Sun Jan 20 18:24:51 2008 UTC ()
libXfont-1.3.1nb2:
Include upstream fix for another PCF integer overflow.
This is CVE-2008-0006.
(joerg)
diff -r1.8 -r1.9 pkgsrc/x11/libXfont/Makefile
diff -r1.7 -r1.8 pkgsrc/x11/libXfont/distinfo
diff -r0 -r1.3 pkgsrc/x11/libXfont/patches/patch-ab
--- pkgsrc/x11/libXfont/Makefile 2007/09/24 16:24:48 1.8
+++ pkgsrc/x11/libXfont/Makefile 2008/01/20 18:24:51 1.9
| @@ -1,18 +1,18 @@ | | | @@ -1,18 +1,18 @@ |
1 | # $NetBSD: Makefile,v 1.8 2007/09/24 16:24:48 joerg Exp $ | | 1 | # $NetBSD: Makefile,v 1.9 2008/01/20 18:24:51 joerg Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | DISTNAME= libXfont-1.3.1 | | 4 | DISTNAME= libXfont-1.3.1 |
5 | PKGREVISION= 1 | | 5 | PKGREVISION= 2 |
6 | CATEGORIES= x11 devel fonts | | 6 | CATEGORIES= x11 devel fonts |
7 | MASTER_SITES= http://xorg.freedesktop.org/releases/individual/lib/ | | 7 | MASTER_SITES= http://xorg.freedesktop.org/releases/individual/lib/ |
8 | EXTRACT_SUFX= .tar.bz2 | | 8 | EXTRACT_SUFX= .tar.bz2 |
9 | | | 9 | |
10 | MAINTAINER= joerg@NetBSD.org | | 10 | MAINTAINER= joerg@NetBSD.org |
11 | HOMEPAGE= http://xorg.freedesktop.org/ | | 11 | HOMEPAGE= http://xorg.freedesktop.org/ |
12 | COMMENT= X font Library | | 12 | COMMENT= X font Library |
13 | | | 13 | |
14 | PKG_DESTDIR_SUPPORT= user-destdir | | 14 | PKG_DESTDIR_SUPPORT= user-destdir |
15 | | | 15 | |
16 | USE_LIBTOOL= yes | | 16 | USE_LIBTOOL= yes |
17 | GNU_CONFIGURE= yes | | 17 | GNU_CONFIGURE= yes |
18 | USE_TOOLS+= pkg-config | | 18 | USE_TOOLS+= pkg-config |
--- pkgsrc/x11/libXfont/distinfo 2007/09/24 16:24:48 1.7
+++ pkgsrc/x11/libXfont/distinfo 2008/01/20 18:24:51 1.8
| @@ -1,6 +1,7 @@ | | | @@ -1,6 +1,7 @@ |
1 | $NetBSD: distinfo,v 1.7 2007/09/24 16:24:48 joerg Exp $ | | 1 | $NetBSD: distinfo,v 1.8 2008/01/20 18:24:51 joerg Exp $ |
2 | | | 2 | |
3 | SHA1 (libXfont-1.3.1.tar.bz2) = 90153414cd3580d92cad6469166c099749cddd29 | | 3 | SHA1 (libXfont-1.3.1.tar.bz2) = 90153414cd3580d92cad6469166c099749cddd29 |
4 | RMD160 (libXfont-1.3.1.tar.bz2) = 13c8ed7b33ec0c4f08c032d74958e49d3c177464 | | 4 | RMD160 (libXfont-1.3.1.tar.bz2) = 13c8ed7b33ec0c4f08c032d74958e49d3c177464 |
5 | Size (libXfont-1.3.1.tar.bz2) = 564235 bytes | | 5 | Size (libXfont-1.3.1.tar.bz2) = 564235 bytes |
6 | SHA1 (patch-aa) = e421de2c9b67b46c2dab651ba1bab13fd08df914 | | 6 | SHA1 (patch-aa) = e421de2c9b67b46c2dab651ba1bab13fd08df914 |
| | | 7 | SHA1 (patch-ab) = 56339bd99f714be3d9a7d697c39eab1b13794c3b |
$NetBSD: patch-ab,v 1.3 2008/01/20 18:24:51 joerg Exp $
--- src/bitmap/pcfread.c.orig 2007-09-05 02:18:23.000000000 +0200
+++ src/bitmap/pcfread.c
@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
pFont->info.lastRow = pcfGetINT16(file, format);
pFont->info.defaultCh = pcfGetINT16(file, format);
if (IS_EOF(file)) goto Bail;
+ if (pFont->info.firstCol > pFont->info.lastCol ||
+ pFont->info.firstRow > pFont->info.lastRow ||
+ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
(pFont->info.lastRow - pFont->info.firstRow + 1);
@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, F
pFontInfo->lastRow = pcfGetINT16(file, format);
pFontInfo->defaultCh = pcfGetINT16(file, format);
if (IS_EOF(file)) goto Bail;
+ if (pFontInfo->firstCol > pFontInfo->lastCol ||
+ pFontInfo->firstRow > pFontInfo->lastRow ||
+ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
(pFontInfo->lastRow - pFontInfo->firstRow + 1);