.cairo.metadata

@@ -1 +0,0 @@
-68712ae1039b114347be3b7200bc1c901d47a636 SOURCES/cairo-1.17.4.tar.xz

.gitignore

@@ -1 +1,2 @@
-SOURCES/cairo-1.17.4.tar.xz
+SOURCES/cairo-1.15.12.tar.xz
+/cairo-1.15.12.tar.xz

0001-Fix-assertion-failure-in-the-freetype-backend.patch

@@ -0,0 +1,51 @@
+From 7554822dd0b52d33ec7898e81b59e97164b00142 Mon Sep 17 00:00:00 2001
+From: Uli Schlachter <psychon@znc.in>
+Date: Sat, 21 Apr 2018 09:37:06 +0200
+Subject: [PATCH] Fix assertion failure in the freetype backend
+
+Fonts are kept in a hash table, so when creating a new font, the code
+first checks the hash table for an already-existing entry and only then
+is a new instance really created. There is an assert that checks that
+the key used for the hash table lookup is the same as the instance that
+is created later has, because otherwise the hash table was checked
+incorrectly.
+
+This assert failed in some conditions.
+
+Fix this by fixing some places that initialised ft hash keys in a wrong
+way.
+
+Patch by Behdad Esfahbod and submitted via bugzilla.
+
+Source: https://bugs.freedesktop.org/show_bug.cgi?id=105746#c4
+Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=105746
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ src/cairo-ft-font.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 79aef78f5b0d..9b10708988d7 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -445,7 +445,7 @@ _cairo_ft_unscaled_font_init (cairo_ft_unscaled_font_t *unscaled,
+ 
+     if (from_face) {
+ 	unscaled->from_face = TRUE;
+-	_cairo_ft_unscaled_font_init_key (unscaled, TRUE, NULL, face->face_index, face);
++	_cairo_ft_unscaled_font_init_key (unscaled, TRUE, NULL, id, face);
+ 
+ 
+         unscaled->have_color = FT_HAS_COLOR (face) != 0;
+@@ -640,7 +640,7 @@ static cairo_status_t
+ _cairo_ft_unscaled_font_create_from_face (FT_Face face,
+ 					  cairo_ft_unscaled_font_t **out)
+ {
+-    return _cairo_ft_unscaled_font_create_internal (TRUE, NULL, 0, face, out);
++    return _cairo_ft_unscaled_font_create_internal (TRUE, NULL, face->face_index, face, out);
+ }
+ 
+ static cairo_bool_t
+-- 
+2.17.0
+

SOURCES/125.patch

@@ -1,58 +0,0 @@
-From a3b69a0215fdface0fd5730872a4b3242d979dca Mon Sep 17 00:00:00 2001
-From: Uli Schlachter <psychon@znc.in>
-Date: Tue, 9 Feb 2021 16:54:35 +0100
-Subject: [PATCH] pdf font subset: Generate valid font names
-
-A hash value is encoded in base 26 with upper case letters for font
-names.
-
-Commit ed984146 replaced "numerator = abs (hash);" with "numerator =
-hash;" in this code, because hash has type uint32_t and the compiler
-warned about taking the absolute value of an unsigned value.  However,
-abs() is actually defined to take an int argument. Thus, there was some
-implicit cast.
-
-Since numerator has type long, i.e. is signed, it is now actually
-possible to get an overflow in the implicit cast and then have a
-negative number. The following code is not prepared for this and
-produces non-letters when encoding the hash.
-
-This commit fixes that problem by not using ldiv() and instead using /
-and % to directly compute the needed values. This gets rid of the need
-to convert to type long. Since now everything works with uint32_t, there
-is no more chance for negative numbers messing things up.
-
-Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/449
-Signed-off-by: Uli Schlachter <psychon@znc.in>
----
- src/cairo-pdf-surface.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c
-index 6da460878..52c49b6d2 100644
---- a/src/cairo-pdf-surface.c
-+++ b/src/cairo-pdf-surface.c
-@@ -5310,18 +5310,14 @@ _create_font_subset_tag (cairo_scaled_font_subset_t	*font_subset,
- {
-     uint32_t hash;
-     int i;
--    long numerator;
--    ldiv_t d;
- 
-     hash = _hash_data ((unsigned char *) font_name, strlen(font_name), 0);
-     hash = _hash_data ((unsigned char *) (font_subset->glyphs),
- 		       font_subset->num_glyphs * sizeof(unsigned long), hash);
- 
--    numerator = hash;
-     for (i = 0; i < 6; i++) {
--	d = ldiv (numerator, 26);
--	numerator = d.quot;
--        tag[i] = 'A' + d.rem;
-+	tag[i] = 'A' + (hash % 26);
-+	hash /= 26;
-     }
-     tag[i] = 0;
- }
--- 
-GitLab
-

cairo-1.15.12-CVE-2020-35492.patch

@@ -0,0 +1,199 @@
+From 40e9d1a0a69f01b55b4fa131bc253c7c09a0ae91 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 16:48:19 +0100
+Subject: [PATCH 1/2] Fix mask usage in image-compositor
+
+---
+ src/cairo-image-compositor.c                |   8 ++--
+ test/Makefile.sources                       |   1 +
+ test/bug-image-compositor.c                 |  39 ++++++++++++++++++++
+ test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes
+ 4 files changed, 44 insertions(+), 4 deletions(-)
+ create mode 100644 test/bug-image-compositor.c
+ create mode 100644 test/reference/bug-image-compositor.ref.png
+
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index 122a8ca42..b20e2ec78 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ 		    unsigned num_spans)
+ {
+     cairo_image_span_renderer_t *r = abstract_renderer;
+-    uint8_t *m;
++    uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+     int x0;
+ 
+     if (num_spans == 0)
+ 	return CAIRO_STATUS_SUCCESS;
+ 
+     x0 = spans[0].x;
+-    m = r->_buf;
++    m = base;
+     do {
+ 	int len = spans[1].x - spans[0].x;
+ 	if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ 				      spans[0].x, y,
+ 				      spans[1].x - spans[0].x, h);
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else if (spans[0].coverage == 0x0) {
+ 	    if (spans[0].x != x0) {
+@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ #endif
+ 	    }
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else {
+ 	    *m++ = spans[0].coverage;
+diff --git a/test/Makefile.sources b/test/Makefile.sources
+index c47131faf..86fd53d15 100644
+--- a/test/Makefile.sources
++++ b/test/Makefile.sources
+@@ -33,6 +33,7 @@ test_sources = \
+ 	bug-source-cu.c					\
+ 	bug-extents.c					\
+ 	bug-seams.c					\
++	bug-image-compositor.c				\
+ 	caps.c						\
+ 	checkerboard.c					\
+ 	caps-joins.c					\
+diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c
+new file mode 100644
+index 000000000..fc4fd370b
+--- /dev/null
++++ b/test/bug-image-compositor.c
+@@ -0,0 +1,39 @@
++#include "cairo-test.h"
++
++static cairo_test_status_t
++draw (cairo_t *cr, int width, int height)
++{
++    cairo_set_source_rgb (cr, 0., 0., 0.);
++    cairo_paint (cr);
++
++    cairo_set_source_rgb (cr, 1., 1., 1.);
++    cairo_set_line_width (cr, 1.);
++
++    cairo_pattern_t *p = cairo_pattern_create_linear (0, 0, width, height);
++    cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1);
++    cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1);
++    cairo_set_source (cr, p);
++
++    cairo_move_to (cr, 0.5, -1);
++    for (int i = 0; i < width; i+=3) {
++	cairo_rel_line_to (cr, 2, 2);
++	cairo_rel_line_to (cr, 1, -2);
++    }
++
++    cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE);
++    cairo_stroke (cr);
++
++    cairo_pattern_destroy(p);
++
++    return CAIRO_TEST_SUCCESS;
++}
++
++
++CAIRO_TEST (bug_image_compositor,
++	    "Crash in image-compositor",
++	    "stroke, stress", /* keywords */
++	    NULL, /* requirements */
++	    10000, 1,
++	    NULL, draw)
++	    
++	    
+diff --git a/test/reference/bug-image-compositor.ref.png b/test/reference/bug-image-compositor.ref.png
+new file mode 100644
+index 0000000000000000000000000000000000000000..939f659d2c8620e9927a3a79f5e96fb639c418be
+GIT binary patch
+literal 185
+zcmeAS@N?(olHy`uVBq!ia0y~yP!|BQ89A7M<o7+wF+hqf$=lt9;Xep2*t>i(P$bXO
+z#WAE}&f8-f1se=_SPWL_NSx=C)BnJ0eBr6Z%1egFEOv(*t#+|{>X&v^RS7GQe(vez
+lf)$wgmAfM(p2Sx&&i!{gWy)N&qd=P(JYD@<);T3K0RWsgHuC@g
+
+literal 0
+HcmV?d00001
+
+-- 
+2.34.1
+
+
+From afc23bfdc3c2597b9fe0ee34b9b4bfa47fa03698 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 17:14:18 +0100
+Subject: [PATCH 2/2] Minor cleanups
+
+---
+ test/bug-image-compositor.c | 33 ++++++++++++++++++++++++++++++---
+ 1 file changed, 30 insertions(+), 3 deletions(-)
+
+diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c
+index fc4fd370b..304ea089c 100644
+--- a/test/bug-image-compositor.c
++++ b/test/bug-image-compositor.c
+@@ -1,5 +1,34 @@
++/*
++ * Copyright © 2020 Uli Schlachter, Heiko Lewin
++ *
++ * Permission is hereby granted, free of charge, to any person
++ * obtaining a copy of this software and associated documentation
++ * files (the "Software"), to deal in the Software without
++ * restriction, including without limitation the rights to use, copy,
++ * modify, merge, publish, distribute, sublicense, and/or sell copies
++ * of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be
++ * included in all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++ * SOFTWARE.
++ *
++ * Author: Uli Schlachter <psychon@znc.in>
++ * Author: Heiko Lewin <hlewin@gmx.de>
++ */
+ #include "cairo-test.h"
+ 
++
++/* This test reproduces an overflow of a mask-buffer in cairo-image-compositor.c */
++
+ static cairo_test_status_t
+ draw (cairo_t *cr, int width, int height)
+ {
+@@ -13,6 +42,7 @@ draw (cairo_t *cr, int width, int height)
+     cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1);
+     cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1);
+     cairo_set_source (cr, p);
++    cairo_pattern_destroy(p);
+ 
+     cairo_move_to (cr, 0.5, -1);
+     for (int i = 0; i < width; i+=3) {
+@@ -23,8 +53,6 @@ draw (cairo_t *cr, int width, int height)
+     cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE);
+     cairo_stroke (cr);
+ 
+-    cairo_pattern_destroy(p);
+-
+     return CAIRO_TEST_SUCCESS;
+ }
+ 
+@@ -36,4 +64,3 @@ CAIRO_TEST (bug_image_compositor,
+ 	    10000, 1,
+ 	    NULL, draw)
+ 	    
+-	    
+-- 
+2.34.1
+

cairo.spec

@@ -10,24 +10,25 @@
 %endif
 
 Name:		cairo
-Version:	1.17.4
-Release:	5%{?dist}
+Version:	1.15.12
+Release:	6%{?dist}
 Summary:	A 2D graphics library
 
 License:	LGPLv2 or MPLv1.1
 URL:		http://cairographics.org
 Source0:	http://cairographics.org/snapshots/%{name}-%{version}.tar.xz
 
+# Backported from upstream
+Patch0:         0001-Fix-assertion-failure-in-the-freetype-backend.patch
+
 Patch3:         cairo-multilib.patch
 
 # https://gitlab.freedesktop.org/cairo/cairo/merge_requests/1
 Patch4:         0001-Set-default-LCD-filter-to-FreeType-s-default.patch
 
-# Fix generating PDF font names
-# https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/125
-Patch5:         125.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1908113
+Patch5:         cairo-1.15.12-CVE-2020-35492.patch
 
-BuildRequires:  gcc
 BuildRequires: pkgconfig
 BuildRequires: libXrender-devel
 BuildRequires: libX11-devel
@@ -42,7 +43,9 @@ BuildRequires: librsvg2-devel
 BuildRequires: mesa-libGL-devel
 BuildRequires: mesa-libEGL-devel
 %endif
-BuildRequires: make
+# Required for Patch5.
+BuildRequires: autoconf automake libtool
+BuildRequires: git-core
 
 %description
 Cairo is a 2D graphics library designed to provide high-quality display
@@ -97,9 +100,10 @@ This package contains tools for working with the cairo graphics library.
  * cairo-trace: Record cairo library calls for later playback
 
 %prep
-%autosetup -p1
+%autosetup -S git
 
 %build
+autoreconf --force --install
 %configure --disable-static	\
 	--enable-xlib		\
 	--enable-ft		\
@@ -118,11 +122,15 @@ make V=1 %{?_smp_mflags}
 %make_install
 find $RPM_BUILD_ROOT -name '*.la' -delete
 
+%ldconfig_scriptlets
+%ldconfig_scriptlets gobject
+
 %files
 %license COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1
 %doc AUTHORS BIBLIOGRAPHY BUGS NEWS README
-%{_libdir}/libcairo.so.2*
-%{_libdir}/libcairo-script-interpreter.so.2*
+%{_libdir}/libcairo.so.*
+%{_libdir}/libcairo-script-interpreter.so.*
+%{_bindir}/cairo-sphinx
 
 %files devel
 %doc ChangeLog PORTING_GUIDE
@@ -165,7 +173,7 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 %endif
 
 %files gobject
-%{_libdir}/libcairo-gobject.so.2*
+%{_libdir}/libcairo-gobject.so.*
 
 %files gobject-devel
 %{_includedir}/cairo/cairo-gobject.h
@@ -177,59 +185,18 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 %{_libdir}/cairo/
 
 %changelog
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.4-5
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Thu Jan 20 2022 David King <dking@redhat.com> - 1.15.12-6
+- Fix CVE reference test (#1908113)
 
-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.4-4
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Thu Jan 20 2022 David King <dking@redhat.com> - 1.15.12-5
+- Add reference test to CVE fix (#1908113)
 
-* Tue Mar 16 2021 Kalev Lember <klember@redhat.com> - 1.17.4-3
-- Backport an upstream patch to fix generating PDF font names (#1939399)
+* Mon Jan 17 2022 David King <dking@redhat.com> - 1.15.12-4
+- Fix CVE-2020-35492 (#1908113)
 
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Fri Dec 11 2020 Kalev Lember <klember@redhat.com> - 1.17.4-1
-- Update to 1.17.4
-- Tighten soname globs
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Fri Apr 24 2020 Marek Kasik <mkasik@redhat.com> - 1.16.0-8
-- Allow empty array of operands for certain operators in CFF fonts
-- Resolves: #1817958
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Mon Jun 03 2019 Kalev Lember <klember@redhat.com> - 1.16.0-5
-- Fix a thinko in composite_color_glyphs
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Dec  7 2018 Marek Kasik <mkasik@redhat.com> - 1.16.0-3
-- Use FT_Done_MM_Var instead of free when available in
-- cairo_ft_apply_variations
-
-* Fri Dec  7 2018 Marek Kasik <mkasik@redhat.com> - 1.16.0-2
+* Thu Dec  6 2018 Marek Kasik <mkasik@redhat.com> - 1.15.12-3
 - Set default LCD filter to FreeType's default
-- Resolves: #1645763
-
-* Mon Oct 22 2018 Kalev Lember <klember@redhat.com> - 1.16.0-1
-- Update to 1.16.0
-
-* Sat Sep 22 2018 Kalev Lember <klember@redhat.com> - 1.15.14-1
-- Update to 1.15.14
-- Drop ldconfig scriptlets
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.12-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+- Resolves: #1651240
 
 * Sat Apr 21 2018 Kalev Lember <klember@redhat.com> - 1.15.12-2
 - Fix assertion failure in the freetype backend (#1567633)

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

sources

@@ -0,0 +1 @@
+SHA512 (cairo-1.15.12.tar.xz) = 97fb2c515f6449c1d84dc3187d11187290a219d39f8168a4367ca43505da80167df93b609a69b7e3938e9d38a2b7db459ad7130d9b5f12ff8c898994dfaa6d7e