subject:"CVS commit\: \[netbsd\-4\-0\] xsrc\/xfree\/xc"

CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/freetype2/src/lzw

2011-08-22 Thread Jeff Rizzo

Module Name:xsrc
Committed By:   riz
Date:   Mon Aug 22 17:54:23 UTC 2011

Modified Files:
xsrc/xfree/xc/extras/freetype2/src/lzw [netbsd-4-0]: zopen.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1433):
Additional pullup to fix build on some architectures
xfree/xc/extras/freetype2/src/lzw/zopen.c: revision 1.3
Don't assign errno here.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1.8.1 -r1.1.1.1.8.2 \
xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c
diff -u xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.1 xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.2
--- xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.1	Fri Aug 19 22:30:27 2011
+++ xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c	Mon Aug 22 17:54:23 2011
@@ -1,5 +1,5 @@
 /* $XFree86: xc/extras/freetype2/src/lzw/zopen.c,v 1.2 2004/12/16 22:15:48 tsi Exp $ */
-/*	$NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $	*/
+/*	$NetBSD: zopen.c,v 1.1.1.1.8.2 2011/08/22 17:54:23 riz Exp $	*/
 
 /*-
  * Copyright (c) 1985, 1986, 1992, 1993
@@ -47,7 +47,7 @@
 #if 0
 static char sccsid[] = @(#)zopen.c	8.1 (Berkeley) 6/27/93;
 #else
-static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $;
+static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1.8.2 2011/08/22 17:54:23 riz Exp $;
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -242,7 +242,6 @@
 		if (code = free_ent) {
 			if (code  free_ent || oldcode == -1) {
 /* Bad stream. */
-errno = EINVAL;
 return (-1);
 			}
 			*stackp++ = finchar;

CVS commit: [netbsd-4-0] xsrc/xfree/xc

2011-08-19 Thread Jeff Rizzo

Module Name:xsrc
Committed By:   riz
Date:   Fri Aug 19 22:30:28 UTC 2011

Modified Files:
xsrc/xfree/xc/extras/freetype2/src/lzw [netbsd-4-0]: zopen.c
xsrc/xfree/xc/lib/font/fontfile [netbsd-4-0]: decompress.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1433):
usr.bin/compress/zopen.c: revision 1.14-1.15
xfree/xc/lib/font/fontfile/decompress.c: revision 1.2
xfree/xc/extras/freetype2/src/lzw/zopen.c: revision 1.2
usr.bin/gzip/zuncompress.c: revision 1.9-1.11

Fix CVS-2011-2895, buffer overflow in decompress
provisional fix for CVS-2011-2895, buffer overflow when uncompressing
provisional fix for CVE-2011-2895, buffer overflow in decompression
set errno on overflow return.
Do proper input validation without penalizing performance.
Do proper input validation. Allow decompressing all input streams.
Increase robustness of LZW decoding to avoid buffer overflow on
arbitrary manipulated input streams in combination with uninitalised
memory.
Increase strictness of LZW parser.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \
xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.20.1 \
xsrc/xfree/xc/lib/font/fontfile/decompress.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c
diff -u xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1 xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1.8.1
--- xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c:1.1.1.1	Fri Mar 18 13:07:34 2005
+++ xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c	Fri Aug 19 22:30:27 2011
@@ -1,5 +1,5 @@
 /* $XFree86: xc/extras/freetype2/src/lzw/zopen.c,v 1.2 2004/12/16 22:15:48 tsi Exp $ */
-/*	$NetBSD: zopen.c,v 1.1.1.1 2005/03/18 13:07:34 tron Exp $	*/
+/*	$NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $	*/
 
 /*-
  * Copyright (c) 1985, 1986, 1992, 1993
@@ -47,7 +47,7 @@
 #if 0
 static char sccsid[] = @(#)zopen.c	8.1 (Berkeley) 6/27/93;
 #else
-static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1 2005/03/18 13:07:34 tron Exp $;
+static char rcsid[] = $NetBSD: zopen.c,v 1.1.1.1.8.1 2011/08/19 22:30:27 riz Exp $;
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -214,7 +214,7 @@
 	block_compress = maxbits  BLOCK_MASK;
 	maxbits = BIT_MASK;
 	maxmaxcode = 1L  maxbits;
-	if (maxbits  BITS) {
+	if (maxbits  BITS || maxbits  12) {
 		return -1;
 	}
 	/* As above, initialize the first 256 entries in the table. */
@@ -224,15 +224,7 @@
 		tab_suffixof(code) = (char_type) code;
 	}
 	free_ent = block_compress ? FIRST : 256;
-
-	finchar = oldcode = getcode(zs);
-	if (oldcode == -1)		/* EOF already? */
-		return 0;		/* Get out of here */
-
-	/* First code must be 8 bits = char. */
-	*(zs-next_out)++ = (unsigned char)finchar;
-	zs-total_out++;
-	count--;
+	oldcode = -1;
 	stackp = de_stack;
 
 	while ((code = getcode(zs))  -1) {
@@ -240,15 +232,19 @@
 			for (code = 255; code = 0; code--)
 tab_prefixof(code) = 0;
 			clear_flg = 1;
-			free_ent = FIRST - 1;
-			if ((code = getcode(zs)) == -1)
-/* O, untimely death! */
-break;
+			free_ent = FIRST ;
+			oldcode = -1;
+			continue;
 		}
 		incode = code;
 
 		/* Special case for KwKwK string. */
 		if (code = free_ent) {
+			if (code  free_ent || oldcode == -1) {
+/* Bad stream. */
+errno = EINVAL;
+return (-1);
+			}
 			*stackp++ = finchar;
 			code = oldcode;
 		}
@@ -274,7 +270,7 @@
 		} while (stackp  de_stack);
 
 		/* Generate the new entry. */
-		if ((code = free_ent)  maxmaxcode) {
+		if ((code = free_ent)  maxmaxcode  oldcode != -1) {
 			tab_prefixof(code) = (unsigned short) oldcode;
 			tab_suffixof(code) = finchar;
 			free_ent = code + 1;

Index: xsrc/xfree/xc/lib/font/fontfile/decompress.c
diff -u xsrc/xfree/xc/lib/font/fontfile/decompress.c:1.1.1.4 xsrc/xfree/xc/lib/font/fontfile/decompress.c:1.1.1.4.20.1
--- xsrc/xfree/xc/lib/font/fontfile/decompress.c:1.1.1.4	Sat Jan 19 14:58:56 2002
+++ xsrc/xfree/xc/lib/font/fontfile/decompress.c	Fri Aug 19 22:30:27 2011
@@ -96,7 +96,7 @@
 #define FIRST	257	/* first free entry */
 #define	CLEAR	256	/* table clear output code */
 
-#define STACK_SIZE  8192
+#define STACK_SIZE  65300
 
 typedef struct _compressedFILE {
 BufFilePtr	file;
@@ -177,14 +177,12 @@
 	file-tab_suffix[code] = (char_type) code;
 }
 file-free_ent = ((file-block_compress) ? FIRST : 256 );
+file-oldcode = -1;
 file-clear_flg = 0;
 file-offset = 0;
 file-size = 0;
 file-stackp = file-de_stack;
 bzero(file-buf, BITS);
-file-finchar = file-oldcode = getcode (file);
-if (file-oldcode != -1)
-	*file-stackp++ = file-finchar;
 return BufFileCreate ((char *) file,
 			  BufCompressedFill,
 			  0,
@@ -229,9 +227,6 @@
 	if (buf == bufend)
 	break;
 
-	if (oldcode == -1)
-	break;
-
 	code = getcode (file);
 	if (code == -1)

CVS commit: [netbsd-4-0] xsrc/xfree/xc/programs/xrdb

2011-04-07 Thread Soren Jacobsen

Module Name:xsrc
Committed By:   snj
Date:   Thu Apr  7 06:34:29 UTC 2011

Modified Files:
xsrc/xfree/xc/programs/xrdb [netbsd-4-0]: xrdb.c

Log Message:
Apply patch (requested by mrg in ticket #1426):
Fix CVE-2011-0465


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.18.1 xsrc/xfree/xc/programs/xrdb/xrdb.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/xfree/xc/programs/xrdb/xrdb.c
diff -u xsrc/xfree/xc/programs/xrdb/xrdb.c:1.1.1.6 xsrc/xfree/xc/programs/xrdb/xrdb.c:1.1.1.6.18.1
--- xsrc/xfree/xc/programs/xrdb/xrdb.c:1.1.1.6	Fri Mar  5 14:27:27 2004
+++ xsrc/xfree/xc/programs/xrdb/xrdb.c	Thu Apr  7 06:34:28 2011
@@ -135,6 +135,8 @@
 
 static void fatal(char *, ...);
 static void addstring ( String *arg, const char *s );
+static void addescapedstring ( String *arg, const char *s );
+static void addtokstring ( String *arg, const char *s );
 static void FormatEntries ( Buffer *buffer, Entries *entries );
 static void StoreProperty ( Display *dpy, Window root, Atom res_prop );
 static void Process ( int scrno, Bool doScreen, Bool execute );
@@ -398,14 +400,20 @@
 	addstring(buff,  -D);
 } else
 	addstring(buff, -D);
-addstring(buff, title);
+addtokstring(buff, title);
 if (value  (value[0] != '\0')) {
 	addstring(buff, =);
-	addstring(buff, value);
+	addescapedstring(buff, value);
 }
 }
 
 static void
+AddSimpleDef(String *buff, char *title)
+{
+AddDef(buff, title, (char *)NULL);
+}
+
+static void
 AddDefQ(String *buff, char *title, char *value)
 {
 #ifdef PATHETICCPP
@@ -414,8 +422,9 @@
 else
 #endif
 if (value  (value[0] != '\0')) {
-	AddDef(buff, title, \);
-	addstring(buff, value);
+	AddSimpleDef(buff, title);
+	addstring(buff, =\);
+	addescapedstring(buff, value);
 	addstring(buff, \);
 } else
 	AddDef(buff, title, NULL);
@@ -430,25 +439,29 @@
 }
 
 static void
-AddSimpleDef(String *buff, char *title)
+AddDefTok(String *buff, char *prefix, char *title)
 {
-AddDef(buff, title, (char *)NULL);
+char name[512];
+
+snprintf(name, sizeof(name), %s%s, prefix, title);
+AddSimpleDef(buff, name);
 }
 
 static void
-AddDefTok(String *buff, char *prefix, char *title)
+AddDefHostname(String *buff, char *title, char *value)
 {
 char *s;
 char name[512];
 char c;
 
-strcpy(name, prefix);
-strcat(name, title);
+strncpy (name, value, sizeof(name)-1);
+name[sizeof(name)-1] = '\0';
 for (s = name; (c = *s); s++) {
 	if (!isalpha(c)  !isdigit(c)  c != '_')
+	if (!isalpha(c)  !isdigit(c)  c != '_'  c != '.'  c != ':'  c != '-')
 	*s = '_';
 }
-AddSimpleDef(buff, name);
+AddDef(buff, title, name);
 }
 
 static void
@@ -468,7 +481,7 @@
 	addstring(buff,  -U);
 } else
 	addstring(buff, -U);
-addstring(buff, title);
+addtokstring(buff, title);
 }
 
 static void 
@@ -528,11 +541,11 @@
 }
 if (!*server || !strcmp(server, unix) || !strcmp(server, localhost))
 	strcpy(server, client);
-AddDef(defs, HOST, server); /* R3 compatibility */
-AddDef(defs, SERVERHOST, server);
+AddDefHostname(defs, HOST, server); /* R3 compatibility */
+AddDefHostname(defs, SERVERHOST, server);
 AddDefTok(defs, SRVR_, server);
 AddNum(defs, DISPLAY_NUM, n);
-AddDef(defs, CLIENTHOST, client);
+AddDefHostname(defs, CLIENTHOST, client);
 AddDefTok(defs, CLNT_, client);
 AddNum(defs, VERSION, ProtocolVersion(display));
 AddNum(defs, REVISION, ProtocolRevision(display));
@@ -574,7 +587,7 @@
 AddNum(defs, Y_RESOLUTION, Resolution(screen-height,screen-mheight));
 AddNum(defs, PLANES, DisplayPlanes(display, scrno));
 AddNum(defs, BITS_PER_RGB, visual-bits_per_rgb);
-AddDef(defs, CLASS, ClassNames[visual-class]);
+AddDefQ(defs, CLASS, ClassNames[visual-class]);
 sprintf(name, CLASS_%s, ClassNames[visual-class]);
 AddNum(defs, name, (int)visual-visualid);
 switch(visual-class) {
@@ -767,6 +780,40 @@
 arg-used += strlen(s);
 }   
 
+static void
+addescapedstring(String *arg, const char *s)
+{
+char copy[512], *c;
+
+for (c = copy; *s  c  copy[sizeof(copy)-1]; s++) {
+	switch (*s) {
+	case '':   case '\'':  case '`':
+	case '$':   case '\\':
+	*c++ = '_';
+	break;
+	default:
+	*c++ = *s;
+	}
+}
+*c = 0;
+addstring (arg, copy);
+}
+
+static void
+addtokstring(String *arg, const char *s)
+{
+char copy[512], *c;
+
+for (c = copy; *s  c  copy[sizeof(copy)-1]; s++) {
+	if (!isalpha(*s)  !isdigit(*s)  *s != '_')
+	*c++ = '_';
+	else
+	*c++ = *s;
+}
+*c = 0;
+addstring (arg, copy);
+}
+
 
 int
 main(int argc, char *argv[])
@@ -862,7 +909,7 @@
 		continue;
 	} else if (arg[1] == 'I') {
 		addstring(includes,  );
-		addstring(includes, arg);
+		addescapedstring(includes, arg);
 		continue;
 	} else if (arg[1] == 'U' || arg[1] == 'D') {
 		if (num_cmd_defines

CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/expat/lib

2010-01-27 Thread Manuel Bouyer

Module Name:xsrc
Committed By:   bouyer
Date:   Wed Jan 27 20:56:51 UTC 2010

Modified Files:
xsrc/xfree/xc/extras/expat/lib [netbsd-4-0]: xmlparse.c

Log Message:
Pull up following revision(s) (requested by tron in ticket #1383):
xsrc/xfree/xc/extras/expat/lib/xmlparse.c: revision 1.2
Add patch from upstream CVS to fix CVE-2009-3560 (possible DOS due to
crash on bad input).


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.18.1 \
xsrc/xfree/xc/extras/expat/lib/xmlparse.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/xfree/xc/extras/expat/lib/xmlparse.c
diff -u xsrc/xfree/xc/extras/expat/lib/xmlparse.c:1.1.1.2 xsrc/xfree/xc/extras/expat/lib/xmlparse.c:1.1.1.2.18.1
--- xsrc/xfree/xc/extras/expat/lib/xmlparse.c:1.1.1.2	Fri Mar  5 14:26:08 2004
+++ xsrc/xfree/xc/extras/expat/lib/xmlparse.c	Wed Jan 27 20:56:51 2010
@@ -3253,6 +3253,9 @@
 return XML_ERROR_UNCLOSED_TOKEN;
   case XML_TOK_PARTIAL_CHAR:
 return XML_ERROR_PARTIAL_CHAR;
+  case -XML_TOK_PROLOG_S:
+	tok = -tok;
+	break;
   case XML_TOK_NONE:
 #ifdef XML_DTD
 if (enc != encoding)

CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/expat/lib

2009-09-11 Thread Manuel Bouyer

Module Name:xsrc
Committed By:   bouyer
Date:   Fri Sep 11 23:03:49 UTC 2009

Modified Files:
xsrc/xfree/xc/extras/expat/lib [netbsd-4-0]: xmltok_impl.c

Log Message:
Pull up following revision(s) (requested by snj in ticket #1359):
xfree/xc/extras/expat/lib/xmltok_impl.c: revision 1.2
Apply revisions 1.14 and 1.15 from expat CVS to fix SA36425.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.18.1 \
xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c
diff -u xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c:1.1.1.2 xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c:1.1.1.2.18.1
--- xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c:1.1.1.2	Fri Mar  5 14:26:09 2004
+++ xsrc/xfree/xc/extras/expat/lib/xmltok_impl.c	Fri Sep 11 23:03:49 2009
@@ -1741,7 +1741,7 @@
const char *end,
POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr  end) {
 switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
 case BT_LEAD ## n: \

CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/freetype2/src/lzw

CVS commit: [netbsd-4-0] xsrc/xfree/xc

CVS commit: [netbsd-4-0] xsrc/xfree/xc/programs/xrdb

CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/expat/lib

CVS commit: [netbsd-4-0] xsrc/xfree/xc/extras/expat/lib

5 matches

Site Navigation

Mail list logo

Footer information