Pullup ticket #3066 - requested by taca pango: security patch Revisions pulled up: - devel/pango/Makefile 1.140-1.141 - devel/pango/distinfo 1.82-1.83 - devel/pango/patches/patch-ae 1.5 - devel/pango/patches/patch-am 1.1 --- Module Name: pkgsrc Committed By: tron Date: Sun Feb 21 23:51:26 UTC 2010 Modified Files: pkgsrc/devel/pango: Makefile distinfo pkgsrc/devel/pango/patches: patch-ae Log Message: Change very questionable C++ code slightly to avoid high CPU usage under Mac OS X. (see https://bugzilla.gnome.org/show_bug.cgi?id=593240 for more details). Tested with XChat and Wireshark under Mac OS 10.6.2 and NetBSD/amd64 5.0_STABLE. --- Module Name: pkgsrc Committed By: taca Date: Sat Mar 27 15:59:34 UTC 2010 Modified Files: pkgsrc/devel/pango: Makefile distinfo Added Files: pkgsrc/devel/pango/patches: patch-am Log Message: Add a patch to fix CVE-2010-0421, DoS security fix. Bump PKGREVISION.diff -r1.139 -r1.139.2.1 pkgsrc/devel/pango/Makefile
(tron)
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.139 2009/12/15 15:09:21 drochner Exp $ | 1 | # $NetBSD: Makefile,v 1.139.2.1 2010/03/27 17:51:38 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= pango-1.26.2 | 3 | DISTNAME= pango-1.26.2 | |
4 | PKGREVISION= 2 | |||
4 | CATEGORIES= devel fonts | 5 | CATEGORIES= devel fonts | |
5 | MASTER_SITES= ${MASTER_SITE_GNOME:=sources/pango/1.26/} | 6 | MASTER_SITES= ${MASTER_SITE_GNOME:=sources/pango/1.26/} | |
6 | EXTRACT_SUFX= .tar.bz2 | 7 | EXTRACT_SUFX= .tar.bz2 | |
7 | 8 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.pango.org/ | 10 | HOMEPAGE= http://www.pango.org/ | |
10 | COMMENT= Library for layout and rendering of text | 11 | COMMENT= Library for layout and rendering of text | |
11 | LICENSE= gnu-lgpl-v2 | 12 | LICENSE= gnu-lgpl-v2 | |
12 | 13 | |||
13 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 14 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
14 | PKG_DESTDIR_SUPPORT= user-destdir | 15 | PKG_DESTDIR_SUPPORT= user-destdir | |
15 | 16 | |||
16 | USE_TOOLS+= gmake pkg-config | 17 | USE_TOOLS+= gmake pkg-config |
@@ -1,8 +1,9 @@ | @@ -1,8 +1,9 @@ | |||
1 | $NetBSD: distinfo,v 1.81 2009/12/15 15:09:21 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.81.2.1 2010/03/27 17:51:38 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (pango-1.26.2.tar.bz2) = 051b6f7b5f98a4c8083ef6a5178cb5255a992b98 | 3 | SHA1 (pango-1.26.2.tar.bz2) = 051b6f7b5f98a4c8083ef6a5178cb5255a992b98 | |
4 | RMD160 (pango-1.26.2.tar.bz2) = 6613bddf643d5c912e6656d84c6671aa6ce88a9d | 4 | RMD160 (pango-1.26.2.tar.bz2) = 6613bddf643d5c912e6656d84c6671aa6ce88a9d | |
5 | Size (pango-1.26.2.tar.bz2) = 1536011 bytes | 5 | Size (pango-1.26.2.tar.bz2) = 1536011 bytes | |
6 | SHA1 (patch-aa) = 1a87d055dc722eff28517a11d0832ae19df5eb59 | 6 | SHA1 (patch-aa) = 1a87d055dc722eff28517a11d0832ae19df5eb59 | |
7 | SHA1 (patch-ab) = 12c09b12ba31be19fa0d602f89909811e6221bd8 | 7 | SHA1 (patch-ab) = 12c09b12ba31be19fa0d602f89909811e6221bd8 | |
8 | SHA1 (patch-ae) = 2ebb8a0886a745fbfb0106dece91c5c990982ef8 | 8 | SHA1 (patch-ae) = 9eb458be84f6dfce27fb469d45cc78e34acd9c36 | |
9 | SHA1 (patch-am) = dc7387b4da24356a56ab8d07ef0462b6f4b3b209 |
@@ -1,45 +1,18 @@ | @@ -1,45 +1,18 @@ | |||
1 | $NetBSD: patch-ae,v 1.4 2009/11/23 17:18:52 tron Exp $ | 1 | $NetBSD: patch-ae,v 1.4.2.1 2010/03/27 17:51:38 tron Exp $ | |
2 | 2 | |||
3 | Avoid high CPU usage caused by code generaton problems in Apple's toolchain. | 3 | Avoid high CPU usage under Mac OS X caused by questionable C++ code. | |
4 | 4 | |||
5 | Please look here for details: | 5 | Please look here for details: | |
6 | https://bugzilla.gnome.org/show_bug.cgi?id=593240 | 6 | https://bugzilla.gnome.org/show_bug.cgi?id=593240 | |
7 | 7 | |||
8 | --- pango/pango-ot-info.c.orig 2009-11-17 16:35:44.000000000 +0000 | 8 | --- pango/opentype/hb-open-type-private.hh.orig 2009-11-26 00:44:17.000000000 +0000 | |
9 | +++ pango/pango-ot-info.c 2009-11-23 13:55:29.000000000 +0000 | 9 | +++ pango/opentype/hb-open-type-private.hh 2010-02-21 23:41:06.000000000 +0000 | |
10 | @@ -536,13 +536,22 @@ | 10 | @@ -61,7 +61,7 @@ | |
11 | { | 11 | /* Null objects */ | |
12 | unsigned int i; | |||
13 | 12 | |||
14 | +#if defined(__APPLE__) && defined(__GNUC__) | 13 | /* Global nul-content Null pool. Enlarge as necessary. */ | |
15 | + (void)fflush(stdout); | 14 | -static const char NullPool[32] = ""; | |
16 | +#endif | 15 | +static const void *NullPool[32]; | |
17 | + | |||
18 | for (i = 0; i < ruleset->rules->len; i++) | |||
19 | { | |||
20 | - PangoOTRule *rule = &g_array_index (ruleset->rules, PangoOTRule, i); | |||
21 | + PangoOTRule *rule; | |||
22 | hb_mask_t mask; | |||
23 | unsigned int lookup_count, j; | |||
24 | unsigned int lookup_indexes[1000]; | |||
25 | 16 | |||
26 | +#if defined(__APPLE__) && defined(__GNUC__) | 17 | /* Generic template for nul-content sizeof-sized Null objects. */ | |
27 | + (void)fprintf(stdout, "%d", i); | 18 | template <typename Type> | |
28 | +#endif | |||
29 | + | |||
30 | + rule = &g_array_index (ruleset->rules, const PangoOTRule, i); | |||
31 | if (rule->table_type != PANGO_OT_TABLE_GSUB) | |||
32 | continue; | |||
33 | ||||
34 | @@ -561,6 +570,11 @@ | |||
35 | lookup_indexes[j], | |||
36 | rule->property_bit); | |||
37 | } | |||
38 | + | |||
39 | +#if defined(__APPLE__) && defined(__GNUC__) | |||
40 | + (void)fpurge(stdout); | |||
41 | +#endif | |||
42 | + | |||
43 | } | |||
44 | ||||
45 | void |
$NetBSD: patch-am,v 1.1.2.2 2010/03/27 17:51:38 tron Exp $
Fix for CVE-2010-0421.
--- pango/opentype/hb-ot-layout.cc.orig 2009-11-26 00:44:17.000000000 +0000
+++ pango/opentype/hb-ot-layout.cc
@@ -44,6 +44,8 @@ _hb_ot_layout_init (hb_face_t *face)
{
hb_ot_layout_t *layout = &face->ot_layout;
+ memset (layout, 0, sizeof (*layout));
+
layout->gdef_blob = Sanitizer<GDEF>::sanitize (hb_face_get_table (face, HB_OT_TAG_GDEF));
layout->gdef = &Sanitizer<GDEF>::lock_instance (layout->gdef_blob);
@@ -293,7 +295,7 @@ hb_ot_layout_build_glyph_classes (hb_fac
return;
if (layout->new_gdef.len == 0) {
- layout->new_gdef.klasses = (unsigned char *) calloc (num_total_glyphs, sizeof (unsigned char));
+ layout->new_gdef.klasses = (unsigned char *) calloc (count, sizeof (unsigned char));
layout->new_gdef.len = count;
}