[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libxfont: Changes to 'upstream-unstable'



 configure.ac             |    5 
 src/FreeType/Makefile.am |    2 
 src/FreeType/ftsystem.c  |  331 -----------------------------------------------
 src/bitmap/pcfread.c     |    6 
 src/builtins/dir.c       |   18 +-
 src/builtins/file.c      |    3 
 src/fontfile/catalogue.c |    2 
 7 files changed, 19 insertions(+), 348 deletions(-)

New commits:
commit 0fd2a1428df56d8b29e148b08dcec2dfed9302fa
Author: Adam Jackson <ajax@redhat.com>
Date:   Wed Mar 5 22:04:06 2008 -0500

    libXfont 1.3.2

diff --git a/configure.ac b/configure.ac
index 63737ad..7d7ba75 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,3 @@
-dnl 
-dnl  $Id$
-dnl 
 dnl  Copyright © 2003 Keith Packard
 dnl 
 dnl  Permission to use, copy, modify, distribute, and sell this software and its
@@ -26,7 +23,7 @@ dnl Process this file with autoconf to create configure.
 AC_PREREQ([2.57])
 
 AC_INIT([libXfont],
-	1.3.1,
+	1.3.2,
 	[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg],
 	libXfont)
 dnl

commit b76df66d2c507898472bba0f9986ef5700029a36
Author: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date:   Thu Jan 17 15:30:37 2008 +0100

    Fix for CVE-2008-0006 - PCF Font parser buffer overflow.

diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c
index fd41849..c5db255 100644
--- a/src/bitmap/pcfread.c
+++ b/src/bitmap/pcfread.c
@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr file,
     pFont->info.lastRow = pcfGetINT16(file, format);
     pFont->info.defaultCh = pcfGetINT16(file, format);
     if (IS_EOF(file)) goto Bail;
+    if (pFont->info.firstCol > pFont->info.lastCol ||
+       pFont->info.firstRow > pFont->info.lastRow ||
+       pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
 
     nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
 	(pFont->info.lastRow - pFont->info.firstRow + 1);
@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, FontFilePtr file)
     pFontInfo->lastRow = pcfGetINT16(file, format);
     pFontInfo->defaultCh = pcfGetINT16(file, format);
     if (IS_EOF(file)) goto Bail;
+    if (pFontInfo->firstCol > pFontInfo->lastCol ||
+       pFontInfo->firstRow > pFontInfo->lastRow ||
+       pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
 
     nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
 	(pFontInfo->lastRow - pFontInfo->firstRow + 1);

commit 2297c6390a1609fe810c2cd5b3443f3722610944
Author: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date:   Thu Oct 18 21:46:49 2007 +0200

    ftsystem.c is not needed anymore.

diff --git a/src/FreeType/Makefile.am b/src/FreeType/Makefile.am
index a138314..8e67837 100644
--- a/src/FreeType/Makefile.am
+++ b/src/FreeType/Makefile.am
@@ -13,5 +13,3 @@ libft_la_SOURCES = 		\
 	ftfuncs.c		\
 	fttools.c		\
 	xttcap.c
-
-EXTRA_DIST = ftsystem.c
diff --git a/src/FreeType/ftsystem.c b/src/FreeType/ftsystem.c
deleted file mode 100644
index ae5aa00..0000000
--- a/src/FreeType/ftsystem.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/***************************************************************************/
-/*                                                                         */
-/*  ftsystem.c                                                             */
-/*                                                                         */
-/*    ANSI-specific FreeType low-level system interface (body).            */
-/*                                                                         */
-/*  Copyright 1996-2001, 2002 by                                           */
-/*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
-/*                                                                         */
-/*  Modified for XFree86.                                                  */
-/*                                                                         */
-/*  This file is part of the FreeType project, and may only be used,       */
-/*  modified, and distributed under the terms of the FreeType project      */
-/*  license, LICENSE.TXT.  By continuing to use, modify, or distribute     */
-/*  this file you indicate that you have read the license and              */
-/*  understand and accept it fully.                                        */
-/*                                                                         */
-/***************************************************************************/
-
-/* Modified for XFree86 */
-/* $XFree86$ */
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* This file contains the default interface used by FreeType to access   */
-  /* low-level, i.e. memory management, i/o access as well as thread       */
-  /* synchronisation.  It can be replaced by user-specific routines if     */
-  /* necessary.                                                            */
-  /*                                                                       */
-  /*************************************************************************/
-
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <ft2build.h>
-#include FT_CONFIG_CONFIG_H
-#include FT_SYSTEM_H
-#include FT_ERRORS_H
-#include FT_TYPES_H
-
-#ifndef FONTMODULE
-#include <stdio.h>
-#include <stdlib.h>
-#else
-#include "Xmd.h"
-#define _XTYPEDEF_BOOL
-#include "Xdefs.h"
-#define DONT_DEFINE_WRAPPERS
-#include "xf86_ansic.h"
-#undef DONT_DEFINE_WRAPPERS
-#define malloc(x) xf86malloc(x)
-#define realloc(x, y) xf86realloc(x, y)
-#define free(x) xf86free(x)
-#define FILE XF86FILE
-#define fopen(x, y) xf86fopen(x, y)
-#define fclose(x) xf86fclose(x)
-#define fseek(x, y, z) xf86fseek(x, y, z)
-#define ftell(x) xf86ftell(x)
-#define SEEK_SET XF86_SEEK_SET
-#define SEEK_END XF86_SEEK_END
-#define fread(x, y, z, t) xf86fread(x, y, z, t)
-#endif
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /*                       MEMORY MANAGEMENT INTERFACE                     */
-  /*                                                                       */
-  /*************************************************************************/
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* It is not necessary to do any error checking for the                  */
-  /* allocation-related functions.  This will be done by the higher level  */
-  /* routines like FT_Alloc() or FT_Realloc().                             */
-  /*                                                                       */
-  /*************************************************************************/
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* <Function>                                                            */
-  /*    ft_alloc                                                           */
-  /*                                                                       */
-  /* <Description>                                                         */
-  /*    The memory allocation function.                                    */
-  /*                                                                       */
-  /* <Input>                                                               */
-  /*    memory :: A pointer to the memory object.                          */
-  /*                                                                       */
-  /*    size   :: The requested size in bytes.                             */
-  /*                                                                       */
-  /* <Return>                                                              */
-  /*    The address of newly allocated block.                              */
-  /*                                                                       */
-  FT_CALLBACK_DEF( void* )
-  ft_alloc( FT_Memory  memory,
-            long       size )
-  {
-    FT_UNUSED( memory );
-
-    return malloc( size );
-  }
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* <Function>                                                            */
-  /*    ft_realloc                                                         */
-  /*                                                                       */
-  /* <Description>                                                         */
-  /*    The memory reallocation function.                                  */
-  /*                                                                       */
-  /* <Input>                                                               */
-  /*    memory   :: A pointer to the memory object.                        */
-  /*                                                                       */
-  /*    cur_size :: The current size of the allocated memory block.        */
-  /*                                                                       */
-  /*    new_size :: The newly requested size in bytes.                     */
-  /*                                                                       */
-  /*    block    :: The current address of the block in memory.            */
-  /*                                                                       */
-  /* <Return>                                                              */
-  /*    The address of the reallocated memory block.                       */
-  /*                                                                       */
-  FT_CALLBACK_DEF( void* )
-  ft_realloc( FT_Memory  memory,
-              long       cur_size,
-              long       new_size,
-              void*      block )
-  {
-    FT_UNUSED( memory );
-    FT_UNUSED( cur_size );
-
-    return realloc( block, new_size );
-  }
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* <Function>                                                            */
-  /*    ft_free                                                            */
-  /*                                                                       */
-  /* <Description>                                                         */
-  /*    The memory release function.                                       */
-  /*                                                                       */
-  /* <Input>                                                               */
-  /*    memory  :: A pointer to the memory object.                         */
-  /*                                                                       */
-  /*    block   :: The address of block in memory to be freed.             */
-  /*                                                                       */
-  FT_CALLBACK_DEF( void )
-  ft_free( FT_Memory  memory,
-           void*      block )
-  {
-    FT_UNUSED( memory );
-
-    free( block );
-  }
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /*                     RESOURCE MANAGEMENT INTERFACE                     */
-  /*                                                                       */
-  /*************************************************************************/
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* The macro FT_COMPONENT is used in trace mode.  It is an implicit      */
-  /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log  */
-  /* messages during execution.                                            */
-  /*                                                                       */
-#undef  FT_COMPONENT
-#define FT_COMPONENT  trace_io
-
-  /* We use the macro STREAM_FILE for convenience to extract the       */
-  /* system-specific stream handle from a given FreeType stream object */
-#define STREAM_FILE( stream )  ( (FILE*)stream->descriptor.pointer )
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* <Function>                                                            */
-  /*    ft_ansi_stream_close                                               */
-  /*                                                                       */
-  /* <Description>                                                         */
-  /*    The function to close a stream.                                    */
-  /*                                                                       */
-  /* <Input>                                                               */
-  /*    stream :: A pointer to the stream object.                          */
-  /*                                                                       */
-  FT_CALLBACK_DEF( void )
-  ft_ansi_stream_close( FT_Stream  stream )
-  {
-    fclose( STREAM_FILE( stream ) );
-
-    stream->descriptor.pointer = NULL;
-    stream->size               = 0;
-    stream->base               = 0;
-  }
-
-
-  /*************************************************************************/
-  /*                                                                       */
-  /* <Function>                                                            */
-  /*    ft_ansi_stream_io                                                  */
-  /*                                                                       */
-  /* <Description>                                                         */
-  /*    The function to open a stream.                                     */
-  /*                                                                       */
-  /* <Input>                                                               */
-  /*    stream :: A pointer to the stream object.                          */
-  /*                                                                       */
-  /*    offset :: The position in the data stream to start reading.        */
-  /*                                                                       */
-  /*    buffer :: The address of buffer to store the read data.            */
-  /*                                                                       */
-  /*    count  :: The number of bytes to read from the stream.             */
-  /*                                                                       */
-  /* <Return>                                                              */
-  /*    The number of bytes actually read.                                 */
-  /*                                                                       */
-  FT_CALLBACK_DEF( unsigned long )
-  ft_ansi_stream_io( FT_Stream       stream,
-                     unsigned long   offset,
-                     unsigned char*  buffer,
-                     unsigned long   count )
-  {
-    FILE*  file;
-
-
-    file = STREAM_FILE( stream );
-
-    fseek( file, offset, SEEK_SET );
-
-    return (unsigned long)fread( buffer, 1, count, file );
-  }
-
-
-  /* documentation is in ftobjs.h */
-
-  FT_EXPORT_DEF( FT_Error )
-  FT_Stream_Open( FT_Stream    stream,
-                  const char*  filepathname )
-  {
-    FILE*  file;
-
-
-    if ( !stream )
-      return FT_Err_Invalid_Stream_Handle;
-
-    file = fopen( filepathname, "rb" );
-    if ( !file )
-    {
-      FT_ERROR(( "FT_Stream_Open:" ));
-      FT_ERROR(( " could not open `%s'\n", filepathname ));
-
-      return FT_Err_Cannot_Open_Resource;
-    }
-
-    fseek( file, 0, SEEK_END );
-    stream->size = ftell( file );
-    fseek( file, 0, SEEK_SET );
-
-    stream->descriptor.pointer = file;
-    stream->pathname.pointer   = (char*)filepathname;
-    stream->pos                = 0;
-
-    stream->read  = ft_ansi_stream_io;
-    stream->close = ft_ansi_stream_close;
-
-    FT_TRACE1(( "FT_Stream_Open:" ));
-    FT_TRACE1(( " opened `%s' (%d bytes) successfully\n",
-                filepathname, stream->size ));
-
-    return FT_Err_Ok;
-  }
-
-
-#ifdef FT_DEBUG_MEMORY
-
-  extern FT_Int
-  ft_mem_debug_init( FT_Memory  memory );
-
-  extern void
-  ft_mem_debug_done( FT_Memory  memory );
-
-#endif
-
-
-  /* documentation is in ftobjs.h */
-
-  FT_EXPORT_DEF( FT_Memory )
-  FT_New_Memory( void )
-  {
-    FT_Memory  memory;
-
-
-    memory = (FT_Memory)malloc( sizeof ( *memory ) );
-    if ( memory )
-    {
-      memory->user    = 0;
-      memory->alloc   = ft_alloc;
-      memory->realloc = ft_realloc;
-      memory->free    = ft_free;
-#ifdef FT_DEBUG_MEMORY
-      ft_mem_debug_init( memory );
-#endif
-    }
-
-    return memory;
-  }
-
-
-  /* documentation is in ftobjs.h */
-
-  FT_EXPORT_DEF( void )
-  FT_Done_Memory( FT_Memory  memory )
-  {
-#ifdef FT_DEBUG_MEMORY
-    ft_mem_debug_done( memory );
-#endif
-#undef free
-    memory->free( memory, memory );
-  }
-
-
-/* END */

commit 5bf703700ee4a5d6eae20da07cb7a29369667aef
Author: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date:   Fri Sep 28 08:17:57 2007 +0200

    catalogue.c: prevent a one character overflow
    
    this occurs if readlink writes a result that's exactly the
    size of the buffer that's passed to it. Reported by
    Joerg Sonnenberger.
    
    Re

diff --git a/src/fontfile/catalogue.c b/src/fontfile/catalogue.c
index 33d4434..c0d90f8 100644
--- a/src/fontfile/catalogue.c
+++ b/src/fontfile/catalogue.c
@@ -156,7 +156,7 @@ CatalogueRescan (FontPathElementPtr fpe)
     while (entry = readdir(dir), entry != NULL)
     {
 	snprintf(link, sizeof link, "%s/%s", path, entry->d_name);
-	len = readlink(link, dest, sizeof dest);
+	len = readlink(link, dest, sizeof dest - 1);
 	if (len < 0)
 	    continue;
 

commit fd8a03fbbd74f5cbaa740e5d50fccdf5c1f78b5b
Author: Jens Granseuer <jensgr@gmx.net>
Date:   Thu Sep 27 23:12:00 2007 +0200

    fix build with gcc 2.95.
    
    In addition to fixing the C89 issue, the patch also flags a few functions as
    static to avoid "no previous prototype" warnings.

diff --git a/src/builtins/dir.c b/src/builtins/dir.c
index 97f1e1e..1f7f547 100644
--- a/src/builtins/dir.c
+++ b/src/builtins/dir.c
@@ -29,7 +29,7 @@
 #endif
 #include "builtin.h"
 
-BuiltinDirPtr
+static BuiltinDirPtr
 BuiltinDirsDup (const BuiltinDirPtr a_dirs,
                 int a_dirs_len)
 {
@@ -60,7 +60,7 @@ BuiltinDirsDup (const BuiltinDirPtr a_dirs,
  * @param a_saved the saved instance of BuiltinDir to copy into a_cur
  * @return 0 if went okay, 1 otherwise.
  */
-int
+static int
 BuiltinDirRestore (BuiltinDirPtr a_cur,
                    const BuiltinDirPtr a_saved)
 {
@@ -75,7 +75,7 @@ BuiltinDirRestore (BuiltinDirPtr a_cur,
 }
 
 
-int
+static int
 BuiltinDirsRestore (BuiltinDirPtr a_cur_tab,
                     const BuiltinDirPtr a_saved_tab,
                     int a_tab_len)
@@ -94,7 +94,7 @@ BuiltinDirsRestore (BuiltinDirPtr a_cur_tab,
     return 0 ;
 }
 
-BuiltinAliasPtr
+static BuiltinAliasPtr
 BuiltinAliasesDup (const BuiltinAliasPtr a_aliases,
                    int a_aliases_len)
 {
@@ -122,7 +122,7 @@ BuiltinAliasesDup (const BuiltinAliasPtr a_aliases,
  * @param a_saved the saved instance of BuiltinAlias to copy into a_cur
  * @return 0 if went okay, 1 otherwise.
  */
-int
+static int
 BuiltinAliasRestore (BuiltinAliasPtr a_cur,
                      const BuiltinAliasPtr a_save)
 {
@@ -137,7 +137,7 @@ BuiltinAliasRestore (BuiltinAliasPtr a_cur,
     return 0 ;
 }
 
-int
+static int
 BuiltinAliasesRestore (BuiltinAliasPtr a_cur_tab,
                        const BuiltinAliasPtr a_saved_tab,
                        int a_tab_len)
@@ -162,10 +162,10 @@ BuiltinReadDirectory (char *directory, FontDirectoryPtr *pdir)
     FontDirectoryPtr	dir;
     int			i;
 
-    dir = FontFileMakeDir ("", builtin_dir_count);
-    static BuiltinDirPtr saved_builtin_dir ;
-    static BuiltinAliasPtr saved_builtin_alias ;
+    static BuiltinDirPtr saved_builtin_dir;
+    static BuiltinAliasPtr saved_builtin_alias;
 
+    dir = FontFileMakeDir ("", builtin_dir_count);
 
     if (saved_builtin_dir)
     {

commit 268f1bb1859e97944e8b63a5bb12677e874ed144
Author: Tilman Sauerbeck <tilman@code-monkey.de>
Date:   Thu Sep 13 20:40:26 2007 +0200

    Replaced one instance of bcopy() with memcpy().
    
    f->buffer cannot overlap with io->file->bits, so it's safe to
    use memcpy() rather than memmove().
    Compile-tested only.

diff --git a/src/builtins/file.c b/src/builtins/file.c
index 863ecee..a46b0a6 100644
--- a/src/builtins/file.c
+++ b/src/builtins/file.c
@@ -27,6 +27,7 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <string.h>
 #include "builtin.h"
 
 typedef struct _BuiltinIO {
@@ -49,7 +50,7 @@ BuiltinFill (BufFilePtr	f)
     len = BUFFILESIZE;
     if (len > left)
 	len = left;
-    bcopy (io->file->bits + io->offset, f->buffer, len);
+    memcpy (f->buffer, io->file->bits + io->offset, len);
     io->offset += len;
     f->left = len - 1;
     f->bufp = f->buffer + 1;


Reply to: