Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-5] xsrc



Module Name:    xsrc
Committed By:   riz
Date:           Fri Aug 19 20:54:36 UTC 2011

Modified Files:
        xsrc/external/mit/freetype/dist/src/lzw [netbsd-5]: ftzopen.c
        xsrc/external/mit/libXfont/dist/src/fontfile [netbsd-5]: decompress.c
        xsrc/xfree/xc/extras/freetype2/src/lzw [netbsd-5]: zopen.c
        xsrc/xfree/xc/lib/font/fontfile [netbsd-5]: decompress.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1661):
        xsrc/external/mit/libXfont/dist/src/fontfile/decompress.c: revision 1.2
        xsrc/external/mit/libXfont/dist/src/fontfile/decompress.c: revision 1.3
        src/usr.bin/gzip/zuncompress.c: revision 1.9-1.11
        src/usr.bin/compress/zopen.c: revision 1.14-1.15
        xsrc/xfree/xc/lib/font/fontfile/decompress.c: revision 1.2
        xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c: revision 1.2
        xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c: revision 1.4
P
Fix CVS-2011-2895, buffer overflow in decompress
provisional fix for CVS-2011-2895, buffer overflow when uncompressing
provisional fix for CVE-2011-2895, buffer overflow in decompression
set errno on overflow return.
Do proper input validation without penalizing performance.
Do proper input validation. Allow decompressing all input streams.
Increase robustness of LZW decoding to avoid buffer overflow on
arbitrary manipulated input streams in combination with uninitalised
memory.
Increase strictness of LZW parser.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1.2.1 -r1.1.1.1.2.2 \
    xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c
cvs rdiff -u -r1.1.1.1.2.1 -r1.1.1.1.2.2 \
    xsrc/external/mit/libXfont/dist/src/fontfile/decompress.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.10.1 \
    xsrc/xfree/xc/extras/freetype2/src/lzw/zopen.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.22.1 \
    xsrc/xfree/xc/lib/font/fontfile/decompress.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index