Hello community,
here is the log from the commit of package xorg-x11-libs
checked in at Sat Jan 26 18:05:30 CET 2008.
--------
--- xorg-x11-libs/xorg-x11-libs.changes 2007-11-22 22:19:08.000000000 +0100
+++ /mounts/work_src_done/STABLE/xorg-x11-libs/xorg-x11-libs.changes 2008-01-18 01:26:40.164535000 +0100
@@ -1,0 +2,6 @@
+Fri Jan 18 01:37:25 CET 2008 - sndirsch@suse.de
+
+- bug348296-pcf_font_parser-libXfont.diff
+ * PCF font parser vulnerability (Bug #348296)
+
+-------------------------------------------------------------------
New:
----
bug348296-pcf_font_parser-libXfont.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xorg-x11-libs.spec ++++++
--- /var/tmp/diff_new_pack.i11911/_old 2008-01-26 18:02:29.000000000 +0100
+++ /var/tmp/diff_new_pack.i11911/_new 2008-01-26 18:02:29.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package xorg-x11-libs (Version 7.3)
#
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -19,7 +19,7 @@
%endif
Url: http://xorg.freedesktop.org/
Version: 7.3
-Release: 15
+Release: 29
License: X11/MIT
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Group: System/Libraries
@@ -64,6 +64,7 @@
Patch4: p_xft_register.diff
Patch5: libxkbui.diff
Patch10: libXxf86misc-xcb.diff
+Patch348296: bug348296-pcf_font_parser-libXfont.diff
%description
This package contains the remaining X.Org libraries.
@@ -148,6 +149,7 @@
pushd libXxf86misc-*
%patch10 -p0
popd
+patch -d libXfont-* -p0 -s -i %PATCH348296
%build
for dir in libXft1-* xbitmaps-* $(ls | grep -v -e libXft1 -e xbitmaps); do
@@ -217,19 +219,22 @@
%{_mandir}/man3/*
%changelog
-* Thu Nov 22 2007 - sndirsch@suse.de
+* Fri Jan 18 2008 sndirsch@suse.de
+- bug348296-pcf_font_parser-libXfont.diff
+ * PCF font parser vulnerability (Bug #348296)
+* Thu Nov 22 2007 sndirsch@suse.de
- pixman --> pixman-1
- obsoletes pixman.diff
-* Thu Nov 15 2007 - sndirsch@suse.de
+* Thu Nov 15 2007 sndirsch@suse.de
- pixman 0.9.6
* fixes X.Org Bug 12398
* no longer run SSE instructions on non-SSE CPUs
-* Sat Sep 29 2007 - sndirsch@suse.de
+* Sat Sep 29 2007 sndirsch@suse.de
- pixman.diff:
* fixed pkgconfig file
-* Sat Sep 29 2007 - sndirsch@suse.de
+* Sat Sep 29 2007 sndirsch@suse.de
- bumped version to 7.3
-* Thu Sep 06 2007 - sndirsch@suse.de
+* Thu Sep 06 2007 sndirsch@suse.de
- pixman-0.9.5
* Don't skip fbFetch/fbStore when PIXMAN_FB_ACCESSORS is enabled.
* Remove redundant defines.
@@ -257,43 +262,43 @@
- libXxf86dga 1.0.2
* This release fixes a sign-extension bug with nasty results on
I32L64 platforms.
-* Tue Aug 28 2007 - sndirsch@suse.de
+* Tue Aug 28 2007 sndirsch@suse.de
- added libpciaccess (release 0.9.1)
-* Mon Aug 27 2007 - sndirsch@suse.de
+* Mon Aug 27 2007 sndirsch@suse.de
- libXcursor 1.1.9
* Use cursorpath found by configure in man page
* Add XCURSOR_PATH to man page
* Make shadow man pages for each function
* Store the cursor names in one large string.
-* Fri Aug 24 2007 - sndirsch@suse.de
+* Fri Aug 24 2007 sndirsch@suse.de
- libXaw 1.0.4
* Use iswalnum() if it's present as a function, not just if it's
[#]defined
* Bug #11091: libXaw COPYING file
* Bug #9649: Bad markup on XAw.3x
* obsoletes bug233919-libXaw.diff
-* Tue Aug 21 2007 - sndirsch@suse.de
+* Tue Aug 21 2007 sndirsch@suse.de
- fixed build of libpixman
-* Sat Aug 18 2007 - sndirsch@suse.de
+* Sat Aug 18 2007 sndirsch@suse.de
- libXtst man pages generation fails if srcdir != builddir
-* Wed Aug 08 2007 - sndirsch@suse.de
+* Wed Aug 08 2007 sndirsch@suse.de
- pixman 0.9.4
* This is the initial release of the pixman library. Pixman
contains lowlevel pixel manipulation routines and is used by
both xorg and cairo.
-* Thu Aug 02 2007 - sndirsch@suse.de
+* Thu Aug 02 2007 sndirsch@suse.de
- libXi 1.1.2
* "Brown paper bag release, that actually lets
DevicePresenceNotify work: cf.
http://people.freedesktop.org/~daniels/devicemon.c."
-* Thu Jul 05 2007 - sndirsch@suse.de
+* Thu Jul 05 2007 sndirsch@suse.de
- libXi 1.1.1
* DevicePresenceNotify: remove verbosity, fill out all fields
* Makefile.am: make ChangeLog hook safer
* Bug #8663: _XiCheckExtInit must drop the Display lock in all
error cases.
* Bug 9657: Bad markup on XGrabDeviceKey.3x
-* Wed Jul 04 2007 - sndirsch@suse.de
+* Wed Jul 04 2007 sndirsch@suse.de
- libXfont 1.3.0
* Ok, here's another libXfont release. There was a crasher where
strstr would chase a NULL pointer if a symlink didn't have any
@@ -304,54 +309,54 @@
- libXcomposite 0.4.0
* Follow composite protocol version to 0.4, although there is no
ABI change.
-* Thu Jun 07 2007 - sndirsch@suse.de
+* Thu Jun 07 2007 sndirsch@suse.de
- updated libXtst to release 1.0.2
* ANSIfy static function declarations (clears some lint warnings)
* Coverity #578/579: Don't leak memory if one malloc fails but
other succeeds
* Add man pages for XTest*() functions
-* Thu May 03 2007 - sndirsch@suse.de
+* Thu May 03 2007 sndirsch@suse.de
- updated libXcomposite to release 0.3.2
* No code changes since 0.3.1 - just adding a man page for the
API.
-* Tue May 01 2007 - sndirsch@suse.de
+* Tue May 01 2007 sndirsch@suse.de
- updated libvnc/libXcliplist to current CVS (2007-05-01)
-* Wed Apr 11 2007 - sndirsch@suse.de
+* Wed Apr 11 2007 sndirsch@suse.de
- updated libXi to release 1.0.4
* Don't call XInput_find_display in _XiGetExtensionVersion, while
the Display lock is held.
- obsoletes libXi-20061015090357.diff
-* Wed Apr 11 2007 - sndirsch@suse.de
+* Wed Apr 11 2007 sndirsch@suse.de
- updated libXi to release 1.0.3
* X.Org Bug #8663: _XiCheckExtInit must drop the Display lock in
all error cases
- obsoletes libXi-20061119100426.diff
-* Fri Apr 06 2007 - sndirsch@suse.de
+* Fri Apr 06 2007 sndirsch@suse.de
- updated libXfont to release 1.2.8:
* Actually use loadable font modules
* Add #pragma weak for Sun cc where needed
* added -flat_namespace to CFLAGS for Darwin
* Integer overflow vulnerabilities
- obsoletes bug-247730-247732_libXfont.diff
-* Mon Mar 26 2007 - sndirsch@suse.de
+* Mon Mar 26 2007 sndirsch@suse.de
- bug-247730-247732_libXfont.diff:
* X Window System Server fonts.dir File Parsing Integer Overflow
Vulnerability / X Window System Server BDF Font Parsing Integer
Overflow Vulnerability (Bugs #247730, #247732)
-* Sat Mar 17 2007 - sndirsch@suse.de
+* Sat Mar 17 2007 sndirsch@suse.de
- updated libXinerama to release 1.0.2
* Add support for source code checkers such as sparse & lint
* Clear sparse warnings & error
* Remove unneeded #include of
* Add man page for Xinerama API functions
-* Wed Mar 14 2007 - sndirsch@suse.de
+* Wed Mar 14 2007 sndirsch@suse.de
- updated libXdamage to release 1.1.1
* This release fixes the DSO versioning for the added ABI.
-* Mon Mar 05 2007 - sndirsch@suse.de
+* Mon Mar 05 2007 sndirsch@suse.de
- updated libXrandr to release 1.2.1
* Fix the use of a C++ keyword as a parameter name in Xrandr.h
- obsoletes p_xrandr-headers.diff
-* Sat Mar 03 2007 - sndirsch@suse.de
+* Sat Mar 03 2007 sndirsch@suse.de
- added xcb-util 0.2:
The xcb-util module provides a number of libraries which sit on
top of libxcb, the core X protocol library, and some of the
@@ -372,16 +377,16 @@
* event: Callback X event handling.
* image: Port of Xlib's XImage and XShmImage functions.
* wm: Framework for window manager implementation.
-* Thu Mar 01 2007 - sndirsch@suse.de
+* Thu Mar 01 2007 sndirsch@suse.de
- libXxf86misc-xcb.diff:
* added missing UnlockDisplay() calls
-* Fri Feb 23 2007 - dmueller@suse.de
+* Fri Feb 23 2007 dmueller@suse.de
- p_xrandr-headers.diff:
* delete is a keyword in non-C languages
-* Fri Feb 23 2007 - sndirsch@suse.de
+* Fri Feb 23 2007 sndirsch@suse.de
- libXrandr.diff:
* fixes fatal warning
-* Wed Feb 21 2007 - sndirsch@suse.de
+* Wed Feb 21 2007 sndirsch@suse.de
- updated libXrandr to release 1.2.0
* Merge branch 'randr-1.2'
* Add support for various output property requests.
@@ -401,32 +406,32 @@
* Merge 64-bit fixes in
* Must pass size information in SetCrtcGamma request.
* Reset version from 1.2.0.0 to 1.2.0
-* Tue Jan 23 2007 - sndirsch@suse.de
+* Tue Jan 23 2007 sndirsch@suse.de
- bug233919-libXaw.diff:
* fixes buffer overflow in xedit (Bug #233919)
-* Tue Jan 23 2007 - sndirsch@suse.de
+* Tue Jan 23 2007 sndirsch@suse.de
- updated libXfont to release 1.2.7
* fontfile: accept empty (but valid) font paths (bug #3091)
* Add stubs for the scalable renderer callbacks.
-* Fri Jan 12 2007 - sndirsch@suse.de
+* Fri Jan 12 2007 sndirsch@suse.de
- added libvnc/libXcliplist from xf4vnc project
-* Thu Jan 11 2007 - sndirsch@suse.de
+* Thu Jan 11 2007 sndirsch@suse.de
- updated libXdamage to release 1.1
* adds the interface to the new DamageAdd request
-* Thu Jan 04 2007 - sndirsch@suse.de
+* Thu Jan 04 2007 sndirsch@suse.de
- updated libXaw to release 1.0.3
* Fix configure option --disable-xaw6 to not break builds of xaw7
or xaw8 & rebuild with latest autoconf/automake/xorg-macros.
-* Wed Dec 27 2006 - sndirsch@suse.de
+* Wed Dec 27 2006 sndirsch@suse.de
- set sysconfdir appropriate (Bug #230714)
-* Wed Dec 20 2006 - sndirsch@suse.de
+* Wed Dec 20 2006 sndirsch@suse.de
- libXi-20061015090357.diff:
* Don't call XInput_find_display in _XiGetExtensionVersion,
while the Display lock is held (X.Org Bug #8581/9392)
- libXi-20061119100426.diff:
* _XiCheckExtInit must drop the Display lock in all
error cases (X.Org Bug #8663)
-* Sun Dec 17 2006 - sndirsch@suse.de
+* Sun Dec 17 2006 sndirsch@suse.de
- updated libXScrnSaver to release 1.1.2
* Makefile.am: make ChangeLog hook safer
- updated libXfont to release 1.2.6
@@ -439,19 +444,19 @@
* Makefile.am: make ChangeLog hook as safe as possible
- updated libXvMC to release 1.0.4
* Makefile.am: make ChangeLog hook safer
-* Sat Dec 09 2006 - sndirsch@suse.de
+* Sat Dec 09 2006 sndirsch@suse.de
- updated libXft to release 2.1.12
* XftNameUnparse: re-export to public API (bug #8900)
-* Sun Dec 03 2006 - sndirsch@suse.de
+* Sun Dec 03 2006 sndirsch@suse.de
- moved libxcb to seperate package (xorg-x11-libxcb)
- updated libXfont to release 1.2.5
* remove CID font support (bug #5553)
-* Mon Nov 27 2006 - dmueller@suse.de
+* Mon Nov 27 2006 dmueller@suse.de
- reduce p_xft_cjk.diff to only disable antialiasing on
fonts with embedded bitmaps (Bug #223682)
-* Fri Nov 10 2006 - sndirsch@suse.de
+* Fri Nov 10 2006 sndirsch@suse.de
- fixed typo in libxkbui (Bug #219732)
-* Wed Nov 08 2006 - sndirsch@suse.de
+* Wed Nov 08 2006 sndirsch@suse.de
- updated libXdamage to release 1.0.4 (X.Org 7.2 RC2)
* Remove incorrect UnlockDisplay and SyncHandle from
XDamageQueryVersion
@@ -459,16 +464,16 @@
* fix indentation on function declarations
* Don't call XInput_find_display in _XiCheckExtInit, while the
Display lock is held.
-* Fri Nov 03 2006 - sndirsch@suse.de
+* Fri Nov 03 2006 sndirsch@suse.de
- updated optional libxcb to release 1.0 RC3 (0.9.93)
-* Fri Oct 20 2006 - mfabian@suse.de
+* Fri Oct 20 2006 mfabian@suse.de
- Bugzilla 213320: add lcd-filter-2 patch from David Turner, see
http://lists.gnu.org/archive/html/freetype/2006-09/msg00083.html
http://david.freetype.org/lcd/libXft-2.1.7-lcd-filter-2.patch
(This patch is needed for freetype >= 2.2.2).
-* Mon Oct 16 2006 - sndirsch@suse.de
+* Mon Oct 16 2006 sndirsch@suse.de
- added optional libxcb
-* Sat Oct 14 2006 - sndirsch@suse.de
+* Sat Oct 14 2006 sndirsch@suse.de
- package update to X.Org 7.2RC1
* libXevie-1.0.2
* libXfontcache-1.0.3
@@ -479,12 +484,12 @@
* libXrandr-1.1.2
* libXScrnSaver-1.1.1
* libXft-2.1.11
-* Mon Oct 09 2006 - sndirsch@suse.de
+* Mon Oct 09 2006 sndirsch@suse.de
- updated to libXvMC 1.0.3:
* Minor cleanup release - just some sparse warning cleanups, and
adding autoconf check to enable shmat() code (missed in
original conversion from Imake).
-* Tue Sep 12 2006 - sndirsch@suse.de
+* Tue Sep 12 2006 sndirsch@suse.de
- updated libXfont to release 1.2.2
* Fixes for integer overflows in CID encoded fonts parsing
reported by iDefense
@@ -493,26 +498,26 @@
* move builtin fonts to gzip
* Bug #7397: Fix a buffer overflow in Freetype font support.
* obsoletes libXfont-pcfread.diff
-* Thu Aug 31 2006 - sndirsch@suse.de
+* Thu Aug 31 2006 sndirsch@suse.de
- fixed libXaw Provides for 64bit (Bug #198461)
-* Sat Aug 12 2006 - sndirsch@suse.de
+* Sat Aug 12 2006 sndirsch@suse.de
- added libXft1 (Bug #198432)
-* Sat Aug 05 2006 - sndirsch@suse.de
+* Sat Aug 05 2006 sndirsch@suse.de
- p_xft_cjk.diff:
* adds fake bold support to Xft library (Bug #38202)
- p_xft_register.diff:
* new fontconfig objects needs to be registered first (Bug #141216)
-* Wed Aug 02 2006 - sndirsch@suse.de
+* Wed Aug 02 2006 sndirsch@suse.de
- added /usr/include/X11/pixmaps/ to filelist
-* Mon Jul 31 2006 - sndirsch@suse.de
+* Mon Jul 31 2006 sndirsch@suse.de
- moved bitmap directory from -devel to main package
-* Fri Jul 28 2006 - sndirsch@suse.de
+* Fri Jul 28 2006 sndirsch@suse.de
- use "-fno-strict-aliasing"
-* Thu Jul 27 2006 - sndirsch@suse.de
+* Thu Jul 27 2006 sndirsch@suse.de
- use $RPM_OPT_FLAGS
- remove existing /usr/include/X11 symlink in %%pre
-* Wed Jul 26 2006 - sndirsch@suse.de
+* Wed Jul 26 2006 sndirsch@suse.de
- libXfont-pcfread.diff:
* handle malformed pcf files (Bug #192095)
-* Fri Jun 23 2006 - sndirsch@suse.de
+* Fri Jun 23 2006 sndirsch@suse.de
- created package
++++++ bug348296-pcf_font_parser-libXfont.diff ++++++
--- src/bitmap/pcfread.c.orig Tue Aug 29 19:15:50 2006
+++ src/bitmap/pcfread.c Tue Dec 18 17:22:26 2007
@@ -588,7 +588,10 @@
pFont->info.lastRow = pcfGetINT16(file, format);
pFont->info.defaultCh = pcfGetINT16(file, format);
if (IS_EOF(file)) goto Bail;
-
+ if (pFont->info.firstCol > pFont->info.lastCol ||
+ pFont->info.firstRow > pFont->info.lastRow ||
+ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
+
nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
(pFont->info.lastRow - pFont->info.firstRow + 1);
@@ -726,7 +729,10 @@
pFontInfo->lastRow = pcfGetINT16(file, format);
pFontInfo->defaultCh = pcfGetINT16(file, format);
if (IS_EOF(file)) goto Bail;
-
+ if (pFontInfo->firstCol > pFontInfo->lastCol ||
+ pFontInfo->firstRow > pFontInfo->lastRow ||
+ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
+
nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
(pFontInfo->lastRow - pFontInfo->firstRow + 1);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org