adopt evince/patch-ba to fix 2 possible buffer overflows in AFM file parsing (SA43491), bump PKGREVdiff -r1.42 -r1.43 pkgsrc/fonts/t1lib/Makefile
(drochner)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.42 2010/07/08 18:48:47 jdolecek Exp $ | 1 | # $NetBSD: Makefile,v 1.43 2011/03/08 17:13:33 drochner Exp $ | |
2 | 2 | |||
3 | DISTNAME= t1lib-5.1.2 | 3 | DISTNAME= t1lib-5.1.2 | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= fonts devel graphics | 5 | CATEGORIES= fonts devel graphics | |
6 | MASTER_SITES= ${MASTER_SITE_SUNSITE:=libs/graphics/} | 6 | MASTER_SITES= ${MASTER_SITE_SUNSITE:=libs/graphics/} | |
7 | 7 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | COMMENT= Library for generating bitmaps from Adobe Type 1 fonts | 9 | COMMENT= Library for generating bitmaps from Adobe Type 1 fonts | |
10 | 10 | |||
11 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 11 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
12 | PKG_DESTDIR_SUPPORT= user-destdir | 12 | PKG_DESTDIR_SUPPORT= user-destdir | |
13 | 13 | |||
14 | MAKE_JOBS_SAFE= no | 14 | MAKE_JOBS_SAFE= no | |
15 | 15 | |||
16 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes | |
17 | USE_TOOLS+= gmake pax | 17 | USE_TOOLS+= gmake pax |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.19 2008/02/11 18:53:38 bjs Exp $ | 1 | $NetBSD: distinfo,v 1.20 2011/03/08 17:13:33 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (t1lib-5.1.2.tar.gz) = 4b4fc22c8688eefaaa8cfc990f0039f95f4287de | 3 | SHA1 (t1lib-5.1.2.tar.gz) = 4b4fc22c8688eefaaa8cfc990f0039f95f4287de | |
4 | RMD160 (t1lib-5.1.2.tar.gz) = ab22aea390356750d743c0f4b08762aa76ca2a82 | 4 | RMD160 (t1lib-5.1.2.tar.gz) = ab22aea390356750d743c0f4b08762aa76ca2a82 | |
5 | Size (t1lib-5.1.2.tar.gz) = 1872534 bytes | 5 | Size (t1lib-5.1.2.tar.gz) = 1872534 bytes | |
6 | SHA1 (patch-aa) = 068c25f733c3037faa5051b527b1e1637d706a20 | 6 | SHA1 (patch-aa) = 068c25f733c3037faa5051b527b1e1637d706a20 | |
7 | SHA1 (patch-ac) = 14201794e29a2eeba22a9144726ed3e00322aa1d | 7 | SHA1 (patch-ac) = 14201794e29a2eeba22a9144726ed3e00322aa1d | |
8 | SHA1 (patch-ad) = 29c530f6d363de31777ad45823b55e72208c4ccb | 8 | SHA1 (patch-ad) = 29c530f6d363de31777ad45823b55e72208c4ccb | |
9 | SHA1 (patch-af) = e89df0d94e0748e468c7c3d40ce2fc0ccdb0116c | 9 | SHA1 (patch-af) = e89df0d94e0748e468c7c3d40ce2fc0ccdb0116c | |
10 | SHA1 (patch-ah) = 60ead43eeb6327cd3fd94755364633b6bf5d5d0d | 10 | SHA1 (patch-ah) = 60ead43eeb6327cd3fd94755364633b6bf5d5d0d | |
11 | SHA1 (patch-ai) = 176ed28f114f64c5e97e7c00c684a74895de2df3 |
$NetBSD: patch-ai,v 1.3 2011/03/08 17:13:33 drochner Exp $
--- lib/t1lib/parseAFM.c.orig 2007-12-23 15:49:42.000000000 +0000
+++ lib/t1lib/parseAFM.c
@@ -199,7 +199,7 @@ static char *token(stream)
idx = 0;
while (ch != EOF && ch != ' ' && ch != CR && ch != LF &&
- ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
+ ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME){
ident[idx++] = ch;
ch = fgetc(stream);
} /* while */
@@ -235,7 +235,7 @@ static char *linetoken(stream)
while ((ch = fgetc(stream)) == ' ' || ch == '\t' );
idx = 0;
- while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z)
+ while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < MAX_NAME)
{
ident[idx++] = ch;
ch = fgetc(stream);