slackware-current/source/x/fontconfig/fedora-patches/fontconfig-read-latest-cache.patch

229 lines
7.2 KiB
Diff
Raw Normal View History

Tue May 19 19:47:49 UTC 2020 a/shadow-4.8.1-x86_64-8.txz: Rebuilt. It seems that /etc/suauth is not supported when PAM is in use, even if configure.ac is hacked to enable it. I've removed the man pages for it, and would suggest using sudo as a replacement. l/libexif-0.6.22-x86_64-1.txz: Upgraded. This update fixes bugs and security issues: CVE-2018-20030: Fix for recursion DoS CVE-2020-13114: Time consumption DoS when parsing canon array markers CVE-2020-13113: Potential use of uninitialized memory CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes CVE-2020-0093: read overflow CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-12767: fixed division by zero CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 (* Security fix *) l/oniguruma-6.9.5_rev1-x86_64-2.txz: Rebuilt. Rebuilt with --enable-posix-api. Thanks to MisterL. l/python-packaging-20.4-x86_64-1.txz: Upgraded. n/bind-9.16.3-x86_64-1.txz: Upgraded. This update fixes a security issue: A malicious actor who intentionally exploits the lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. For more information, see: https://kb.isc.org/docs/cve-2020-8616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616 (* Security fix *) x/fontconfig-2.13.92-x86_64-1.txz: Upgraded. x/xf86-input-libinput-0.30.0-x86_64-1.txz: Upgraded.
2020-05-19 21:47:49 +02:00
From c9862b6ea7c3234b29f6500c7d07359847e55ed7 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Mon, 28 Oct 2019 17:11:38 +0900
Subject: [PATCH 1/9] Read latest cache in paths
Right now fontconfig uses a cache found first in a path and
cachedirs are the order of the system-wide path and then the user path.
this is due to avoid writing caches into the user path when running as root.
However, changing caches by certain config only, e.g. using <match target="scan">
may not take effect by this behavior, because it may be stored into the user path.
Thus, needing to find the latest cache out from paths.
Fixes https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/182
---
src/fccache.c | 36 +++++++++++++++++++++-----
test/run-test.sh | 66 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 96 insertions(+), 6 deletions(-)
diff --git a/src/fccache.c b/src/fccache.c
index 0976201..4acde22 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -338,7 +338,7 @@ FcDirCacheOpenFile (const FcChar8 *cache_file, struct stat *file_stat)
static FcBool
FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
FcBool (*callback) (FcConfig *config, int fd, struct stat *fd_stat,
- struct stat *dir_stat, void *closure),
+ struct stat *dir_stat, struct timeval *cache_mtime, void *closure),
void *closure, FcChar8 **cache_file_ret)
{
int fd = -1;
@@ -348,6 +348,7 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
struct stat file_stat, dir_stat;
FcBool ret = FcFalse;
const FcChar8 *sysroot = FcConfigGetSysRoot (config);
+ struct timeval latest_mtime = (struct timeval){ 0 };
if (sysroot)
d = FcStrBuildFilename (sysroot, dir, NULL);
@@ -383,15 +384,18 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
#endif
fd = FcDirCacheOpenFile (cache_hashed, &file_stat);
if (fd >= 0) {
- ret = (*callback) (config, fd, &file_stat, &dir_stat, closure);
+ ret = (*callback) (config, fd, &file_stat, &dir_stat, &latest_mtime, closure);
close (fd);
if (ret)
{
if (cache_file_ret)
+ {
+ if (*cache_file_ret)
+ FcStrFree (*cache_file_ret);
*cache_file_ret = cache_hashed;
+ }
else
FcStrFree (cache_hashed);
- break;
}
}
#ifndef _WIN32
@@ -414,7 +418,8 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
}
}
#endif
- FcStrFree (cache_hashed);
+ else
+ FcStrFree (cache_hashed);
}
FcStrListDone (list);
@@ -998,12 +1003,31 @@ FcDirCacheUnload (FcCache *cache)
}
static FcBool
-FcDirCacheMapHelper (FcConfig *config, int fd, struct stat *fd_stat, struct stat *dir_stat, void *closure)
+FcDirCacheMapHelper (FcConfig *config, int fd, struct stat *fd_stat, struct stat *dir_stat, struct timeval *latest_cache_mtime, void *closure)
{
FcCache *cache = FcDirCacheMapFd (config, fd, fd_stat, dir_stat);
+ struct timeval cache_mtime;
if (!cache)
return FcFalse;
+ cache_mtime.tv_sec = fd_stat->st_mtime;
+#ifdef HAVE_STRUCT_STAT_ST_MTIM
+ cache_mtime.tv_usec = fd_stat->st_mtim.tv_nsec / 1000;
+#else
+ cache_mtime.tv_usec = 0;
+#endif
+ if (timercmp (latest_cache_mtime, &cache_mtime, <))
+ {
+ if (*((FcCache **) closure))
+ FcDirCacheUnload (*((FcCache **) closure));
+ }
+ else
+ {
+ FcDirCacheUnload (cache);
+ return FcFalse;
+ }
+ latest_cache_mtime->tv_sec = cache_mtime.tv_sec;
+ latest_cache_mtime->tv_usec = cache_mtime.tv_usec;
*((FcCache **) closure) = cache;
return FcTrue;
}
@@ -1093,7 +1117,7 @@ FcDirChecksumNano (struct stat *statb)
* the magic number and the size field
*/
static FcBool
-FcDirCacheValidateHelper (FcConfig *config, int fd, struct stat *fd_stat, struct stat *dir_stat, void *closure FC_UNUSED)
+FcDirCacheValidateHelper (FcConfig *config, int fd, struct stat *fd_stat, struct stat *dir_stat, struct timeval *latest_cache_mtime, void *closure FC_UNUSED)
{
FcBool ret = FcTrue;
FcCache c;
diff --git a/test/run-test.sh b/test/run-test.sh
index 4e5968b..8ad09e3 100644
--- a/test/run-test.sh
+++ b/test/run-test.sh
@@ -340,6 +340,72 @@ fi
rm -rf $MyPWD/sysroot
+dotest "read newer caches when multiple places are allowed to store"
+prep
+cp $FONT1 $FONT2 $FONTDIR
+if [ -n ${SOURCE_DATE_EPOCH:-} ] && [ ${#SOURCE_DATE_EPOCH} -gt 0 ]; then
+ touch -m -t "`date -d \"@${SOURCE_DATE_EPOCH}\" +%y%m%d%H%M.%S`" $FONTDIR
+fi
+MYCACHEBASEDIR=`mktemp -d /tmp/fontconfig.XXXXXXXX`
+MYCACHEDIR=$MYCACHEBASEDIR/cache.dir
+MYOWNCACHEDIR=$MYCACHEBASEDIR/owncache.dir
+MYCONFIG=`mktemp /tmp/fontconfig.XXXXXXXX`
+
+mkdir -p $MYCACHEDIR
+mkdir -p $MYOWNCACHEDIR
+
+sed "s!@FONTDIR@!$FONTDIR!
+s!@REMAPDIR@!!
+s!@CACHEDIR@!$MYCACHEDIR!" < $TESTDIR/fonts.conf.in > my-fonts.conf
+
+FONTCONFIG_FILE=$MyPWD/my-fonts.conf $FCCACHE $FONTDIR
+
+sleep 1
+cat<<EOF>$MYCONFIG
+<fontconfig>
+ <match target="scan">
+ <test name="file"><string>$FONTDIR/4x6.pcf</string></test>
+ <edit name="pixelsize"><int>8</int></edit>
+ </match>
+</fontconfig>
+EOF
+sed "s!@FONTDIR@!$FONTDIR!
+s!@REMAPDIR@!<include ignore_missing=\"yes\">$MYCONFIG</include>!
+s!@CACHEDIR@!$MYOWNCACHEDIR!" < $TESTDIR/fonts.conf.in > my-fonts.conf
+
+if [ -n ${SOURCE_DATE_EPOCH:-} ]; then
+ old_epoch=${SOURCE_DATE_EPOCH}
+ SOURCE_DATE_EPOCH=`expr $SOURCE_DATE_EPOCH + 1`
+fi
+FONTCONFIG_FILE=$MyPWD/my-fonts.conf $FCCACHE -f $FONTDIR
+if [ -n ${SOURCE_DATE_EPOCH:-} ]; then
+ SOURCE_DATE_EPOCH=${old_epoch}
+fi
+
+sed "s!@FONTDIR@!$FONTDIR!
+s!@REMAPDIR@!<include ignore_missing=\"yes\">$MYCONFIG</include>!
+s!@CACHEDIR@!$MYCACHEDIR</cachedir><cachedir>$MYOWNCACHEDIR!" < $TESTDIR/fonts.conf.in > my-fonts.conf
+
+FONTCONFIG_FILE=$MyPWD/my-fonts.conf $FCLIST - family pixelsize | sort > my-out
+echo "=" >> my-out
+FONTCONFIG_FILE=$MyPWD/my-fonts.conf $FCLIST - family pixelsize | sort >> my-out
+echo "=" >> my-out
+FONTCONFIG_FILE=$MyPWD/my-fonts.conf $FCLIST - family pixelsize | sort >> my-out
+tr -d '\015' <my-out >my-out.tmp; mv my-out.tmp my-out
+sed -e 's/pixelsize=6/pixelsize=8/g' $BUILDTESTDIR/$EXPECTED > my-out.expected
+
+if cmp my-out my-out.expected > /dev/null ; then : ; else
+ echo "*** Test failed: $TEST"
+ echo "*** output is in 'my-out', expected output in 'my-out.expected'"
+ echo "Actual Result"
+ cat my-out
+ echo "Expected Result"
+ cat my-out.expected
+ exit 1
+fi
+
+rm -rf $MYCACHEBASEDIR $MYCONFIG my-fonts.conf my-out my-out.expected
+
fi # if [ "x$EXEEXT" = "x" ]
rm -rf $FONTDIR $CACHEFILE $CACHEDIR $BASEDIR $FONTCONFIG_FILE out
--
2.24.1
From a45fc8a33256d9d3ea0ea7947f33c8e5e3cc7238 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Thu, 31 Oct 2019 16:15:25 +0900
Subject: [PATCH 2/9] Fix a memory leak caused by the previous commit
---
src/fccache.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/fccache.c b/src/fccache.c
index 4acde22..c565560 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -397,6 +397,8 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
else
FcStrFree (cache_hashed);
}
+ else
+ FcStrFree (cache_hashed);
}
#ifndef _WIN32
else if (!retried)
@@ -416,6 +418,8 @@ FcDirCacheProcess (FcConfig *config, const FcChar8 *dir,
break;
goto retry;
}
+ else
+ FcStrFree (cache_hashed);
}
#endif
else
--
2.24.1