.gitignore

@@ -1 +1 @@
-SOURCES/pixman-0.40.0.tar.xz
+SOURCES/pixman-0.38.4.tar.bz2

.pixman.metadata

@@ -1 +1 @@
-c625853be8a5369cece57ab7dba558ff739a6332 SOURCES/pixman-0.40.0.tar.xz
+87e1abc91ac4e5dfcc275f744f1d0ec3277ee7cd SOURCES/pixman-0.38.4.tar.bz2

SOURCES/0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch

@@ -0,0 +1,29 @@
+From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Wed, 2 Nov 2022 12:07:32 -0400
+Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
+
+Thanks to Maddie Stone and Google's Project Zero for discovering this
+issue, providing a proof-of-concept, and a great analysis.
+
+Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
+---
+ pixman/pixman-trap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
+index 91766fd..7560405 100644
+--- a/pixman/pixman-trap.c
++++ b/pixman/pixman-trap.c
+@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
+ 
+     if (f < Y_FRAC_FIRST (n))
+     {
+-	if (pixman_fixed_to_int (i) == 0x8000)
++	if (pixman_fixed_to_int (i) == 0xffff8000)
+ 	{
+ 	    f = 0; /* saturate */
+ 	}
+-- 
+2.41.0
+

SOURCES/0001-Fix-bilinear-filter-computation-in-wide-pipeline.patch

@@ -0,0 +1,84 @@
+From 8256c235d9b3854d039242356905eca854a890ba Mon Sep 17 00:00:00 2001
+From: Basile Clement <basile-pixman@clement.pm>
+Date: Tue, 9 Apr 2019 23:16:13 +0200
+Subject: [PATCH] Fix bilinear filter computation in wide pipeline
+
+The recently introduced wide pipeline for filters has a typo which
+causes it to improperly compute bilinear interpolation positions,
+causing various glitches when enabled.
+
+This patch uses the proper computation for bilinear interpolation in the
+wide pipeline.  It also makes related `if` statements conformant to the
+CODING_STYLE:
+
+* If a substatement spans multiple lines, then there must be braces
+  around it.
+
+* If one substatement of an if statement has braces, then the other
+  must too.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
+---
+ pixman/pixman-bits-image.c | 9 +++++++++
+ pixman/pixman-inlines.h    | 2 +-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/pixman/pixman-bits-image.c b/pixman/pixman-bits-image.c
+index 564789e..7bc2ba8 100644
+--- a/pixman/pixman-bits-image.c
++++ b/pixman/pixman-bits-image.c
+@@ -432,29 +432,38 @@ bits_image_fetch_pixel_filtered (bits_image_t  *image,
+ 
+     case PIXMAN_FILTER_CONVOLUTION:
+ 	if (wide)
++	{
+ 	    bits_image_fetch_pixel_convolution (image, x, y,
+ 						get_pixel, out,
+ 						accum_float,
+ 						reduce_float);
++	}
+ 	else
++	{
+ 	    bits_image_fetch_pixel_convolution (image, x, y,
+ 						get_pixel, out,
+ 						accum_32, reduce_32);
++	}
+ 	break;
+ 
+     case PIXMAN_FILTER_SEPARABLE_CONVOLUTION:
+ 	if (wide)
++	{
+ 	    bits_image_fetch_pixel_separable_convolution (image, x, y,
+ 							  get_pixel, out,
+ 							  accum_float,
+ 							  reduce_float);
++	}
+ 	else
++	{
+ 	    bits_image_fetch_pixel_separable_convolution (image, x, y,
+ 							  get_pixel, out,
+ 							  accum_32, reduce_32);
++	}
+         break;
+ 
+     default:
++	assert (0);
+         break;
+     }
+ }
+diff --git a/pixman/pixman-inlines.h b/pixman/pixman-inlines.h
+index 332e208..f785910 100644
+--- a/pixman/pixman-inlines.h
++++ b/pixman/pixman-inlines.h
+@@ -231,7 +231,7 @@ bilinear_interpolation_float (argb_t tl, argb_t tr,
+     argb_t r;
+ 
+     distxy = distx * disty;
+-    distxiy = distx - (1.f - distxy);
++    distxiy = distx * (1.f - disty);
+     distixy = (1.f - distx) * disty;
+     distixiy = (1.f - distx) * (1.f - disty);
+ 
+-- 
+2.37.1
+

SOURCES/0001-Initialize-temporary-buffers-in-general_composite_re.patch

@@ -0,0 +1,34 @@
+From 6fe0131394fb029d2fccaee6b8edcb108840ad8a Mon Sep 17 00:00:00 2001
+From: Federico Mena Quintero <federico@gnome.org>
+Date: Wed, 18 Mar 2020 18:49:30 -0600
+Subject: [PATCH] Initialize temporary buffers in general_composite_rect()
+
+Otherwise, Valgrind shows things like "conditional jump or move
+depends on uninitialised values" errors much later in calling code.
+For example, see https://gitlab.gnome.org/GNOME/librsvg/issues/572
+
+Fixes https://gitlab.freedesktop.org/pixman/pixman/issues/9
+---
+ pixman/pixman-general.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/pixman/pixman-general.c b/pixman/pixman-general.c
+index 7d74f98..7e5a0d0 100644
+--- a/pixman/pixman-general.c
++++ b/pixman/pixman-general.c
+@@ -165,6 +165,12 @@ general_composite_rect  (pixman_implementation_t *imp,
+ 
+ 	if (!scanline_buffer)
+ 	    return;
++
++	memset (scanline_buffer, 0, width * Bpp * 3 + 15 * 3);
++    }
++    else
++    {
++	memset (stack_scanline_buffer, 0, sizeof (stack_scanline_buffer));
+     }
+ 
+     src_buffer = ALIGN (scanline_buffer);
+-- 
+2.34.1
+

SPECS/pixman.spec

@@ -2,27 +2,33 @@
 %define gitrev 8ff7213f39edc1b2b8b60d6b0cc5d5f14ca1928d
 
 Name:           pixman
-Version:        0.40.0
-Release:        5%{?dist}
+Version:        0.38.4
+Release:        4%{?dist}
 Summary:        Pixel manipulation library
 
+Group:          System Environment/Libraries
 License:        MIT
 URL:            https://gitlab.freedesktop.org/pixman/pixman
 #VCS:           git:git://git.freedesktop.org/git/pixman
 # To make git snapshots:
 # ./make-pixman-snapshot.sh %{\?gitrev}
 # if no revision specified, makes a new one from HEAD.
-Source0:        https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz
+Source0:        https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.bz2
 Source1:        make-pixman-snapshot.sh
 
+Patch0: 0001-Initialize-temporary-buffers-in-general_composite_re.patch
+Patch1: 0001-Fix-bilinear-filter-computation-in-wide-pipeline.patch
+Patch2: 0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch
+
+BuildRequires:  automake autoconf libtool
 BuildRequires:  gcc
-BuildRequires:  meson
 
 %description
 Pixman is a pixel manipulation library for X and Cairo.
 
 %package devel
 Summary: Pixel manipulation library development package
+Group: Development/Libraries
 Requires: %{name}%{?isa} = %{version}-%{release}
 Requires: pkgconfig
 
@@ -31,23 +37,23 @@ Development library for pixman.
 
 %prep
 %autosetup -p1
-# bump up the test suite timeout because arm
-sed -i 's/120/600/' test/meson.build
 
 %build
-%meson --auto-features=auto \
+%configure \
 %ifarch %{arm}
-  -Diwmmxt=disabled -Diwmmxt2=false \
+  --disable-arm-iwmmxt --disable-arm-iwmmxt2 \
 %endif
-  %nil
+  --disable-static
 
-%meson_build
+make %{?_smp_mflags} V=1
 
 %install
-%meson_install
+make install DESTDIR=$RPM_BUILD_ROOT
+
+find %{buildroot} -type f -name "*.la" -delete
 
 %check
-%meson_test
+make check %{?_smp_mflags} V=1
 
 %ldconfig_post
 %ldconfig_postun
@@ -64,37 +70,17 @@ sed -i 's/120/600/' test/meson.build
 %{_libdir}/pkgconfig/pixman-1.pc
 
 %changelog
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.40.0-5
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Wed Oct 04 2023 José Expósito <jexposit@redhat.com> - 0.38.4-4
+- Backport fix for CVE-2022-44638
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.40.0-4
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Sat Sep 03 2022 Benjamin Gilbert <bgilbert@backtick.net> - 0.38.4-3
+- Fix bilinear filter computation in wide pipeline
 
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Tue Feb 22 2022 Adam Jackson <ajax@redhat.com> - 0.38.4-2
+- Backport the pixman part of cairo CVE-2020-35492
 
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Apr 20 2020 Kalev Lember <klember@redhat.com> - 0.40.0-1
-- Update to 0.40.0
-
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.38.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Sep 09 2019 Kalev Lember <klember@redhat.com> - 0.38.4-1
-- Update to 0.38.4
-
-* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.38.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Tue Feb 12 2019 Kalev Lember <klember@redhat.com> - 0.38.0-1
-- Update to 0.38.0
-- Switch to the meson build system
-
-* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.36.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+* Tue Nov 19 2019 Adam Jackson <ajax@redhat.com> - 0.38.4-1
+- pixman 0.38.4
 
 * Thu Nov 29 2018 Adam Jackson <ajax@redhat.com> - 0.36.0-1
 - pixman 0.36.0