add a patch from https://bugzilla.redhat.com/show_bug.cgi?id=543905 to fix CVE-2009-4227 (Stack-based buffer overflow by loading malformed .FIG files)diff -r1.59 -r1.60 pkgsrc/graphics/xfig/Makefile
(drochner)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.59 2009/11/30 13:50:38 itohy Exp $ | 1 | # $NetBSD: Makefile,v 1.60 2009/12/23 14:21:48 drochner Exp $ | |
2 | 2 | |||
3 | DISTNAME= xfig.3.2.5b.full | 3 | DISTNAME= xfig.3.2.5b.full | |
4 | PKGNAME= xfig-3.2.5b | 4 | PKGNAME= xfig-3.2.5b | |
5 | PKGREVISION= 4 | 5 | PKGREVISION= 5 | |
6 | CATEGORIES= graphics | 6 | CATEGORIES= graphics | |
7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mcj/} | 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mcj/} | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.xfig.org/ | 10 | HOMEPAGE= http://www.xfig.org/ | |
11 | COMMENT= CAD-like 2D drawing tool, good for colorful scale drawings & ISOs | 11 | COMMENT= CAD-like 2D drawing tool, good for colorful scale drawings & ISOs | |
12 | 12 | |||
13 | PKG_DESTDIR_SUPPORT= user-destdir | 13 | PKG_DESTDIR_SUPPORT= user-destdir | |
14 | 14 | |||
15 | DEPENDS+= transfig>=3.2.4:../../print/transfig | 15 | DEPENDS+= transfig>=3.2.4:../../print/transfig | |
16 | # if we're using Xaw3d, then we need 1.5E or newer since using that | 16 | # if we're using Xaw3d, then we need 1.5E or newer since using that | |
17 | # version means we need a patch, which is currently used unconditionally | 17 | # version means we need a patch, which is currently used unconditionally | |
18 | BUILDLINK_API_DEPENDS.Xaw3d+= Xaw3d>=1.5E | 18 | BUILDLINK_API_DEPENDS.Xaw3d+= Xaw3d>=1.5E |
@@ -1,15 +1,16 @@ | @@ -1,15 +1,16 @@ | |||
1 | $NetBSD: distinfo,v 1.21 2009/11/04 15:34:08 gdt Exp $ | 1 | $NetBSD: distinfo,v 1.22 2009/12/23 14:21:48 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (xfig.3.2.5b.full.tar.gz) = 0730d7e6bc217c0de02682efb0078821512bb542 | 3 | SHA1 (xfig.3.2.5b.full.tar.gz) = 0730d7e6bc217c0de02682efb0078821512bb542 | |
4 | RMD160 (xfig.3.2.5b.full.tar.gz) = aad4cfd808c116d34218e9890a898652e4f52ab6 | 4 | RMD160 (xfig.3.2.5b.full.tar.gz) = aad4cfd808c116d34218e9890a898652e4f52ab6 | |
5 | Size (xfig.3.2.5b.full.tar.gz) = 5821049 bytes | 5 | Size (xfig.3.2.5b.full.tar.gz) = 5821049 bytes | |
6 | SHA1 (patch-aa) = c931f4735f7502cc9d7c116378dcd3b420a40c6f | 6 | SHA1 (patch-aa) = c931f4735f7502cc9d7c116378dcd3b420a40c6f | |
7 | SHA1 (patch-ab) = c68a3ce1c1efbeab6e0f2dac9f91bf87c1515ce4 | 7 | SHA1 (patch-ab) = c68a3ce1c1efbeab6e0f2dac9f91bf87c1515ce4 | |
8 | SHA1 (patch-ac) = b43b811dce9aa3cdb5d18dc7c403a4a2e503fd44 | 8 | SHA1 (patch-ac) = b43b811dce9aa3cdb5d18dc7c403a4a2e503fd44 | |
9 | SHA1 (patch-ad) = b75238284164fe1e8365c21fab1a5e9102c467d0 | 9 | SHA1 (patch-ad) = b75238284164fe1e8365c21fab1a5e9102c467d0 | |
10 | SHA1 (patch-ae) = 8bb5d1c01faae34a6ad2cd1eaddf794cbf39a02e | 10 | SHA1 (patch-ae) = 8bb5d1c01faae34a6ad2cd1eaddf794cbf39a02e | |
11 | SHA1 (patch-ag) = 021f15be1fd36adc80c638bbb485e2f3753ac11b | 11 | SHA1 (patch-ag) = 021f15be1fd36adc80c638bbb485e2f3753ac11b | |
12 | SHA1 (patch-ai) = bd3f0c40e542aae1cfd739dbe0c0f096ddfdefcf | 12 | SHA1 (patch-ai) = bd3f0c40e542aae1cfd739dbe0c0f096ddfdefcf | |
13 | SHA1 (patch-ak) = fcc358a595590ea3136d71bd9f61449d54914c46 | 13 | SHA1 (patch-ak) = fcc358a595590ea3136d71bd9f61449d54914c46 | |
14 | SHA1 (patch-al) = ca20d3ec7bcf2ac24fd0a415495f805add23142d | 14 | SHA1 (patch-al) = ca20d3ec7bcf2ac24fd0a415495f805add23142d | |
15 | SHA1 (patch-am) = 72adbda34425fda49f2072a3d40a3d942e07e1ba | 15 | SHA1 (patch-am) = 72adbda34425fda49f2072a3d40a3d942e07e1ba | |
16 | SHA1 (patch-an) = 4bfce8dbd420bc4b4d8efa5b01a39e3a9ce03ca6 |
$NetBSD: patch-an,v 1.1 2009/12/23 14:21:48 drochner Exp $
--- f_readold.c.orig 2007-03-29 00:23:14.000000000 +0000
+++ f_readold.c
@@ -471,7 +471,7 @@ read_1_3_textobject(FILE *fp)
F_text *t;
int n;
int dum;
- char buf[128];
+ char buf[512];
PR_SIZE tx_dim;
if ((t = create_text()) == NULL)
@@ -485,22 +485,34 @@ read_1_3_textobject(FILE *fp)
t->pen_style = -1;
t->angle = 0.0;
t->next = NULL;
+ if (!fgets(buf, sizeof(buf), fp)) {
+ file_msg("Incomplete text data");
+ free((char *) t);
+ return (NULL);
+ }
+
+ /* Note using strlen(buf) here will waste a few bytes, as the
+ various text attributes are counted into this length too. */
+ if ((t->cstring = new_string(strlen(buf))) == NULL)
+ return (NULL);
+
/* ascent and length will be recalculated later */
- n = fscanf(fp, " %d %d %d %d %d %d %d %[^\n]",
+ n = sscanf(buf, " %d %d %d %d %d %d %d %[^\n]",
&t->font, &dum, &dum, &t->ascent, &t->length,
- &t->base_x, &t->base_y, buf);
+ &t->base_x, &t->base_y, t->cstring);
if (n != 8) {
file_msg("Incomplete text data");
+ free(t->cstring);
free((char *) t);
return (NULL);
}
- if ((t->cstring = new_string(strlen(buf))) == NULL) {
+
+ if (!strlen(t->cstring)) {
+ free(t->cstring);
free((char *) t);
file_msg("Empty text string at line %d.", line_no);
return (NULL);
}
- /* put string in structure */
- strcpy(t->cstring, buf);
/* get the font struct */
t->zoom = zoomscale;