[pkgsrc/trunk]: pkgsrc/x11/XFree86-libs Add a patch via X.Org to address SA21450

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/x11/XFree86-libs Add a patch via X.Org to address SA21450
From: adrianp <adrianp%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 03:56:34 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7ceed5ef0b93
branches:  trunk
changeset: 518260:7ceed5ef0b93
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Mon Sep 04 20:48:04 2006 +0000

description:
Add a patch via X.Org to address SA21450
This package has massive PLIST* issues and does not install correctly.  This
update is just to address a known security issue.

diffstat:

 x11/XFree86-libs/Makefile         |    4 +-
 x11/XFree86-libs/distinfo         |    3 +-
 x11/XFree86-libs/patches/patch-au |  106 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 110 insertions(+), 3 deletions(-)

diffs (138 lines):

diff -r 7983ad10424b -r 7ceed5ef0b93 x11/XFree86-libs/Makefile
--- a/x11/XFree86-libs/Makefile Mon Sep 04 20:23:30 2006 +0000
+++ b/x11/XFree86-libs/Makefile Mon Sep 04 20:48:04 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2006/04/22 09:22:17 rillig Exp $
+# $NetBSD: Makefile,v 1.29 2006/09/04 20:48:04 adrianp Exp $
 
 DISTNAME=              ${DISTFILES}
 PKGNAME=               XFree86-libs-${XF_VER}
-PKGREVISION=           7
+PKGREVISION=           8
 CATEGORIES=            x11
 MASTER_SITES=          ${MASTER_SITE_XFREE}
 DISTFILES=             XFree86-${XF_VER}-src-1.tgz XFree86-${XF_VER}-src-2.tgz \
diff -r 7983ad10424b -r 7ceed5ef0b93 x11/XFree86-libs/distinfo
--- a/x11/XFree86-libs/distinfo Mon Sep 04 20:23:30 2006 +0000
+++ b/x11/XFree86-libs/distinfo Mon Sep 04 20:48:04 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/09/18 19:51:55 xtraeme Exp $
+$NetBSD: distinfo,v 1.11 2006/09/04 20:48:04 adrianp Exp $
 
 SHA1 (XFree86-4.4.0-src-1.tgz) = 44b38a7044c82d0b2f785b0e6a935349abcb5d79
 RMD160 (XFree86-4.4.0-src-1.tgz) = 40917951f1f661bfa28450771bbe86e8f0dd2549
@@ -32,3 +32,4 @@
 SHA1 (patch-ar) = c9ad52d94aedd94d7c0e0dc254d02cde5e33b637
 SHA1 (patch-as) = c0b27ef82c688c535fdd46cb5de3315e24677fc6
 SHA1 (patch-at) = 7cd02712c1ae4ca070564d2f7b5cb4e3e5b6e93b
+SHA1 (patch-au) = 8e121828d0f826f9029c0aee0f39e4e7ea2b0dac
diff -r 7983ad10424b -r 7ceed5ef0b93 x11/XFree86-libs/patches/patch-au
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/XFree86-libs/patches/patch-au Mon Sep 04 20:48:04 2006 +0000
@@ -0,0 +1,106 @@
+$NetBSD: patch-au,v 1.4 2006/09/04 20:48:04 adrianp Exp $
+
+Security fix for SA21446, adapted from X.org.
+
+--- lib/font/bitmap/pcfread.c.orig     2003-11-18 02:17:04.000000000 +0100
++++ lib/font/bitmap/pcfread.c  2006-08-22 16:31:30.000000000 +0200
+@@ -32,6 +32,8 @@ from The Open Group.
+  * Author:  Keith Packard, MIT X Consortium
+  */
+ 
++#include <stdint.h>
++
+ #include "fntfilst.h"
+ #include "bitmap.h"
+ #include "pcf.h"
+@@ -129,6 +131,10 @@ pcfReadTOC(FontFilePtr file, int *countp
+       return (PCFTablePtr) NULL;
+     count = pcfGetLSB32(file);
+     if (IS_EOF(file)) return (PCFTablePtr) NULL;
++    if (count < 0 || count > INT32_MAX / sizeof(PCFTableRec)) {
++      pcfError("pcfReadTOC(): invalid file format\n");
++      return NULL;
++    }
+     tables = (PCFTablePtr) xalloc(count * sizeof(PCFTableRec));
+     if (!tables) {
+       pcfError("pcfReadTOC(): Couldn't allocate tables (%d*%d)\n", count, sizeof(PCFTableRec));
+@@ -248,6 +254,10 @@ pcfGetProperties(FontInfoPtr pFontInfo, 
+     if (!PCF_FORMAT_MATCH(format, PCF_DEFAULT_FORMAT))
+       goto Bail;
+     nprops = pcfGetINT32(file, format);
++    if (nprops <= 0 || nprops > INT32_MAX / sizeof(FontPropRec)) {
++      pcfError("pcfGetProperties(): invalid nprops value (%d)\n", nprops);
++      goto Bail;
++    }
+     if (IS_EOF(file)) goto Bail;
+     props = (FontPropPtr) xalloc(nprops * sizeof(FontPropRec));
+     if (!props) {
+@@ -263,6 +273,13 @@ pcfGetProperties(FontInfoPtr pFontInfo, 
+       props[i].name = pcfGetINT32(file, format);
+       isStringProp[i] = pcfGetINT8(file, format);
+       props[i].value = pcfGetINT32(file, format);
++      if (props[i].name < 0 
++          || (isStringProp[i] != 0 && isStringProp[i] != 1)
++          || (isStringProp[i] && props[i].value < 0)) {
++          pcfError("pcfGetProperties(): invalid file format %d %d %d\n",
++                   props[i].name, isStringProp[i], props[i].value);
++          goto Bail;
++      }
+       if (IS_EOF(file)) goto Bail;
+     }
+     /* pad the property array */
+@@ -278,6 +295,7 @@ pcfGetProperties(FontInfoPtr pFontInfo, 
+     }
+     if (IS_EOF(file)) goto Bail;
+     string_size = pcfGetINT32(file, format);
++    if (string_size < 0) goto Bail;
+     if (IS_EOF(file)) goto Bail;
+     strings = (char *) xalloc(string_size);
+     if (!strings) {
+@@ -418,6 +436,10 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+     else
+       nmetrics = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if (nmetrics < 0 || nmetrics > INT32_MAX / sizeof(CharInfoRec)) {
++      pcfError("pcfReadFont(): invalid file format\n");
++      goto Bail;
++    }
+     metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec));
+     if (!metrics) {
+       pcfError("pcfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec));
+@@ -443,7 +465,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+     nbitmaps = pcfGetINT32(file, format);
+     if (nbitmaps != nmetrics || IS_EOF(file))
+       goto Bail;
+-
++    /* nmetrics is already ok, so nbitmap also is */
+     offsets = (CARD32 *) xalloc(nbitmaps * sizeof(CARD32));
+     if (!offsets) {
+       pcfError("pcfReadFont(): Couldn't allocate offsets (%d*%d)\n", nbitmaps, sizeof(CARD32));
+@@ -457,6 +479,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+     for (i = 0; i < GLYPHPADOPTIONS; i++) {
+       bitmapSizes[i] = pcfGetINT32(file, format);
+       if (IS_EOF(file)) goto Bail;
++      if (bitmapSizes[i] < 0) goto Bail;
+     }
+     
+     sizebitmaps = bitmapSizes[PCF_GLYPH_PAD_INDEX(format)];
+@@ -532,6 +555,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+       if (IS_EOF(file)) goto Bail;
+       if (nink_metrics != nmetrics)
+           goto Bail;
++      /* nmetrics already checked */
+       ink_metrics = (xCharInfo *) xalloc(nink_metrics * sizeof(xCharInfo));
+       if (!ink_metrics) {
+           pcfError("pcfReadFont(): Couldn't allocate ink_metrics (%d*%d)\n", nink_metrics, sizeof(xCharInfo));       
+@@ -805,6 +829,10 @@ pmfReadFont(FontPtr pFont, FontFilePtr f
+     else
+       nmetrics = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if (nmetrics < 0 || nmetrics > INT32_MAX / sizeof(CharInfoRec)) {
++      pcfError("pmfReadFont(): invalid file format\n");
++      goto Bail;
++    }
+     metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec));
+     if (!metrics) {
+       pcfError("pmfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec));

Prev by Date: [pkgsrc/trunk]: pkgsrc/www/elinks Update elinks to 0.11.1nb4:
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated emulators/qemu to 0.8.2 (ACPI support!)
Previous by Thread: [pkgsrc/trunk]: pkgsrc/www/elinks Update elinks to 0.11.1nb4:
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated emulators/qemu to 0.8.2 (ACPI support!)
Indexes:

Home | Main Index | Thread Index | Old Index