pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/XFree86-libs Fix for CVE-2006-3739 and CVE-2006-3740.
details: https://anonhg.NetBSD.org/pkgsrc/rev/291393b93e12
branches: trunk
changeset: 518723:291393b93e12
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sat Sep 16 08:28:36 2006 +0000
description:
Fix for CVE-2006-3739 and CVE-2006-3740.
diffstat:
x11/XFree86-libs/Makefile | 4 +-
x11/XFree86-libs/distinfo | 5 +++-
x11/XFree86-libs/patches/patch-av | 25 +++++++++++++++++++
x11/XFree86-libs/patches/patch-aw | 51 +++++++++++++++++++++++++++++++++++++++
x11/XFree86-libs/patches/patch-ax | 13 +++++++++
5 files changed, 95 insertions(+), 3 deletions(-)
diffs (131 lines):
diff -r 8081c69bf834 -r 291393b93e12 x11/XFree86-libs/Makefile
--- a/x11/XFree86-libs/Makefile Sat Sep 16 07:18:59 2006 +0000
+++ b/x11/XFree86-libs/Makefile Sat Sep 16 08:28:36 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2006/09/04 20:48:04 adrianp Exp $
+# $NetBSD: Makefile,v 1.30 2006/09/16 08:28:36 adrianp Exp $
DISTNAME= ${DISTFILES}
PKGNAME= XFree86-libs-${XF_VER}
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= x11
MASTER_SITES= ${MASTER_SITE_XFREE}
DISTFILES= XFree86-${XF_VER}-src-1.tgz XFree86-${XF_VER}-src-2.tgz \
diff -r 8081c69bf834 -r 291393b93e12 x11/XFree86-libs/distinfo
--- a/x11/XFree86-libs/distinfo Sat Sep 16 07:18:59 2006 +0000
+++ b/x11/XFree86-libs/distinfo Sat Sep 16 08:28:36 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2006/09/04 20:48:04 adrianp Exp $
+$NetBSD: distinfo,v 1.12 2006/09/16 08:28:36 adrianp Exp $
SHA1 (XFree86-4.4.0-src-1.tgz) = 44b38a7044c82d0b2f785b0e6a935349abcb5d79
RMD160 (XFree86-4.4.0-src-1.tgz) = 40917951f1f661bfa28450771bbe86e8f0dd2549
@@ -33,3 +33,6 @@
SHA1 (patch-as) = c0b27ef82c688c535fdd46cb5de3315e24677fc6
SHA1 (patch-at) = 7cd02712c1ae4ca070564d2f7b5cb4e3e5b6e93b
SHA1 (patch-au) = 8e121828d0f826f9029c0aee0f39e4e7ea2b0dac
+SHA1 (patch-av) = bb9adf1a535781ef9f765d8e705a031cfabf7edb
+SHA1 (patch-aw) = ee25a878725b00e6c1f4cbd592ee6e63c33a9d55
+SHA1 (patch-ax) = c90ff7bfe7dbb9d7bf3bf3300ec386da187aec29
diff -r 8081c69bf834 -r 291393b93e12 x11/XFree86-libs/patches/patch-av
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/XFree86-libs/patches/patch-av Sat Sep 16 08:28:36 2006 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-av,v 1.3 2006/09/16 08:28:36 adrianp Exp $
+
+--- lib/font/Type1/afm.c.orig 2001-08-27 20:49:52.000000000 +0100
++++ lib/font/Type1/afm.c
+@@ -30,6 +30,8 @@
+ #include "fontmisc.h" /* for xalloc/xfree */
+ #include "AFM.h"
+
++#include <limits.h>
++
+ #define PBUF 256
+ #define KBUF 20
+
+@@ -111,6 +113,11 @@ int CIDAFM(FILE *fd, FontInfo **pfi) {
+
+ fi->nChars = atoi(p);
+
++ if (fi->nChars < 0 || fi->nChars > INT_MAX / sizeof(Metrics)) {
++ xfree(afmbuf);
++ xfree(fi);
++ return(1);
++ }
+ fi->metrics = (Metrics *)xalloc(fi->nChars *
+ sizeof(Metrics));
+ if (fi->metrics == NULL) {
diff -r 8081c69bf834 -r 291393b93e12 x11/XFree86-libs/patches/patch-aw
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/XFree86-libs/patches/patch-aw Sat Sep 16 08:28:36 2006 +0000
@@ -0,0 +1,51 @@
+$NetBSD: patch-aw,v 1.3 2006/09/16 08:28:36 adrianp Exp $
+
+--- lib/font/Type1/scanfont.c.orig 2003-11-29 04:55:28.000000000 +0000
++++ lib/font/Type1/scanfont.c
+@@ -64,6 +64,8 @@
+ #include "spaces.h"
+ #include "fontfcn.h"
+ #include "blues.h"
++
++#include <limits.h>
+
+ #ifdef BUILDCID
+ #define CID_BUFSIZE 80
+@@ -646,6 +648,7 @@ getFDArray(psobj *arrayP)
+ arrayP->data.valueP = tokenStartP;
+
+ /* allocate FDArray */
++ /* No integer overflow since arrayP->len is unsigned short */
+ FDArrayP = (psfont *)vm_alloc(arrayP->len*(sizeof(psfont)));
+ if (!(FDArrayP)) return(SCAN_OUT_OF_MEMORY);
+
+@@ -842,7 +845,8 @@ BuildSubrs(psfont *FontP)
+ }
+ return(SCAN_OK);
+ }
+-
++ if (N > INT_MAX / sizeof(psobj))
++ return (SCAN_ERROR);
+ arrayP = (psobj *)vm_alloc(N*sizeof(psobj));
+ if (!(arrayP) ) return(SCAN_OUT_OF_MEMORY);
+ FontP->Subrs.len = N;
+@@ -903,7 +907,7 @@ BuildCharStrings(psfont *FontP)
+ }
+ else return(rc); /* if next token was not an Int */
+ }
+- if (N<=0) return(SCAN_ERROR);
++ if (N<=0 || N > INT_MAX / sizeof(psdict)) return(SCAN_ERROR);
+ /* save number of entries in the dictionary */
+
+ dictP = (psdict *)vm_alloc((N+1)*sizeof(psdict));
+@@ -1711,6 +1715,10 @@ scan_cidfont(cidfont *CIDFontP, cmapres
+ if (tokenType == TOKEN_INTEGER)
+ rangecnt = tokenValue.integer;
+
++ if (rangecnt < 0 || rangecnt > INT_MAX / sizeof(spacerangecode)) {
++ rc = SCAN_ERROR;
++ break;
++ }
+ /* ==> tokenLength, tokenTooLong, tokenType, and */
+ /* tokenValue are now set */
+
diff -r 8081c69bf834 -r 291393b93e12 x11/XFree86-libs/patches/patch-ax
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/XFree86-libs/patches/patch-ax Sat Sep 16 08:28:36 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ax,v 1.3 2006/09/16 08:28:36 adrianp Exp $
+
+--- lib/font/Type1/util.c.orig 2001-01-17 19:43:24.000000000 +0000
++++ lib/font/Type1/util.c
+@@ -97,7 +97,7 @@ vm_alloc(int bytes)
+ bytes = (bytes + 7) & ~7;
+
+ /* Allocate the space, if it is available */
+- if (bytes <= vm_free) {
++ if (bytes > 0 && bytes <= vm_free) {
+ answer = vm_next;
+ vm_free -= bytes;
+ vm_next += bytes;
Home |
Main Index |
Thread Index |
Old Index