From 292f70d88cda5d1323fc7c22f3a14dc5d5b462ecf0f88850e163787b100f43da Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sat, 26 Jan 2008 17:05:31 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-libs?expand=0&rev=31 --- bug348296-pcf_font_parser-libXfont.diff | 25 +++++ xorg-x11-libs.changes | 6 ++ xorg-x11-libs.spec | 123 ++++++++++++------------ 3 files changed, 95 insertions(+), 59 deletions(-) create mode 100644 bug348296-pcf_font_parser-libXfont.diff diff --git a/bug348296-pcf_font_parser-libXfont.diff b/bug348296-pcf_font_parser-libXfont.diff new file mode 100644 index 0000000..ddc1d54 --- /dev/null +++ b/bug348296-pcf_font_parser-libXfont.diff @@ -0,0 +1,25 @@ +--- src/bitmap/pcfread.c.orig Tue Aug 29 19:15:50 2006 ++++ src/bitmap/pcfread.c Tue Dec 18 17:22:26 2007 +@@ -588,7 +588,10 @@ + pFont->info.lastRow = pcfGetINT16(file, format); + pFont->info.defaultCh = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; +- ++ if (pFont->info.firstCol > pFont->info.lastCol || ++ pFont->info.firstRow > pFont->info.lastRow || ++ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail; ++ + nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) * + (pFont->info.lastRow - pFont->info.firstRow + 1); + +@@ -726,7 +729,10 @@ + pFontInfo->lastRow = pcfGetINT16(file, format); + pFontInfo->defaultCh = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; +- ++ if (pFontInfo->firstCol > pFontInfo->lastCol || ++ pFontInfo->firstRow > pFontInfo->lastRow || ++ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail; ++ + nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) * + (pFontInfo->lastRow - pFontInfo->firstRow + 1); diff --git a/xorg-x11-libs.changes b/xorg-x11-libs.changes index 3d12a3b..7e41f70 100644 --- a/xorg-x11-libs.changes +++ b/xorg-x11-libs.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 18 01:37:25 CET 2008 - sndirsch@suse.de + +- bug348296-pcf_font_parser-libXfont.diff + * PCF font parser vulnerability (Bug #348296) + ------------------------------------------------------------------- Thu Nov 22 22:20:16 CET 2007 - sndirsch@suse.de diff --git a/xorg-x11-libs.spec b/xorg-x11-libs.spec index 4a1a175..5beee26 100644 --- a/xorg-x11-libs.spec +++ b/xorg-x11-libs.spec @@ -1,7 +1,7 @@ # # spec file for package xorg-x11-libs (Version 7.3) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -19,7 +19,7 @@ Provides: libXaw.so.8 libXaw.so.7 libXaw.so.6 %endif Url: http://xorg.freedesktop.org/ Version: 7.3 -Release: 15 +Release: 29 License: X11/MIT BuildRoot: %{_tmppath}/%{name}-%{version}-build Group: System/Libraries @@ -64,6 +64,7 @@ Patch3: p_xft_cjk.diff Patch4: p_xft_register.diff Patch5: libxkbui.diff Patch10: libXxf86misc-xcb.diff +Patch348296: bug348296-pcf_font_parser-libXfont.diff %description This package contains the remaining X.Org libraries. @@ -148,6 +149,7 @@ popd pushd libXxf86misc-* %patch10 -p0 popd +patch -d libXfont-* -p0 -s -i %PATCH348296 %build for dir in libXft1-* xbitmaps-* $(ls | grep -v -e libXft1 -e xbitmaps); do @@ -217,19 +219,22 @@ exit 0 %{_mandir}/man3/* %changelog -* Thu Nov 22 2007 - sndirsch@suse.de +* Fri Jan 18 2008 sndirsch@suse.de +- bug348296-pcf_font_parser-libXfont.diff + * PCF font parser vulnerability (Bug #348296) +* Thu Nov 22 2007 sndirsch@suse.de - pixman --> pixman-1 - obsoletes pixman.diff -* Thu Nov 15 2007 - sndirsch@suse.de +* Thu Nov 15 2007 sndirsch@suse.de - pixman 0.9.6 * fixes X.Org Bug 12398 * no longer run SSE instructions on non-SSE CPUs -* Sat Sep 29 2007 - sndirsch@suse.de +* Sat Sep 29 2007 sndirsch@suse.de - pixman.diff: * fixed pkgconfig file -* Sat Sep 29 2007 - sndirsch@suse.de +* Sat Sep 29 2007 sndirsch@suse.de - bumped version to 7.3 -* Thu Sep 06 2007 - sndirsch@suse.de +* Thu Sep 06 2007 sndirsch@suse.de - pixman-0.9.5 * Don't skip fbFetch/fbStore when PIXMAN_FB_ACCESSORS is enabled. * Remove redundant defines. @@ -257,43 +262,43 @@ exit 0 - libXxf86dga 1.0.2 * This release fixes a sign-extension bug with nasty results on I32L64 platforms. -* Tue Aug 28 2007 - sndirsch@suse.de +* Tue Aug 28 2007 sndirsch@suse.de - added libpciaccess (release 0.9.1) -* Mon Aug 27 2007 - sndirsch@suse.de +* Mon Aug 27 2007 sndirsch@suse.de - libXcursor 1.1.9 * Use cursorpath found by configure in man page * Add XCURSOR_PATH to man page * Make shadow man pages for each function * Store the cursor names in one large string. -* Fri Aug 24 2007 - sndirsch@suse.de +* Fri Aug 24 2007 sndirsch@suse.de - libXaw 1.0.4 * Use iswalnum() if it's present as a function, not just if it's [#]defined * Bug #11091: libXaw COPYING file * Bug #9649: Bad markup on XAw.3x * obsoletes bug233919-libXaw.diff -* Tue Aug 21 2007 - sndirsch@suse.de +* Tue Aug 21 2007 sndirsch@suse.de - fixed build of libpixman -* Sat Aug 18 2007 - sndirsch@suse.de +* Sat Aug 18 2007 sndirsch@suse.de - libXtst man pages generation fails if srcdir != builddir -* Wed Aug 08 2007 - sndirsch@suse.de +* Wed Aug 08 2007 sndirsch@suse.de - pixman 0.9.4 * This is the initial release of the pixman library. Pixman contains lowlevel pixel manipulation routines and is used by both xorg and cairo. -* Thu Aug 02 2007 - sndirsch@suse.de +* Thu Aug 02 2007 sndirsch@suse.de - libXi 1.1.2 * "Brown paper bag release, that actually lets DevicePresenceNotify work: cf. http://people.freedesktop.org/~daniels/devicemon.c." -* Thu Jul 05 2007 - sndirsch@suse.de +* Thu Jul 05 2007 sndirsch@suse.de - libXi 1.1.1 * DevicePresenceNotify: remove verbosity, fill out all fields * Makefile.am: make ChangeLog hook safer * Bug #8663: _XiCheckExtInit must drop the Display lock in all error cases. * Bug 9657: Bad markup on XGrabDeviceKey.3x -* Wed Jul 04 2007 - sndirsch@suse.de +* Wed Jul 04 2007 sndirsch@suse.de - libXfont 1.3.0 * Ok, here's another libXfont release. There was a crasher where strstr would chase a NULL pointer if a symlink didn't have any @@ -304,54 +309,54 @@ exit 0 - libXcomposite 0.4.0 * Follow composite protocol version to 0.4, although there is no ABI change. -* Thu Jun 07 2007 - sndirsch@suse.de +* Thu Jun 07 2007 sndirsch@suse.de - updated libXtst to release 1.0.2 * ANSIfy static function declarations (clears some lint warnings) * Coverity #578/579: Don't leak memory if one malloc fails but other succeeds * Add man pages for XTest*() functions -* Thu May 03 2007 - sndirsch@suse.de +* Thu May 03 2007 sndirsch@suse.de - updated libXcomposite to release 0.3.2 * No code changes since 0.3.1 - just adding a man page for the API. -* Tue May 01 2007 - sndirsch@suse.de +* Tue May 01 2007 sndirsch@suse.de - updated libvnc/libXcliplist to current CVS (2007-05-01) -* Wed Apr 11 2007 - sndirsch@suse.de +* Wed Apr 11 2007 sndirsch@suse.de - updated libXi to release 1.0.4 * Don't call XInput_find_display in _XiGetExtensionVersion, while the Display lock is held. - obsoletes libXi-20061015090357.diff -* Wed Apr 11 2007 - sndirsch@suse.de +* Wed Apr 11 2007 sndirsch@suse.de - updated libXi to release 1.0.3 * X.Org Bug #8663: _XiCheckExtInit must drop the Display lock in all error cases - obsoletes libXi-20061119100426.diff -* Fri Apr 06 2007 - sndirsch@suse.de +* Fri Apr 06 2007 sndirsch@suse.de - updated libXfont to release 1.2.8: * Actually use loadable font modules * Add #pragma weak for Sun cc where needed * added -flat_namespace to CFLAGS for Darwin * Integer overflow vulnerabilities - obsoletes bug-247730-247732_libXfont.diff -* Mon Mar 26 2007 - sndirsch@suse.de +* Mon Mar 26 2007 sndirsch@suse.de - bug-247730-247732_libXfont.diff: * X Window System Server fonts.dir File Parsing Integer Overflow Vulnerability / X Window System Server BDF Font Parsing Integer Overflow Vulnerability (Bugs #247730, #247732) -* Sat Mar 17 2007 - sndirsch@suse.de +* Sat Mar 17 2007 sndirsch@suse.de - updated libXinerama to release 1.0.2 * Add support for source code checkers such as sparse & lint * Clear sparse warnings & error * Remove unneeded #include of * Add man page for Xinerama API functions -* Wed Mar 14 2007 - sndirsch@suse.de +* Wed Mar 14 2007 sndirsch@suse.de - updated libXdamage to release 1.1.1 * This release fixes the DSO versioning for the added ABI. -* Mon Mar 05 2007 - sndirsch@suse.de +* Mon Mar 05 2007 sndirsch@suse.de - updated libXrandr to release 1.2.1 * Fix the use of a C++ keyword as a parameter name in Xrandr.h - obsoletes p_xrandr-headers.diff -* Sat Mar 03 2007 - sndirsch@suse.de +* Sat Mar 03 2007 sndirsch@suse.de - added xcb-util 0.2: The xcb-util module provides a number of libraries which sit on top of libxcb, the core X protocol library, and some of the @@ -372,16 +377,16 @@ exit 0 * event: Callback X event handling. * image: Port of Xlib's XImage and XShmImage functions. * wm: Framework for window manager implementation. -* Thu Mar 01 2007 - sndirsch@suse.de +* Thu Mar 01 2007 sndirsch@suse.de - libXxf86misc-xcb.diff: * added missing UnlockDisplay() calls -* Fri Feb 23 2007 - dmueller@suse.de +* Fri Feb 23 2007 dmueller@suse.de - p_xrandr-headers.diff: * delete is a keyword in non-C languages -* Fri Feb 23 2007 - sndirsch@suse.de +* Fri Feb 23 2007 sndirsch@suse.de - libXrandr.diff: * fixes fatal warning -* Wed Feb 21 2007 - sndirsch@suse.de +* Wed Feb 21 2007 sndirsch@suse.de - updated libXrandr to release 1.2.0 * Merge branch 'randr-1.2' * Add support for various output property requests. @@ -401,32 +406,32 @@ exit 0 * Merge 64-bit fixes in * Must pass size information in SetCrtcGamma request. * Reset version from 1.2.0.0 to 1.2.0 -* Tue Jan 23 2007 - sndirsch@suse.de +* Tue Jan 23 2007 sndirsch@suse.de - bug233919-libXaw.diff: * fixes buffer overflow in xedit (Bug #233919) -* Tue Jan 23 2007 - sndirsch@suse.de +* Tue Jan 23 2007 sndirsch@suse.de - updated libXfont to release 1.2.7 * fontfile: accept empty (but valid) font paths (bug #3091) * Add stubs for the scalable renderer callbacks. -* Fri Jan 12 2007 - sndirsch@suse.de +* Fri Jan 12 2007 sndirsch@suse.de - added libvnc/libXcliplist from xf4vnc project -* Thu Jan 11 2007 - sndirsch@suse.de +* Thu Jan 11 2007 sndirsch@suse.de - updated libXdamage to release 1.1 * adds the interface to the new DamageAdd request -* Thu Jan 04 2007 - sndirsch@suse.de +* Thu Jan 04 2007 sndirsch@suse.de - updated libXaw to release 1.0.3 * Fix configure option --disable-xaw6 to not break builds of xaw7 or xaw8 & rebuild with latest autoconf/automake/xorg-macros. -* Wed Dec 27 2006 - sndirsch@suse.de +* Wed Dec 27 2006 sndirsch@suse.de - set sysconfdir appropriate (Bug #230714) -* Wed Dec 20 2006 - sndirsch@suse.de +* Wed Dec 20 2006 sndirsch@suse.de - libXi-20061015090357.diff: * Don't call XInput_find_display in _XiGetExtensionVersion, while the Display lock is held (X.Org Bug #8581/9392) - libXi-20061119100426.diff: * _XiCheckExtInit must drop the Display lock in all error cases (X.Org Bug #8663) -* Sun Dec 17 2006 - sndirsch@suse.de +* Sun Dec 17 2006 sndirsch@suse.de - updated libXScrnSaver to release 1.1.2 * Makefile.am: make ChangeLog hook safer - updated libXfont to release 1.2.6 @@ -439,19 +444,19 @@ exit 0 * Makefile.am: make ChangeLog hook as safe as possible - updated libXvMC to release 1.0.4 * Makefile.am: make ChangeLog hook safer -* Sat Dec 09 2006 - sndirsch@suse.de +* Sat Dec 09 2006 sndirsch@suse.de - updated libXft to release 2.1.12 * XftNameUnparse: re-export to public API (bug #8900) -* Sun Dec 03 2006 - sndirsch@suse.de +* Sun Dec 03 2006 sndirsch@suse.de - moved libxcb to seperate package (xorg-x11-libxcb) - updated libXfont to release 1.2.5 * remove CID font support (bug #5553) -* Mon Nov 27 2006 - dmueller@suse.de +* Mon Nov 27 2006 dmueller@suse.de - reduce p_xft_cjk.diff to only disable antialiasing on fonts with embedded bitmaps (Bug #223682) -* Fri Nov 10 2006 - sndirsch@suse.de +* Fri Nov 10 2006 sndirsch@suse.de - fixed typo in libxkbui (Bug #219732) -* Wed Nov 08 2006 - sndirsch@suse.de +* Wed Nov 08 2006 sndirsch@suse.de - updated libXdamage to release 1.0.4 (X.Org 7.2 RC2) * Remove incorrect UnlockDisplay and SyncHandle from XDamageQueryVersion @@ -459,16 +464,16 @@ exit 0 * fix indentation on function declarations * Don't call XInput_find_display in _XiCheckExtInit, while the Display lock is held. -* Fri Nov 03 2006 - sndirsch@suse.de +* Fri Nov 03 2006 sndirsch@suse.de - updated optional libxcb to release 1.0 RC3 (0.9.93) -* Fri Oct 20 2006 - mfabian@suse.de +* Fri Oct 20 2006 mfabian@suse.de - Bugzilla 213320: add lcd-filter-2 patch from David Turner, see http://lists.gnu.org/archive/html/freetype/2006-09/msg00083.html http://david.freetype.org/lcd/libXft-2.1.7-lcd-filter-2.patch (This patch is needed for freetype >= 2.2.2). -* Mon Oct 16 2006 - sndirsch@suse.de +* Mon Oct 16 2006 sndirsch@suse.de - added optional libxcb -* Sat Oct 14 2006 - sndirsch@suse.de +* Sat Oct 14 2006 sndirsch@suse.de - package update to X.Org 7.2RC1 * libXevie-1.0.2 * libXfontcache-1.0.3 @@ -479,12 +484,12 @@ exit 0 * libXrandr-1.1.2 * libXScrnSaver-1.1.1 * libXft-2.1.11 -* Mon Oct 09 2006 - sndirsch@suse.de +* Mon Oct 09 2006 sndirsch@suse.de - updated to libXvMC 1.0.3: * Minor cleanup release - just some sparse warning cleanups, and adding autoconf check to enable shmat() code (missed in original conversion from Imake). -* Tue Sep 12 2006 - sndirsch@suse.de +* Tue Sep 12 2006 sndirsch@suse.de - updated libXfont to release 1.2.2 * Fixes for integer overflows in CID encoded fonts parsing reported by iDefense @@ -493,26 +498,26 @@ exit 0 * move builtin fonts to gzip * Bug #7397: Fix a buffer overflow in Freetype font support. * obsoletes libXfont-pcfread.diff -* Thu Aug 31 2006 - sndirsch@suse.de +* Thu Aug 31 2006 sndirsch@suse.de - fixed libXaw Provides for 64bit (Bug #198461) -* Sat Aug 12 2006 - sndirsch@suse.de +* Sat Aug 12 2006 sndirsch@suse.de - added libXft1 (Bug #198432) -* Sat Aug 05 2006 - sndirsch@suse.de +* Sat Aug 05 2006 sndirsch@suse.de - p_xft_cjk.diff: * adds fake bold support to Xft library (Bug #38202) - p_xft_register.diff: * new fontconfig objects needs to be registered first (Bug #141216) -* Wed Aug 02 2006 - sndirsch@suse.de +* Wed Aug 02 2006 sndirsch@suse.de - added /usr/include/X11/pixmaps/ to filelist -* Mon Jul 31 2006 - sndirsch@suse.de +* Mon Jul 31 2006 sndirsch@suse.de - moved bitmap directory from -devel to main package -* Fri Jul 28 2006 - sndirsch@suse.de +* Fri Jul 28 2006 sndirsch@suse.de - use "-fno-strict-aliasing" -* Thu Jul 27 2006 - sndirsch@suse.de +* Thu Jul 27 2006 sndirsch@suse.de - use $RPM_OPT_FLAGS - remove existing /usr/include/X11 symlink in %%pre -* Wed Jul 26 2006 - sndirsch@suse.de +* Wed Jul 26 2006 sndirsch@suse.de - libXfont-pcfread.diff: * handle malformed pcf files (Bug #192095) -* Fri Jun 23 2006 - sndirsch@suse.de +* Fri Jun 23 2006 sndirsch@suse.de - created package