Skip to content

Commit

Permalink
Pullup ticket #3066 - requested by taca
Browse files Browse the repository at this point in the history 
pango: security patch

Revisions pulled up:
- devel/pango/Makefile			1.140-1.141
- devel/pango/distinfo			1.82-1.83
- devel/pango/patches/patch-ae		1.5
- devel/pango/patches/patch-am		1.1
---
Module Name:	pkgsrc
Committed By:	tron
Date:		Sun Feb 21 23:51:26 UTC 2010

Modified Files:
	pkgsrc/devel/pango: Makefile distinfo
	pkgsrc/devel/pango/patches: patch-ae

Log Message:
Change very questionable C++ code slightly to avoid high CPU usage under
Mac OS X. (see https://bugzilla.gnome.org/show_bug.cgi?id=593240 for
more details). Tested with XChat and Wireshark under Mac OS 10.6.2 and
NetBSD/amd64 5.0_STABLE.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Sat Mar 27 15:59:34 UTC 2010

Modified Files:
	pkgsrc/devel/pango: Makefile distinfo
Added Files:
	pkgsrc/devel/pango/patches: patch-am

Log Message:
Add a patch to fix CVE-2010-0421, DoS security fix.

Bump PKGREVISION.
  • Loading branch information
tron committed Mar 27, 2010
1 parent f4f7299 commit 914bf5f
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 41 deletions.
3 changes: 2 additions & 1 deletion devel/pango/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# $NetBSD: Makefile,v 1.139 2009/12/15 15:09:21 drochner Exp $
# $NetBSD: Makefile,v 1.139.2.1 2010/03/27 17:51:38 tron Exp $

DISTNAME= pango-1.26.2
PKGREVISION= 2
CATEGORIES= devel fonts
MASTER_SITES= ${MASTER_SITE_GNOME:=sources/pango/1.26/}
EXTRACT_SUFX= .tar.bz2
Expand Down
5 changes: 3 additions & 2 deletions devel/pango/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
$NetBSD: distinfo,v 1.81 2009/12/15 15:09:21 drochner Exp $
$NetBSD: distinfo,v 1.81.2.1 2010/03/27 17:51:38 tron Exp $

SHA1 (pango-1.26.2.tar.bz2) = 051b6f7b5f98a4c8083ef6a5178cb5255a992b98
RMD160 (pango-1.26.2.tar.bz2) = 6613bddf643d5c912e6656d84c6671aa6ce88a9d
Size (pango-1.26.2.tar.bz2) = 1536011 bytes
SHA1 (patch-aa) = 1a87d055dc722eff28517a11d0832ae19df5eb59
SHA1 (patch-ab) = 12c09b12ba31be19fa0d602f89909811e6221bd8
SHA1 (patch-ae) = 2ebb8a0886a745fbfb0106dece91c5c990982ef8
SHA1 (patch-ae) = 9eb458be84f6dfce27fb469d45cc78e34acd9c36
SHA1 (patch-am) = dc7387b4da24356a56ab8d07ef0462b6f4b3b209
49 changes: 11 additions & 38 deletions devel/pango/patches/patch-ae
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,18 @@
$NetBSD: patch-ae,v 1.4 2009/11/23 17:18:52 tron Exp $
$NetBSD: patch-ae,v 1.4.2.1 2010/03/27 17:51:38 tron Exp $

Avoid high CPU usage caused by code generaton problems in Apple's toolchain.
Avoid high CPU usage under Mac OS X caused by questionable C++ code.

Please look here for details:
https://bugzilla.gnome.org/show_bug.cgi?id=593240

--- pango/pango-ot-info.c.orig 2009-11-17 16:35:44.000000000 +0000
+++ pango/pango-ot-info.c 2009-11-23 13:55:29.000000000 +0000
@@ -536,13 +536,22 @@
{
unsigned int i;
--- pango/opentype/hb-open-type-private.hh.orig 2009-11-26 00:44:17.000000000 +0000
+++ pango/opentype/hb-open-type-private.hh 2010-02-21 23:41:06.000000000 +0000
@@ -61,7 +61,7 @@
/* Null objects */

+#if defined(__APPLE__) && defined(__GNUC__)
+ (void)fflush(stdout);
+#endif
+
for (i = 0; i < ruleset->rules->len; i++)
{
- PangoOTRule *rule = &g_array_index (ruleset->rules, PangoOTRule, i);
+ PangoOTRule *rule;
hb_mask_t mask;
unsigned int lookup_count, j;
unsigned int lookup_indexes[1000];
/* Global nul-content Null pool. Enlarge as necessary. */
-static const char NullPool[32] = "";
+static const void *NullPool[32];

+#if defined(__APPLE__) && defined(__GNUC__)
+ (void)fprintf(stdout, "%d", i);
+#endif
+
+ rule = &g_array_index (ruleset->rules, const PangoOTRule, i);
if (rule->table_type != PANGO_OT_TABLE_GSUB)
continue;

@@ -561,6 +570,11 @@
lookup_indexes[j],
rule->property_bit);
}
+
+#if defined(__APPLE__) && defined(__GNUC__)
+ (void)fpurge(stdout);
+#endif
+
}

void
/* Generic template for nul-content sizeof-sized Null objects. */
template <typename Type>
24 changes: 24 additions & 0 deletions devel/pango/patches/patch-am
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
$NetBSD: patch-am,v 1.1.2.2 2010/03/27 17:51:38 tron Exp $

Fix for CVE-2010-0421.

--- pango/opentype/hb-ot-layout.cc.orig 2009-11-26 00:44:17.000000000 +0000
+++ pango/opentype/hb-ot-layout.cc
@@ -44,6 +44,8 @@ _hb_ot_layout_init (hb_face_t *face)
{
hb_ot_layout_t *layout = &face->ot_layout;

+ memset (layout, 0, sizeof (*layout));
+
layout->gdef_blob = Sanitizer<GDEF>::sanitize (hb_face_get_table (face, HB_OT_TAG_GDEF));
layout->gdef = &Sanitizer<GDEF>::lock_instance (layout->gdef_blob);

@@ -293,7 +295,7 @@ hb_ot_layout_build_glyph_classes (hb_fac
return;

if (layout->new_gdef.len == 0) {
- layout->new_gdef.klasses = (unsigned char *) calloc (num_total_glyphs, sizeof (unsigned char));
+ layout->new_gdef.klasses = (unsigned char *) calloc (count, sizeof (unsigned char));
layout->new_gdef.len = count;
}

0 comments on commit 914bf5f

Please sign in to comment.