diff options
author | minskim <minskim@pkgsrc.org> | 2004-09-16 19:28:56 +0000 |
---|---|---|
committer | minskim <minskim@pkgsrc.org> | 2004-09-16 19:28:56 +0000 |
commit | e3103bfae74b5da3f17b73a3e37c930cec27743b (patch) | |
tree | af40ea91b04fbaef1383ab215392350163622513 | |
parent | 31472d38a4a8be988488362bc7599fed675b460b (diff) | |
download | pkgsrc-e3103bfae74b5da3f17b73a3e37c930cec27743b.tar.gz |
Incorporate libXpm security fixes of X.Org X11R6.8.1.
Bump PKGREVISION.
-rw-r--r-- | x11/XFree86-libs/Makefile | 4 | ||||
-rw-r--r-- | x11/XFree86-libs/distinfo | 10 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-ak | 13 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-al | 31 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-am | 179 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-an | 68 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-ao | 30 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-ap | 13 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-aq | 36 | ||||
-rw-r--r-- | x11/XFree86-libs/patches/patch-ar | 53 |
10 files changed, 434 insertions, 3 deletions
diff --git a/x11/XFree86-libs/Makefile b/x11/XFree86-libs/Makefile index 60c50973699..1bb4a218c8f 100644 --- a/x11/XFree86-libs/Makefile +++ b/x11/XFree86-libs/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.16 2004/07/31 02:28:15 xtraeme Exp $ +# $NetBSD: Makefile,v 1.17 2004/09/16 19:28:56 minskim Exp $ DISTNAME= ${DISTFILES} PKGNAME= XFree86-libs-${XF_VER} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_XFREE} DISTFILES= XFree86-${XF_VER}-src-1.tgz XFree86-${XF_VER}-src-2.tgz \ diff --git a/x11/XFree86-libs/distinfo b/x11/XFree86-libs/distinfo index b864e4c681e..f46f5016fea 100644 --- a/x11/XFree86-libs/distinfo +++ b/x11/XFree86-libs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.6 2004/07/21 22:21:49 xtraeme Exp $ +$NetBSD: distinfo,v 1.7 2004/09/16 19:28:56 minskim Exp $ SHA1 (XFree86-4.4.0-src-1.tgz) = 44b38a7044c82d0b2f785b0e6a935349abcb5d79 Size (XFree86-4.4.0-src-1.tgz) = 11760814 bytes @@ -18,3 +18,11 @@ SHA1 (patch-ag) = a06752ee9f55e64a407fac6fbde3547fd096c71d SHA1 (patch-ah) = 30618658577dd37b31191197cd2c156ff72e0d90 SHA1 (patch-ai) = 178d556fa11818420cd685308cf179ee5f6f7dac SHA1 (patch-aj) = 4545d9fd50c2a7b6f5a04da330784eaf9a5373ad +SHA1 (patch-ak) = 8df00ceb043f9a1d99b5bd270bd19198f0a23a51 +SHA1 (patch-al) = 4eb342844fe90e1269b6a0296c5ba52ab7be50b3 +SHA1 (patch-am) = 3a0cda8079164e1f17c5aa1b21c666941b462079 +SHA1 (patch-an) = e78b95ab07b532db41a3785344e89dc23e9e7e34 +SHA1 (patch-ao) = 12af967565c0c3ddb29464f7f726786c5d04c60b +SHA1 (patch-ap) = e2d533dd24e176e20fb1af7c8791e2670aad5c20 +SHA1 (patch-aq) = 398fbbeca94beb6e4a878941d1b825d0b734e11b +SHA1 (patch-ar) = c9ad52d94aedd94d7c0e0dc254d02cde5e33b637 diff --git a/x11/XFree86-libs/patches/patch-ak b/x11/XFree86-libs/patches/patch-ak new file mode 100644 index 00000000000..48a15aca833 --- /dev/null +++ b/x11/XFree86-libs/patches/patch-ak @@ -0,0 +1,13 @@ +$NetBSD: patch-ak,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/data.c.orig 2002-01-07 13:40:49.000000000 -0600 ++++ extras/Xpm/lib/data.c +@@ -375,7 +375,7 @@ xpmGetCmt(data, cmt) + { + if (!data->type) + *cmt = NULL; +- else if (data->CommentLength) { ++ else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) { + *cmt = (char *) XpmMalloc(data->CommentLength + 1); + strncpy(*cmt, data->Comment, data->CommentLength); + (*cmt)[data->CommentLength] = '\0'; diff --git a/x11/XFree86-libs/patches/patch-al b/x11/XFree86-libs/patches/patch-al new file mode 100644 index 00000000000..6145f9d1238 --- /dev/null +++ b/x11/XFree86-libs/patches/patch-al @@ -0,0 +1,31 @@ +$NetBSD: patch-al,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/hashtab.c.orig 1999-01-11 07:23:11.000000000 -0600 ++++ extras/Xpm/lib/hashtab.c +@@ -135,7 +135,7 @@ HashTableGrows(table) + xpmHashTable *table; + { + xpmHashAtom *atomTable = table->atomTable; +- int size = table->size; ++ unsigned int size = table->size; + xpmHashAtom *t, *p; + int i; + int oldSize = size; +@@ -144,6 +144,8 @@ HashTableGrows(table) + HASH_TABLE_GROWS + table->size = size; + table->limit = size / 3; ++ if (size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); +@@ -204,6 +206,8 @@ xpmHashTableInit(table) + table->size = INITIAL_HASH_SIZE; + table->limit = table->size / 3; + table->used = 0; ++ if (table->size >= SIZE_MAX / sizeof(*atomTable)) ++ return (XpmNoMemory); + atomTable = (xpmHashAtom *) XpmMalloc(table->size * sizeof(*atomTable)); + if (!atomTable) + return (XpmNoMemory); diff --git a/x11/XFree86-libs/patches/patch-am b/x11/XFree86-libs/patches/patch-am new file mode 100644 index 00000000000..9215c09d26c --- /dev/null +++ b/x11/XFree86-libs/patches/patch-am @@ -0,0 +1,179 @@ +$NetBSD: patch-am,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/parse.c.orig 2001-10-27 22:32:10.000000000 -0500 ++++ extras/Xpm/lib/parse.c +@@ -44,6 +44,24 @@ + #include <ctype.h> + #include <string.h> + ++#ifdef HAS_STRLCAT ++# define STRLCAT(dst, src, dstsize) { \ ++ if (strlcat(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlcpy(dst, src, dstsize) >= (dstsize)) \ ++ return (XpmFileInvalid); } ++#else ++# define STRLCAT(dst, src, dstsize) { \ ++ if ((strlen(dst) + strlen(src)) < (dstsize)) \ ++ strcat(dst, src); \ ++ else return (XpmFileInvalid); } ++# define STRLCPY(dst, src, dstsize) { \ ++ if (strlen(src) < (dstsize)) \ ++ strcpy(dst, src); \ ++ else return (XpmFileInvalid); } ++#endif ++ + LFUNC(ParsePixels, int, (xpmData *data, unsigned int width, + unsigned int height, unsigned int ncolors, + unsigned int cpp, XpmColor *colorTable, +@@ -66,7 +84,7 @@ xpmParseValues(data, width, height, ncol + unsigned int *extensions; + { + unsigned int l; +- char buf[BUFSIZ]; ++ char buf[BUFSIZ + 1]; + + if (!data->format) { /* XPM 2 or 3 */ + +@@ -175,10 +193,10 @@ xpmParseColors(data, ncolors, cpp, color + XpmColor **colorTablePtr; + xpmHashTable *hashtable; + { +- unsigned int key = 0, l, a, b; ++ unsigned int key = 0, l, a, b, len; + unsigned int curkey; /* current color key */ + unsigned int lastwaskey; /* key read */ +- char buf[BUFSIZ]; ++ char buf[BUFSIZ+1]; + char curbuf[BUFSIZ]; /* current buffer */ + char **sptr, *s; + XpmColor *color; +@@ -186,6 +204,8 @@ xpmParseColors(data, ncolors, cpp, color + char **defaults; + int ErrorStatus; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ return (XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); + if (!colorTable) + return (XpmNoMemory); +@@ -197,6 +217,10 @@ xpmParseColors(data, ncolors, cpp, color + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -234,13 +258,14 @@ xpmParseColors(data, ncolors, cpp, color + } + if (!lastwaskey && key < NKEYS) { /* open new key */ + if (curkey) { /* flush string */ +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } + defaults[curkey] = s; +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + curkey = key + 1; /* set new key */ + *curbuf = '\0'; /* reset curbuf */ +@@ -251,9 +276,9 @@ xpmParseColors(data, ncolors, cpp, color + return (XpmFileInvalid); + } + if (!lastwaskey) +- strcat(curbuf, " "); /* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf)); /* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf);/* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf));/* append buf */ + lastwaskey = 0; + } + } +@@ -261,12 +286,13 @@ xpmParseColors(data, ncolors, cpp, color + xpmFreeColorTable(colorTable, ncolors); + return (XpmFileInvalid); + } +- s = defaults[curkey] = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = defaults[curkey] = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + } + } else { /* XPM 1 */ + /* get to the beginning of the first string */ +@@ -279,6 +305,10 @@ xpmParseColors(data, ncolors, cpp, color + /* + * read pixel value + */ ++ if (cpp >= SIZE_MAX - 1) { ++ xpmFreeColorTable(colorTable, ncolors); ++ return (XpmNoMemory); ++ } + color->string = (char *) XpmMalloc(cpp + 1); + if (!color->string) { + xpmFreeColorTable(colorTable, ncolors); +@@ -307,16 +337,17 @@ xpmParseColors(data, ncolors, cpp, color + *curbuf = '\0'; /* init curbuf */ + while ((l = xpmNextWord(data, buf, BUFSIZ))) { + if (*curbuf != '\0') +- strcat(curbuf, " ");/* append space */ ++ STRLCAT(curbuf, " ", sizeof(curbuf));/* append space */ + buf[l] = '\0'; +- strcat(curbuf, buf); /* append buf */ ++ STRLCAT(curbuf, buf, sizeof(curbuf)); /* append buf */ + } +- s = (char *) XpmMalloc(strlen(curbuf) + 1); ++ len = strlen(curbuf) + 1; ++ s = (char *) XpmMalloc(len); + if (!s) { + xpmFreeColorTable(colorTable, ncolors); + return (XpmNoMemory); + } +- strcpy(s, curbuf); ++ memcpy(s, curbuf, len); + color->c_color = s; + *curbuf = '\0'; /* reset curbuf */ + if (a < ncolors - 1) +@@ -341,6 +372,9 @@ ParsePixels(data, width, height, ncolors + unsigned int *iptr, *iptr2; + unsigned int a, x, y; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ return XpmNoMemory; + #ifndef FOR_MSW + iptr2 = (unsigned int *) XpmMalloc(sizeof(unsigned int) * width * height); + #else +@@ -364,6 +398,9 @@ ParsePixels(data, width, height, ncolors + { + unsigned short colidx[256]; + ++ if (ncolors > 256) ++ return (XpmFileInvalid); ++ + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) + colidx[(unsigned char)colorTable[a].string[0]] = a + 1; +@@ -442,6 +479,9 @@ if (cidx[f]) XpmFree(cidx[f]);} + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; diff --git a/x11/XFree86-libs/patches/patch-an b/x11/XFree86-libs/patches/patch-an new file mode 100644 index 00000000000..a3c6fd1e4bf --- /dev/null +++ b/x11/XFree86-libs/patches/patch-an @@ -0,0 +1,68 @@ +$NetBSD: patch-an,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/scan.c.orig 2002-01-07 13:40:49.000000000 -0600 ++++ extras/Xpm/lib/scan.c +@@ -107,7 +107,8 @@ LFUNC(MSWGetImagePixels, int, (Display * + LFUNC(ScanTransparentColor, int, (XpmColor *color, unsigned int cpp, + XpmAttributes *attributes)); + +-LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, int ncolors, ++LFUNC(ScanOtherColors, int, (Display *display, XpmColor *colors, ++ unsigned int ncolors, + Pixel *pixels, unsigned int mask, + unsigned int cpp, XpmAttributes *attributes)); + +@@ -232,11 +233,17 @@ XpmCreateXpmImageFromImage(display, imag + else + cpp = 0; + ++ if ((height > 0 && width >= SIZE_MAX / height) || ++ width * height >= SIZE_MAX / sizeof(unsigned int)) ++ RETURN(XpmNoMemory); + pmap.pixelindex = + (unsigned int *) XpmCalloc(width * height, sizeof(unsigned int)); + if (!pmap.pixelindex) + RETURN(XpmNoMemory); + ++ if (pmap.size >= SIZE_MAX / sizeof(Pixel)) ++ RETURN(XpmNoMemory); ++ + pmap.pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * pmap.size); + if (!pmap.pixels) + RETURN(XpmNoMemory); +@@ -302,6 +309,8 @@ XpmCreateXpmImageFromImage(display, imag + * color + */ + ++ if (pmap.ncolors >= SIZE_MAX / sizeof(XpmColor)) ++ RETURN(XpmNoMemory); + colorTable = (XpmColor *) XpmCalloc(pmap.ncolors, sizeof(XpmColor)); + if (!colorTable) + RETURN(XpmNoMemory); +@@ -360,6 +369,8 @@ ScanTransparentColor(color, cpp, attribu + + /* first get a character string */ + a = 0; ++ if (cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + if (!(s = color->string = (char *) XpmMalloc(cpp + 1))) + return (XpmNoMemory); + *s++ = printable[c = a % MAXPRINTABLE]; +@@ -407,7 +418,7 @@ static int + ScanOtherColors(display, colors, ncolors, pixels, mask, cpp, attributes) + Display *display; + XpmColor *colors; +- int ncolors; ++ unsigned int ncolors; + Pixel *pixels; + unsigned int mask; + unsigned int cpp; +@@ -451,6 +462,8 @@ ScanOtherColors(display, colors, ncolors + } + + /* first get character strings and rgb values */ ++ if (ncolors >= SIZE_MAX / sizeof(XColor) || cpp >= SIZE_MAX - 1) ++ return (XpmNoMemory); + xcolors = (XColor *) XpmMalloc(sizeof(XColor) * ncolors); + if (!xcolors) + return (XpmNoMemory); diff --git a/x11/XFree86-libs/patches/patch-ao b/x11/XFree86-libs/patches/patch-ao new file mode 100644 index 00000000000..2a6e740dcaa --- /dev/null +++ b/x11/XFree86-libs/patches/patch-ao @@ -0,0 +1,30 @@ +$NetBSD: patch-ao,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/Attrib.c.orig 1999-01-11 07:23:09.000000000 -0600 ++++ extras/Xpm/lib/Attrib.c +@@ -35,7 +35,7 @@ + #include "XpmI.h" + + /* 3.2 backward compatibility code */ +-LFUNC(CreateOldColorTable, int, (XpmColor *ct, int ncolors, ++LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors, + XpmColor ***oldct)); + + LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors)); +@@ -46,12 +46,15 @@ LFUNC(FreeOldColorTable, void, (XpmColor + static int + CreateOldColorTable(ct, ncolors, oldct) + XpmColor *ct; +- int ncolors; ++ unsigned int ncolors; + XpmColor ***oldct; + { + XpmColor **colorTable, **color; + int a; + ++ if (ncolors >= SIZE_MAX / sizeof(XpmColor *)) ++ return XpmNoMemory; ++ + colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *)); + if (!colorTable) { + *oldct = NULL; diff --git a/x11/XFree86-libs/patches/patch-ap b/x11/XFree86-libs/patches/patch-ap new file mode 100644 index 00000000000..d8391259806 --- /dev/null +++ b/x11/XFree86-libs/patches/patch-ap @@ -0,0 +1,13 @@ +$NetBSD: patch-ap,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/CrDatFrI.c.orig 2001-10-27 22:32:09.000000000 -0500 ++++ extras/Xpm/lib/CrDatFrI.c +@@ -124,6 +124,8 @@ XpmCreateDataFromXpmImage(data_return, i + */ + header_nlines = 1 + image->ncolors; + header_size = sizeof(char *) * header_nlines; ++ if (header_size >= SIZE_MAX / sizeof(char *)) ++ return (XpmNoMemory); + header = (char **) XpmCalloc(header_size, sizeof(char *)); + if (!header) + return (XpmNoMemory); diff --git a/x11/XFree86-libs/patches/patch-aq b/x11/XFree86-libs/patches/patch-aq new file mode 100644 index 00000000000..436da06043a --- /dev/null +++ b/x11/XFree86-libs/patches/patch-aq @@ -0,0 +1,36 @@ +$NetBSD: patch-aq,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/XpmI.h.orig 2003-08-06 09:03:58.000000000 -0500 ++++ extras/Xpm/lib/XpmI.h +@@ -86,6 +86,18 @@ extern FILE *popen(); + boundCheckingCalloc((long)(nelem),(long) (elsize)) + #endif + ++#if defined(SCO) || defined(__USLC__) ++#include <stdint.h> /* For SIZE_MAX */ ++#endif ++#include <limits.h> ++#ifndef SIZE_MAX ++# ifdef ULONG_MAX ++# define SIZE_MAX ULONG_MAX ++# else ++# define SIZE_MAX UINT_MAX ++# endif ++#endif ++ + #define XPMMAXCMTLEN BUFSIZ + typedef struct { + unsigned int type; +@@ -187,9 +199,9 @@ typedef struct _xpmHashAtom { + } *xpmHashAtom; + + typedef struct { +- int size; +- int limit; +- int used; ++ unsigned int size; ++ unsigned int limit; ++ unsigned int used; + xpmHashAtom *atomTable; + } xpmHashTable; + diff --git a/x11/XFree86-libs/patches/patch-ar b/x11/XFree86-libs/patches/patch-ar new file mode 100644 index 00000000000..1e0b84c3886 --- /dev/null +++ b/x11/XFree86-libs/patches/patch-ar @@ -0,0 +1,53 @@ +$NetBSD: patch-ar,v 1.3 2004/09/16 19:28:56 minskim Exp $ + +--- extras/Xpm/lib/create.c.orig 2003-10-07 16:25:37.000000000 -0500 ++++ extras/Xpm/lib/create.c +@@ -816,6 +816,9 @@ XpmCreateImageFromXpmImage(display, imag + + ErrorStatus = XpmSuccess; + ++ if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return (XpmNoMemory); ++ + /* malloc pixels index tables */ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors); + if (!image_pixels) +@@ -988,6 +991,8 @@ CreateXImage(display, visual, depth, for + return (XpmNoMemory); + + #if !defined(FOR_MSW) && !defined(AMIGA) ++ if (height != 0 && (*image_return)->bytes_per_line >= SIZE_MAX / height) ++ return XpmNoMemory; + /* now that bytes_per_line must have been set properly alloc data */ + (*image_return)->data = + (char *) XpmMalloc((*image_return)->bytes_per_line * height); +@@ -2055,6 +2060,9 @@ xpmParseDataAndCreate(display, data, ima + xpmGetCmt(data, &colors_cmt); + + /* malloc pixels index tables */ ++ if (ncolors >= SIZE_MAX / sizeof(Pixel)) ++ return XpmNoMemory; ++ + image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * ncolors); + if (!image_pixels) + RETURN(XpmNoMemory); +@@ -2309,7 +2317,8 @@ ParseAndPutPixels( + } + obm = SelectObject(*dc, image->bitmap); + #endif +- ++ if (ncolors > 256) ++ return (XpmFileInvalid); + + bzero((char *)colidx, 256 * sizeof(short)); + for (a = 0; a < ncolors; a++) +@@ -2415,6 +2424,9 @@ if (cidx[f]) XpmFree(cidx[f]);} + char *s; + char buf[BUFSIZ]; + ++ if (cpp >= sizeof(buf)) ++ return (XpmFileInvalid); ++ + buf[cpp] = '\0'; + if (USE_HASHTABLE) { + xpmHashAtom *slot; |