rpms
/
pixman
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:cs10
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'cs10' have entirely different histories.
c9 ... cs10

6 changed files with 360 additions and 42 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/pixman-0.40.0.tar.xz
SOURCES/pixman-0.43.4.tar.xz

2
.pixman.metadata
Unescape View File

@ -1 +1 @@
c625853be8a5369cece57ab7dba558ff739a6332 SOURCES/pixman-0.40.0.tar.xz
678cdf71b2e48f773c5bdaa18555b4ca5eac5091 SOURCES/pixman-0.43.4.tar.xz

29
SOURCES/0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch
Unescape View File

@ -1,29 +0,0 @@
From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Wed, 2 Nov 2022 12:07:32 -0400
Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
Thanks to Maddie Stone and Google's Project Zero for discovering this
issue, providing a proof-of-concept, and a great analysis.
Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
---
pixman/pixman-trap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
index 91766fd..7560405 100644
--- a/pixman/pixman-trap.c
+++ b/pixman/pixman-trap.c
@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
if (f < Y_FRAC_FIRST (n))
{
- if (pixman_fixed_to_int (i) == 0x8000)
+ if (pixman_fixed_to_int (i) == 0xffff8000)
{
f = 0; /* saturate */
}
--
2.41.0

34
SOURCES/0001-arm-add-include-guards-on-header.patch
Unescape View File

@ -0,0 +1,34 @@
From 3a32506877f925f9c27f72558f7f07fdb3092fc2 Mon Sep 17 00:00:00 2001
From: Bill Roberts <bill.roberts@arm.com>
Date: Wed, 10 Jul 2024 12:18:02 -0500
Subject: [PATCH 1/2] arm: add include guards on header
Prevent double inclusion of header file.
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
---
pixman/pixman-arm-asm.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/pixman/pixman-arm-asm.h b/pixman/pixman-arm-asm.h
index edf8e82..1fe40b3 100644
--- a/pixman/pixman-arm-asm.h
+++ b/pixman/pixman-arm-asm.h
@@ -25,6 +25,8 @@
*
*/
+#ifndef PIXMAN_ARM_ASM_H
+#define PIXMAN_ARM_ASM_H
#include "pixman-config.h"
@@ -61,3 +63,5 @@
.endfunc
#endif
.endm
+
+#endif /* PIXMAN_ARM_ASM_H */
--
2.46.0

280
SOURCES/0002-aarch64-support-PAC-and-BTI.patch
Unescape View File

@ -0,0 +1,280 @@
From 7ed0f8d04d56320b034f2e15ef7867c5724947e0 Mon Sep 17 00:00:00 2001
From: Bill Roberts <bill.roberts@arm.com>
Date: Thu, 18 Jul 2024 10:13:07 -0500
Subject: [PATCH 2/2] aarch64: support PAC and BTI
Enable Pointer Authentication Codes (PAC) and Branch Target
Identification (BTI) support for ARM 64 targets.
PAC works by signing the LR with either an A key or B key and verifying
the return address. There are quite a few instructions capable of doing
this, however, the Linux ARM ABI is to use hint compatible instructions
that can be safely NOP'd on older hardware and can be assembled and
linked with older binutils. This limits the instruction set to paciasp,
pacibsp, autiasp and autibsp. Instructions prefixed with pac are for
signing and instructions prefixed with aut are for signing. Both
instructions are then followed with an a or b to indicate which signing
key they are using. The keys can be controlled using
-mbranch-protection=pac-ret for the A key and
-mbranch-protection=pac-ret+b-key for the B key.
BTI works by marking all call and jump positions with bti c and bti
j instructions. If execution control transfers to an instruction other
than a BTI instruction, the execution is killed via SIGILL. Note that
to remove one instruction, the aforementioned pac instructions will
also work as a BTI landing pad for bti c usages.
For BTI to work, all object files linked for a unit of execution,
whether an executable or a library must have the GNU Notes section of
the ELF file marked to indicate BTI support. This is so loader/linkers
can apply the proper permission bits (PROT_BRI) on the memory region.
PAC can also be annotated in the GNU ELF notes section, but it's not
required for enablement, as interleaved PAC and non-pac code works as
expected since it's the callee that performs all the checking. The
linker follows the same rules as BTI for discarding the PAC flag from
the GNU Notes section.
Testing was done under the following CFLAGS and CXXFLAGS for all
combinations:
1. -mbranch-protection=none
2. -mbranch-protection=standard
3. -mbranch-protection=pac-ret
4. -mbranch-protection=pac-ret+b-key
5. -mbranch-protection=bti
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
---
pixman/pixman-arm-asm.h | 43 ++++++++++++++++++++++++
pixman/pixman-arma64-neon-asm-bilinear.S | 1 +
pixman/pixman-arma64-neon-asm.S | 1 +
pixman/pixman-arma64-neon-asm.h | 32 +++++++++++++-----
4 files changed, 69 insertions(+), 8 deletions(-)
diff --git a/pixman/pixman-arm-asm.h b/pixman/pixman-arm-asm.h
index 1fe40b3..c13837c 100644
--- a/pixman/pixman-arm-asm.h
+++ b/pixman/pixman-arm-asm.h
@@ -30,6 +30,48 @@
#include "pixman-config.h"
+/*
+ * References:
+ * - https://developer.arm.com/documentation/101028/0012/5--Feature-test-macros
+ * - https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst
+ */
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+ #define BTI_C hint 34 /* bti c: for calls, IE bl instructions */
+ #define GNU_PROPERTY_AARCH64_BTI 1 /* bit 0 GNU Notes is for BTI support */
+#else
+ #define BTI_C
+ #define GNU_PROPERTY_AARCH64_BTI 0
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT)
+ #if __ARM_FEATURE_PAC_DEFAULT & 1
+ #define SIGN_LR hint 25 /* paciasp: sign with the A key */
+ #define VERIFY_LR hint 29 /* autiasp: verify with the b key */
+ #elif __ARM_FEATURE_PAC_DEFAULT & 2
+ #define SIGN_LR hint 27 /* pacibsp: sign with the b key */
+ #define VERIFY_LR hint 31 /* autibsp: verify with the b key */
+ #endif
+ #define GNU_PROPERTY_AARCH64_POINTER_AUTH 2 /* bit 1 GNU Notes is for PAC support */
+#else
+ #define SIGN_LR BTI_C
+ #define VERIFY_LR
+ #define GNU_PROPERTY_AARCH64_POINTER_AUTH 0
+#endif
+
+/* Add the BTI support to GNU Notes section for ASM files */
+#if GNU_PROPERTY_AARCH64_BTI != 0 || GNU_PROPERTY_AARCH64_POINTER_AUTH != 0
+ .pushsection .note.gnu.property, "a"; /* Start a new allocatable section */
+ .balign 8; /* align it on a byte boundry */
+ .long 4; /* size of "GNU\0" */
+ .long 0x10; /* size of descriptor */
+ .long 0x5; /* NT_GNU_PROPERTY_TYPE_0 */
+ .asciz "GNU";
+ .long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+ .long 4; /* Four bytes of data */
+ .long (GNU_PROPERTY_AARCH64_BTI|GNU_PROPERTY_AARCH64_POINTER_AUTH); /* BTI or PAC is enabled */
+ .long 0; /* padding for 8 byte alignment */
+ .popsection; /* end the section */
+#endif
/* Supplementary macro for setting function attributes */
.macro pixman_asm_function_impl fname
@@ -42,6 +84,7 @@
.type \fname, %function
#endif
\fname:
+ SIGN_LR
.endm
.macro pixman_asm_function fname
diff --git a/pixman/pixman-arma64-neon-asm-bilinear.S b/pixman/pixman-arma64-neon-asm-bilinear.S
index 7303bdc..f11f8c8 100644
--- a/pixman/pixman-arma64-neon-asm-bilinear.S
+++ b/pixman/pixman-arma64-neon-asm-bilinear.S
@@ -812,6 +812,7 @@ pixman_asm_function \fname
mov sp, x29
ldp x29, x30, [sp], 16
.endif
+ VERIFY_LR
ret
.unreq OUT
diff --git a/pixman/pixman-arma64-neon-asm.S b/pixman/pixman-arma64-neon-asm.S
index 107c133..7329d4b 100644
--- a/pixman/pixman-arma64-neon-asm.S
+++ b/pixman/pixman-arma64-neon-asm.S
@@ -3541,6 +3541,7 @@ pixman_asm_function \fname
ldp x12, x13, [x29, -104]
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret
.unreq OUT
diff --git a/pixman/pixman-arma64-neon-asm.h b/pixman/pixman-arma64-neon-asm.h
index 6aa6838..ec3d76f 100644
--- a/pixman/pixman-arma64-neon-asm.h
+++ b/pixman/pixman-arma64-neon-asm.h
@@ -47,6 +47,8 @@
* - maybe add an option to do reverse scanline processing
*/
+#include "pixman-arm-asm.h"
+
/*
* Bit flags for 'generate_composite_function' macro which are used
* to tune generated functions behavior.
@@ -232,14 +234,16 @@
asr TMP1, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP1, \mem_operand, TMP1, lsl #1
asr TMP2, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP2, \mem_operand, TMP2, lsl #1
@@ -247,7 +251,8 @@
asr TMP1, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP1, \mem_operand, TMP1, lsl #1
@@ -255,7 +260,8 @@
asr TMP2, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP2, \mem_operand, TMP2, lsl #1
@@ -265,14 +271,16 @@
asr TMP1, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP1, \mem_operand, TMP1, lsl #2
asr TMP2, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP2, \mem_operand, TMP2, lsl #2
@@ -312,7 +320,8 @@
asr TMP1, VX, #16
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP1, \mem_operand, TMP1, lsl #1
@@ -322,7 +331,8 @@
mov TMP1, DUMMY
adds VX, VX, UNIT_X
bmi 55f
-5: subs VX, VX, SRC_WIDTH_FIXED
+5:
+ subs VX, VX, SRC_WIDTH_FIXED
bpl 5b
55:
add TMP1, \mem_operand, TMP1, lsl #2
@@ -917,6 +927,7 @@
ldr x28, [x29, -232]
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret /* exit */
/*
* This is the start of the loop, designed to process images with small width
@@ -974,6 +985,7 @@
ldr x28, [x29, -232]
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret /* exit */
.purgem fetch_src_pixblock
@@ -1155,6 +1167,7 @@
ldr x10, [x29, -96]
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret /* exit */
.else
sub x29, x29, 64
@@ -1162,6 +1175,7 @@
ld1 {v12.8b, v13.8b, v14.8b, v15.8b}, [x29], 32
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret /* exit */
.endif
800:
@@ -1180,6 +1194,7 @@
ldr x10, [x29, -88]
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret /* exit */
.unreq DUMMY
@@ -1200,6 +1215,7 @@
ld1 {v12.8b, v13.8b, v14.8b, v15.8b}, [x29], 32
mov sp, x29
ldp x29, x30, [sp], 16
+ VERIFY_LR
ret /* exit */
.unreq DUMMY
--
2.46.0

55
SPECS/pixman.spec
Unescape View File

@ -2,10 +2,11 @@
%define gitrev 8ff7213f39edc1b2b8b60d6b0cc5d5f14ca1928d
Name: pixman
Version: 0.40.0
Release: 6%{?dist}
Version: 0.43.4
Release: 2%{?dist}
Summary: Pixel manipulation library
# SPDX
License: MIT
URL: https://gitlab.freedesktop.org/pixman/pixman
#VCS: git:git://git.freedesktop.org/git/pixman
@ -15,7 +16,8 @@ URL: https://gitlab.freedesktop.org/pixman/pixman
Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz
Source1: make-pixman-snapshot.sh
Patch0: 0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch
Patch00: 0001-arm-add-include-guards-on-header.patch
Patch01: 0002-aarch64-support-PAC-and-BTI.patch
BuildRequires: gcc
BuildRequires: meson
@ -29,7 +31,7 @@ Requires: %{name}%{?isa} = %{version}-%{release}
Requires: pkgconfig
%description devel
Development library for pixman.
Pixel manipulation library for X and Cairo development package.
%prep
%autosetup -p1
@ -66,15 +68,46 @@ sed -i 's/120/600/' test/meson.build
%{_libdir}/pkgconfig/pixman-1.pc
%changelog
* Mon Oct 09 2023 José Expósito <jexposit@redhat.com> - 0.40.0-6
- Backport fix for CVE-2022-44638
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.43.4-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.40.0-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Sep 18 2024 José Expósito <jexposit@redhat.com> - 0.43.4-1
- Update to 0.43.4
- Resolves: https://issues.redhat.com/browse/RHEL-45709
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.40.0-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.43.0-4
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.43.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.43.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jan 09 2024 José Expósito <jexposit@redhat.com> - 0.43.0-1
- Update to 0.43.0
* Thu Sep 07 2023 José Expósito <jexposit@redhat.com>
- SPDX migration: license is already SPDX compatible
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.42.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Feb 21 2023 Petter Abrahamsson <pabraham@redhat.com> - 0.42.2-1
- Update to 0.42.2
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.40.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save