(#144092, fd.o 7535) Security fix. Denial of service and potential code execution.

Package-Manager: portage-2.1.1_pre5-r2

5 files changed, 164 insertions, 16 deletions

diff --git a/x11-libs/libXfont/ChangeLog b/x11-libs/libXfont/ChangeLog
index 202391b255c3..1de26f68659e 100644
--- a/x11-libs/libXfont/ChangeLog
+++ b/x11-libs/libXfont/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for x11-libs/libXfont
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.40 2006/07/19 13:58:44 gmsoft Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.41 2006/08/20 20:55:16 dberkholz Exp $
+
+*libXfont-1.2.0-r1 (20 Aug 2006)
+
+  20 Aug 2006; Donnie Berkholz <dberkholz@gentoo.org>;
+  +files/1.2.0-pcfread-git.diff, +libXfont-1.2.0-r1.ebuild:
+  (#144092, fd.o 7535) Security fix. Denial of service and potential code
+  execution.
 
   19 Jul 2006; Guy Martin <gmsoft@gentoo.org> libXfont-1.1.0-r1.ebuild:
   Stable on hppa.
diff --git a/x11-libs/libXfont/Manifest b/x11-libs/libXfont/Manifest
index 2c1ced191634..adad795ab356 100644
--- a/x11-libs/libXfont/Manifest
+++ b/x11-libs/libXfont/Manifest
@@ -1,20 +1,25 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+AUX 1.2.0-pcfread-git.diff 4121 RMD160 fde1d622558a1ef0c050f764e54e109d2afbe36b SHA1 35c8d3685e971f0e439356298f740631f7e13fc3 SHA256 d84d9176d9727553435919782eb54efdc3319bcafbecfa95acde91f546c9e7fc
+MD5 1743c6e18836c1b00c85fe7b730155f0 files/1.2.0-pcfread-git.diff 4121
+RMD160 fde1d622558a1ef0c050f764e54e109d2afbe36b files/1.2.0-pcfread-git.diff 4121
+SHA256 d84d9176d9727553435919782eb54efdc3319bcafbecfa95acde91f546c9e7fc files/1.2.0-pcfread-git.diff 4121
 DIST libXfont-1.1.0.tar.bz2 591235 RMD160 36f8180891623d362379b77eb24a18a45a1e9b2e SHA1 0f09897deed6c07c56064f9d3e5b9fad7840bb54 SHA256 30bafca0519ed511c037d2b46e062bdf5088f4741a5a66f6ec39c77640a44380
-DIST libXfont-1.2.0.tar.bz2 591129 RMD160 8faaeb2514390fe2f17534c27a5ad20e2f177ff0 SHA256 130d6991971a10ba8b54f52848bcb00cbb7b4229eb839f88500972e11fecf8f0
+DIST libXfont-1.2.0.tar.bz2 591129 RMD160 8faaeb2514390fe2f17534c27a5ad20e2f177ff0 SHA1 c17aa459c105a9aa57a88c8d4e2c4bee85e99d99 SHA256 130d6991971a10ba8b54f52848bcb00cbb7b4229eb839f88500972e11fecf8f0
 EBUILD libXfont-1.1.0-r1.ebuild 902 RMD160 eea54a0b30b51824103ad3ae6b35991af677c80b SHA1 770a7a8b71ca0b306a1410bc9bdd763c0835a0b8 SHA256 179addae8f78f46359def09c422653d7a03ccfc64cbb00b67119f6ec050aa7dc
 MD5 9f23cdfa9b7b822e715b9aa38e04fb24 libXfont-1.1.0-r1.ebuild 902
 RMD160 eea54a0b30b51824103ad3ae6b35991af677c80b libXfont-1.1.0-r1.ebuild 902
 SHA256 179addae8f78f46359def09c422653d7a03ccfc64cbb00b67119f6ec050aa7dc libXfont-1.1.0-r1.ebuild 902
+EBUILD libXfont-1.2.0-r1.ebuild 963 RMD160 0274fe3306fe68f2f6c1cfc6571eab7068802547 SHA1 d2316d12b3b2c31cfe26ee5591113eb05573d73e SHA256 f1f55823371a74a71e4d32f210a312abae93b818a8f73a13bb716d3d4f8ad62e
+MD5 29bed4397906b978737676d3ed1d9633 libXfont-1.2.0-r1.ebuild 963
+RMD160 0274fe3306fe68f2f6c1cfc6571eab7068802547 libXfont-1.2.0-r1.ebuild 963
+SHA256 f1f55823371a74a71e4d32f210a312abae93b818a8f73a13bb716d3d4f8ad62e libXfont-1.2.0-r1.ebuild 963
 EBUILD libXfont-1.2.0.ebuild 915 RMD160 914ba988fc2bb42620ca73954e164a555d48289a SHA1 b2d2d31c569d8ab914cfcdda002c134fe0aa1ca3 SHA256 53b099f195925021e5e4a18d45661cee8ca8105d7eb58eb49e10ee281b4a1063
 MD5 820d77065b04a59638a49e776b6e1ff4 libXfont-1.2.0.ebuild 915
 RMD160 914ba988fc2bb42620ca73954e164a555d48289a libXfont-1.2.0.ebuild 915
 SHA256 53b099f195925021e5e4a18d45661cee8ca8105d7eb58eb49e10ee281b4a1063 libXfont-1.2.0.ebuild 915
-MISC ChangeLog 5904 RMD160 1a12926782c2971c0a015b5fe2ab3aa5dafd7856 SHA1 ce5f652e55783e605f11f382cd5d1e2ee352955a SHA256 9ba0f54d9be5c7b758f12cef3fc4c04c65b6dd6ef721737fb83e0b8a666f8699
-MD5 65fcb2a9a047d2b86f1a154b99c11920 ChangeLog 5904
-RMD160 1a12926782c2971c0a015b5fe2ab3aa5dafd7856 ChangeLog 5904
-SHA256 9ba0f54d9be5c7b758f12cef3fc4c04c65b6dd6ef721737fb83e0b8a666f8699 ChangeLog 5904
+MISC ChangeLog 6144 RMD160 7e4af28581e38a7894351f69bdeb5ae130cec963 SHA1 e20f524caeb63477c97fe256848c5044209f2e5b SHA256 69ae87e384a3ccabf56edfc1d9ceeedbb9f67f12231ecbda1ebdd94241cd7b6f
+MD5 9b29b8ce87fcff4ab0f722f94965f2e6 ChangeLog 6144
+RMD160 7e4af28581e38a7894351f69bdeb5ae130cec963 ChangeLog 6144
+SHA256 69ae87e384a3ccabf56edfc1d9ceeedbb9f67f12231ecbda1ebdd94241cd7b6f ChangeLog 6144
 MISC metadata.xml 156 RMD160 c1274bdccf57603d580de0075ba07a35b7509560 SHA1 6f78f604e3d079d39189b40aaaa1ddb06182ad91 SHA256 5101ab0d4cc8c7125eea733c44e86962769bd77acaf53b69223b9cadcdd29055
 MD5 a37bab73e2f24b213932c30997d3d360 metadata.xml 156
 RMD160 c1274bdccf57603d580de0075ba07a35b7509560 metadata.xml 156
@@ -25,10 +30,6 @@ SHA256 82746534d08b62dc1426776cc68da555947432b41cb26eaecf8e9c0c9a9548e2 files/di
 MD5 230a15d6c7296813bf64f23b0fcaee5a files/digest-libXfont-1.2.0 247
 RMD160 63d31524e68f5d1017fe670912078aa255f51dc1 files/digest-libXfont-1.2.0 247
 SHA256 62a426754e12d456489adfe87a89528b2807acdca6ac174e6208e35b21e33766 files/digest-libXfont-1.2.0 247
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.4 (GNU/Linux)
-
-iD8DBQFE1hwKamhnQswr0vIRAv/KAJ4+4S0Mb7vqr0EEmp3F68mZV+R+tQCgpL7k
-k8+lvoSmJwhusFMEGNgFBNg=
-=WiuB
------END PGP SIGNATURE-----
+MD5 230a15d6c7296813bf64f23b0fcaee5a files/digest-libXfont-1.2.0-r1 247
+RMD160 63d31524e68f5d1017fe670912078aa255f51dc1 files/digest-libXfont-1.2.0-r1 247
+SHA256 62a426754e12d456489adfe87a89528b2807acdca6ac174e6208e35b21e33766 files/digest-libXfont-1.2.0-r1 247
diff --git a/x11-libs/libXfont/files/1.2.0-pcfread-git.diff b/x11-libs/libXfont/files/1.2.0-pcfread-git.diff
new file mode 100644
index 000000000000..50131fd8055a
--- /dev/null
+++ b/x11-libs/libXfont/files/1.2.0-pcfread-git.diff
@@ -0,0 +1,103 @@
+diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c
+index dd76868..6210f18 100644
+--- a/src/bitmap/pcfread.c
++++ b/src/bitmap/pcfread.c
+@@ -45,6 +45,7 @@ #define   MAX(a,b)    (((a)>(b)) ? a : b
+ #endif
+ 
+ #include <stdarg.h>
++#include <stdint.h>
+ 
+ void
+ pcfError(const char* message, ...)
+@@ -133,6 +134,10 @@ pcfReadTOC(FontFilePtr file, int *countp
+ 	return (PCFTablePtr) NULL;
+     count = pcfGetLSB32(file);
+     if (IS_EOF(file)) return (PCFTablePtr) NULL;
++    if (count < 0 || count > INT32_MAX / sizeof(PCFTableRec)) {
++	pcfError("pcfReadTOC(): invalid file format\n");
++	return NULL;
++    }
+     tables = (PCFTablePtr) xalloc(count * sizeof(PCFTableRec));
+     if (!tables) {
+       pcfError("pcfReadTOC(): Couldn't allocate tables (%d*%d)\n", count, sizeof(PCFTableRec));
+@@ -252,6 +257,10 @@ pcfGetProperties(FontInfoPtr pFontInfo, 
+     if (!PCF_FORMAT_MATCH(format, PCF_DEFAULT_FORMAT))
+ 	goto Bail;
+     nprops = pcfGetINT32(file, format);
++    if (nprops <= 0 || nprops > INT32_MAX / sizeof(FontPropRec)) {
++	pcfError("pcfGetProperties(): invalid nprops value (%d)\n", nprops);
++	goto Bail;
++    }
+     if (IS_EOF(file)) goto Bail;
+     props = (FontPropPtr) xalloc(nprops * sizeof(FontPropRec));
+     if (!props) {
+@@ -267,6 +276,13 @@ pcfGetProperties(FontInfoPtr pFontInfo, 
+ 	props[i].name = pcfGetINT32(file, format);
+ 	isStringProp[i] = pcfGetINT8(file, format);
+ 	props[i].value = pcfGetINT32(file, format);
++	if (props[i].name < 0 
++	    || (isStringProp[i] != 0 && isStringProp[i] != 1)
++	    || (isStringProp[i] && props[i].value < 0)) {
++	    pcfError("pcfGetProperties(): invalid file format %d %d %d\n",
++		     props[i].name, isStringProp[i], props[i].value);
++	    goto Bail;
++	}
+ 	if (IS_EOF(file)) goto Bail;
+     }
+     /* pad the property array */
+@@ -282,6 +298,7 @@ pcfGetProperties(FontInfoPtr pFontInfo, 
+     }
+     if (IS_EOF(file)) goto Bail;
+     string_size = pcfGetINT32(file, format);
++    if (string_size < 0) goto Bail;
+     if (IS_EOF(file)) goto Bail;
+     strings = (char *) xalloc(string_size);
+     if (!strings) {
+@@ -422,6 +439,10 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+     else
+ 	nmetrics = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if (nmetrics < 0 || nmetrics > INT32_MAX / sizeof(CharInfoRec)) {
++	pcfError("pcfReadFont(): invalid file format\n");
++	goto Bail;
++    }
+     metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec));
+     if (!metrics) {
+       pcfError("pcfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec));
+@@ -447,7 +468,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+     nbitmaps = pcfGetINT32(file, format);
+     if (nbitmaps != nmetrics || IS_EOF(file))
+ 	goto Bail;
+-
++    /* nmetrics is alreadt ok, so nbitmap also is */
+     offsets = (CARD32 *) xalloc(nbitmaps * sizeof(CARD32));
+     if (!offsets) {
+       pcfError("pcfReadFont(): Couldn't allocate offsets (%d*%d)\n", nbitmaps, sizeof(CARD32));
+@@ -461,6 +482,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+     for (i = 0; i < GLYPHPADOPTIONS; i++) {
+ 	bitmapSizes[i] = pcfGetINT32(file, format);
+ 	if (IS_EOF(file)) goto Bail;
++	if (bitmapSizes[i] < 0) goto Bail;
+     }
+     
+     sizebitmaps = bitmapSizes[PCF_GLYPH_PAD_INDEX(format)];
+@@ -536,6 +558,7 @@ pcfReadFont(FontPtr pFont, FontFilePtr f
+ 	if (IS_EOF(file)) goto Bail;
+ 	if (nink_metrics != nmetrics)
+ 	    goto Bail;
++	/* nmetrics already checked */
+ 	ink_metrics = (xCharInfo *) xalloc(nink_metrics * sizeof(xCharInfo));
+       if (!ink_metrics) {
+           pcfError("pcfReadFont(): Couldn't allocate ink_metrics (%d*%d)\n", nink_metrics, sizeof(xCharInfo));       
+@@ -809,6 +832,10 @@ pmfReadFont(FontPtr pFont, FontFilePtr f
+     else
+ 	nmetrics = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if (nmetrics < 0 || nmetrics > INT32_MAX / sizeof(CharInfoRec)) {
++	pcfError("pmfReadFont(): invalid file format\n");
++	goto Bail;
++    }
+     metrics = (CharInfoPtr) xalloc(nmetrics * sizeof(CharInfoRec));
+     if (!metrics) {
+       pcfError("pmfReadFont(): Couldn't allocate metrics (%d*%d)\n", nmetrics, sizeof(CharInfoRec));
diff --git a/x11-libs/libXfont/files/digest-libXfont-1.2.0-r1 b/x11-libs/libXfont/files/digest-libXfont-1.2.0-r1
new file mode 100644
index 000000000000..76e060720c53
--- /dev/null
+++ b/x11-libs/libXfont/files/digest-libXfont-1.2.0-r1
@@ -0,0 +1,3 @@
+MD5 038315ade283d8da92422baebac553a2 libXfont-1.2.0.tar.bz2 591129
+RMD160 8faaeb2514390fe2f17534c27a5ad20e2f177ff0 libXfont-1.2.0.tar.bz2 591129
+SHA256 130d6991971a10ba8b54f52848bcb00cbb7b4229eb839f88500972e11fecf8f0 libXfont-1.2.0.tar.bz2 591129
diff --git a/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild b/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild
new file mode 100644
index 000000000000..eee361be27f2
--- /dev/null
+++ b/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/libXfont-1.2.0-r1.ebuild,v 1.1 2006/08/20 20:55:16 dberkholz Exp $
+
+# Must be before x-modular eclass is inherited
+# SNAPSHOT="yes"
+
+inherit x-modular flag-o-matic
+
+DESCRIPTION="X.Org Xfont library"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ipv6"
+RDEPEND="x11-libs/xtrans
+	x11-libs/libfontenc
+	x11-proto/xproto
+	x11-proto/fontsproto
+	>=media-libs/freetype-2"
+DEPEND="${RDEPEND}
+	x11-proto/fontcacheproto"
+
+CONFIGURE_OPTIONS="$(use_enable ipv6)
+	--enable-type1
+	--with-encodingsdir=/usr/share/fonts/encodings"
+PATCHES="${FILESDIR}/${PV}-pcfread-git.diff"
+
+pkg_setup() {
+	# No such function yet
+	# x-modular_pkg_setup
+
+	# (#125465) Broken with Bdirect support
+	filter-flags -Wl,-Bdirect
+	filter-ldflags -Bdirect
+	filter-ldflags -Wl,-Bdirect
+}