File _patchinfo of Package patchinfo.40286

<patchinfo incident="40286">
  <issue tracker="cve" id="2025-50422"/>
  <issue tracker="bnc" id="1247589">VUL-0: CVE-2025-50422: cairo: Poppler crash on malformed input</issue>
  <packager>qzhao</packager>
  <rating>low</rating>
  <category>security</category>
  <summary>Security update for cairo</summary>
  <description>This update for cairo fixes the following issues:

- CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589)

- Update to version 1.18.4:
  + The dependency on LZO has been made optional through a build
    time configuration toggle.
  + You can build Cairo against a Freetype installation that does
    not have the FT_Color type.
  + Cairo tests now build on Solaris 11.4 with GCC 14.
  + The DirectWrite backend now builds on MINGW 11.
  + The DirectWrite backend now supports font variations and proper
    glyph coverage.
- Use tarball in lieu of source service due to freedesktop gitlab
  migration, will switch back at next release at the latest.
- Add pkgconfig(lzo2) BuildRequires: New optional dependency, build
  lzo2 support feature.

- Convert to source service: allows for easier upgrades by the
  GNOME team.

- Update to version 1.18.2:
  + The malloc-stats code has been removed from the tests directory
  + Cairo now requires a version of pixman equal to, or newer than,
    0.40.
  + There have been multiple build fixes for newer versions of GCC
    for MSVC; for Solaris; and on macOS 10.7.
  + PNG errors caused by loading malformed data are correctly
    propagated to callers, so they can handle the case.
  + Both stroke and fill colors are now set when showing glyphs on
    a PDF surface.
  + All the font options are copied when creating a fallback font
    object.
  + When drawing text on macOS, Cairo now tries harder to select
    the appropriate font name.
  + Cairo now prefers the COLRv1 table inside a font, if one is
    available.
  + Cairo requires a C11 toolchain when building.
</description>
</patchinfo>