Hello community, here is the log from the commit of package t1lib checked in at Fri Sep 21 15:53:56 CEST 2007. -------- --- t1lib/t1lib.changes 2007-08-08 18:36:33.000000000 +0200 +++ /mounts/work_src_done/STABLE/t1lib/t1lib.changes 2007-09-20 19:15:22.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Sep 20 19:14:37 CEST 2007 - crrodriguez@suse.de + +- fix Bug 326687 - VUL-0: t1lib buffer overflow triggerable from PHP scripts. + +------------------------------------------------------------------- New: ---- t1lib-5.1.1-bof.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ t1lib.spec ++++++ --- /var/tmp/diff_new_pack.r17521/_old 2007-09-21 15:53:38.000000000 +0200 +++ /var/tmp/diff_new_pack.r17521/_new 2007-09-21 15:53:38.000000000 +0200 @@ -14,13 +14,14 @@ BuildRequires: xorg-x11-devel License: LGPL v2 or later Group: System/Libraries -Autoreqprov: on +AutoReqProv: on Version: 5.1.1 -Release: 1 -URL: ftp://sunsite.unc.edu/pub/Linux/libs/graphics/ +Release: 13 +Url: ftp://sunsite.unc.edu/pub/Linux/libs/graphics/ Source: ftp://sunsite.unc.edu/pub/Linux/libs/graphics/%{name}-%{version}.tar.bz2 Patch0: t1lib-auto.patch Patch2: bugzilla-240159-array-subscript-out-of-bounds.patch +Patch3: t1lib-5.1.1-bof.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Adobe Type 1 Font Rasterizing Library @@ -56,6 +57,7 @@ %setup -q -n t1lib-%{version} %patch0 -p1 -b .auto %patch2 -p1 +%patch3 %build autoreconf -fi @@ -92,8 +94,9 @@ %{_libdir}/libt1*.so %{_includedir}/t1lib*.h %exclude %{_libdir}/*.la - %changelog +* Thu Sep 20 2007 - crrodriguez@suse.de +- fix Bug 326687 - VUL-0: t1lib buffer overflow triggerable from PHP scripts. * Wed Aug 08 2007 - crrodriguez@suse.de - update to version 5.1.1 (latest released on 2006) - in general this fixes Bugzilla [#298301]. ++++++ t1lib-5.1.1-bof.patch ++++++ Index: lib/t1lib/t1env.c =================================================================== --- lib/t1lib/t1env.c.orig 2005-05-18 05:08:27.000000000 +0200 +++ lib/t1lib/t1env.c 2007-09-20 19:04:50.000000000 +0200 @@ -611,6 +611,12 @@ char *intT1_Env_GetCompletePath( char *F #endif strcat( pathbuf, DIRECTORY_SEP); /* And finally the filename: */ + /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf let's try next pathbuf */ + if(strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) { + i++; + continue; + } + strcat( pathbuf, StrippedName); /* Check for existence of the path: */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org