diff options
4 files changed, 86 insertions, 2 deletions
diff --git a/x11-libs/libXfont/ChangeLog b/x11-libs/libXfont/ChangeLog index 3ebd3b442f3b..2175330c54e2 100644 --- a/x11-libs/libXfont/ChangeLog +++ b/x11-libs/libXfont/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for x11-libs/libXfont -# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.83 2007/12/19 23:34:15 cla Exp $ +# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.84 2008/01/17 18:55:38 dberkholz Exp $ + +*libXfont-1.3.1-r1 (17 Jan 2008) + + 17 Jan 2008; Donnie Berkholz <dberkholz@gentoo.org>; + +files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch, + +libXfont-1.3.1-r1.ebuild: + (#204362) Security bump. 19 Dec 2007; Dawid Węgliński <cla@gentoo.org> libXfont-1.3.1.ebuild: Stable on x86 (bug #202087) diff --git a/x11-libs/libXfont/files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch b/x11-libs/libXfont/files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch new file mode 100644 index 000000000000..ff7c48e54a26 --- /dev/null +++ b/x11-libs/libXfont/files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch @@ -0,0 +1,36 @@ +From b76df66d2c507898472bba0f9986ef5700029a36 Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@bluenote.herrb.com> +Date: Thu, 17 Jan 2008 15:30:37 +0100 +Subject: [PATCH] Fix for CVE-2008-0006 - PCF Font parser buffer overflow. + +--- + src/bitmap/pcfread.c | 6 ++++++ + 1 files changed, 6 insertions(+), 0 deletions(-) + +diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c +index fd41849..c5db255 100644 +--- a/src/bitmap/pcfread.c ++++ b/src/bitmap/pcfread.c +@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr file, + pFont->info.lastRow = pcfGetINT16(file, format); + pFont->info.defaultCh = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; ++ if (pFont->info.firstCol > pFont->info.lastCol || ++ pFont->info.firstRow > pFont->info.lastRow || ++ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail; + + nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) * + (pFont->info.lastRow - pFont->info.firstRow + 1); +@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, FontFilePtr file) + pFontInfo->lastRow = pcfGetINT16(file, format); + pFontInfo->defaultCh = pcfGetINT16(file, format); + if (IS_EOF(file)) goto Bail; ++ if (pFontInfo->firstCol > pFontInfo->lastCol || ++ pFontInfo->firstRow > pFontInfo->lastRow || ++ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail; + + nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) * + (pFontInfo->lastRow - pFontInfo->firstRow + 1); +-- +1.5.3.5 + diff --git a/x11-libs/libXfont/files/digest-libXfont-1.3.1-r1 b/x11-libs/libXfont/files/digest-libXfont-1.3.1-r1 new file mode 100644 index 000000000000..44b03f1a9900 --- /dev/null +++ b/x11-libs/libXfont/files/digest-libXfont-1.3.1-r1 @@ -0,0 +1,3 @@ +MD5 b2f396b62633819bbdd9748383876e21 libXfont-1.3.1.tar.bz2 564235 +RMD160 13c8ed7b33ec0c4f08c032d74958e49d3c177464 libXfont-1.3.1.tar.bz2 564235 +SHA256 dcfb7dc980a16ad98ac984b98321148864ea8b4637d3dd3773e483a14158a9b1 libXfont-1.3.1.tar.bz2 564235 diff --git a/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild b/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild new file mode 100644 index 000000000000..7462d50eaaac --- /dev/null +++ b/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild,v 1.1 2008/01/17 18:55:38 dberkholz Exp $ + +# Must be before x-modular eclass is inherited +# SNAPSHOT="yes" + +inherit x-modular flag-o-matic + +DESCRIPTION="X.Org Xfont library" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="ipv6" + +RDEPEND="x11-libs/xtrans + x11-libs/libfontenc + x11-proto/xproto + x11-proto/fontsproto + >=media-libs/freetype-2" +DEPEND="${RDEPEND} + x11-proto/fontcacheproto" + +CONFIGURE_OPTIONS="$(use_enable ipv6) + --with-encodingsdir=/usr/share/fonts/encodings" + +PATCHES=" + ${FILESDIR}/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch + " + +pkg_setup() { + # No such function yet + # x-modular_pkg_setup + + # (#125465) Broken with Bdirect support + filter-flags -Wl,-Bdirect + filter-ldflags -Bdirect + filter-ldflags -Wl,-Bdirect +} |