Pullup ticket #6460 - requested by nia

graphics/cairo: security fix

Revisions pulled up:
- graphics/cairo/Makefile                                       1.149
- graphics/cairo/distinfo                                       1.90
- graphics/cairo/patches/patch-src_cairo-image-compositor.c     1.1

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Tue May 25 07:29:42 UTC 2021

   Modified Files:
   	pkgsrc/graphics/cairo: Makefile distinfo
   Added Files:
   	pkgsrc/graphics/cairo/patches: patch-src_cairo-image-compositor.c

   Log Message:
   cairo: apply patch for CVE-2020-35492, bump PKGREVISION

3 files changed, 49 insertions, 3 deletions

diff --git a/graphics/cairo/Makefile b/graphics/cairo/Makefile
index c74b225aae9..e1afbbfec66 100644
--- a/graphics/cairo/Makefile
+++ b/graphics/cairo/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.147 2020/08/17 20:17:27 leot Exp $
+# $NetBSD: Makefile,v 1.147.6.1 2021/05/25 14:54:36 bsiegert Exp $
 
 .include "../../graphics/cairo/Makefile.common"
 
-PKGREVISION=	2
+PKGREVISION=	4
 
 TEST_TARGET=			check
 
diff --git a/graphics/cairo/distinfo b/graphics/cairo/distinfo
index 04e50c2e99b..c421a1c1985 100644
--- a/graphics/cairo/distinfo
+++ b/graphics/cairo/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.89 2020/07/09 14:38:55 leot Exp $
+$NetBSD: distinfo,v 1.89.6.1 2021/05/25 14:54:36 bsiegert Exp $
 
 SHA1 (cairo-1.16.0.tar.xz) = 00e81842ae5e81bb0343108884eb5205be0eac14
 RMD160 (cairo-1.16.0.tar.xz) = cfd2ef6ec55b267e04600f6b1e36bb07f2566b35
@@ -9,3 +9,4 @@ SHA1 (patch-ab) = 11f7e0e59bd5c51a8fdacb48dcf2f2fefdf3b768
 SHA1 (patch-ac) = 1785bbef6bcab4781bf89e1b986a7eb96e5f2b64
 SHA1 (patch-ad) = a1068a37113b162ccfe14d7f1bd0baa9df7e5530
 SHA1 (patch-src_cairo-ft-font.c) = 97288d79380473869f1049c1d8955a2f6fa3d178
+SHA1 (patch-src_cairo-image-compositor.c) = 83337d8211083d77b061c43b69da2b61080776d9
diff --git a/graphics/cairo/patches/patch-src_cairo-image-compositor.c b/graphics/cairo/patches/patch-src_cairo-image-compositor.c
new file mode 100644
index 00000000000..b16310dd514
--- /dev/null
+++ b/graphics/cairo/patches/patch-src_cairo-image-compositor.c
@@ -0,0 +1,45 @@
+$NetBSD: patch-src_cairo-image-compositor.c,v 1.1.2.2 2021/05/25 14:54:36 bsiegert Exp $
+
+Fix mask usage in image-compositor
+
+https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/85
+https://gitlab.freedesktop.org/cairo/cairo/-/issues/437
+https://nvd.nist.gov/vuln/detail/CVE-2020-35492
+
+--- src/cairo-image-compositor.c.orig	2018-08-17 01:10:53.000000000 +0000
++++ src/cairo-image-compositor.c
+@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende
+ 		    unsigned num_spans)
+ {
+     cairo_image_span_renderer_t *r = abstract_renderer;
+-    uint8_t *m;
++    uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+     int x0;
+ 
+     if (num_spans == 0)
+ 	return CAIRO_STATUS_SUCCESS;
+ 
+     x0 = spans[0].x;
+-    m = r->_buf;
++    m = base;
+     do {
+ 	int len = spans[1].x - spans[0].x;
+ 	if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende
+ 				      spans[0].x, y,
+ 				      spans[1].x - spans[0].x, h);
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else if (spans[0].coverage == 0x0) {
+ 	    if (spans[0].x != x0) {
+@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende
+ #endif
+ 	    }
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else {
+ 	    *m++ = spans[0].coverage;