(#204362) Security bump.

Package-Manager: portage-2.1.4
author: Donnie Berkholz <dberkholz@gentoo.org> 2008-01-17 18:55:39 +0000
committer: Donnie Berkholz <dberkholz@gentoo.org> 2008-01-17 18:55:39 +0000
commit: 5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092 (patch)
tree: 60d9f021839445861d1734508dc55b6ec0a8d6b1 /x11-libs
parent: Version bump. (diff)
download: historical-5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092.tar.gz
historical-5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092.tar.bz2
historical-5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092.zip
5 files changed, 105 insertions, 10 deletions
diff --git a/x11-libs/libXfont/ChangeLog b/x11-libs/libXfont/ChangeLog
index 3ebd3b442f3b..2175330c54e2 100644
--- a/x11-libs/libXfont/ChangeLog
+++ b/x11-libs/libXfont/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for x11-libs/libXfont
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.83 2007/12/19 23:34:15 cla Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/ChangeLog,v 1.84 2008/01/17 18:55:38 dberkholz Exp $
+
+*libXfont-1.3.1-r1 (17 Jan 2008)
+
+  17 Jan 2008; Donnie Berkholz <dberkholz@gentoo.org>;
+  +files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch,
+  +libXfont-1.3.1-r1.ebuild:
+  (#204362) Security bump.
 
   19 Dec 2007; Dawid Węgliński <cla@gentoo.org> libXfont-1.3.1.ebuild:
   Stable on x86 (bug #202087)
diff --git a/x11-libs/libXfont/Manifest b/x11-libs/libXfont/Manifest
index 5a502e37462d..16c46c85650b 100644
--- a/x11-libs/libXfont/Manifest
+++ b/x11-libs/libXfont/Manifest
@@ -1,20 +1,28 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX 0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch 1494 RMD160 ea3d7b43d56b560a9403ab09911e5abb406e44ae SHA1 cd3ef26e59ad3bb64fedc44f828b84c271a2806c SHA256 cc8f8461278ae5d6c1e1b26f8e9edf8d39182092620ab3c3a84500e379940deb
+MD5 04a1823b20437b63a81da53d2af1d25e files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch 1494
+RMD160 ea3d7b43d56b560a9403ab09911e5abb406e44ae files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch 1494
+SHA256 cc8f8461278ae5d6c1e1b26f8e9edf8d39182092620ab3c3a84500e379940deb files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch 1494
 DIST libXfont-1.3.0.tar.bz2 582389 RMD160 115b73f66cc8024cf2cffe5e83d6516f187d1f4d SHA1 3440ff0bd9b364991da2f0b5d38c1c87d8a4c032 SHA256 07567b9880f28d1a404389c024a185419bfe81136aef3d9eda52407f34c3d3dd
 DIST libXfont-1.3.1.tar.bz2 564235 RMD160 13c8ed7b33ec0c4f08c032d74958e49d3c177464 SHA1 90153414cd3580d92cad6469166c099749cddd29 SHA256 dcfb7dc980a16ad98ac984b98321148864ea8b4637d3dd3773e483a14158a9b1
 EBUILD libXfont-1.3.0.ebuild 882 RMD160 3ea5ae6f6d8f84d00680e96b644a90eb51230b97 SHA1 72c7e34e1873981ce6f4ef71a8a775d84a41f893 SHA256 29d0bdc641a367fe2a748d3c9fcba9aaa462f86d6b78e714bf91293d8a6b5fdc
 MD5 471cb106fe14d3e86df617df77cdec1f libXfont-1.3.0.ebuild 882
 RMD160 3ea5ae6f6d8f84d00680e96b644a90eb51230b97 libXfont-1.3.0.ebuild 882
 SHA256 29d0bdc641a367fe2a748d3c9fcba9aaa462f86d6b78e714bf91293d8a6b5fdc libXfont-1.3.0.ebuild 882
+EBUILD libXfont-1.3.1-r1.ebuild 993 RMD160 2f212b98d7a5c999b7dcbc818110cab822300064 SHA1 f7500b63b4ef50b42ed118d013a2dbd9c1e6e28d SHA256 10aefc67af5c2b04059c697733ce1498c985726d504e3c2ed2b1efb091297ab6
+MD5 88f5ea8ffdb01e126fa135ae32e3384d libXfont-1.3.1-r1.ebuild 993
+RMD160 2f212b98d7a5c999b7dcbc818110cab822300064 libXfont-1.3.1-r1.ebuild 993
+SHA256 10aefc67af5c2b04059c697733ce1498c985726d504e3c2ed2b1efb091297ab6 libXfont-1.3.1-r1.ebuild 993
 EBUILD libXfont-1.3.1.ebuild 887 RMD160 b3f7455cc1e728667d991e5aefe9a772309f6607 SHA1 83615989f39ffcdf71174cb344963624fb42bbf8 SHA256 d8585e5775ec352fd3504d5ef7722f067bfe8e59984919aa89f76d9623652046
 MD5 dbb6da27274472e2bb58d7301e78d305 libXfont-1.3.1.ebuild 887
 RMD160 b3f7455cc1e728667d991e5aefe9a772309f6607 libXfont-1.3.1.ebuild 887
 SHA256 d8585e5775ec352fd3504d5ef7722f067bfe8e59984919aa89f76d9623652046 libXfont-1.3.1.ebuild 887
-MISC ChangeLog 12425 RMD160 4579e5caa7397fc967a444862935eba295556e36 SHA1 8080b940fad6a464cc9da6d6a147624c8a02bc1a SHA256 2c3b74a0a9642176113b8e86fba26eb76db9baabdbe8d11422e80cb4ee85df85
-MD5 2afc5d1f425fbaf6a6410c75cf944f02 ChangeLog 12425
-RMD160 4579e5caa7397fc967a444862935eba295556e36 ChangeLog 12425
-SHA256 2c3b74a0a9642176113b8e86fba26eb76db9baabdbe8d11422e80cb4ee85df85 ChangeLog 12425
+MISC ChangeLog 12649 RMD160 993337464a620688202815d2ae69518691d14061 SHA1 531cd307bef7142c3d3d694cd56ef10a35e12ff1 SHA256 eac8f91c92287d1c4b9afb52a14857fab215ac44c8caba889ccfbafd477c7f0f
+MD5 d44980126a0716813f813b78d0f0ff67 ChangeLog 12649
+RMD160 993337464a620688202815d2ae69518691d14061 ChangeLog 12649
+SHA256 eac8f91c92287d1c4b9afb52a14857fab215ac44c8caba889ccfbafd477c7f0f ChangeLog 12649
 MISC metadata.xml 156 RMD160 c1274bdccf57603d580de0075ba07a35b7509560 SHA1 6f78f604e3d079d39189b40aaaa1ddb06182ad91 SHA256 5101ab0d4cc8c7125eea733c44e86962769bd77acaf53b69223b9cadcdd29055
 MD5 a37bab73e2f24b213932c30997d3d360 metadata.xml 156
 RMD160 c1274bdccf57603d580de0075ba07a35b7509560 metadata.xml 156
@@ -25,10 +33,13 @@ SHA256 25b25f3c44d001afd50ef2387dc9824e1ae803ac2e745506d2f97f0fd21dec29 files/di
 MD5 e61f019a5c87fcc13651458b38e23c5a files/digest-libXfont-1.3.1 247
 RMD160 8d3716f334e55ac8880d3bb5ae56e19c951c8008 files/digest-libXfont-1.3.1 247
 SHA256 8dcd8a702bb5684ef64121b3adc932c918351377e3b0511cf610566c9bd531d0 files/digest-libXfont-1.3.1 247
+MD5 e61f019a5c87fcc13651458b38e23c5a files/digest-libXfont-1.3.1-r1 247
+RMD160 8d3716f334e55ac8880d3bb5ae56e19c951c8008 files/digest-libXfont-1.3.1-r1 247
+SHA256 8dcd8a702bb5684ef64121b3adc932c918351377e3b0511cf610566c9bd531d0 files/digest-libXfont-1.3.1-r1 247
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.8 (GNU/Linux)
+Version: GnuPG v2.0.7 (GNU/Linux)
 
-iEYEARECAAYFAkeJ2KkACgkQj9hvisErhMLEIgCgpefxcN1OdiAWpqCGb3Fi/JTz
-xjIAoMNEtaV9H0a9N5YQL4jTFXJUc9MC
-=dx3Q
+iD8DBQFHj6SwXVaO67S1rtsRAg5BAKD8J1HyrTbPlcLEq2m3DNYrmJGPKgCfSdb6
+NzrM3v9T5j/kRY81iMwoHSQ=
+=U+Wo
 -----END PGP SIGNATURE-----
diff --git a/x11-libs/libXfont/files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch b/x11-libs/libXfont/files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch
new file mode 100644
index 000000000000..ff7c48e54a26
--- /dev/null
+++ b/x11-libs/libXfont/files/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch
@@ -0,0 +1,36 @@
+From b76df66d2c507898472bba0f9986ef5700029a36 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@bluenote.herrb.com>
+Date: Thu, 17 Jan 2008 15:30:37 +0100
+Subject: [PATCH] Fix for CVE-2008-0006 - PCF Font parser buffer overflow.
+
+---
+ src/bitmap/pcfread.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c
+index fd41849..c5db255 100644
+--- a/src/bitmap/pcfread.c
++++ b/src/bitmap/pcfread.c
+@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr file,
+     pFont->info.lastRow = pcfGetINT16(file, format);
+     pFont->info.defaultCh = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if (pFont->info.firstCol > pFont->info.lastCol ||
++       pFont->info.firstRow > pFont->info.lastRow ||
++       pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
+ 
+     nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
+ 	(pFont->info.lastRow - pFont->info.firstRow + 1);
+@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, FontFilePtr file)
+     pFontInfo->lastRow = pcfGetINT16(file, format);
+     pFontInfo->defaultCh = pcfGetINT16(file, format);
+     if (IS_EOF(file)) goto Bail;
++    if (pFontInfo->firstCol > pFontInfo->lastCol ||
++       pFontInfo->firstRow > pFontInfo->lastRow ||
++       pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
+ 
+     nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
+ 	(pFontInfo->lastRow - pFontInfo->firstRow + 1);
+-- 
+1.5.3.5
+
diff --git a/x11-libs/libXfont/files/digest-libXfont-1.3.1-r1 b/x11-libs/libXfont/files/digest-libXfont-1.3.1-r1
new file mode 100644
index 000000000000..44b03f1a9900
--- /dev/null
+++ b/x11-libs/libXfont/files/digest-libXfont-1.3.1-r1
@@ -0,0 +1,3 @@
+MD5 b2f396b62633819bbdd9748383876e21 libXfont-1.3.1.tar.bz2 564235
+RMD160 13c8ed7b33ec0c4f08c032d74958e49d3c177464 libXfont-1.3.1.tar.bz2 564235
+SHA256 dcfb7dc980a16ad98ac984b98321148864ea8b4637d3dd3773e483a14158a9b1 libXfont-1.3.1.tar.bz2 564235
diff --git a/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild b/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild
new file mode 100644
index 000000000000..7462d50eaaac
--- /dev/null
+++ b/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libXfont/libXfont-1.3.1-r1.ebuild,v 1.1 2008/01/17 18:55:38 dberkholz Exp $
+
+# Must be before x-modular eclass is inherited
+# SNAPSHOT="yes"
+
+inherit x-modular flag-o-matic
+
+DESCRIPTION="X.Org Xfont library"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ipv6"
+
+RDEPEND="x11-libs/xtrans
+	x11-libs/libfontenc
+	x11-proto/xproto
+	x11-proto/fontsproto
+	>=media-libs/freetype-2"
+DEPEND="${RDEPEND}
+	x11-proto/fontcacheproto"
+
+CONFIGURE_OPTIONS="$(use_enable ipv6)
+	--with-encodingsdir=/usr/share/fonts/encodings"
+
+PATCHES="
+	${FILESDIR}/0001-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch
+	"
+
+pkg_setup() {
+	# No such function yet
+	# x-modular_pkg_setup
+
+	# (#125465) Broken with Bdirect support
+	filter-flags -Wl,-Bdirect
+	filter-ldflags -Bdirect
+	filter-ldflags -Wl,-Bdirect
+}
author	Donnie Berkholz <dberkholz@gentoo.org>	2008-01-17 18:55:39 +0000
committer	Donnie Berkholz <dberkholz@gentoo.org>	2008-01-17 18:55:39 +0000
commit	5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092 (patch)
tree	60d9f021839445861d1734508dc55b6ec0a8d6b1 /x11-libs
parent	Version bump. (diff)
download	historical-5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092.tar.gz historical-5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092.tar.bz2 historical-5b1d93f2b0d3bb27767cc6b0c127f5f1f5789092.zip