fed0532cb8
Add an upstream patch to fix CVE-2020-35492: A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. Important note: this is not the exact upstream patch. Indeed, the upstream patch[1] contains a png file which appears as a binary diff inside the patch. The `patch` tool which is used by Buildroot to apply patches does not handle that kind of diff. Since it is just a test, it shouldn't impact the quality of the CVE fix and all changes related to the test are removed from the patch. [1] |
||
|---|---|---|
| .. | ||
| 0001-fix-nofork-build.patch | ||
| 0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch | ||
| 0003-_arc_max_angle_for_tolerance_normalized-fix-infinite.patch | ||
| 0004-Fix-mask-usage-in-image-compositor.patch | ||
| Config.in | ||
| cairo.hash | ||
| cairo.mk | ||