<pre style='margin:0'>
Zero King (l2dy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/698a3c4277751f712a7b627ad0da38e19c61556d">https://github.com/macports/macports-ports/commit/698a3c4277751f712a7b627ad0da38e19c61556d</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 698a3c42777 libcroco: Add patch for CVE-2020-12825
</span>698a3c42777 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 698a3c4277751f712a7b627ad0da38e19c61556d
</span>Author: Zero King <l2dy@macports.org>
AuthorDate: Wed Jan 6 16:23:15 2021 +0000
<span style='display:block; white-space:pre;color:#404040;'> libcroco: Add patch for CVE-2020-12825
</span>---
gnome/libcroco/Portfile | 3 +
gnome/libcroco/files/patch-CVE-2020-12825.diff | 184 +++++++++++++++++++++++++
2 files changed, 187 insertions(+)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/gnome/libcroco/Portfile b/gnome/libcroco/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 0db75d5515b..445c95e491f 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/gnome/libcroco/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/gnome/libcroco/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,6 +4,7 @@ PortSystem 1.0
</span>
name libcroco
version 0.6.13
<span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 1
</span> license LGPL-2
set branch [join [lrange [split ${version} .] 0 1] .]
categories gnome
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -31,6 +32,8 @@ depends_lib port:gettext \
</span> port:libxml2 \
port:zlib
<span style='display:block; white-space:pre;background:#e0ffe0;'>+patchfiles patch-CVE-2020-12825.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> configure.args --disable-Bsymbolic \
--disable-silent-rules
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/gnome/libcroco/files/patch-CVE-2020-12825.diff b/gnome/libcroco/files/patch-CVE-2020-12825.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..2259f808247
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/gnome/libcroco/files/patch-CVE-2020-12825.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,184 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From 44cbd1e718d6a08e59b9300280c340218a84e089 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From: Michael Catanzaro <mcatanzaro@gnome.org>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Date: Wed, 12 Aug 2020 13:54:15 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Subject: [PATCH] libcroco: Limit recursion in block and any productions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (CVE-2020-12825)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+If we don't have any limits, we can recurse forever and overflow the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+stack.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ src/cr-parser.c | 44 ++++++++++++++++++++++++++--------------
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1 file changed, 29 insertions(+), 15 deletions(-)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git src/cr-parser.c src/cr-parser.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 07f4ed9e8b..8304b75614 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- src/cr-parser.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ src/cr-parser.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -136,6 +136,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #define CHARS_TAB_SIZE 12
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#define RECURSIVE_CALLERS_LIMIT 100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /**
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * IS_NUM:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *@a_char: the char to test.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -344,9 +346,11 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ guint n_calls);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ guint n_calls);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -784,7 +788,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cr_parser_try_to_skip_spaces_and_comments (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ do {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } while (status == CR_OK);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -795,7 +799,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_block_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_block_core (a_this, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CHECK_PARSING_STATUS (status,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ FALSE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto done;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -930,11 +934,11 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RECORD_INITIAL_POS (a_this, &init_pos);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CHECK_PARSING_STATUS (status, FALSE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ do {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } while (status == CR_OK);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -956,10 +960,12 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *in chapter 4.1 of the css2 spec.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *@param a_this the current instance of #CRParser.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *@param n_calls used to limit recursion depth
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *FIXME: code this function.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static enum CRStatus
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-cr_parser_parse_block_core (CRParser * a_this)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++cr_parser_parse_block_core (CRParser * a_this,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ guint n_calls)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CRToken *token = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CRInputPos init_pos;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -967,6 +973,9 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return CR_ERROR;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RECORD_INITIAL_POS (a_this, &init_pos);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -996,13 +1005,13 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else if (token->type == CBO_TK) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_block_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_block_core (a_this, n_calls + 1);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CHECK_PARSING_STATUS (status, FALSE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto parse_block_content;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CHECK_PARSING_STATUS (status, FALSE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto parse_block_content;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1109,7 +1118,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_block_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_block_core (a_this, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CHECK_PARSING_STATUS (status, FALSE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ref++;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto continue_parsing;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1123,7 +1132,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ token = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, 0);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (status == CR_OK) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ref++;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto continue_parsing;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1162,10 +1171,12 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *@param a_this the current instance of #CRParser.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *@param n_calls used to limit recursion depth
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *@return CR_OK upon successfull completion, an error code otherwise.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static enum CRStatus
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-cr_parser_parse_any_core (CRParser * a_this)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++cr_parser_parse_any_core (CRParser * a_this,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ guint n_calls)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CRToken *token1 = NULL,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *token2 = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1174,6 +1185,9 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return CR_ERROR;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RECORD_INITIAL_POS (a_this, &init_pos);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1212,7 +1226,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *We consider parameter as being an "any*" production.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ do {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } while (status == CR_OK);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1237,7 +1251,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ do {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } while (status == CR_OK);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1265,7 +1279,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ do {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- status = cr_parser_parse_any_core (a_this);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } while (status == CR_OK);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
</span></pre><pre style='margin:0'>
</pre>