--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package cairo, fixing security bug #915801 in WebkitGTK+
apps (CVE-2018-19876, Severity: important).
unblock cairo/1.16.0-4
Thanks,
smcv
diffstat for cairo-1.16.0 cairo-1.16.0
changelog | 10 ++
control | 2
patches/ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch | 35 ++++++++++
patches/series | 1
4 files changed, 47 insertions(+), 1 deletion(-)
diff -Nru cairo-1.16.0/debian/changelog cairo-1.16.0/debian/changelog
--- cairo-1.16.0/debian/changelog 2019-02-22 14:10:57.000000000 +0000
+++ cairo-1.16.0/debian/changelog 2019-03-15 07:57:56.000000000 +0000
@@ -1,3 +1,13 @@
+cairo (1.16.0-4) unstable; urgency=medium
+
+ * Team upload
+ * d/p/ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch:
+ Apply patch to fix memory corruption with packages that set their
+ own memory allocator, such as WebKitGTK+.
+ (Closes: #915801, CVE-2018-19876)
+
+ -- Simon McVittie <smcv@debian.org> Fri, 15 Mar 2019 07:57:56 +0000
+
cairo (1.16.0-3) unstable; urgency=medium
* debian/patches/git-pdf-add-missing-flush.patch:
diff -Nru cairo-1.16.0/debian/control cairo-1.16.0/debian/control
--- cairo-1.16.0/debian/control 2019-02-22 14:10:57.000000000 +0000
+++ cairo-1.16.0/debian/control 2019-03-15 07:57:56.000000000 +0000
@@ -6,7 +6,7 @@
Section: libs
Priority: optional
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
-Uploaders: Emilio Pozuelo Monfort <pochu@debian.org>, Jeremy Bicha <jbicha@debian.org>, Laurent Bigonville <bigon@debian.org>, Michael Biebl <biebl@debian.org>
+Uploaders: Emilio Pozuelo Monfort <pochu@debian.org>, Jeremy Bicha <jbicha@debian.org>, Laurent Bigonville <bigon@debian.org>
Build-Depends: debhelper (>= 11),
gnome-pkg-tools,
pkg-config (>= 0.19),
diff -Nru cairo-1.16.0/debian/patches/ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch cairo-1.16.0/debian/patches/ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch
--- cairo-1.16.0/debian/patches/ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.16.0/debian/patches/ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch 2019-03-15 07:57:56.000000000 +0000
@@ -0,0 +1,35 @@
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+
+[This is considered to be security-sensitive because WebKitGTK+ sets its
+own memory allocator, which is not compatible with system free(), making
+this a remotely triggerable denial of service or memory corruption.]
+
+Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645
+Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
+Bug-Debian: https://bugs.debian.org/916389
+Bug-CVE: CVE-2018-19876
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61..981973f 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+ free (coords);
+ free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+ free (ft_mm_var);
++#endif
+ }
+ }
+
diff -Nru cairo-1.16.0/debian/patches/series cairo-1.16.0/debian/patches/series
--- cairo-1.16.0/debian/patches/series 2019-02-22 14:11:05.000000000 +0000
+++ cairo-1.16.0/debian/patches/series 2019-03-15 07:57:56.000000000 +0000
@@ -3,3 +3,4 @@
03_export-symbols.patch
06_hurd-map-noreserve.patch
git-pdf-add-missing-flush.patch
+ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch
--- End Message ---