diff options
author | Donnie Berkholz <dberkholz@gentoo.org> | 2006-08-20 20:55:16 +0000 |
---|---|---|
committer | Donnie Berkholz <dberkholz@gentoo.org> | 2006-08-20 20:55:16 +0000 |
commit | 45cde34bc30e15ad630621909ade34b08f48cc8a (patch) | |
tree | 5c378d5b0d23077a48a56832f8be9211ccc5a754 /x11-libs/libXfont | |
parent | applying java patch needs to be conditional on java useflag (Bug #144548) (diff) | |
download | gentoo-2-45cde34bc30e15ad630621909ade34b08f48cc8a.tar.gz gentoo-2-45cde34bc30e15ad630621909ade34b08f48cc8a.tar.bz2 gentoo-2-45cde34bc30e15ad630621909ade34b08f48cc8a.zip |
(#144092, fd.o 7535) Security fix. Denial of service and potential code execution.
(Portage version: 2.1.1_pre5-r2)
Diffstat (limited to 'x11-libs/libXfont')
-rw-r--r-- | x11-libs/libXfont/ChangeLog | 9 | ||||
-rw-r--r-- | x11-libs/libXfont/files/1.2.0-pcfread-git.diff | 103 | ||||
-rw-r--r-- | x11-libs/libXfont/files/digest-libXfont-1.2.0-r1 | 3 | ||||
-rw-r--r-- | x11-libs/libXfont/libXfont-1.2.0-r1.ebuild | 34 |
4 files changed, 148 insertions, 1 deletions
diff --git a/x11-libs/libXfont/ChangeLog b/x11-libs/libXfont/ChangeLog index 202391b255c3..1de26f68659e 100644 --- a/x11-libs/libXfont/ChangeLog +++ b/x11-libs/libXfont/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for x11-libs/libXfont # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.40 2006/07/19 13:58:44 gmsoft Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.41 2006/08/20 20:55:16 dberkholz Exp $ + +*libXfont-1.2.0-r1 (20 Aug 2006) + + 20 Aug 2006; Donnie Berkholz <dberkholz@gentoo.org>; + +files/1.2.0-pcfread-git.diff, +libXfont-1.2.0-r1.ebuild: + (#144092, fd.o 7535) Security fix. Denial of service and potential code + execution. 19 Jul 2006; Guy Martin <gmsoft@gentoo.org> libXfont-1.1.0-r1.ebuild: Stable on hppa. diff --git a/x11-libs/libXfont/files/1.2.0-pcfread-git.diff b/x11-libs/libXfont/files/1.2.0-pcfread-git.diff new file mode 100644 index 000000000000..50131fd8055a --- /dev/null +++ b/x11-libs/libXfont/files/1.2.0-pcfread-git.diff @@ -0,0 +1,103 @@ +diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c +index dd76868..6210f18 100644 +--- a/src/bitmap/pcfread.c ++++ b/src/bitmap/pcfread.c +@@ -45,6 +45,7 @@ #define MAX(a,b) (((a)>(b)) ? a : b + #endif + + #include <stdarg.h> ++#include <stdint.h> + + void + pcfError(const char* message, ...) +@@ -133,6 +134,10 @@ pcfReadTOC(FontFilePtr file, int *countp + return (PCFTablePtr) NULL; + count = pcfGetLSB32(file); + if (IS_EOF(file)) return (PCFTablePtr) NULL; ++ if (count < 0 || count > INT32_MAX / sizeof(PCFTableRec)) { ++ pcfError("pcfReadTOC(): invalid file format\n"); ++ return NULL; ++ } + tables = (PCFTablePtr) xalloc(count * sizeof(PCFTableRec)); + if (!tables) { + pcfError("pcfReadTOC(): Couldn't allocate tables (%d*%d)\n", count, sizeof(PCFTableRec)); +@@ -252,6 +257,10 @@ pcfGetProperties(FontInfoPtr pFontInfo, + if (!PCF_FORMAT_MATCH(format, PCF_DEFAULT_FORMAT)) + goto Bail; + nprops = pcfGetINT32(file, format); ++ if (nprops <= 0 || nprops > INT32_MAX / sizeof(FontPropRec)) { ++ pcfError("pcfGetProperties(): invalid nprops value (%d)\n", nprops); ++ goto Bail; ++ } + if (IS_EOF(file)) goto Bail; + props = (FontPropPtr) xalloc(nprops * sizeof(FontPropRec)); + if (!props) { +@@ -267,6 +276,13 @@ pcfGetProperties(FontInfoPtr pFontInfo, + props[i].name = pcfGetINT32(file, format); + isStringProp[i] = pcfGetINT8(file, format); + props[i].value = pcfGetINT32(file, format); ++ if (props[i].name < 0 ++ || (isStringProp[i] != 0 && isStringProp[i] != 1) ++ || (isStringProp[i] && props[i].value < 0)) { ++ pcfError("pcfGetProperties(): invalid file format %d %d %d\n", ++ props[i].name, isStringProp[i], props[i].value); ++ goto Bail; ++ } + if (IS_EOF(file)) goto Bail; + } + /* pad the property array */ +@@ -282,6 +298,7 @@ pcfGetProperties(FontInfoPtr pFontInfo, + } + if (IS_EOF(file)) goto Bail; + string_size = pcfGetINT32(file, format); ++ if (string_size < 0) goto Bail; + if (IS_EOF(file)) goto Bail; + strings = (char *) xalloc(string_size); + if (!strings) { +@@ -422,6 +439,10 @@ pcfReadFont(FontPtr pFont, FontFilePtr f + else + nmetrics = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; ++ if (nmetrics < 0 || nmetrics > INT32_MAX / sizeof(CharInfoRec)) { ++ pcfError("pcfReadFont(): invalid file format\n"); ++ goto Bail; ++ } + metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec)); + if (!metrics) { + pcfError("pcfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec)); +@@ -447,7 +468,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f + nbitmaps = pcfGetINT32(file, format); + if (nbitmaps != nmetrics || IS_EOF(file)) + goto Bail; +- ++ /* nmetrics is alreadt ok, so nbitmap also is */ + offsets = (CARD32 *) xalloc(nbitmaps * sizeof(CARD32)); + if (!offsets) { + pcfError("pcfReadFont(): Couldn't allocate offsets (%d*%d)\n", nbitmaps, sizeof(CARD32)); +@@ -461,6 +482,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f + for (i = 0; i < GLYPHPADOPTIONS; i++) { + bitmapSizes[i] = pcfGetINT32(file, format); + if (IS_EOF(file)) goto Bail; ++ if (bitmapSizes[i] < 0) goto Bail; + } + + sizebitmaps = bitmapSizes[PCF_GLYPH_PAD_INDEX(format)]; +@@ -536,6 +558,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f + if (IS_EOF(file)) goto Bail; + if (nink_metrics != nmetrics) + goto Bail; ++ /* nmetrics already checked */ + ink_metrics = (xCharInfo *) xalloc(nink_metrics * sizeof(xCharInfo)); + if (!ink_metrics) { + pcfError("pcfReadFont(): Couldn't allocate ink_metrics (%d*%d)\n", nink_metrics, sizeof(xCharInfo)); +@@ -809,6 +832,10 @@ pmfReadFont(FontPtr pFont, FontFilePtr f + else + nmetrics = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; ++ if (nmetrics < 0 || nmetrics > INT32_MAX / sizeof(CharInfoRec)) { ++ pcfError("pmfReadFont(): invalid file format\n"); ++ goto Bail; ++ } + metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec)); + if (!metrics) { + pcfError("pmfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec)); diff --git a/x11-libs/libXfont/files/digest-libXfont-1.2.0-r1 b/x11-libs/libXfont/files/digest-libXfont-1.2.0-r1 new file mode 100644 index 000000000000..76e060720c53 --- /dev/null +++ b/x11-libs/libXfont/files/digest-libXfont-1.2.0-r1 @@ -0,0 +1,3 @@ +MD5 038315ade283d8da92422baebac553a2 libXfont-1.2.0.tar.bz2 591129 +RMD160 8faaeb2514390fe2f17534c27a5ad20e2f177ff0 libXfont-1.2.0.tar.bz2 591129 +SHA256 130d6991971a10ba8b54f52848bcb00cbb7b4229eb839f88500972e11fecf8f0 libXfont-1.2.0.tar.bz2 591129 diff --git a/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild b/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild new file mode 100644 index 000000000000..eee361be27f2 --- /dev/null +++ b/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild,v 1.1 2006/08/20 20:55:16 dberkholz Exp $ + +# Must be before x-modular eclass is inherited +# SNAPSHOT="yes" + +inherit x-modular flag-o-matic + +DESCRIPTION="X.Org Xfont library" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="ipv6" +RDEPEND="x11-libs/xtrans + x11-libs/libfontenc + x11-proto/xproto + x11-proto/fontsproto + >=media-libs/freetype-2" +DEPEND="${RDEPEND} + x11-proto/fontcacheproto" + +CONFIGURE_OPTIONS="$(use_enable ipv6) + --enable-type1 + --with-encodingsdir=/usr/share/fonts/encodings" +PATCHES="${FILESDIR}/${PV}-pcfread-git.diff" + +pkg_setup() { + # No such function yet + # x-modular_pkg_setup + + # (#125465) Broken with Bdirect support + filter-flags -Wl,-Bdirect + filter-ldflags -Bdirect + filter-ldflags -Wl,-Bdirect +} |