Subject: CVS commit: [netbsd-2] xsrc/xfree/xc
To: None <source-changes@NetBSD.org>
From: Manuel Bouyer <bouyer@netbsd.org>
List: source-changes
Date: 04/05/2007 21:01:19
Module Name:	xsrc
Committed By:	bouyer
Date:		Thu Apr  5 21:01:19 UTC 2007

Modified Files:
	xsrc/xfree/xc/extras/freetype2/src/bdf [netbsd-2]: bdflib.c
	xsrc/xfree/xc/lib/X11 [netbsd-2]: ImUtil.c
	xsrc/xfree/xc/lib/font/bitmap [netbsd-2]: bdfread.c
	xsrc/xfree/xc/lib/font/fontfile [netbsd-2]: fontdir.c
	xsrc/xfree/xc/programs/Xserver/Xext [netbsd-2]: xcmisc.c

Log Message:
Pull up following revision(s) (requested by drochner in ticket #11285):
	xfree/xc/extras/freetype2/src/bdf/bdflib.c: revision 1.3
	xfree/xc/lib/X11/ImUtil.c: revision 1.2
	xfree/xc/lib/font/fontfile/fontdir.c: revision 1.2
	xfree/xc/programs/Xserver/Xext/xcmisc.c: revision 1.2
	xfree/xc/lib/font/bitmap/bdfread.c: revision 1.2
fix a possible memory corruption due to integer overflow in
ProcXCMiscGetXIDList() (CVE-2007-1003)
fix a possible memory corruption due to integer overflow, caused by lack
of validation of bdf font files (CVE 2007-1351)
fix a possible memory corruption due to integer overflow, caused by lack
of validation of fonts.dir files (CVE 2007-1352)
fix a possible memory corruption due to incomplete input validation in
XInitImage() (CVE 2007-1667)
pull in a patch from freetype CVS (CVE-2007-1351):
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
  gracefully.
  (_bdf_set_default_spacing): Increase `name' buffer size to 256 and
  issue an error for longer names.
  (_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
  number of code points in Unicode.


To generate a diff of this commit:
cvs rdiff -r1.1.1.2.4.1 -r1.1.1.2.4.2 \
    xsrc/xfree/xc/extras/freetype2/src/bdf/bdflib.c
cvs rdiff -r1.1.1.5 -r1.1.1.5.4.1 xsrc/xfree/xc/lib/X11/ImUtil.c
cvs rdiff -r1.1.1.6 -r1.1.1.6.4.1 xsrc/xfree/xc/lib/font/bitmap/bdfread.c
cvs rdiff -r1.1.1.7 -r1.1.1.7.4.1 xsrc/xfree/xc/lib/font/fontfile/fontdir.c
cvs rdiff -r1.1.1.5 -r1.1.1.5.4.1 \
    xsrc/xfree/xc/programs/Xserver/Xext/xcmisc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.