We need fix for an exploitable buffer overflow in font code - the same patch as Xfree86 applied recently to their codebase.
Weired. I thought Slashdot had an article about the issue but I cannot find it anymore... ;-(
Created attachment 91 [details] [review] Patch for 2004-02-12-trunk
Patch checked-in... Checking in xc/lib/font/fontfile/dirfile.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/dirfile.c,v <-- dirfile.c new revision: 1.2; previous revision: 1.1 done ... marking bug as FIXED.
Reopening to include more fixes for the same issue (taken from Xfree86 2004-02-16-trunk CVS) ...
Created attachment 95 [details] [review] 2nd patch for 2004-02-16-trunk
Patch checked-in... Checking in xc/lib/font/fontfile/dirfile.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/dirfile.c,v <-- dirfile.c new revision: 1.3; previous revision: 1.2 done Checking in xc/lib/font/fontfile/encparse.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/encparse.c,v <-- encparse.c new revision: 1.2; previous revision: 1.1 done Checking in xc/lib/font/fontfile/fontfile.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/fontfile.c,v <-- fontfile.c new revision: 1.3; previous revision: 1.2 done ... marking bug as FIXED.
Unfortunately the change broke per-model-config font paths (e.g. Xprt fails to start up) ... reopening for backout... ;-((
Created attachment 96 [details] [review] Backout patch for prevous patch
Backout patch (attachment 96 [details] [review]) checked-in... Checking in xc/lib/font/fontfile/dirfile.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/dirfile.c,v <-- dirfile.c new revision: 1.4; previous revision: 1.3 done Checking in xc/lib/font/fontfile/encparse.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/encparse.c,v <-- encparse.c new revision: 1.3; previous revision: 1.2 done Checking in xc/lib/font/fontfile/fontfile.c; /cvs/xprint/xprint/src/xprint_main/xc/lib/font/fontfile/fontfile.c,v <-- fontfile.c new revision: 1.4; previous revision: 1.3 done ... marking bug as FIXED (for now until Xfree86 comes up with a solution).
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.