From d975ed975456a2c8e855eb024b5487c4c460684a Mon Sep 17 00:00:00 2001 From: Raghav Gururajan Date: Fri, 4 Dec 2020 00:48:43 -0500 Subject: [PATCH] gnu: cairo: Make some cosmetic changes. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/cairo-CVE-2018-19876.patch, gnu/packages/patches/cairo-CVE-2020-35492.patch: Remove patches. * gnu/local.mk (dist_patch_DATA): Unregister them. * gnu/packages/gtk.scm (cairo): Make some cosmetic changes. [replacement]: Remove. (cairo/fixed): Remove. Signed-off-by: Léo Le Bouter --- gnu/local.mk | 2 - gnu/packages/gtk.scm | 92 +++++++++---------- .../patches/cairo-CVE-2018-19876.patch | 37 -------- .../patches/cairo-CVE-2020-35492.patch | 49 ---------- 4 files changed, 41 insertions(+), 139 deletions(-) delete mode 100644 gnu/packages/patches/cairo-CVE-2018-19876.patch delete mode 100644 gnu/packages/patches/cairo-CVE-2020-35492.patch diff --git a/gnu/local.mk b/gnu/local.mk index e01e7970d2..e93ce45f5a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -877,8 +877,6 @@ dist_patch_DATA = \ %D%/packages/patches/bpftrace-disable-bfd-disasm.patch \ %D%/packages/patches/busybox-CVE-2021-28831.patch \ %D%/packages/patches/byobu-writable-status.patch \ - %D%/packages/patches/cairo-CVE-2018-19876.patch \ - %D%/packages/patches/cairo-CVE-2020-35492.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-remove-test-sqlite.patch \ %D%/packages/patches/calibre-remove-test-unrar.patch \ diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 2699b97b49..ff0c1296e1 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -123,67 +123,57 @@ tools have full access to view and control running applications.") (define-public cairo (package - (name "cairo") - (version "1.16.0") - (replacement cairo/fixed) - (source (origin - (method url-fetch) - (uri (string-append "https://cairographics.org/releases/cairo-" - version ".tar.xz")) - (sha256 - (base32 - "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy")))) - (build-system gnu-build-system) - (propagated-inputs - `(("fontconfig" ,fontconfig) - ("freetype" ,freetype) - ("glib" ,glib) - ("libpng" ,libpng) - ("libx11" ,libx11) - ("libxext" ,libxext) - ("libxrender" ,libxrender) - ("pixman" ,pixman))) - (inputs - `(("ghostscript" ,ghostscript) - ("libspectre" ,libspectre) - ("poppler" ,poppler) - ("xorgproto" ,xorgproto) - ("zlib" ,zlib))) - (native-inputs - `(("pkg-config" ,pkg-config) - ("python" ,python-wrapper))) + (name "cairo") + (version "1.16.0") + (source + (origin + (method url-fetch) + (uri + (string-append "https://cairographics.org/releases/cairo-" + version ".tar.xz")) + (sha256 + (base32 "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy")))) + (build-system gnu-build-system) (arguments - `(#:tests? #f ; see http://lists.gnu.org/archive/html/bug-guix/2013-06/msg00085.html - #:configure-flags '("--enable-tee" ;needed for GNU Icecat - "--enable-xml" ;for cairo-xml support - "--disable-static"))) - (synopsis "2D graphics library") - (description - "Cairo is a 2D graphics library with support for multiple output devices. -Currently supported output targets include the X Window System (via both -Xlib and XCB), Quartz, Win32, image buffers, PostScript, PDF, and SVG file + `(#:tests? #f ; see http://lists.gnu.org/archive/html/bug-guix/2013-06/msg00085.html + #:configure-flags + (list + "--enable-tee" ;needed for GNU Icecat + "--enable-xml" ;for cairo-xml support + "--disable-static"))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("python" ,python-wrapper))) + (inputs + `(("ghostscript" ,ghostscript) + ("libspectre" ,libspectre) + ("poppler" ,poppler) + ("xorgproto" ,xorgproto) + ("zlib" ,zlib))) + (propagated-inputs + `(("fontconfig" ,fontconfig) + ("freetype" ,freetype) + ("glib" ,glib) + ("libpng" ,libpng) + ("libx11" ,libx11) + ("libxext" ,libxext) + ("libxrender" ,libxrender) + ("pixman" ,pixman))) + (synopsis "2D graphics library") + (description "Cairo is a 2D graphics library with support for multiple output +devices. Currently supported output targets include the X Window System (via +both Xlib and XCB), Quartz, Win32, image buffers, PostScript, PDF, and SVG file output. Experimental backends include OpenGL, BeOS, OS/2, and DirectFB. - Cairo is designed to produce consistent output on all output media while taking advantage of display hardware acceleration when available eg. through the X Render Extension). - The cairo API provides operations similar to the drawing operators of PostScript and PDF. Operations in cairo including stroking and filling cubic Bézier splines, transforming and compositing translucent images, and antialiased text rendering. All drawing operations can be transformed by any affine transformation (scale, rotation, shear, etc.).") - (license license:lgpl2.1) ; or Mozilla Public License 1.1 - (home-page "https://cairographics.org/"))) - -(define cairo/fixed - (package - (inherit cairo) - (source (origin - (inherit (package-source cairo)) - (patches (append (search-patches "cairo-CVE-2018-19876.patch" - "cairo-CVE-2020-35492.patch") - (origin-patches (package-source cairo)))))))) + (home-page "https://cairographics.org/") + (license license:lgpl2.1))) ; or Mozilla Public License 1.1 (define-public cairo-sans-poppler ;; Variant used to break the dependency cycle between Poppler and Cairo. diff --git a/gnu/packages/patches/cairo-CVE-2018-19876.patch b/gnu/packages/patches/cairo-CVE-2018-19876.patch deleted file mode 100644 index c0fba2ecaa..0000000000 --- a/gnu/packages/patches/cairo-CVE-2018-19876.patch +++ /dev/null @@ -1,37 +0,0 @@ -Copied from Debian. - -From: Carlos Garcia Campos -Date: Mon, 19 Nov 2018 12:33:07 +0100 -Subject: ft: Use FT_Done_MM_Var instead of free when available in - cairo_ft_apply_variations - -Fixes a crash when using freetype >= 2.9 - -[This is considered to be security-sensitive because WebKitGTK+ sets its -own memory allocator, which is not compatible with system free(), making -this a remotely triggerable denial of service or memory corruption.] - -Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645 -Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 -Bug-Debian: https://bugs.debian.org/916389 -Bug-CVE: CVE-2018-19876 ---- - src/cairo-ft-font.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c -index 325dd61..981973f 100644 ---- a/src/cairo-ft-font.c -+++ b/src/cairo-ft-font.c -@@ -2393,7 +2393,11 @@ skip: - done: - free (coords); - free (current_coords); -+#if HAVE_FT_DONE_MM_VAR -+ FT_Done_MM_Var (face->glyph->library, ft_mm_var); -+#else - free (ft_mm_var); -+#endif - } - } - diff --git a/gnu/packages/patches/cairo-CVE-2020-35492.patch b/gnu/packages/patches/cairo-CVE-2020-35492.patch deleted file mode 100644 index e8b90fa5c5..0000000000 --- a/gnu/packages/patches/cairo-CVE-2020-35492.patch +++ /dev/null @@ -1,49 +0,0 @@ -Copied from Debian. - -From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 -From: Heiko Lewin -Date: Tue, 15 Dec 2020 16:48:19 +0100 -Subject: [PATCH] Fix mask usage in image-compositor - -[trimmed test case, since not used in Debian build] - ---- - src/cairo-image-compositor.c | 8 ++-- - ---- cairo-1.16.0.orig/src/cairo-image-compositor.c -+++ cairo-1.16.0/src/cairo-image-compositor.c -@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende - unsigned num_spans) - { - cairo_image_span_renderer_t *r = abstract_renderer; -- uint8_t *m; -+ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); - int x0; - - if (num_spans == 0) - return CAIRO_STATUS_SUCCESS; - - x0 = spans[0].x; -- m = r->_buf; -+ m = base; - do { - int len = spans[1].x - spans[0].x; - if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { -@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende - spans[0].x, y, - spans[1].x - spans[0].x, h); - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else if (spans[0].coverage == 0x0) { - if (spans[0].x != x0) { -@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende - #endif - } - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else { - *m++ = spans[0].coverage; -- 2.31.1