diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-05-31 15:04:55 -0700 |
| commit | d8220d28e5d53cd896b28d9dea13e2258923f35a (patch) | |
| tree | 0ae3d22871d934a49ba1689084ba6fe301ee48e0 /patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff | |
| parent | 5a12e7c134274dba706667107d10d231517d3e05 (diff) | |
| download | current-13.0.tar.gz current-13.0.tar.xz | |
Fri May 25 23:29:36 UTC 201813.0
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack13.0.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff')
| -rw-r--r-- | patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff b/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff new file mode 100644 index 000000000..352d00f03 --- /dev/null +++ b/patches/source/libXfont/patch/libXfont/libXfont.CVE-2017-16611.diff @@ -0,0 +1,85 @@ +--- ./src/fontfile/fileio.c.orig 2014-01-07 10:25:08.000000000 -0600 ++++ ./src/fontfile/fileio.c 2017-11-29 00:37:05.450068487 -0600 +@@ -36,6 +36,9 @@ + #ifndef O_BINARY + #define O_BINARY O_RDONLY + #endif ++#ifndef O_NOFOLLOW ++#define O_NOFOLLOW 0 ++#endif + + FontFilePtr + FontFileOpen (const char *name) +@@ -44,7 +47,7 @@ + int len; + BufFilePtr raw, cooked; + +- fd = open (name, O_BINARY); ++ fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW); + if (fd < 0) + return 0; + raw = BufFileOpenRead (fd); +--- ./src/fontfile/dirfile.c.orig 2014-01-07 10:25:08.000000000 -0600 ++++ ./src/fontfile/dirfile.c 2017-11-29 00:35:44.400069349 -0600 +@@ -41,6 +41,7 @@ + #include <stdio.h> + #include <sys/types.h> + #include <sys/stat.h> ++#include <fcntl.h> + #include <errno.h> + + static Bool AddFileNameAliases ( FontDirectoryPtr dir ); +@@ -57,8 +58,9 @@ + char dir_file[MAXFONTFILENAMELEN]; + char dir_path[MAXFONTFILENAMELEN]; + char *ptr; +- FILE *file; +- int count, ++ FILE *file = 0; ++ int file_fd, ++ count, + num_fonts, + status; + struct stat statb; +@@ -88,7 +90,14 @@ + if (dir_file[strlen(dir_file) - 1] != '/') + strcat(dir_file, "/"); + strcat(dir_file, FontDirFile); ++#ifndef WIN32 ++ file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW); ++ if (file_fd >= 0) { ++ file = fdopen(file_fd, "rt"); ++ } ++#else + file = fopen(dir_file, "rt"); ++#endif + if (file) { + #ifndef WIN32 + if (fstat (fileno(file), &statb) == -1) +@@ -258,7 +267,8 @@ + char alias[MAXFONTNAMELEN]; + char font_name[MAXFONTNAMELEN]; + char alias_file[MAXFONTFILENAMELEN]; +- FILE *file; ++ int file_fd; ++ FILE *file = 0; + FontDirectoryPtr dir; + int token; + char *lexToken; +@@ -276,7 +286,16 @@ + strcat(alias_file, "/"); + strcat(alias_file, FontAliasFile); + } ++ ++#ifndef WIN32 ++ file_fd = open(alias_file, O_RDONLY | O_NOFOLLOW); ++ if (file_fd >= 0) { ++ file = fdopen(file_fd, "rt"); ++ } ++#else + file = fopen(alias_file, "rt"); ++#endif ++ + if (!file) + return ((errno == ENOENT) ? Successful : BadFontPath); + if (!dir) |