CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/freetype2/src/lzw
Module Name:xsrc Committed By: riz Date: Mon Aug 22 17:54:23 UTC 2011 Modified Files: xsrc/xfree/xc/extras/freetype2/src/lzw [netbsd-4-0]: zopen.c Log Message: Pull up following revision(s) (requested by joerg in ticket #1433): Additional pullup to fix build on some architectures xfree/xc/extras/freetype2/src/lzw/zopen.c: revision 1.3 Don't assign errno here. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1.8.1 -r1.1.1.1.8.2 \ xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c diff -u xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.1 xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.2 --- xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.1 Fri Aug 19 22:30:27 2011 +++ xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c Mon Aug 22 17:54:23 2011 @@ -1,5 +1,5 @@ /* $XFree86: xc/extras/freetype2/src/lzw/zopen.c,v 1.2 2004/12/16 22:15:48 tsi Exp $ */ -/* $NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $ */ +/* $NetBSD: zopen.c,v 1.1.1.1.8.2 2011/08/22 17:54:23 riz Exp $ */ /*- * Copyright (c) 1985, 1986, 1992, 1993 @@ -47,7 +47,7 @@ #if 0 static char sccsid[] = @(#)zopen.c 8.1 (Berkeley) 6/27/93; #else -static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $; +static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1.8.2 2011/08/22 17:54:23 riz Exp $; #endif #endif /* LIBC_SCCS and not lint */ @@ -242,7 +242,6 @@ if (code = free_ent) { if (code free_ent || oldcode == -1) { /* Bad stream. */ -errno = EINVAL; return (-1); } *stackp++ = finchar;
CVS commit: [netbsd-4-0] xsrc/xfree/xc
Module Name:xsrc Committed By: riz Date: Fri Aug 19 22:30:28 UTC 2011 Modified Files: xsrc/xfree/xc/extras/freetype2/src/lzw [netbsd-4-0]: zopen.c xsrc/xfree/xc/lib/font/fontfile [netbsd-4-0]: decompress.c Log Message: Pull up following revision(s) (requested by joerg in ticket #1433): usr.bin/compress/zopen.c: revision 1.14-1.15 xfree/xc/lib/font/fontfile/decompress.c: revision 1.2 xfree/xc/extras/freetype2/src/lzw/zopen.c: revision 1.2 usr.bin/gzip/zuncompress.c: revision 1.9-1.11 Fix CVS-2011-2895, buffer overflow in decompress provisional fix for CVS-2011-2895, buffer overflow when uncompressing provisional fix for CVE-2011-2895, buffer overflow in decompression set errno on overflow return. Do proper input validation without penalizing performance. Do proper input validation. Allow decompressing all input streams. Increase robustness of LZW decoding to avoid buffer overflow on arbitrary manipulated input streams in combination with uninitalised memory. Increase strictness of LZW parser. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \ xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.20.1 \ xsrc/xfree/xc/lib/font/fontfile/decompress.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c diff -u xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1 xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.1 --- xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1 Fri Mar 18 13:07:34 2005 +++ xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c Fri Aug 19 22:30:27 2011 @@ -1,5 +1,5 @@ /* $XFree86: xc/extras/freetype2/src/lzw/zopen.c,v 1.2 2004/12/16 22:15:48 tsi Exp $ */ -/* $NetBSD: zopen.c,v 1.1.1.1 2005/03/18 13:07:34 tron Exp $ */ +/* $NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $ */ /*- * Copyright (c) 1985, 1986, 1992, 1993 @@ -47,7 +47,7 @@ #if 0 static char sccsid[] = @(#)zopen.c 8.1 (Berkeley) 6/27/93; #else -static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1 2005/03/18 13:07:34 tron Exp $; +static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $; #endif #endif /* LIBC_SCCS and not lint */ @@ -214,7 +214,7 @@ block_compress = maxbits BLOCK_MASK; maxbits = BIT_MASK; maxmaxcode = 1L maxbits; - if (maxbits BITS) { + if (maxbits BITS || maxbits 12) { return -1; } /* As above, initialize the first 256 entries in the table. */ @@ -224,15 +224,7 @@ tab_suffixof(code) = (char_type) code; } free_ent = block_compress ? FIRST : 256; - - finchar = oldcode = getcode(zs); - if (oldcode == -1) /* EOF already? */ - return 0; /* Get out of here */ - - /* First code must be 8 bits = char. */ - *(zs-next_out)++ = (unsigned char)finchar; - zs-total_out++; - count--; + oldcode = -1; stackp = de_stack; while ((code = getcode(zs)) -1) { @@ -240,15 +232,19 @@ for (code = 255; code = 0; code--) tab_prefixof(code) = 0; clear_flg = 1; - free_ent = FIRST - 1; - if ((code = getcode(zs)) == -1) -/* O, untimely death! */ -break; + free_ent = FIRST ; + oldcode = -1; + continue; } incode = code; /* Special case for KwKwK string. */ if (code = free_ent) { + if (code free_ent || oldcode == -1) { +/* Bad stream. */ +errno = EINVAL; +return (-1); + } *stackp++ = finchar; code = oldcode; } @@ -274,7 +270,7 @@ } while (stackp de_stack); /* Generate the new entry. */ - if ((code = free_ent) maxmaxcode) { + if ((code = free_ent) maxmaxcode oldcode != -1) { tab_prefixof(code) = (unsigned short) oldcode; tab_suffixof(code) = finchar; free_ent = code + 1; Index: xsrc/xfree/xc/lib/font/fontfile/decompress.c diff -u xsrc/xfree/xc/lib/font/fontfile/decompress.c:1.1.1.4 xsrc/xfree/xc/lib/font/fontfile/decompress.c:1.1.1.4.20.1 --- xsrc/xfree/xc/lib/font/fontfile/decompress.c:1.1.1.4 Sat Jan 19 14:58:56 2002 +++ xsrc/xfree/xc/lib/font/fontfile/decompress.c Fri Aug 19 22:30:27 2011 @@ -96,7 +96,7 @@ #define FIRST 257 /* first free entry */ #define CLEAR 256 /* table clear output code */ -#define STACK_SIZE 8192 +#define STACK_SIZE 65300 typedef struct _compressedFILE { BufFilePtr file; @@ -177,14 +177,12 @@ file-tab_suffix[code] = (char_type) code; } file-free_ent = ((file-block_compress) ? FIRST : 256 ); +file-oldcode = -1; file-clear_flg = 0; file-offset = 0; file-size = 0; file-stackp = file-de_stack; bzero(file-buf, BITS); -file-finchar = file-oldcode = getcode (file); -if (file-oldcode != -1) - *file-stackp++ = file-finchar; return BufFileCreate ((char *) file, BufCompressedFill, 0, @@ -229,9 +227,6 @@ if (buf == bufend) break; - if (oldcode == -1) - break; - code = getcode (file); if (code == -1)
CVS commit: [netbsd-4-0] xsrc/xfree/xc/programs/xrdb
Module Name:xsrc Committed By: snj Date: Thu Apr 7 06:34:29 UTC 2011 Modified Files: xsrc/xfree/xc/programs/xrdb [netbsd-4-0]: xrdb.c Log Message: Apply patch (requested by mrg in ticket #1426): Fix CVE-2011-0465 To generate a diff of this commit: cvs rdiff -u -r1.1.1.6 -r1.1.1.6.18.1 xsrc/xfree/xc/programs/xrdb/xrdb.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/xfree/xc/programs/xrdb/xrdb.c diff -u xsrc/xfree/xc/programs/xrdb/xrdb.c:1.1.1.6 xsrc/xfree/xc/programs/xrdb/xrdb.c:1.1.1.6.18.1 --- xsrc/xfree/xc/programs/xrdb/xrdb.c:1.1.1.6 Fri Mar 5 14:27:27 2004 +++ xsrc/xfree/xc/programs/xrdb/xrdb.c Thu Apr 7 06:34:28 2011 @@ -135,6 +135,8 @@ static void fatal(char *, ...); static void addstring ( String *arg, const char *s ); +static void addescapedstring ( String *arg, const char *s ); +static void addtokstring ( String *arg, const char *s ); static void FormatEntries ( Buffer *buffer, Entries *entries ); static void StoreProperty ( Display *dpy, Window root, Atom res_prop ); static void Process ( int scrno, Bool doScreen, Bool execute ); @@ -398,14 +400,20 @@ addstring(buff, -D); } else addstring(buff, -D); -addstring(buff, title); +addtokstring(buff, title); if (value (value[0] != '\0')) { addstring(buff, =); - addstring(buff, value); + addescapedstring(buff, value); } } static void +AddSimpleDef(String *buff, char *title) +{ +AddDef(buff, title, (char *)NULL); +} + +static void AddDefQ(String *buff, char *title, char *value) { #ifdef PATHETICCPP @@ -414,8 +422,9 @@ else #endif if (value (value[0] != '\0')) { - AddDef(buff, title, \); - addstring(buff, value); + AddSimpleDef(buff, title); + addstring(buff, =\); + addescapedstring(buff, value); addstring(buff, \); } else AddDef(buff, title, NULL); @@ -430,25 +439,29 @@ } static void -AddSimpleDef(String *buff, char *title) +AddDefTok(String *buff, char *prefix, char *title) { -AddDef(buff, title, (char *)NULL); +char name[512]; + +snprintf(name, sizeof(name), %s%s, prefix, title); +AddSimpleDef(buff, name); } static void -AddDefTok(String *buff, char *prefix, char *title) +AddDefHostname(String *buff, char *title, char *value) { char *s; char name[512]; char c; -strcpy(name, prefix); -strcat(name, title); +strncpy (name, value, sizeof(name)-1); +name[sizeof(name)-1] = '\0'; for (s = name; (c = *s); s++) { if (!isalpha(c) !isdigit(c) c != '_') + if (!isalpha(c) !isdigit(c) c != '_' c != '.' c != ':' c != '-') *s = '_'; } -AddSimpleDef(buff, name); +AddDef(buff, title, name); } static void @@ -468,7 +481,7 @@ addstring(buff, -U); } else addstring(buff, -U); -addstring(buff, title); +addtokstring(buff, title); } static void @@ -528,11 +541,11 @@ } if (!*server || !strcmp(server, unix) || !strcmp(server, localhost)) strcpy(server, client); -AddDef(defs, HOST, server); /* R3 compatibility */ -AddDef(defs, SERVERHOST, server); +AddDefHostname(defs, HOST, server); /* R3 compatibility */ +AddDefHostname(defs, SERVERHOST, server); AddDefTok(defs, SRVR_, server); AddNum(defs, DISPLAY_NUM, n); -AddDef(defs, CLIENTHOST, client); +AddDefHostname(defs, CLIENTHOST, client); AddDefTok(defs, CLNT_, client); AddNum(defs, VERSION, ProtocolVersion(display)); AddNum(defs, REVISION, ProtocolRevision(display)); @@ -574,7 +587,7 @@ AddNum(defs, Y_RESOLUTION, Resolution(screen-height,screen-mheight)); AddNum(defs, PLANES, DisplayPlanes(display, scrno)); AddNum(defs, BITS_PER_RGB, visual-bits_per_rgb); -AddDef(defs, CLASS, ClassNames[visual-class]); +AddDefQ(defs, CLASS, ClassNames[visual-class]); sprintf(name, CLASS_%s, ClassNames[visual-class]); AddNum(defs, name, (int)visual-visualid); switch(visual-class) { @@ -767,6 +780,40 @@ arg-used += strlen(s); } +static void +addescapedstring(String *arg, const char *s) +{ +char copy[512], *c; + +for (c = copy; *s c copy[sizeof(copy)-1]; s++) { + switch (*s) { + case '': case '\'': case '`': + case '$': case '\\': + *c++ = '_'; + break; + default: + *c++ = *s; + } +} +*c = 0; +addstring (arg, copy); +} + +static void +addtokstring(String *arg, const char *s) +{ +char copy[512], *c; + +for (c = copy; *s c copy[sizeof(copy)-1]; s++) { + if (!isalpha(*s) !isdigit(*s) *s != '_') + *c++ = '_'; + else + *c++ = *s; +} +*c = 0; +addstring (arg, copy); +} + int main(int argc, char *argv[]) @@ -862,7 +909,7 @@ continue; } else if (arg[1] == 'I') { addstring(includes, ); - addstring(includes, arg); + addescapedstring(includes, arg); continue; } else if (arg[1] == 'U' || arg[1] == 'D') { if (num_cmd_defines
CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/expat/lib
Module Name:xsrc Committed By: bouyer Date: Wed Jan 27 20:56:51 UTC 2010 Modified Files: xsrc/xfree/xc/extras/expat/lib [netbsd-4-0]: xmlparse.c Log Message: Pull up following revision(s) (requested by tron in ticket #1383): xsrc/xfree/xc/extras/expat/lib/xmlparse.c: revision 1.2 Add patch from upstream CVS to fix CVE-2009-3560 (possible DOS due to crash on bad input). To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.18.1 \ xsrc/xfree/xc/extras/expat/lib/xmlparse.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/xfree/xc/extras/expat/lib/xmlparse.c diff -u xsrc/xfree/xc/extras/expat/lib/xmlparse.c:1.1.1.2 xsrc/xfree/xc/extras/expat/lib/xmlparse.c:1.1.1.2.18.1 --- xsrc/xfree/xc/extras/expat/lib/xmlparse.c:1.1.1.2 Fri Mar 5 14:26:08 2004 +++ xsrc/xfree/xc/extras/expat/lib/xmlparse.c Wed Jan 27 20:56:51 2010 @@ -3253,6 +3253,9 @@ return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; + case -XML_TOK_PROLOG_S: + tok = -tok; + break; case XML_TOK_NONE: #ifdef XML_DTD if (enc != encoding)
CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/expat/lib
Module Name:xsrc Committed By: bouyer Date: Fri Sep 11 23:03:49 UTC 2009 Modified Files: xsrc/xfree/xc/extras/expat/lib [netbsd-4-0]: xmltok_impl.c Log Message: Pull up following revision(s) (requested by snj in ticket #1359): xfree/xc/extras/expat/lib/xmltok_impl.c: revision 1.2 Apply revisions 1.14 and 1.15 from expat CVS to fix SA36425. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.1.1.2.18.1 \ xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c diff -u xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c:1.1.1.2 xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c:1.1.1.2.18.1 --- xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c:1.1.1.2 Fri Mar 5 14:26:09 2004 +++ xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c Fri Sep 11 23:03:49 2009 @@ -1741,7 +1741,7 @@ const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \