slackware-current/source/x/fontconfig/fedora-patches/fontconfig-fix-assertion.patch

From fbc05949ef52c8a8d69233eed77f6636dffec280 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Wed, 26 Feb 2020 15:42:21 +0900
Subject: [PATCH] Fix assertion in FcFini()

Due to the unproper initialization of `latest_mtime', the duplicate caches
was still in fcCacheChains with no references. which means no one frees
them. thus, the memory leak was happened.

Fixes https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/227
---
 src/fccache.c | 9 +++++----
 src/fcinit.c  | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/fccache.c b/src/fccache.c
index 4744a84..035458e 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -365,7 +365,6 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
     struct stat file_stat, dir_stat;
     FcBool	ret = FcFalse;
     const FcChar8 *sysroot = FcConfigGetSysRoot (config);
-    struct timeval latest_mtime = (struct timeval){ 0 };
 
     if (sysroot)
 	d = FcStrBuildFilename (sysroot, dir, NULL);
@@ -390,6 +389,8 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
 #ifndef _WIN32
 	FcBool retried = FcFalse;
 #endif
+	struct timeval latest_mtime = (struct timeval){ 0 };
+
 	if (sysroot)
 	    cache_hashed = FcStrBuildFilename (sysroot, cache_dir, cache_base, NULL);
 	else
@@ -1081,12 +1082,12 @@ FcDirCacheLoadFile (const FcChar8 *cache_file, struct stat *file_stat)
 
     if (!file_stat)
 	file_stat = &my_file_stat;
-    fd = FcDirCacheOpenFile (cache_file, file_stat);
-    if (fd < 0)
-	return NULL;
     config = FcConfigReference (NULL);
     if (!config)
 	return NULL;
+    fd = FcDirCacheOpenFile (cache_file, file_stat);
+    if (fd < 0)
+	return NULL;
     cache = FcDirCacheMapFd (config, fd, file_stat, NULL);
     FcConfigDestroy (config);
     close (fd);
diff --git a/src/fcinit.c b/src/fcinit.c
index 6f82ebd..0e1421e 100644
--- a/src/fcinit.c
+++ b/src/fcinit.c
@@ -199,10 +199,10 @@ void
 FcFini (void)
 {
     FcConfigFini ();
-    FcCacheFini ();
+    FcConfigPathFini ();
     FcDefaultFini ();
     FcObjectFini ();
-    FcConfigPathFini ();
+    FcCacheFini ();
 }
 
 /*
-- 
2.24.1

From 6f6b39780215714386606ca1c5457a7106639ff4 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Mon, 23 Mar 2020 14:03:47 +0900
Subject: [PATCH] Fix assertion in FcCacheFini() again

The previous fix in fbc05949ef52c8a8d69233eed77f6636dffec280 was wrong. reverting.

When reading older caches, FcDirCacheMapHelper() returns FcFalse and
it became the return value from FcDirCacheProcess() too, which is wrong.
Actually one of calls for FcDirCacheMapHelper() should be successfully
finished and closure should have a valid pointer for cache.

Due to this, the proper finalization process wasn't running against
cache in closure.

Fixes https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/227
---
 src/fccache.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/fccache.c b/src/fccache.c
index 035458e..2d398c7 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -365,6 +365,7 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
     struct stat file_stat, dir_stat;
     FcBool	ret = FcFalse;
     const FcChar8 *sysroot = FcConfigGetSysRoot (config);
+    struct timeval latest_mtime = (struct timeval){ 0 };
 
     if (sysroot)
 	d = FcStrBuildFilename (sysroot, dir, NULL);
@@ -389,7 +390,6 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
 #ifndef _WIN32
 	FcBool retried = FcFalse;
 #endif
-	struct timeval latest_mtime = (struct timeval){ 0 };
 
 	if (sysroot)
 	    cache_hashed = FcStrBuildFilename (sysroot, cache_dir, cache_base, NULL);
@@ -445,6 +445,8 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
     }
     FcStrListDone (list);
 
+    if (closure)
+	return !!(*((FcCache **)closure) != NULL);
     return ret;
 }
 
@@ -792,7 +794,18 @@ FcCacheFini (void)
     int		    i;
 
     for (i = 0; i < FC_CACHE_MAX_LEVEL; i++)
-	assert (fcCacheChains[i] == NULL);
+    {
+	if (FcDebug() & FC_DBG_CACHE)
+	{
+	    if (fcCacheChains[i] != NULL)
+	    {
+		FcCacheSkip *s = fcCacheChains[i];
+		printf("Fontconfig error: not freed %p (dir: %s, refcount %d)\n", s->cache, FcCacheDir(s->cache), s->ref.count);
+	    }
+	}
+	else
+	    assert (fcCacheChains[i] == NULL);
+    }
     assert (fcCacheMaxLevel == 0);
 
     free_lock ();
-- 
2.24.1
Tue May 19 19:47:49 UTC 2020 a/shadow-4.8.1-x86_64-8.txz: Rebuilt. It seems that /etc/suauth is not supported when PAM is in use, even if configure.ac is hacked to enable it. I've removed the man pages for it, and would suggest using sudo as a replacement. l/libexif-0.6.22-x86_64-1.txz: Upgraded. This update fixes bugs and security issues: CVE-2018-20030: Fix for recursion DoS CVE-2020-13114: Time consumption DoS when parsing canon array markers CVE-2020-13113: Potential use of uninitialized memory CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes CVE-2020-0093: read overflow CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-12767: fixed division by zero CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 (* Security fix ) l/oniguruma-6.9.5_rev1-x86_64-2.txz: Rebuilt. Rebuilt with --enable-posix-api. Thanks to MisterL. l/python-packaging-20.4-x86_64-1.txz: Upgraded. n/bind-9.16.3-x86_64-1.txz: Upgraded. This update fixes a security issue: A malicious actor who intentionally exploits the lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. For more information, see: https://kb.isc.org/docs/cve-2020-8616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616 ( Security fix *) x/fontconfig-2.13.92-x86_64-1.txz: Upgraded. x/xf86-input-libinput-0.30.0-x86_64-1.txz: Upgraded. 2020-05-19 21:47:49 +02:00			`From fbc05949ef52c8a8d69233eed77f6636dffec280 Mon Sep 17 00:00:00 2001`
			`From: Akira TAGOH <akira@tagoh.org>`
			`Date: Wed, 26 Feb 2020 15:42:21 +0900`
			`Subject: [PATCH] Fix assertion in FcFini()`

			Due to the unproper initialization of `latest_mtime', the duplicate caches
			`was still in fcCacheChains with no references. which means no one frees`
			`them. thus, the memory leak was happened.`

			`Fixes https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/227`
			`---`
			`src/fccache.c \| 9 +++++----`
			`src/fcinit.c \| 4 ++--`
			`2 files changed, 7 insertions(+), 6 deletions(-)`

			`diff --git a/src/fccache.c b/src/fccache.c`
			`index 4744a84..035458e 100644`
			`--- a/src/fccache.c`
			`+++ b/src/fccache.c`
			`@@ -365,7 +365,6 @@ FcDirCacheProcess (FcConfig config, const FcChar8 dir,`
			`struct stat file_stat, dir_stat;`
			`FcBool ret = FcFalse;`
			`const FcChar8 *sysroot = FcConfigGetSysRoot (config);`
			`- struct timeval latest_mtime = (struct timeval){ 0 };`

			`if (sysroot)`
			`d = FcStrBuildFilename (sysroot, dir, NULL);`
			`@@ -390,6 +389,8 @@ FcDirCacheProcess (FcConfig config, const FcChar8 dir,`
			`#ifndef _WIN32`
			`FcBool retried = FcFalse;`
			`#endif`
			`+ struct timeval latest_mtime = (struct timeval){ 0 };`
			`+`
			`if (sysroot)`
			`cache_hashed = FcStrBuildFilename (sysroot, cache_dir, cache_base, NULL);`
			`else`
			`@@ -1081,12 +1082,12 @@ FcDirCacheLoadFile (const FcChar8 cache_file, struct stat file_stat)`

			`if (!file_stat)`
			`file_stat = &my_file_stat;`
			`- fd = FcDirCacheOpenFile (cache_file, file_stat);`
			`- if (fd < 0)`
			`- return NULL;`
			`config = FcConfigReference (NULL);`
			`if (!config)`
			`return NULL;`
			`+ fd = FcDirCacheOpenFile (cache_file, file_stat);`
			`+ if (fd < 0)`
			`+ return NULL;`
			`cache = FcDirCacheMapFd (config, fd, file_stat, NULL);`
			`FcConfigDestroy (config);`
			`close (fd);`
			`diff --git a/src/fcinit.c b/src/fcinit.c`
			`index 6f82ebd..0e1421e 100644`
			`--- a/src/fcinit.c`
			`+++ b/src/fcinit.c`
			`@@ -199,10 +199,10 @@ void`
			`FcFini (void)`
			`{`
			`FcConfigFini ();`
			`- FcCacheFini ();`
			`+ FcConfigPathFini ();`
			`FcDefaultFini ();`
			`FcObjectFini ();`
			`- FcConfigPathFini ();`
			`+ FcCacheFini ();`
			`}`

			`/*`
			`--`
			`2.24.1`

			`From 6f6b39780215714386606ca1c5457a7106639ff4 Mon Sep 17 00:00:00 2001`
			`From: Akira TAGOH <akira@tagoh.org>`
			`Date: Mon, 23 Mar 2020 14:03:47 +0900`
			`Subject: [PATCH] Fix assertion in FcCacheFini() again`

			`The previous fix in fbc05949ef52c8a8d69233eed77f6636dffec280 was wrong. reverting.`

			`When reading older caches, FcDirCacheMapHelper() returns FcFalse and`
			`it became the return value from FcDirCacheProcess() too, which is wrong.`
			`Actually one of calls for FcDirCacheMapHelper() should be successfully`
			`finished and closure should have a valid pointer for cache.`

			`Due to this, the proper finalization process wasn't running against`
			`cache in closure.`

			`Fixes https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/227`
			`---`
			`src/fccache.c \| 17 +++++++++++++++--`
			`1 file changed, 15 insertions(+), 2 deletions(-)`

			`diff --git a/src/fccache.c b/src/fccache.c`
			`index 035458e..2d398c7 100644`
			`--- a/src/fccache.c`
			`+++ b/src/fccache.c`
			`@@ -365,6 +365,7 @@ FcDirCacheProcess (FcConfig config, const FcChar8 dir,`
			`struct stat file_stat, dir_stat;`
			`FcBool ret = FcFalse;`
			`const FcChar8 *sysroot = FcConfigGetSysRoot (config);`
			`+ struct timeval latest_mtime = (struct timeval){ 0 };`

			`if (sysroot)`
			`d = FcStrBuildFilename (sysroot, dir, NULL);`
			`@@ -389,7 +390,6 @@ FcDirCacheProcess (FcConfig config, const FcChar8 dir,`
			`#ifndef _WIN32`
			`FcBool retried = FcFalse;`
			`#endif`
			`- struct timeval latest_mtime = (struct timeval){ 0 };`

			`if (sysroot)`
			`cache_hashed = FcStrBuildFilename (sysroot, cache_dir, cache_base, NULL);`
			`@@ -445,6 +445,8 @@ FcDirCacheProcess (FcConfig config, const FcChar8 dir,`
			`}`
			`FcStrListDone (list);`

			`+ if (closure)`
			`+ return !!(((FcCache *)closure) != NULL);`
			`return ret;`
			`}`

			`@@ -792,7 +794,18 @@ FcCacheFini (void)`
			`int i;`

			`for (i = 0; i < FC_CACHE_MAX_LEVEL; i++)`
			`- assert (fcCacheChains[i] == NULL);`
			`+ {`
			`+ if (FcDebug() & FC_DBG_CACHE)`
			`+ {`
			`+ if (fcCacheChains[i] != NULL)`
			`+ {`
			`+ FcCacheSkip *s = fcCacheChains[i];`
			`+ printf("Fontconfig error: not freed %p (dir: %s, refcount %d)\n", s->cache, FcCacheDir(s->cache), s->ref.count);`
			`+ }`
			`+ }`
			`+ else`
			`+ assert (fcCacheChains[i] == NULL);`
			`+ }`
			`assert (fcCacheMaxLevel == 0);`

			`free_lock ();`
			`--`
			`2.24.1`