy, num_glyphs,
 						      clusters, num_clusters,
 -- 
 GitLab
--- a/backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch
+++ b/backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch
@ -1,71 +0,0 @@
 From 10cc34f521cf272f881bbad9a6fc4e794cca8687 Mon Sep 17 00:00:00 2001
 From: Adrian Johnson <ajohnson@redneon.com>
 Date: Sat, 13 May 2023 18:51:40 +0930
 Subject: [PATCH] ft: don't use scaled_glyph->dev_private to store data
 It is also used by the xlib surface.
 Fixes #778
 Reference:https://gitlab.freedesktop.org/cairo/cairo/-/commit/10cc34f521cf272f881bbad9a6fc4e794cca8687
 Conflict:NA
 ---
 src/cairo-ft-font.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
 diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
 index 834e4ba31..76c9e008f 100644
 --- a/src/cairo-ft-font.c
 +++ b/src/cairo-ft-font.c
@@ -2600,6 +2600,7 @@ _cairo_ft_scaled_glyph_set_foreground_color (cairo_ft_scaled_font_t *scaled_font
 static cairo_int_status_t
 _cairo_ft_scaled_glyph_init_surface (cairo_ft_scaled_font_t     *scaled_font,
 				     cairo_scaled_glyph_t	*scaled_glyph,
 +				     cairo_ft_glyph_private_t   *glyph_priv,
 				     cairo_scaled_glyph_info_t	 info,
 				     FT_Face face,
 				     const cairo_color_t        *foreground_color,
@@ -2611,7 +2612,6 @@ _cairo_ft_scaled_glyph_init_surface (cairo_ft_scaled_font_t     *scaled_font,
     cairo_status_t status;
     cairo_image_surface_t	*surface;
     cairo_bool_t uses_foreground_color = FALSE;
 -    cairo_ft_glyph_private_t *glyph_priv = scaled_glyph->dev_private;
     /* Only one info type at a time handled in this function */
     assert (info == CAIRO_SCALED_GLYPH_INFO_COLOR_SURFACE || info == CAIRO_SCALED_GLYPH_INFO_SURFACE);
@@ -3302,7 +3302,6 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t  *scaled_font,
     _cairo_scaled_glyph_attach_private (scaled_glyph, &glyph_priv->base,
 					&ft_glyph_private_key,
 					_cairo_ft_glyph_fini);
 -    scaled_glyph->dev_private = glyph_priv;
     /* We need to load color to determine if this is a color format. */
     int color_flag = 0;
@@ -3461,8 +3460,8 @@ _cairo_ft_scaled_glyph_init (void			*abstract_font,
 	    goto FAIL;
     }
 -    /* scaled_glyph->dev_private is intialized by _cairo_ft_scaled_glyph_init_metrics() */
 -    glyph_priv = scaled_glyph->dev_private;
 +    glyph_priv = (cairo_ft_glyph_private_t *) _cairo_scaled_glyph_find_private (scaled_glyph,
 +										&ft_glyph_private_key);
     assert (glyph_priv != NULL);
     if (info & CAIRO_SCALED_GLYPH_INFO_RECORDING_SURFACE) {
@@ -3514,6 +3513,7 @@ _cairo_ft_scaled_glyph_init (void			*abstract_font,
 	} else {
 	    status = _cairo_ft_scaled_glyph_init_surface (scaled_font,
 							  scaled_glyph,
 +							  glyph_priv,
 							  CAIRO_SCALED_GLYPH_INFO_COLOR_SURFACE,
 							  face,
 							  foreground_color,
@@ -3527,6 +3527,7 @@ _cairo_ft_scaled_glyph_init (void			*abstract_font,
     if (info & CAIRO_SCALED_GLYPH_INFO_SURFACE) {
 	status = _cairo_ft_scaled_glyph_init_surface (scaled_font,
 						      scaled_glyph,
 +						      glyph_priv,
 						      CAIRO_SCALED_GLYPH_INFO_SURFACE,
 						      face,
 						      NULL, /* foreground color */
 -- 
 GitLab
--- a/bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch
+++ b/bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch
@ -1,29 +0,0 @@
 From 1f39cb2e344ddaac89da743a926d06c60e08614b Mon Sep 17 00:00:00 2001
 From: sun_hai_10 <sunhai10@huawei.com>
 Date: Wed, 14 Jun 2023 15:37:22 +0800
 Subject: [PATCH] cairo truetype reverse cmap detected memory leaks
 ---
 src/cairo-truetype-subset.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
 index 6cef4ee..472294f 100644
 --- a/src/cairo-truetype-subset.c
 +++ b/src/cairo-truetype-subset.c
@@ -1311,8 +1311,10 @@ _cairo_truetype_reverse_cmap (cairo_scaled_font_t *scaled_font,
     /* A Format 4 cmap contains 8 uint16_t numbers and 4 arrays of
      * uint16_t each num_segments long. */
 -    if (size < (8 + 4*num_segments)*sizeof(uint16_t))
 -	return CAIRO_INT_STATUS_UNSUPPORTED;
 +    if (size < (8 + 4*num_segments)*sizeof(uint16_t)) {
 +	status = CAIRO_INT_STATUS_UNSUPPORTED;
 +        goto fail;
 +    }
     end_code = map->endCount;
     start_code = &(end_code[num_segments + 1]);
 -- 
 2.23.0
--- a/bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch
+++ b/bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch
@ -1,31 +0,0 @@
 From 4e515dd14a67b9069610e4a10baee300fb08421a Mon Sep 17 00:00:00 2001
 From: sun_hai_10 <sunhai10@huawei.com>
 Date: Wed, 14 Jun 2023 16:44:30 +0800
 Subject: [PATCH] fix heap buffer overflow in cairo_cff_parse_charstring
 ---
 src/cairo-cff-subset.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
 index 64fc69e..c94a4d0 100644
 --- a/src/cairo-cff-subset.c
 +++ b/src/cairo-cff-subset.c
@@ -1789,7 +1789,13 @@ cairo_cff_font_subset_charstrings_and_subroutines (cairo_cff_font_t  *font)
 	} else {
 	    glyph = font->scaled_font_subset->glyphs[i];
 	}
 -        element = _cairo_array_index (&font->charstrings_index, glyph);
 +
 +        cairo_array_t *array = &font->charstrings_index;
 +        element = _cairo_array_index (array, glyph);
 +        if (element == NULL)
 +            return CAIRO_INT_STATUS_NO_MEMORY;
 +        if (array->element_size < element->length)
 +            return CAIRO_INT_STATUS_UNSUPPORTED;
         status = cff_index_append (&font->charstrings_subset_index,
                                    element->data,
                                    element->length);
 -- 
 2.23.0
--- a/bugfix-fix-read-memory-access.patch
+++ b/bugfix-fix-read-memory-access.patch
@ -1,39 +0,0 @@
 From e8fef3b8f84afb1a0ae7a9ae81f43c91ac7b3b79 Mon Sep 17 00:00:00 2001
 From: sun_hai_10 <sunhai10@huawei.com>
 Date: Wed, 14 Jun 2023 15:52:58 +0800
 Subject: [PATCH] fix read memory access
 ---
 src/cairo-cff-subset.c   | 2 ++
 src/cairo-type1-subset.c | 2 ++
 2 files changed, 4 insertions(+)
 diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
 index fce4195..64fc69e 100644
 --- a/src/cairo-cff-subset.c
 +++ b/src/cairo-cff-subset.c
@@ -1412,6 +1412,8 @@ cairo_cff_font_subset_dict_string(cairo_cff_font_t   *font,
         return CAIRO_STATUS_SUCCESS;
     element = _cairo_array_index (&font->strings_index, sid - NUM_STD_STRINGS);
 +    if (element == NULL)
 +        return CAIRO_STATUS_NO_MEMORY;
     sid = NUM_STD_STRINGS + _cairo_array_num_elements (&font->strings_subset_index);
     status = cff_index_append (&font->strings_subset_index, element->data, element->length);
     if (unlikely (status))
 diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
 index 068b59e..22182af 100644
 --- a/src/cairo-type1-subset.c
 +++ b/src/cairo-type1-subset.c
@@ -1229,6 +1229,8 @@ cairo_type1_font_subset_for_each_glyph (cairo_type1_font_subset_t *font,
 	/* Skip binary data and |- or ND token. */
 	p = skip_token (charstring + charstring_length, dict_end);
 +        if (p == NULL)
 +            return CAIRO_INT_STATUS_NO_MEMORY;
 	while (p < dict_end && _cairo_isspace(*p))
 	    p++;
 -- 
 2.23.0
--- a/cairo-1.18.0.tar.xz
+++ b/cairo-1.18.0.tar.xz
--- a/cairo.spec
+++ b/cairo.spec
@ -1,21 +1,11 @@
 Name:           cairo
-Version:        1.17.8
+Version:        1.18.0
 Release:        1
 Summary:        A 2D graphics library
 License:        LGPLv2 or MPLv1.1
 URL:            http://cairographics.org
 Source0:        http://cairographics.org/snapshots/%{name}-%{version}.tar.xz
 Patch6000:	CVE-2019-6461.patch
 Patch9000:  bugfix-cairo-truetype-reverse-cmap-detected-memory-leaks.patch
 Patch9001:  bugfix-fix-read-memory-access.patch
 Patch9002:  bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch
 Patch6001:  backport-tee-Fix-cairo-wrapper-functions.patch
 Patch6002:  backport-ft-Use-normal-font-size-when-detecting-the-format.patch
 Patch6003:  backport-tee-ft-dont-use-scaled_glyph-dev_private-to-store-data.patch
 BuildRequires:  gcc gcc-c++ gtk-doc meson
 BuildRequires:  pkgconfig(expat)
 BuildRequires:  pkgconfig(pixman-1) >= 0.36.0
@ -92,8 +82,7 @@ This package contains tools for working with the cairo graphics library.
  -Dtee=enabled \
  -Dtests=disabled \
  -Dxcb=enabled \
-  -Dxlib=enabled \
+  -Dxlib=enabled
  -Dxml=disabled
 %meson_build
 %install
@ -148,11 +137,16 @@ This package contains tools for working with the cairo graphics library.
 %{_libdir}/pkgconfig/cairo-gobject.pc
 %files tools
 %{_bindir}/cairo-sphinx
 %{_bindir}/cairo-trace
 %{_libdir}/cairo/
 %changelog
 * Wed Dec 27 2023 Paul Thomas <paulthomas100199@gmail.com> - 1.18.0-1
 - Type: requirement
 - ID: NA
 - SUG: NA
 - DESC: update to 1.18.0
 * Wed Jul 26 2023 zhangqiumiao<zhangqiumiao1@huawei.com> - 1.17.8-1
 - Type:bugfix
 - ID:NA