OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-libs?expand=0&rev=31

bug348296-pcf_font_parser-libXfont.diff

@@ -0,0 +1,25 @@
+--- src/bitmap/pcfread.c.orig   Tue Aug 29 19:15:50 2006
++++ src/bitmap/pcfread.c        Tue Dec 18 17:22:26 2007
+@@ -588,7 +588,10 @@
+     pFont->info.lastRow = pcfGetINT16(file, format);
+     pFont->info.defaultCh = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
+-
++    if (pFont->info.firstCol > pFont->info.lastCol ||
++       pFont->info.firstRow > pFont->info.lastRow ||
++       pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
++
+     nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
+        (pFont->info.lastRow - pFont->info.firstRow + 1);
+
+@@ -726,7 +729,10 @@
+     pFontInfo->lastRow = pcfGetINT16(file, format);
+     pFontInfo->defaultCh = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
+-
++    if (pFontInfo->firstCol > pFontInfo->lastCol ||
++       pFontInfo->firstRow > pFontInfo->lastRow ||
++       pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
++
+     nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
+        (pFontInfo->lastRow - pFontInfo->firstRow + 1);

xorg-x11-libs.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jan 18 01:37:25 CET 2008 - sndirsch@suse.de
+
+- bug348296-pcf_font_parser-libXfont.diff
+  * PCF font parser vulnerability (Bug #348296)
+
 -------------------------------------------------------------------
 Thu Nov 22 22:20:16 CET 2007 - sndirsch@suse.de
 

xorg-x11-libs.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package xorg-x11-libs (Version 7.3)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@@ -19,7 +19,7 @@ Provides:       libXaw.so.8 libXaw.so.7 libXaw.so.6
 %endif
 Url:            http://xorg.freedesktop.org/
 Version:        7.3
-Release:        15
+Release:        29
 License:        X11/MIT
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Group:          System/Libraries
@@ -64,6 +64,7 @@ Patch3:         p_xft_cjk.diff
 Patch4:         p_xft_register.diff
 Patch5:         libxkbui.diff
 Patch10:        libXxf86misc-xcb.diff
+Patch348296:    bug348296-pcf_font_parser-libXfont.diff
 
 %description
 This package contains the remaining X.Org libraries.
@@ -148,6 +149,7 @@ popd
 pushd libXxf86misc-*
 %patch10 -p0
 popd
+patch -d libXfont-* -p0 -s -i %PATCH348296
 
 %build
 for dir in libXft1-* xbitmaps-* $(ls | grep -v -e libXft1 -e xbitmaps); do
@@ -217,19 +219,22 @@ exit 0
 %{_mandir}/man3/*
 
 %changelog
-* Thu Nov 22 2007 - sndirsch@suse.de
+* Fri Jan 18 2008 sndirsch@suse.de
+- bug348296-pcf_font_parser-libXfont.diff
+  * PCF font parser vulnerability (Bug #348296)
+* Thu Nov 22 2007 sndirsch@suse.de
 - pixman --> pixman-1
 - obsoletes pixman.diff
-* Thu Nov 15 2007 - sndirsch@suse.de
+* Thu Nov 15 2007 sndirsch@suse.de
 - pixman 0.9.6
   * fixes X.Org Bug 12398
   * no longer run SSE instructions on non-SSE CPUs
-* Sat Sep 29 2007 - sndirsch@suse.de
+* Sat Sep 29 2007 sndirsch@suse.de
 - pixman.diff:
   * fixed pkgconfig file
-* Sat Sep 29 2007 - sndirsch@suse.de
+* Sat Sep 29 2007 sndirsch@suse.de
 - bumped version to 7.3
-* Thu Sep 06 2007 - sndirsch@suse.de
+* Thu Sep 06 2007 sndirsch@suse.de
 - pixman-0.9.5
   * Don't skip fbFetch/fbStore when PIXMAN_FB_ACCESSORS is enabled.
   * Remove redundant defines.
@@ -257,43 +262,43 @@ exit 0
 - libXxf86dga 1.0.2
   * This release fixes a sign-extension bug with nasty results on
   I32L64 platforms.
-* Tue Aug 28 2007 - sndirsch@suse.de
+* Tue Aug 28 2007 sndirsch@suse.de
 - added libpciaccess (release 0.9.1)
-* Mon Aug 27 2007 - sndirsch@suse.de
+* Mon Aug 27 2007 sndirsch@suse.de
 - libXcursor 1.1.9
   * Use cursorpath found by configure in man page
   * Add XCURSOR_PATH to man page
   * Make shadow man pages for each function
   * Store the cursor names in one large string.
-* Fri Aug 24 2007 - sndirsch@suse.de
+* Fri Aug 24 2007 sndirsch@suse.de
 - libXaw 1.0.4
   * Use iswalnum() if it's present as a function, not just if it's
   [#]defined
   * Bug #11091: libXaw COPYING file
   * Bug #9649: Bad markup on XAw.3x
   * obsoletes bug233919-libXaw.diff
-* Tue Aug 21 2007 - sndirsch@suse.de
+* Tue Aug 21 2007 sndirsch@suse.de
 - fixed build of libpixman
-* Sat Aug 18 2007 - sndirsch@suse.de
+* Sat Aug 18 2007 sndirsch@suse.de
 - libXtst man pages generation fails if srcdir != builddir
-* Wed Aug 08 2007 - sndirsch@suse.de
+* Wed Aug 08 2007 sndirsch@suse.de
 - pixman 0.9.4
   * This is the initial release of the pixman library. Pixman
   contains lowlevel pixel manipulation routines and is used by
   both xorg and cairo.
-* Thu Aug 02 2007 - sndirsch@suse.de
+* Thu Aug 02 2007 sndirsch@suse.de
 - libXi 1.1.2
   * "Brown paper bag release, that actually lets
   DevicePresenceNotify work: cf.
   http://people.freedesktop.org/~daniels/devicemon.c."
-* Thu Jul 05 2007 - sndirsch@suse.de
+* Thu Jul 05 2007 sndirsch@suse.de
 - libXi 1.1.1
   * DevicePresenceNotify: remove verbosity, fill out all fields
   * Makefile.am: make ChangeLog hook safer
   * Bug #8663: _XiCheckExtInit must drop the Display lock in all
   error cases.
   * Bug 9657: Bad markup on XGrabDeviceKey.3x
-* Wed Jul 04 2007 - sndirsch@suse.de
+* Wed Jul 04 2007 sndirsch@suse.de
 - libXfont 1.3.0
   * Ok, here's another libXfont release.  There was a crasher where
   strstr would chase a NULL pointer if a symlink didn't have any
@@ -304,54 +309,54 @@ exit 0
 - libXcomposite 0.4.0
   * Follow composite protocol version to 0.4, although there is no
   ABI change.
-* Thu Jun 07 2007 - sndirsch@suse.de
+* Thu Jun 07 2007 sndirsch@suse.de
 - updated libXtst to release 1.0.2
   * ANSIfy static function declarations (clears some lint warnings)
   * Coverity #578/579: Don't leak memory if one malloc fails but
   other succeeds
   * Add man pages for XTest*() functions
-* Thu May 03 2007 - sndirsch@suse.de
+* Thu May 03 2007 sndirsch@suse.de
 - updated libXcomposite to release 0.3.2
   * No code changes since 0.3.1 - just adding a man page for the
   API.
-* Tue May 01 2007 - sndirsch@suse.de
+* Tue May 01 2007 sndirsch@suse.de
 - updated libvnc/libXcliplist to current CVS (2007-05-01)
-* Wed Apr 11 2007 - sndirsch@suse.de
+* Wed Apr 11 2007 sndirsch@suse.de
 - updated libXi to release 1.0.4
   * Don't call XInput_find_display in _XiGetExtensionVersion, while
   the Display lock is held.
 - obsoletes libXi-20061015090357.diff
-* Wed Apr 11 2007 - sndirsch@suse.de
+* Wed Apr 11 2007 sndirsch@suse.de
 - updated libXi to release 1.0.3
   * X.Org Bug #8663: _XiCheckExtInit must drop the Display lock in
   all error cases
 - obsoletes libXi-20061119100426.diff
-* Fri Apr 06 2007 - sndirsch@suse.de
+* Fri Apr 06 2007 sndirsch@suse.de
 - updated libXfont to release 1.2.8:
   * Actually use loadable font modules
   * Add #pragma weak for Sun cc where needed
   * added -flat_namespace to CFLAGS for Darwin
   * Integer overflow vulnerabilities
 - obsoletes bug-247730-247732_libXfont.diff
-* Mon Mar 26 2007 - sndirsch@suse.de
+* Mon Mar 26 2007 sndirsch@suse.de
 - bug-247730-247732_libXfont.diff:
   * X Window System Server fonts.dir File Parsing Integer Overflow
   Vulnerability / X Window System Server BDF Font Parsing Integer
   Overflow Vulnerability (Bugs #247730, #247732)
-* Sat Mar 17 2007 - sndirsch@suse.de
+* Sat Mar 17 2007 sndirsch@suse.de
 - updated libXinerama to release 1.0.2
   * Add support for source code checkers such as sparse & lint
   * Clear sparse warnings & error
   * Remove unneeded #include of <stdio.h>
   * Add man page for Xinerama API functions
-* Wed Mar 14 2007 - sndirsch@suse.de
+* Wed Mar 14 2007 sndirsch@suse.de
 - updated libXdamage to release 1.1.1
   * This release fixes the DSO versioning for the added ABI.
-* Mon Mar 05 2007 - sndirsch@suse.de
+* Mon Mar 05 2007 sndirsch@suse.de
 - updated libXrandr to release 1.2.1
   * Fix the use of a C++ keyword as a parameter name in Xrandr.h
 - obsoletes p_xrandr-headers.diff
-* Sat Mar 03 2007 - sndirsch@suse.de
+* Sat Mar 03 2007 sndirsch@suse.de
 - added xcb-util 0.2:
   The xcb-util module provides a number of libraries which sit on
   top of libxcb, the core X protocol library, and some of the
@@ -372,16 +377,16 @@ exit 0
   * event: Callback X event handling.
   * image: Port of Xlib's XImage and XShmImage functions.
   * wm: Framework for window manager implementation.
-* Thu Mar 01 2007 - sndirsch@suse.de
+* Thu Mar 01 2007 sndirsch@suse.de
 - libXxf86misc-xcb.diff:
   * added missing UnlockDisplay() calls
-* Fri Feb 23 2007 - dmueller@suse.de
+* Fri Feb 23 2007 dmueller@suse.de
 - p_xrandr-headers.diff:
   * delete is a keyword in non-C languages
-* Fri Feb 23 2007 - sndirsch@suse.de
+* Fri Feb 23 2007 sndirsch@suse.de
 - libXrandr.diff:
   * fixes fatal warning
-* Wed Feb 21 2007 - sndirsch@suse.de
+* Wed Feb 21 2007 sndirsch@suse.de
 - updated libXrandr to release 1.2.0
   * Merge branch 'randr-1.2'
   * Add support for various output property requests.
@@ -401,32 +406,32 @@ exit 0
   * Merge 64-bit fixes in
   * Must pass size information in SetCrtcGamma request.
   * Reset version from 1.2.0.0 to 1.2.0
-* Tue Jan 23 2007 - sndirsch@suse.de
+* Tue Jan 23 2007 sndirsch@suse.de
 - bug233919-libXaw.diff:
   * fixes buffer overflow in xedit (Bug #233919)
-* Tue Jan 23 2007 - sndirsch@suse.de
+* Tue Jan 23 2007 sndirsch@suse.de
 - updated libXfont to release 1.2.7
   * fontfile: accept empty (but valid) font paths (bug #3091)
   * Add stubs for the scalable renderer callbacks.
-* Fri Jan 12 2007 - sndirsch@suse.de
+* Fri Jan 12 2007 sndirsch@suse.de
 - added libvnc/libXcliplist from xf4vnc project
-* Thu Jan 11 2007 - sndirsch@suse.de
+* Thu Jan 11 2007 sndirsch@suse.de
 - updated libXdamage to release 1.1
   * adds the interface to the new DamageAdd request
-* Thu Jan 04 2007 - sndirsch@suse.de
+* Thu Jan 04 2007 sndirsch@suse.de
 - updated libXaw to release 1.0.3
   * Fix configure option --disable-xaw6 to not break builds of xaw7
   or xaw8 & rebuild with latest autoconf/automake/xorg-macros.
-* Wed Dec 27 2006 - sndirsch@suse.de
+* Wed Dec 27 2006 sndirsch@suse.de
 - set sysconfdir appropriate (Bug #230714)
-* Wed Dec 20 2006 - sndirsch@suse.de
+* Wed Dec 20 2006 sndirsch@suse.de
 - libXi-20061015090357.diff:
   * Don't call XInput_find_display in _XiGetExtensionVersion,
   while the Display lock is held (X.Org Bug #8581/9392)
 - libXi-20061119100426.diff:
   * _XiCheckExtInit must drop the Display lock in all
   error cases (X.Org Bug #8663)
-* Sun Dec 17 2006 - sndirsch@suse.de
+* Sun Dec 17 2006 sndirsch@suse.de
 - updated libXScrnSaver to release 1.1.2
   * Makefile.am: make ChangeLog hook safer
 - updated libXfont to release 1.2.6
@@ -439,19 +444,19 @@ exit 0
   * Makefile.am: make ChangeLog hook as safe as possible
 - updated libXvMC to release 1.0.4
   * Makefile.am: make ChangeLog hook safer
-* Sat Dec 09 2006 - sndirsch@suse.de
+* Sat Dec 09 2006 sndirsch@suse.de
 - updated libXft to release 2.1.12
   * XftNameUnparse: re-export to public API (bug #8900)
-* Sun Dec 03 2006 - sndirsch@suse.de
+* Sun Dec 03 2006 sndirsch@suse.de
 - moved libxcb to seperate package (xorg-x11-libxcb)
 - updated libXfont to release 1.2.5
   * remove CID font support (bug #5553)
-* Mon Nov 27 2006 - dmueller@suse.de
+* Mon Nov 27 2006 dmueller@suse.de
 - reduce p_xft_cjk.diff to only disable antialiasing on
   fonts with embedded bitmaps (Bug #223682)
-* Fri Nov 10 2006 - sndirsch@suse.de
+* Fri Nov 10 2006 sndirsch@suse.de
 - fixed typo in libxkbui (Bug #219732)
-* Wed Nov 08 2006 - sndirsch@suse.de
+* Wed Nov 08 2006 sndirsch@suse.de
 - updated libXdamage to release 1.0.4 (X.Org 7.2 RC2)
   * Remove incorrect UnlockDisplay and SyncHandle from
   XDamageQueryVersion
@@ -459,16 +464,16 @@ exit 0
   * fix indentation on function declarations
   * Don't call XInput_find_display in _XiCheckExtInit, while the
   Display lock is held.
-* Fri Nov 03 2006 - sndirsch@suse.de
+* Fri Nov 03 2006 sndirsch@suse.de
 - updated optional libxcb to release 1.0 RC3 (0.9.93)
-* Fri Oct 20 2006 - mfabian@suse.de
+* Fri Oct 20 2006 mfabian@suse.de
 - Bugzilla 213320: add lcd-filter-2 patch from David Turner, see
   http://lists.gnu.org/archive/html/freetype/2006-09/msg00083.html
   http://david.freetype.org/lcd/libXft-2.1.7-lcd-filter-2.patch
   (This patch is needed for freetype >= 2.2.2).
-* Mon Oct 16 2006 - sndirsch@suse.de
+* Mon Oct 16 2006 sndirsch@suse.de
 - added optional libxcb
-* Sat Oct 14 2006 - sndirsch@suse.de
+* Sat Oct 14 2006 sndirsch@suse.de
 - package update to X.Org 7.2RC1
   * libXevie-1.0.2
   * libXfontcache-1.0.3
@@ -479,12 +484,12 @@ exit 0
   * libXrandr-1.1.2
   * libXScrnSaver-1.1.1
   * libXft-2.1.11
-* Mon Oct 09 2006 - sndirsch@suse.de
+* Mon Oct 09 2006 sndirsch@suse.de
 - updated to libXvMC 1.0.3:
   * Minor cleanup release - just some sparse warning cleanups, and
   adding autoconf check to enable shmat() code (missed in
   original conversion from Imake).
-* Tue Sep 12 2006 - sndirsch@suse.de
+* Tue Sep 12 2006 sndirsch@suse.de
 - updated libXfont to release 1.2.2
   * Fixes for integer overflows in CID encoded fonts parsing
   reported by iDefense
@@ -493,26 +498,26 @@ exit 0
   * move builtin fonts to gzip
   * Bug #7397: Fix a buffer overflow in Freetype font support.
   * obsoletes libXfont-pcfread.diff
-* Thu Aug 31 2006 - sndirsch@suse.de
+* Thu Aug 31 2006 sndirsch@suse.de
 - fixed libXaw Provides for 64bit (Bug #198461)
-* Sat Aug 12 2006 - sndirsch@suse.de
+* Sat Aug 12 2006 sndirsch@suse.de
 - added libXft1 (Bug #198432)
-* Sat Aug 05 2006 - sndirsch@suse.de
+* Sat Aug 05 2006 sndirsch@suse.de
 - p_xft_cjk.diff:
   * adds fake bold support to Xft library (Bug #38202)
 - p_xft_register.diff:
   * new fontconfig objects needs to be registered first (Bug #141216)
-* Wed Aug 02 2006 - sndirsch@suse.de
+* Wed Aug 02 2006 sndirsch@suse.de
 - added /usr/include/X11/pixmaps/ to filelist
-* Mon Jul 31 2006 - sndirsch@suse.de
+* Mon Jul 31 2006 sndirsch@suse.de
 - moved bitmap directory from -devel to main package
-* Fri Jul 28 2006 - sndirsch@suse.de
+* Fri Jul 28 2006 sndirsch@suse.de
 - use "-fno-strict-aliasing"
-* Thu Jul 27 2006 - sndirsch@suse.de
+* Thu Jul 27 2006 sndirsch@suse.de
 - use $RPM_OPT_FLAGS
 - remove existing /usr/include/X11 symlink in %%pre
-* Wed Jul 26 2006 - sndirsch@suse.de
+* Wed Jul 26 2006 sndirsch@suse.de
 - libXfont-pcfread.diff:
   * handle malformed pcf files (Bug #192095)
-* Fri Jun 23 2006 - sndirsch@suse.de
+* Fri Jun 23 2006 sndirsch@suse.de
 - created package