Tue May 19 19:47:49 UTC 202020200519194749

a/shadow-4.8.1-x86_64-8.txz:  Rebuilt.
  It seems that /etc/suauth is not supported when PAM is in use, even if
  configure.ac is hacked to enable it. I've removed the man pages for it,
  and would suggest using sudo as a replacement.
l/libexif-0.6.22-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  CVE-2018-20030: Fix for recursion DoS
  CVE-2020-13114: Time consumption DoS when parsing canon array markers
  CVE-2020-13113: Potential use of uninitialized memory
  CVE-2020-13112: Various buffer overread fixes due to integer overflows
                  in maker notes
  CVE-2020-0093:  read overflow
  CVE-2019-9278:  replaced integer overflow checks the compiler could
                  optimize away by safer constructs
  CVE-2020-12767: fixed division by zero
  CVE-2016-6328:  fixed integer overflow when parsing maker notes
  CVE-2017-7544:  fixed buffer overread
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
  (* Security fix *)
l/oniguruma-6.9.5_rev1-x86_64-2.txz:  Rebuilt.
  Rebuilt with --enable-posix-api. Thanks to MisterL.
l/python-packaging-20.4-x86_64-1.txz:  Upgraded.
n/bind-9.16.3-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  A malicious actor who intentionally exploits the lack of effective
  limitation on the number of fetches performed when processing referrals
  can, through the use of specially crafted referrals, cause a recursing
  server to issue a very large number of fetches in an attempt to process
  the referral. This has at least two potential effects: The performance of
  the recursing server can potentially be degraded by the additional work
  required to perform these fetches, and the attacker can exploit this
  behavior to use the recursing server as a reflector in a reflection attack
  with a high amplification factor.
  For more information, see:
    https://kb.isc.org/docs/cve-2020-8616
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
  (* Security fix *)
x/fontconfig-2.13.92-x86_64-1.txz:  Upgraded.
x/xf86-input-libinput-0.30.0-x86_64-1.txz:  Upgraded.

1 files changed, 285 insertions, 0 deletions

diff --git a/source/x/fontconfig/fedora-patches/fontconfig-sysroot.patch b/source/x/fontconfig/fedora-patches/fontconfig-sysroot.patch
new file mode 100644
index 000000000..9505f9724
--- /dev/null
+++ b/source/x/fontconfig/fedora-patches/fontconfig-sysroot.patch
@@ -0,0 +1,285 @@
+From cd51cb241aad7b362b793200ca7d42595c14f52b Mon Sep 17 00:00:00 2001
+From: Akira TAGOH <akira@tagoh.org>
+Date: Mon, 21 Oct 2019 16:17:42 +0900
+Subject: [PATCH] Take effect sysroot functionality to the default config file
+
+When loading the default config file with FONTCONFIG_SYSROOT,
+it fails if no /etc/fonts/fonts.conf is available, even if it is
+there where is based on sysroot.
+
+To address this, FcConfig is required to determine the sysroot.
+therefore, this change makes FcConfigFilename() deprecated,
+use FcConfigGetFilename() instead.
+
+Fixes https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/181
+---
+ doc/fcconfig.fncs       | 11 +++++++
+ fontconfig/fontconfig.h |  4 +++
+ src/fccfg.c             | 67 ++++++++++++++++++++++++++++-------------
+ src/fcxml.c             | 24 ++++++++++++---
+ 4 files changed, 81 insertions(+), 25 deletions(-)
+
+diff --git a/doc/fcconfig.fncs b/doc/fcconfig.fncs
+index 5f1ef43..82769d5 100644
+--- a/doc/fcconfig.fncs
++++ b/doc/fcconfig.fncs
+@@ -344,6 +344,15 @@ to be up to date, and used.
+ @TYPE1@         const FcChar8 *			@ARG1@          name
+ @PURPOSE@	Find a config file
+ @DESC@
++This function is deprecated and is replaced by <function>FcConfigGetFilename</function>.
++@@
++
++@RET@           FcChar8 *
++@FUNC@          FcConfigGetFilename
++@TYPE1@         FcConfig *			@ARG1@          config
++@TYPE2@         const FcChar8 *			@ARG2@          name
++@PURPOSE@	Find a config file
++@DESC@
+ Given the specified external entity name, return the associated filename.
+ This provides applications a way to convert various configuration file
+ references into filename form.
+@@ -355,6 +364,8 @@ refers to a file in the current users home directory.  Otherwise if the name
+ doesn't start with '/', it refers to a file in the default configuration
+ directory; the built-in default directory can be overridden with the
+ FONTCONFIG_PATH environment variable.
++    </para><para>
++The result of this function is affected by the FONTCONFIG_SYSROOT environment variable or equivalent functionality.
+ @@
+ 
+ @RET@		FcBool
+diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h
+index 9586616..2f0e8cf 100644
+--- a/fontconfig/fontconfig.h
++++ b/fontconfig/fontconfig.h
+@@ -393,6 +393,10 @@ FcConfigHome (void);
+ FcPublic FcBool
+ FcConfigEnableHome (FcBool enable);
+ 
++FcPublic FcChar8 *
++FcConfigGetFilename (FcConfig      *config,
++		     const FcChar8 *url);
++
+ FcPublic FcChar8 *
+ FcConfigFilename (const FcChar8 *url);
+     
+diff --git a/src/fccfg.c b/src/fccfg.c
+index e81eeba..21ccd25 100644
+--- a/src/fccfg.c
++++ b/src/fccfg.c
+@@ -686,7 +686,7 @@ FcConfigAddConfigFile (FcConfig	    *config,
+ 		       const FcChar8   *f)
+ {
+     FcBool	ret;
+-    FcChar8	*file = FcConfigFilename (f);
++    FcChar8	*file = FcConfigGetFilename (config, f);
+ 
+     if (!file)
+ 	return FcFalse;
+@@ -2284,10 +2284,19 @@ FcConfigEnableHome (FcBool enable)
+ }
+ 
+ FcChar8 *
+-FcConfigFilename (const FcChar8 *url)
++FcConfigGetFilename (FcConfig      *config,
++		     const FcChar8 *url)
+ {
+     FcChar8    *file, *dir, **path, **p;
++    const FcChar8 *sysroot;
+ 
++    if (!config)
++    {
++	config = FcConfigGetCurrent ();
++	if (!config)
++	    return NULL;
++    }
++    sysroot = FcConfigGetSysRoot (config);
+     if (!url || !*url)
+     {
+ 	url = (FcChar8 *) getenv ("FONTCONFIG_FILE");
+@@ -2297,13 +2306,23 @@ FcConfigFilename (const FcChar8 *url)
+     file = 0;
+ 
+     if (FcStrIsAbsoluteFilename(url))
+-	return FcConfigFileExists (0, url);
++	return FcConfigFileExists (sysroot, url);
+ 
+     if (*url == '~')
+     {
+ 	dir = FcConfigHome ();
+ 	if (dir)
+-	    file = FcConfigFileExists (dir, url + 1);
++	{
++	    FcChar8 *s;
++
++	    if (sysroot)
++		s = FcStrBuildFilename (sysroot, dir, NULL);
++	    else
++		s = dir;
++	    file = FcConfigFileExists (s, url + 1);
++	    if (sysroot)
++		FcStrFree (s);
++	}
+ 	else
+ 	    file = 0;
+     }
+@@ -2314,7 +2333,15 @@ FcConfigFilename (const FcChar8 *url)
+ 	    return NULL;
+ 	for (p = path; *p; p++)
+ 	{
+-	    file = FcConfigFileExists (*p, url);
++	    FcChar8 *s;
++
++	    if (sysroot)
++		s = FcStrBuildFilename (sysroot, *p, NULL);
++	    else
++		s = *p;
++	    file = FcConfigFileExists (s, url);
++	    if (sysroot)
++		FcStrFree (s);
+ 	    if (file)
+ 		break;
+ 	}
+@@ -2323,33 +2350,31 @@ FcConfigFilename (const FcChar8 *url)
+     return file;
+ }
+ 
++FcChar8 *
++FcConfigFilename (const FcChar8 *url)
++{
++    return FcConfigGetFilename (NULL, url);
++}
++
+ FcChar8 *
+ FcConfigRealFilename (FcConfig		*config,
+ 		      const FcChar8	*url)
+ {
+-    const FcChar8 *sysroot = FcConfigGetSysRoot (config);
+-    FcChar8 *n = FcConfigFilename (url);
+-    FcChar8 *nn = NULL;
++    FcChar8 *n = FcConfigGetFilename (config, url);
+ 
+     if (n)
+     {
+ 	FcChar8 buf[FC_PATH_MAX];
+ 	ssize_t len;
+ 
+-	if (sysroot)
+-	    nn = FcStrBuildFilename (sysroot, n, NULL);
+-	else
+-	    nn = FcStrdup (n);
+-	FcStrFree (n);
+-
+-	if ((len = FcReadLink (nn, buf, sizeof (buf) - 1)) != -1)
++	if ((len = FcReadLink (n, buf, sizeof (buf) - 1)) != -1)
+ 	{
+ 	    buf[len] = 0;
+ 
+ 	    if (!FcStrIsAbsoluteFilename (buf))
+ 	    {
+-		FcChar8 *dirname = FcStrDirname (nn);
+-		FcStrFree (nn);
++		FcChar8 *dirname = FcStrDirname (n);
++		FcStrFree (n);
+ 		if (!dirname)
+ 		    return NULL;
+ 
+@@ -2358,18 +2383,18 @@ FcConfigRealFilename (FcConfig		*config,
+ 		if (!path)
+ 		    return NULL;
+ 
+-		nn = FcStrCanonFilename (path);
++		n = FcStrCanonFilename (path);
+ 		FcStrFree (path);
+ 	    }
+ 	    else
+ 	    {
+-		FcStrFree (nn);
+-		nn = FcStrdup (buf);
++		FcStrFree (n);
++		n = FcStrdup (buf);
+ 	    }
+ 	}
+     }
+ 
+-    return nn;
++    return n;
+ }
+ 
+ /*
+diff --git a/src/fcxml.c b/src/fcxml.c
+index d9a67f6..a366644 100644
+--- a/src/fcxml.c
++++ b/src/fcxml.c
+@@ -2541,7 +2541,7 @@ FcParseInclude (FcConfigParse *parse)
+         FcChar8 *filename;
+ 	static FcBool warn_conf = FcFalse, warn_confd = FcFalse;
+ 
+-        filename = FcConfigFilename(s);
++        filename = FcConfigGetFilename(parse->config, s);
+ 	if (deprecated == FcTrue &&
+ 	    filename != NULL &&
+ 	    userdir != NULL &&
+@@ -3532,7 +3532,9 @@ _FcConfigParse (FcConfig	*config,
+     FcStrBuf	    sbuf;
+     char            buf[BUFSIZ];
+     FcBool	    ret = FcFalse, complain_again = complain;
++    FcStrBuf	    reason;
+ 
++    FcStrBufInit (&reason, NULL, 0);
+ #ifdef _WIN32
+     if (!pGetSystemWindowsDirectory)
+     {
+@@ -3549,12 +3551,20 @@ _FcConfigParse (FcConfig	*config,
+     }
+ #endif
+ 
+-    filename = FcConfigFilename (name);
++    filename = FcConfigGetFilename (config, name);
+     if (!filename)
++    {
++	FcStrBufString (&reason, (FcChar8 *)"No such file: ");
++	FcStrBufString (&reason, name ? name : (FcChar8 *)"(null)");
+ 	goto bail0;
++    }
+     realfilename = FcConfigRealFilename (config, name);
+     if (!realfilename)
++    {
++	FcStrBufString (&reason, (FcChar8 *)"No such realfile: ");
++	FcStrBufString (&reason, name ? name : (FcChar8 *)"(null)");
+ 	goto bail0;
++    }
+     if (FcStrSetMember (config->availConfigFiles, realfilename))
+     {
+         FcStrFree (filename);
+@@ -3582,7 +3592,11 @@ _FcConfigParse (FcConfig	*config,
+ 
+     fd = FcOpen ((char *) realfilename, O_RDONLY);
+     if (fd == -1)
++    {
++	FcStrBufString (&reason, (FcChar8 *)"Unable to open ");
++	FcStrBufString (&reason, realfilename);
+ 	goto bail1;
++    }
+ 
+     do {
+ 	len = read (fd, buf, BUFSIZ);
+@@ -3623,11 +3637,13 @@ bail0:
+     if (!ret && complain_again)
+     {
+ 	if (name)
+-	    FcConfigMessage (0, FcSevereError, "Cannot %s config file \"%s\"", load ? "load" : "scan", name);
++	    FcConfigMessage (0, FcSevereError, "Cannot %s config file \"%s\": %s", load ? "load" : "scan", name, FcStrBufDoneStatic (&reason));
+ 	else
+-	    FcConfigMessage (0, FcSevereError, "Cannot %s default config file", load ? "load" : "scan");
++	    FcConfigMessage (0, FcSevereError, "Cannot %s default config file: %s", load ? "load" : "scan", FcStrBufDoneStatic (&reason));
++	FcStrBufDestroy (&reason);
+ 	return FcFalse;
+     }
++    FcStrBufDestroy (&reason);
+     return ret;
+ }
+ 
+-- 
+2.24.1
+