diff options
| author |   Donnie Berkholz <dberkholz@gentoo.org> | 2007-04-05 06:51:21 +0000 |
|---|---|---|
| committer | Donnie Berkholz <dberkholz@gentoo.org> | 2007-04-05 06:51:21 +0000 |
| commit | c39a2ed632b1484c10c466e6c99d34fd86f35ea1 (patch) | |
| tree | c3ceb1a0cedbea474aea300464d9c12630c29622 /x11-libs | |
| parent | Stable on ppc64; bug #144833 (diff) | |
| download | gentoo-2-c39a2ed632b1484c10c466e6c99d34fd86f35ea1.tar.gz gentoo-2-c39a2ed632b1484c10c466e6c99d34fd86f35ea1.tar.bz2 gentoo-2-c39a2ed632b1484c10c466e6c99d34fd86f35ea1.zip | |
(#172575) Security bump. CVE 2007-1351: bdf font parsing integer overflow and CVE 2007-1352: fonts.dir file parsing integer overflow.
(Portage version: 2.1.2.3)
Diffstat (limited to 'x11-libs')
| -rw-r--r-- | x11-libs/libXfont/ChangeLog | 11 | ||||
| -rw-r--r-- | x11-libs/libXfont/files/digest-libXfont-1.2.2-r1 | 3 | ||||
| -rw-r--r-- | x11-libs/libXfont/files/digest-libXfont-1.2.7-r1 | 3 | ||||
| -rw-r--r-- | x11-libs/libXfont/files/xorg-libXfont-1.2.7-bdf-fontdir.diff | 51 | ||||
| -rw-r--r-- | x11-libs/libXfont/libXfont-1.2.2-r1.ebuild | 36 | ||||
| -rw-r--r-- | x11-libs/libXfont/libXfont-1.2.7-r1.ebuild | 36 |
6 files changed, 139 insertions, 1 deletions
diff --git a/x11-libs/libXfont/ChangeLog b/x11-libs/libXfont/ChangeLog index f09b975c51c2..b3634e6c52a6 100644 --- a/x11-libs/libXfont/ChangeLog +++ b/x11-libs/libXfont/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for x11-libs/libXfont # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.57 2007/01/28 21:05:32 dberkholz Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.58 2007/04/05 06:51:21 dberkholz Exp $ + +*libXfont-1.2.7-r1 (05 Apr 2007) +*libXfont-1.2.2-r1 (05 Apr 2007) + + 05 Apr 2007; Donnie Berkholz <dberkholz@gentoo.org>; + +files/xorg-libXfont-1.2.7-bdf-fontdir.diff, +libXfont-1.2.2-r1.ebuild, + +libXfont-1.2.7-r1.ebuild: + (#172575) Security bump. CVE 2007-1351: bdf font parsing integer overflow + and CVE 2007-1352: fonts.dir file parsing integer overflow. 28 Jan 2007; Donnie Berkholz <dberkholz@gentoo.org>; -files/1.2.0-pcfread-git.diff, -libXfont-1.1.0-r1.ebuild, diff --git a/x11-libs/libXfont/files/digest-libXfont-1.2.2-r1 b/x11-libs/libXfont/files/digest-libXfont-1.2.2-r1 new file mode 100644 index 000000000000..dd8a1ccd0799 --- /dev/null +++ b/x11-libs/libXfont/files/digest-libXfont-1.2.2-r1 @@ -0,0 +1,3 @@ +MD5 ea2bf3d122e4491ba589e8fd3576f0a1 libXfont-1.2.2.tar.bz2 597652 +RMD160 dacca74fe5cd882bcd6cceac4963f8cd8b4938d6 libXfont-1.2.2.tar.bz2 597652 +SHA256 fb2f8c2ec321b4e38a65df4eaabffa1192ed8e19408e81be20cdcfc3e98b7487 libXfont-1.2.2.tar.bz2 597652 diff --git a/x11-libs/libXfont/files/digest-libXfont-1.2.7-r1 b/x11-libs/libXfont/files/digest-libXfont-1.2.7-r1 new file mode 100644 index 000000000000..22da72b72889 --- /dev/null +++ b/x11-libs/libXfont/files/digest-libXfont-1.2.7-r1 @@ -0,0 +1,3 @@ +MD5 2f2085310f75900044d9dcd469637d26 libXfont-1.2.7.tar.bz2 573915 +RMD160 33e2688d1e3490d8b588ca2304b3d4068568dcae libXfont-1.2.7.tar.bz2 573915 +SHA256 2f8c004c0b914d460e6fd2b48d8b425cf4778d415467fc1f1d938b200462d18b libXfont-1.2.7.tar.bz2 573915 diff --git a/x11-libs/libXfont/files/xorg-libXfont-1.2.7-bdf-fontdir.diff b/x11-libs/libXfont/files/xorg-libXfont-1.2.7-bdf-fontdir.diff new file mode 100644 index 000000000000..6894406eb2a4 --- /dev/null +++ b/x11-libs/libXfont/files/xorg-libXfont-1.2.7-bdf-fontdir.diff @@ -0,0 +1,51 @@ +diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c +index acb77e9..a6f0c1e 100644 +--- a/src/bitmap/bdfread.c ++++ b/src/bitmap/bdfread.c +@@ -65,6 +65,12 @@ #include <X11/fonts/fontutil.h> + #include <X11/fonts/bitmap.h> + #include <X11/fonts/bdfint.h> + ++#if HAVE_STDINT_H ++#include <stdint.h> ++#elif !defined(INT32_MAX) ++#define INT32_MAX 0x7fffffff ++#endif ++ + #define INDICES 256 + #define MAXENCODING 0xFFFF + #define BDFLINELEN 1024 +@@ -288,6 +294,11 @@ bdfReadCharacters(FontFilePtr file, Font + bdfError("invalid number of CHARS in BDF file\n"); + return (FALSE); + } ++ if (nchars > INT32_MAX / sizeof(CharInfoRec)) { ++ bdfError("Couldn't allocate pCI (%d*%d)\n", nchars, ++ sizeof(CharInfoRec)); ++ goto BAILOUT; ++ } + ci = (CharInfoPtr) xalloc(nchars * sizeof(CharInfoRec)); + if (!ci) { + bdfError("Couldn't allocate pCI (%d*%d)\n", nchars, +diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c +index aae1f2e..cf68a54 100644 +--- a/src/fontfile/fontdir.c ++++ b/src/fontfile/fontdir.c +@@ -38,9 +38,17 @@ #endif + #include <X11/fonts/fntfilst.h> + #include <X11/keysym.h> + ++#if HAVE_STDINT_H ++#include <stdint.h> ++#elif !defined(INT32_MAX) ++#define INT32_MAX 0x7fffffff ++#endif ++ + Bool + FontFileInitTable (FontTablePtr table, int size) + { ++ if (size < 0 || (size > INT32_MAX/sizeof(FontEntryRec))) ++ return FALSE; + if (size) + { + table->entries = (FontEntryPtr) xalloc(sizeof(FontEntryRec) * size); diff --git a/x11-libs/libXfont/libXfont-1.2.2-r1.ebuild b/x11-libs/libXfont/libXfont-1.2.2-r1.ebuild new file mode 100644 index 000000000000..f8c81454b487 --- /dev/null +++ b/x11-libs/libXfont/libXfont-1.2.2-r1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/libXfont-1.2.2-r1.ebuild,v 1.1 2007/04/05 06:51:21 dberkholz Exp $ + +# Must be before x-modular eclass is inherited +# SNAPSHOT="yes" + +inherit x-modular flag-o-matic + +DESCRIPTION="X.Org Xfont library" + +KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" +IUSE="ipv6" + +RDEPEND="x11-libs/xtrans + x11-libs/libfontenc + x11-proto/xproto + x11-proto/fontsproto + >=media-libs/freetype-2" +DEPEND="${RDEPEND} + x11-proto/fontcacheproto" + +CONFIGURE_OPTIONS="$(use_enable ipv6) + --with-encodingsdir=/usr/share/fonts/encodings" + +PATCHES="${FILESDIR}/xorg-${PN}-1.2.7-bdf-fontdir.diff" + +pkg_setup() { + # No such function yet + # x-modular_pkg_setup + + # (#125465) Broken with Bdirect support + filter-flags -Wl,-Bdirect + filter-ldflags -Bdirect + filter-ldflags -Wl,-Bdirect +} diff --git a/x11-libs/libXfont/libXfont-1.2.7-r1.ebuild b/x11-libs/libXfont/libXfont-1.2.7-r1.ebuild new file mode 100644 index 000000000000..0f4623086b21 --- /dev/null +++ b/x11-libs/libXfont/libXfont-1.2.7-r1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/libXfont-1.2.7-r1.ebuild,v 1.1 2007/04/05 06:51:21 dberkholz Exp $ + +# Must be before x-modular eclass is inherited +# SNAPSHOT="yes" + +inherit x-modular flag-o-matic + +DESCRIPTION="X.Org Xfont library" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="ipv6" + +RDEPEND="x11-libs/xtrans + x11-libs/libfontenc + x11-proto/xproto + x11-proto/fontsproto + >=media-libs/freetype-2" +DEPEND="${RDEPEND} + x11-proto/fontcacheproto" + +CONFIGURE_OPTIONS="$(use_enable ipv6) + --with-encodingsdir=/usr/share/fonts/encodings" + +PATCHES="${FILESDIR}/xorg-${P}-bdf-fontdir.diff" + +pkg_setup() { + # No such function yet + # x-modular_pkg_setup + + # (#125465) Broken with Bdirect support + filter-flags -Wl,-Bdirect + filter-ldflags -Bdirect + filter-ldflags -Wl,-Bdirect +} |