debian: . patches

X Strike Force SVN Repository Admin Tue, 25 Jan 2005 08:48:04 -0800

Author: branden
Date: 2005-01-25 11:45:22 -0500 (Tue, 25 Jan 2005)
New Revision: 2157


Modified:
   branches/4.1.0/woody-proposed-updates/debian/changelog
   
branches/4.1.0/woody-proposed-updates/debian/patches/076_SECURITY_libXpm_vulnerabilities.diff
Log:
Update patch #076 (XPM library security fixes) to revert regressions in
functionality caused by overly aggressive validation of filespec strings
in OpenReadFile() and OpenWriteFile().  (Fixes #286164 for woody.)


Modified: branches/4.1.0/woody-proposed-updates/debian/changelog
===================================================================
--- branches/4.1.0/woody-proposed-updates/debian/changelog      2005-01-25 
16:20:17 UTC (rev 2156)
+++ branches/4.1.0/woody-proposed-updates/debian/changelog      2005-01-25 
16:45:22 UTC (rev 2157)
@@ -1,3 +1,11 @@
+xfree86 (4.1.0-16woody6) stable-security; urgency=low
+
+  * Update patch #076 (XPM library security fixes) to revert regressions in
+    functionality caused by overly aggressive validation of filespec strings
+    in OpenReadFile() and OpenWriteFile().  (Fixes #286164 for woody.)
+
+ -- Branden Robinson <[EMAIL PROTECTED]>  Tue, 25 Jan 2005 11:42:03 -0500
+
 xfree86 (4.1.0-16woody5) stable-security; urgency=low
 
   * Security update release.  Resolves the following issue:

Modified: 
branches/4.1.0/woody-proposed-updates/debian/patches/076_SECURITY_libXpm_vulnerabilities.diff
===================================================================
--- 
branches/4.1.0/woody-proposed-updates/debian/patches/076_SECURITY_libXpm_vulnerabilities.diff
       2005-01-25 16:20:17 UTC (rev 2156)
+++ 
branches/4.1.0/woody-proposed-updates/debian/patches/076_SECURITY_libXpm_vulnerabilities.diff
       2005-01-25 16:45:22 UTC (rev 2157)
@@ -113,6 +113,12 @@
 vulnerabilties found during the above-mentioned source code audit are
 collectively referred to as CAN-2004-0914.
 
+Patch updated on 2005-01-25 to revert regressions in functionality caused
+by overly aggressive validation of filespec strings in OpenReadFile() and
+OpenWriteFile().  See <URL:
+https://bugs.freedesktop.org/show_bug.cgi?id=1924 > for more information.
+(It's up to the invoking application to validate filespec strings.)
+
 This patch by Matthieu Herrb and others.
 
 diff -urN xc~/extras/Xpm/lib/Attrib.c xc/extras/Xpm/lib/Attrib.c
@@ -765,9 +771,8 @@
      ptr = (char *) XpmMalloc(len + 1);
      if (!ptr) {
        fclose(fp);
-diff -urN xc~/extras/Xpm/lib/RdFToI.c xc/extras/Xpm/lib/RdFToI.c
---- xc~/extras/Xpm/lib/RdFToI.c        2004-12-01 23:11:42.000000000 -0500
-+++ xc/extras/Xpm/lib/RdFToI.c 2004-12-01 23:22:05.000000000 -0500
+--- xc/extras/Xpm/lib/RdFToI.c~        2005-01-25 11:36:45.000000000 -0500
++++ xc/extras/Xpm/lib/RdFToI.c 2005-01-25 11:37:44.000000000 -0500
 @@ -32,6 +32,8 @@
  *  Developed by Arnaud Le Hors                                                
*
  
\*****************************************************************************/
@@ -800,15 +805,14 @@
      struct stat status;
  # endif
  #endif
-@@ -139,17 +148,21 @@
+@@ -139,17 +148,20 @@
        mdata->type = XPMFILE;
      } else {
  #ifndef NO_ZPIPE
 -      int len = strlen(filename);
 +      size_t len = strlen(filename);
 +
-+      if(len == 0                        ||
-+         filename[len-1] == '/')
++      if (len == 0)
 +              return(XpmOpenFailed);
        if ((len > 2) && !strcmp(".Z", filename + (len - 2))) {
            mdata->type = XPMPIPE;
@@ -827,7 +831,7 @@
                return (XpmOpenFailed);
  
        } else {
-@@ -157,19 +170,19 @@
+@@ -157,19 +169,19 @@
            if (!(compressfile = (char *) XpmMalloc(len + 4)))
                return (XpmNoMemory);
  
@@ -853,7 +857,7 @@
                        XpmFree(compressfile);
                        return (XpmOpenFailed);
                    }
-@@ -215,7 +228,7 @@
+@@ -215,7 +227,7 @@
        break;
  #ifndef NO_ZPIPE
      case XPMPIPE:
@@ -883,9 +887,8 @@
  
      return XpmSuccess;
  }
-diff -urN xc~/extras/Xpm/lib/WrFFrI.c xc/extras/Xpm/lib/WrFFrI.c
---- xc~/extras/Xpm/lib/WrFFrI.c        2004-12-01 23:11:42.000000000 -0500
-+++ xc/extras/Xpm/lib/WrFFrI.c 2004-12-01 23:23:02.000000000 -0500
+--- xc/extras/Xpm/lib/WrFFrI.c~        2005-01-25 11:36:08.000000000 -0500
++++ xc/extras/Xpm/lib/WrFFrI.c 2005-01-25 11:38:17.000000000 -0500
 @@ -37,6 +37,8 @@
   * Lorens Younes ([EMAIL PROTECTED]) 4/96
   */
@@ -966,17 +969,14 @@
  static int
  OpenWriteFile(filename, mdata)
      char *filename;
-@@ -312,16 +323,23 @@
+@@ -312,16 +323,20 @@
        mdata->type = XPMFILE;
      } else {
  #ifndef NO_ZPIPE
 -      int len = strlen(filename);
 +      size_t len = strlen(filename);
 +
-+      if(len == 0                        ||
-+         filename[0] == '/'              ||
-+         strstr(filename, "../") != NULL ||
-+         filename[len-1] == '/')
++      if (len == 0)
 +              return(XpmOpenFailed);
 +
        if (len > 2 && !strcmp(".Z", filename + (len - 2))) {
@@ -995,7 +995,7 @@
                return (XpmOpenFailed);
  
            mdata->type = XPMPIPE;
-@@ -352,7 +370,7 @@
+@@ -352,7 +367,7 @@
        break;
  #ifndef NO_ZPIPE
      case XPMPIPE:


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

X Strike Force XFree86 SVN commit: r2157 - in branches/4.1.0/woody-proposed-updates/debian: . patches

Reply via email to