Compare commits

...

No commits in common. "imports/c9-beta/pixman-0.40.0-5.el9" and "c8" have entirely different histories.

6 changed files with 175 additions and 42 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/pixman-0.40.0.tar.xz
SOURCES/pixman-0.38.4.tar.bz2

View File

@ -1 +1 @@
c625853be8a5369cece57ab7dba558ff739a6332 SOURCES/pixman-0.40.0.tar.xz
87e1abc91ac4e5dfcc275f744f1d0ec3277ee7cd SOURCES/pixman-0.38.4.tar.bz2

View File

@ -0,0 +1,29 @@
From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Wed, 2 Nov 2022 12:07:32 -0400
Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
Thanks to Maddie Stone and Google's Project Zero for discovering this
issue, providing a proof-of-concept, and a great analysis.
Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
---
pixman/pixman-trap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
index 91766fd..7560405 100644
--- a/pixman/pixman-trap.c
+++ b/pixman/pixman-trap.c
@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
if (f < Y_FRAC_FIRST (n))
{
- if (pixman_fixed_to_int (i) == 0x8000)
+ if (pixman_fixed_to_int (i) == 0xffff8000)
{
f = 0; /* saturate */
}
--
2.41.0

View File

@ -0,0 +1,84 @@
From 8256c235d9b3854d039242356905eca854a890ba Mon Sep 17 00:00:00 2001
From: Basile Clement <basile-pixman@clement.pm>
Date: Tue, 9 Apr 2019 23:16:13 +0200
Subject: [PATCH] Fix bilinear filter computation in wide pipeline
The recently introduced wide pipeline for filters has a typo which
causes it to improperly compute bilinear interpolation positions,
causing various glitches when enabled.
This patch uses the proper computation for bilinear interpolation in the
wide pipeline. It also makes related `if` statements conformant to the
CODING_STYLE:
* If a substatement spans multiple lines, then there must be braces
around it.
* If one substatement of an if statement has braces, then the other
must too.
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
---
pixman/pixman-bits-image.c | 9 +++++++++
pixman/pixman-inlines.h | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/pixman/pixman-bits-image.c b/pixman/pixman-bits-image.c
index 564789e..7bc2ba8 100644
--- a/pixman/pixman-bits-image.c
+++ b/pixman/pixman-bits-image.c
@@ -432,29 +432,38 @@ bits_image_fetch_pixel_filtered (bits_image_t *image,
case PIXMAN_FILTER_CONVOLUTION:
if (wide)
+ {
bits_image_fetch_pixel_convolution (image, x, y,
get_pixel, out,
accum_float,
reduce_float);
+ }
else
+ {
bits_image_fetch_pixel_convolution (image, x, y,
get_pixel, out,
accum_32, reduce_32);
+ }
break;
case PIXMAN_FILTER_SEPARABLE_CONVOLUTION:
if (wide)
+ {
bits_image_fetch_pixel_separable_convolution (image, x, y,
get_pixel, out,
accum_float,
reduce_float);
+ }
else
+ {
bits_image_fetch_pixel_separable_convolution (image, x, y,
get_pixel, out,
accum_32, reduce_32);
+ }
break;
default:
+ assert (0);
break;
}
}
diff --git a/pixman/pixman-inlines.h b/pixman/pixman-inlines.h
index 332e208..f785910 100644
--- a/pixman/pixman-inlines.h
+++ b/pixman/pixman-inlines.h
@@ -231,7 +231,7 @@ bilinear_interpolation_float (argb_t tl, argb_t tr,
argb_t r;
distxy = distx * disty;
- distxiy = distx - (1.f - distxy);
+ distxiy = distx * (1.f - disty);
distixy = (1.f - distx) * disty;
distixiy = (1.f - distx) * (1.f - disty);
--
2.37.1

View File

@ -0,0 +1,34 @@
From 6fe0131394fb029d2fccaee6b8edcb108840ad8a Mon Sep 17 00:00:00 2001
From: Federico Mena Quintero <federico@gnome.org>
Date: Wed, 18 Mar 2020 18:49:30 -0600
Subject: [PATCH] Initialize temporary buffers in general_composite_rect()
Otherwise, Valgrind shows things like "conditional jump or move
depends on uninitialised values" errors much later in calling code.
For example, see https://gitlab.gnome.org/GNOME/librsvg/issues/572
Fixes https://gitlab.freedesktop.org/pixman/pixman/issues/9
---
pixman/pixman-general.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/pixman/pixman-general.c b/pixman/pixman-general.c
index 7d74f98..7e5a0d0 100644
--- a/pixman/pixman-general.c
+++ b/pixman/pixman-general.c
@@ -165,6 +165,12 @@ general_composite_rect (pixman_implementation_t *imp,
if (!scanline_buffer)
return;
+
+ memset (scanline_buffer, 0, width * Bpp * 3 + 15 * 3);
+ }
+ else
+ {
+ memset (stack_scanline_buffer, 0, sizeof (stack_scanline_buffer));
}
src_buffer = ALIGN (scanline_buffer);
--
2.34.1

View File

@ -2,27 +2,33 @@
%define gitrev 8ff7213f39edc1b2b8b60d6b0cc5d5f14ca1928d
Name: pixman
Version: 0.40.0
Release: 5%{?dist}
Version: 0.38.4
Release: 4%{?dist}
Summary: Pixel manipulation library
Group: System Environment/Libraries
License: MIT
URL: https://gitlab.freedesktop.org/pixman/pixman
#VCS: git:git://git.freedesktop.org/git/pixman
# To make git snapshots:
# ./make-pixman-snapshot.sh %{\?gitrev}
# if no revision specified, makes a new one from HEAD.
Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz
Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2
Source1: make-pixman-snapshot.sh
Patch0: 0001-Initialize-temporary-buffers-in-general_composite_re.patch
Patch1: 0001-Fix-bilinear-filter-computation-in-wide-pipeline.patch
Patch2: 0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch
BuildRequires: automake autoconf libtool
BuildRequires: gcc
BuildRequires: meson
%description
Pixman is a pixel manipulation library for X and Cairo.
%package devel
Summary: Pixel manipulation library development package
Group: Development/Libraries
Requires: %{name}%{?isa} = %{version}-%{release}
Requires: pkgconfig
@ -31,23 +37,23 @@ Development library for pixman.
%prep
%autosetup -p1
# bump up the test suite timeout because arm
sed -i 's/120/600/' test/meson.build
%build
%meson --auto-features=auto \
%configure \
%ifarch %{arm}
-Diwmmxt=disabled -Diwmmxt2=false \
--disable-arm-iwmmxt --disable-arm-iwmmxt2 \
%endif
%nil
--disable-static
%meson_build
make %{?_smp_mflags} V=1
%install
%meson_install
make install DESTDIR=$RPM_BUILD_ROOT
find %{buildroot} -type f -name "*.la" -delete
%check
%meson_test
make check %{?_smp_mflags} V=1
%ldconfig_post
%ldconfig_postun
@ -64,37 +70,17 @@ sed -i 's/120/600/' test/meson.build
%{_libdir}/pkgconfig/pixman-1.pc
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.40.0-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Oct 04 2023 José Expósito <jexposit@redhat.com> - 0.38.4-4
- Backport fix for CVE-2022-44638
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.40.0-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Sat Sep 03 2022 Benjamin Gilbert <bgilbert@backtick.net> - 0.38.4-3
- Fix bilinear filter computation in wide pipeline
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Feb 22 2022 Adam Jackson <ajax@redhat.com> - 0.38.4-2
- Backport the pixman part of cairo CVE-2020-35492
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Apr 20 2020 Kalev Lember <klember@redhat.com> - 0.40.0-1
- Update to 0.40.0
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.38.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Sep 09 2019 Kalev Lember <klember@redhat.com> - 0.38.4-1
- Update to 0.38.4
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.38.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Feb 12 2019 Kalev Lember <klember@redhat.com> - 0.38.0-1
- Update to 0.38.0
- Switch to the meson build system
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.36.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 19 2019 Adam Jackson <ajax@redhat.com> - 0.38.4-1
- pixman 0.38.4
* Thu Nov 29 2018 Adam Jackson <ajax@redhat.com> - 0.36.0-1
- pixman 0.36.0