diff --git a/.gitignore b/.gitignore index 81e92d5..c18be24 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ cairo-1.9.14.tar.gz /cairo-1.14.2.tar.xz /cairo-1.14.4.tar.xz /cairo-1.14.6.tar.xz +/cairo-1.14.8.tar.xz diff --git a/0001-xlib-Fix-double-free-in-_get_image_surface.patch b/0001-xlib-Fix-double-free-in-_get_image_surface.patch deleted file mode 100644 index 5174a1c..0000000 --- a/0001-xlib-Fix-double-free-in-_get_image_surface.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d69dd6b341594c338fa6c7b327fd7f201eb37bc1 Mon Sep 17 00:00:00 2001 -From: Uli Schlachter -Date: Sat, 18 Jun 2016 15:08:52 +0200 -Subject: [PATCH] xlib: Fix double free in _get_image_surface() - -If XShmGetImage() fails, the code tries to continue with its normal, -non-shared-memory path. However, the image variable, which was previously set to -NULL, now points to an already-destroyed surface, causing a double-free when the -function cleans up after itself (actually, its an assertion failure because the -reference count of the surface is zero, but technically this is still a double -free). - -Fix this by setting image=NULL after destroying the surface that this refers to, -to make sure this surface will not be destroyed again. - -While we are here (multiple changes in a single commit are bad...), also fix the -cleanup done in bail. In practice, &image->base should be safe when image==NULL, -because this just adds some offset to the pointer (the offset here is actually -zero, so this doesn't do anything at all). However, the C standard does not -require this to be safe, so let's handle this case specially. - -Note that anything that is fixed by this change is still buggy, because the only -reason why XShmGetImage() could fail would be BadDrawable, meaning that the -target we draw to does not exist or was already destroyed. This patch will -likely just cause X11 errors elsewhere and drawing to (possible) invalid -drawables is not supported by cairo anyway. This means that if SHM fails, the -following fallback code has a high chance of failing, too. - -Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91967 -Signed-off-by: Uli Schlachter ---- - src/cairo-xlib-surface.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c -index 3f407c3..555c1fe 100644 ---- a/src/cairo-xlib-surface.c -+++ b/src/cairo-xlib-surface.c -@@ -807,6 +807,7 @@ _get_image_surface (cairo_xlib_surface_t *surface, - } - - cairo_surface_destroy (&image->base); -+ image = NULL; - } - } - -@@ -1011,7 +1012,8 @@ _get_image_surface (cairo_xlib_surface_t *surface, - cairo_device_release (&display->base); - - if (unlikely (status)) { -- cairo_surface_destroy (&image->base); -+ if (image) -+ cairo_surface_destroy (&image->base); - return _cairo_surface_create_in_error (status); - } - --- -2.7.4 - diff --git a/cairo.spec b/cairo.spec index 64b728f..07f8755 100644 --- a/cairo.spec +++ b/cairo.spec @@ -3,17 +3,14 @@ %define fontconfig_version 2.2.95 Name: cairo -Version: 1.14.6 -Release: 2%{?dist} +Version: 1.14.8 +Release: 1%{?dist} Summary: A 2D graphics library License: LGPLv2 or MPLv1.1 URL: http://cairographics.org Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz -# Backported from upstream -Patch0: 0001-xlib-Fix-double-free-in-_get_image_surface.patch - Patch3: cairo-multilib.patch BuildRequires: pkgconfig @@ -85,7 +82,6 @@ This package contains tools for working with the cairo graphics library. %prep %setup -q -%patch0 -p1 %patch3 -p1 -b .multilib %build @@ -171,6 +167,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la %{_libdir}/cairo/ %changelog +* Thu Dec 08 2016 Kalev Lember - 1.14.8-1 +- Update to 1.14.8 + * Mon Jul 25 2016 Kalev Lember - 1.14.6-2 - xlib: Fix double free in _get_image_surface() (#1331021) - Minor spec file cleanups diff --git a/sources b/sources index 673a723..92d8ebc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -23a0b2f0235431d35238df1d3a517fdb cairo-1.14.6.tar.xz +4ef0db2eacb271c74f8a3fd87822aa98 cairo-1.14.8.tar.xz