commit cairo for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package cairo for openSUSE:Factory checked in at 2017-06-28 10:32:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cairo (Old) and /work/SRC/openSUSE:Factory/.cairo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cairo" Wed Jun 28 10:32:16 2017 rev:78 rq:505122 version:1.15.6 Changes: -------- --- /work/SRC/openSUSE:Factory/cairo/cairo.changes 2017-06-19 13:23:07.362701320 +0200 +++ /work/SRC/openSUSE:Factory/.cairo.new/cairo.changes 2017-06-28 10:32:20.876808694 +0200 @@ -1,0 +2,7 @@ +Tue Jun 20 11:20:29 UTC 2017 - alarrosa@suse.com + +- Add 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch to + fix a segfault when using >4GB images since int values were used + for pointer operations (bsc#1007255, fdo#98165, CVE-2016-9082). + +------------------------------------------------------------------- New: ---- 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cairo.spec ++++++ --- /var/tmp/diff_new_pack.Vqu9Ir/_old 2017-06-28 10:32:22.156627628 +0200 +++ /var/tmp/diff_new_pack.Vqu9Ir/_new 2017-06-28 10:32:22.156627628 +0200 @@ -33,6 +33,8 @@ Patch1: cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff # PATCH-FIX-UPSTREAM cairo-fix-off-by-one-check.patch fdo#101427 zaitor@opensuse.org -- Fix off by one check in cairo-image-info.c Patch2: cairo-fix-off-by-one-check.patch +# PATCH-FIX-UPSTREAM 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch bsc#1007255 fdo#98165 CVE-2016-9082 alarrosa@suse.com -- Fix segfault when using >4GB images +Patch3: 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch BuildRequires: gtk-doc BuildRequires: pkg-config BuildRequires: pkgconfig(fontconfig) @@ -141,6 +143,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %configure \ ++++++ 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch ++++++
From c812d1c1935cccf096a60ad904e640fdc83bd41c Mon Sep 17 00:00:00 2001 From: Adrian Johnson
Date: Thu, 20 Oct 2016 21:12:30 +1030 Subject: [PATCH] image: prevent invalid ptr access for > 4GB images
Image data is often accessed using:
image->data + y * image->stride
On 64-bit achitectures if the image data is > 4GB, this computation
will overflow since both y and stride are 32-bit types.
https://bugs.freedesktop.org/show_bug.cgi?id=98165
---
boilerplate/cairo-boilerplate.c | 4 +++-
src/cairo-image-compositor.c | 4 ++--
src/cairo-image-surface-private.h | 2 +-
src/cairo-mesh-pattern-rasterizer.c | 2 +-
src/cairo-png.c | 2 +-
src/cairo-script-surface.c | 3 ++-
6 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
index 7fdbf79..4804dea 100644
--- a/boilerplate/cairo-boilerplate.c
+++ b/boilerplate/cairo-boilerplate.c
@@ -42,6 +42,7 @@
#undef CAIRO_VERSION_H
#include "../cairo-version.h"
+#include
participants (1)
-
root@hilbert.suse.de