head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.20
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.18
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.16
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q2:1.4.0.14
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2009Q4:1.4.0.12
	pkgsrc-2009Q4-base:1.4
	pkgsrc-2008Q4:1.4.0.10
	pkgsrc-2008Q4-base:1.4
	pkgsrc-2008Q3:1.4.0.8
	pkgsrc-2008Q3-base:1.4
	cube-native-xorg:1.4.0.6
	cube-native-xorg-base:1.4
	pkgsrc-2008Q2:1.4.0.4
	pkgsrc-2008Q2-base:1.4
	pkgsrc-2008Q1:1.4.0.2
	pkgsrc-2008Q1-base:1.4
	pkgsrc-2007Q4:1.3.0.4
	pkgsrc-2007Q4-base:1.3
	pkgsrc-2007Q3:1.3.0.2
	pkgsrc-2007Q3-base:1.3
	pkgsrc-2007Q2:1.2.0.2
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.1.0.2
	pkgsrc-2007Q1-base:1.1;
locks; strict;
comment	@# @;


1.4
date	2008.03.07.20.16.19;	author wiz;	state dead;
branches;
next	1.3;

1.3
date	2007.09.24.16.24.48;	author joerg;	state Exp;
branches;
next	1.2;

1.2
date	2007.04.10.17.43.25;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2007.04.03.20.27.21;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update to 1.3.2:

Adam Jackson (1):
libXfont 1.3.2

Jens Granseuer (1):
fix build with gcc 2.95.

Matthieu Herrb (3):
catalogue.c: prevent a one character overflow
ftsystem.c is not needed anymore.
Fix for CVE-2008-0006 - PCF Font parser buffer overflow.

Tilman Sauerbeck (1):
Replaced one instance of bcopy() with memcpy().
@
text
@$NetBSD: patch-aa,v 1.3 2007/09/24 16:24:48 joerg Exp $

--- src/fontfile/catalogue.c.orig	2007-09-24 18:18:59.000000000 +0200
+++ src/fontfile/catalogue.c
@@@@ -156,7 +156,7 @@@@ CatalogueRescan (FontPathElementPtr fpe)
     while (entry = readdir(dir), entry != NULL)
     {
 	snprintf(link, sizeof link, "%s/%s", path, entry->d_name);
-	len = readlink(link, dest, sizeof dest);
+	len = readlink(link, dest, sizeof dest - 1);
 	if (len < 0)
 	    continue;
 
@


1.3
log
@Fix off-by-one issue. Bump revision.
@
text
@d1 1
a1 1
$NetBSD$
@


1.2
log
@update to 1.2.8
changes:
-the integer overflow fixes went in (was patched in pkgsrc)
-build fixes
@
text
@d1 1
a1 1
$NetBSD: patch-aa,v 1.1 2007/04/03 20:27:21 drochner Exp $
d3 10
a12 5
--- src/bitmap/bdfread.c.orig	2007-04-03 19:01:20.000000000 +0200
+++ src/bitmap/bdfread.c
@@@@ -65,6 +65,12 @@@@ from The Open Group.
 #include <X11/fonts/bitmap.h>
 #include <X11/fonts/bdfint.h>
a13 21
+#if HAVE_STDINT_H
+#include <stdint.h>
+#elif !defined(INT32_MAX)
+#define INT32_MAX 0x7fffffff
+#endif
+
 #define INDICES 256
 #define MAXENCODING 0xFFFF
 #define BDFLINELEN  1024
@@@@ -288,6 +294,11 @@@@ bdfReadCharacters(FontFilePtr file, Font
 	bdfError("invalid number of CHARS in BDF file\n");
 	return (FALSE);
     }
+    if (nchars > INT32_MAX / sizeof(CharInfoRec)) {
+	bdfError("Couldn't allocate pCI (%d*%d)\n", nchars,
+		 sizeof(CharInfoRec));
+	goto BAILOUT;
+    }
     ci = (CharInfoPtr) xalloc(nchars * sizeof(CharInfoRec));
     if (!ci) {
 	bdfError("Couldn't allocate pCI (%d*%d)\n", nchars,
@


1.1
log
@fix a possible memory corruption due to integer overflow, caused by lack
of validation of bdf font files
(CVE 2007-1351)
fix a possible memory corruption due to integer overflow, caused by lack
of validation of fonts.dir files
(CVE 2007-1352)
bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@