aboutsummaryrefslogtreecommitdiff
path: root/x11-fonts/libXfont
diff options
context:
space:
mode:
Diffstat (limited to 'x11-fonts/libXfont')
-rw-r--r--x11-fonts/libXfont/Makefile2
-rw-r--r--x11-fonts/libXfont/files/patch-CVE-2008-000624
2 files changed, 25 insertions, 1 deletions
diff --git a/x11-fonts/libXfont/Makefile b/x11-fonts/libXfont/Makefile
index 5e57f7cf2fff..685b241a56f1 100644
--- a/x11-fonts/libXfont/Makefile
+++ b/x11-fonts/libXfont/Makefile
@@ -7,7 +7,7 @@
PORTNAME= libXfont
PORTVERSION= 1.3.1
-PORTREVISION= 1
+PORTREVISION= 2
PORTEPOCH= 1
CATEGORIES= x11-fonts
diff --git a/x11-fonts/libXfont/files/patch-CVE-2008-0006 b/x11-fonts/libXfont/files/patch-CVE-2008-0006
new file mode 100644
index 000000000000..95f7b2f28019
--- /dev/null
+++ b/x11-fonts/libXfont/files/patch-CVE-2008-0006
@@ -0,0 +1,24 @@
+diff --git src/bitmap/pcfread.c src/bitmap/pcfread.c
+index fd41849..c5db255 100644
+--- src/bitmap/pcfread.c
++++ src/bitmap/pcfread.c
+@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr file,
+ pFont->info.lastRow = pcfGetINT16(file, format);
+ pFont->info.defaultCh = pcfGetINT16(file, format);
+ if (IS_EOF(file)) goto Bail;
++ if (pFont->info.firstCol > pFont->info.lastCol ||
++ pFont->info.firstRow > pFont->info.lastRow ||
++ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
+
+ nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
+ (pFont->info.lastRow - pFont->info.firstRow + 1);
+@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, FontFilePtr file)
+ pFontInfo->lastRow = pcfGetINT16(file, format);
+ pFontInfo->defaultCh = pcfGetINT16(file, format);
+ if (IS_EOF(file)) goto Bail;
++ if (pFontInfo->firstCol > pFontInfo->lastCol ||
++ pFontInfo->firstRow > pFontInfo->lastRow ||
++ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
+
+ nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
+ (pFontInfo->lastRow - pFontInfo->firstRow + 1);