[pkgsrc/trunk]: pkgsrc/fonts/t1lib add a patch from Ubuntu to fix CVE-2007-40...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/97102ee26a5b
branches:  trunk
changeset: 533740:97102ee26a5b
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Sep 28 08:42:07 2007 +0000

description:
add a patch from Ubuntu to fix CVE-2007-4033 (buffer overflow in
path handling), bump PKGREVISION
(from Martti Kuparinen)

diffstat:

 fonts/t1lib/Makefile         |   4 ++--
 fonts/t1lib/distinfo         |   3 ++-
 fonts/t1lib/patches/patch-ai |  17 +++++++++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r e047782153c8 -r 97102ee26a5b fonts/t1lib/Makefile
--- a/fonts/t1lib/Makefile      Thu Sep 27 23:09:38 2007 +0000
+++ b/fonts/t1lib/Makefile      Fri Sep 28 08:42:07 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2006/11/06 11:25:24 joerg Exp $
+# $NetBSD: Makefile,v 1.34 2007/09/28 08:42:07 drochner Exp $
 
 DISTNAME=      t1lib-5.1.0
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    fonts devel graphics
 MASTER_SITES=  ${MASTER_SITE_SUNSITE:=libs/graphics/}
 
diff -r e047782153c8 -r 97102ee26a5b fonts/t1lib/distinfo
--- a/fonts/t1lib/distinfo      Thu Sep 27 23:09:38 2007 +0000
+++ b/fonts/t1lib/distinfo      Fri Sep 28 08:42:07 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2007/08/16 13:12:37 joerg Exp $
+$NetBSD: distinfo,v 1.18 2007/09/28 08:42:07 drochner Exp $
 
 SHA1 (t1lib-5.1.0.tar.gz) = 6866561027aa32b0efb1a1aad0aa38cb5e01a299
 RMD160 (t1lib-5.1.0.tar.gz) = f12710159aa8a92e8feb5d934dc45875d198bb58
@@ -10,3 +10,4 @@
 SHA1 (patch-af) = e89df0d94e0748e468c7c3d40ce2fc0ccdb0116c
 SHA1 (patch-ag) = de43462ab574f557627ff3e35cde4ca574d23396
 SHA1 (patch-ah) = 60ead43eeb6327cd3fd94755364633b6bf5d5d0d
+SHA1 (patch-ai) = 52e99f7d71f64e46a87531289fc3e2fce76443c7
diff -r e047782153c8 -r 97102ee26a5b fonts/t1lib/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/fonts/t1lib/patches/patch-ai      Fri Sep 28 08:42:07 2007 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ai,v 1.1 2007/09/28 08:42:08 drochner Exp $
+
+--- lib/t1lib/t1env.c.orig     2007-09-28 10:35:07.000000000 +0200
++++ lib/t1lib/t1env.c
+@@ -611,6 +611,12 @@ char *intT1_Env_GetCompletePath( char *F
+ #endif 
+     strcat( pathbuf, DIRECTORY_SEP);
+     /* And finally the filename: */
++    /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
++       let's try next pathbuf */
++    if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
++       i++;
++       continue;
++    }
+     strcat( pathbuf, StrippedName);
+     
+     /* Check for existence of the path: */