diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-05-19 19:47:49 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-05-20 09:00:04 +0200 |
| commit | 26cd2dd0d1823fa8a3bd95d273dc4f1ec5bdb048 (patch) | |
| tree | 6c966f78a2f38c7141fda47144ac28da8b798137 /source/x/fontconfig/fedora-patches/fontconfig-fix-1744377.patch | |
| parent | bb7dc1ffb7eb47db06eded668ce6c9e8eaa9cec0 (diff) | |
| download | current-26cd2dd0d1823fa8a3bd95d273dc4f1ec5bdb048.tar.gz current-26cd2dd0d1823fa8a3bd95d273dc4f1ec5bdb048.tar.xz | |
Tue May 19 19:47:49 UTC 202020200519194749
a/shadow-4.8.1-x86_64-8.txz: Rebuilt.
It seems that /etc/suauth is not supported when PAM is in use, even if
configure.ac is hacked to enable it. I've removed the man pages for it,
and would suggest using sudo as a replacement.
l/libexif-0.6.22-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
CVE-2018-20030: Fix for recursion DoS
CVE-2020-13114: Time consumption DoS when parsing canon array markers
CVE-2020-13113: Potential use of uninitialized memory
CVE-2020-13112: Various buffer overread fixes due to integer overflows
in maker notes
CVE-2020-0093: read overflow
CVE-2019-9278: replaced integer overflow checks the compiler could
optimize away by safer constructs
CVE-2020-12767: fixed division by zero
CVE-2016-6328: fixed integer overflow when parsing maker notes
CVE-2017-7544: fixed buffer overread
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
(* Security fix *)
l/oniguruma-6.9.5_rev1-x86_64-2.txz: Rebuilt.
Rebuilt with --enable-posix-api. Thanks to MisterL.
l/python-packaging-20.4-x86_64-1.txz: Upgraded.
n/bind-9.16.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
A malicious actor who intentionally exploits the lack of effective
limitation on the number of fetches performed when processing referrals
can, through the use of specially crafted referrals, cause a recursing
server to issue a very large number of fetches in an attempt to process
the referral. This has at least two potential effects: The performance of
the recursing server can potentially be degraded by the additional work
required to perform these fetches, and the attacker can exploit this
behavior to use the recursing server as a reflector in a reflection attack
with a high amplification factor.
For more information, see:
https://kb.isc.org/docs/cve-2020-8616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
(* Security fix *)
x/fontconfig-2.13.92-x86_64-1.txz: Upgraded.
x/xf86-input-libinput-0.30.0-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/x/fontconfig/fedora-patches/fontconfig-fix-1744377.patch')
| -rw-r--r-- | source/x/fontconfig/fedora-patches/fontconfig-fix-1744377.patch | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/source/x/fontconfig/fedora-patches/fontconfig-fix-1744377.patch b/source/x/fontconfig/fedora-patches/fontconfig-fix-1744377.patch new file mode 100644 index 000000000..fda5c2d65 --- /dev/null +++ b/source/x/fontconfig/fedora-patches/fontconfig-fix-1744377.patch @@ -0,0 +1,122 @@ +From fcada522913e5e07efa6367eff87ace9f06d24c8 Mon Sep 17 00:00:00 2001 +From: Akira TAGOH <akira@tagoh.org> +Date: Wed, 28 Aug 2019 17:46:03 +0900 +Subject: [PATCH] Do not return FcFalse from FcConfigParseAndLoad*() if + complain is set to false + +https://bugzilla.redhat.com/show_bug.cgi?id=1744377 +--- + src/fcxml.c | 8 ++++--- + test/Makefile.am | 4 ++++ + test/test-bz1744377.c | 51 +++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 60 insertions(+), 3 deletions(-) + create mode 100644 test/test-bz1744377.c + +diff --git a/src/fcxml.c b/src/fcxml.c +index 2e26e77a..076fa301 100644 +--- a/src/fcxml.c ++++ b/src/fcxml.c +@@ -3526,7 +3526,7 @@ _FcConfigParse (FcConfig *config, + int len; + FcStrBuf sbuf; + char buf[BUFSIZ]; +- FcBool ret = FcFalse; ++ FcBool ret = FcFalse, complain_again = complain; + + #ifdef _WIN32 + if (!pGetSystemWindowsDirectory) +@@ -3605,7 +3605,7 @@ _FcConfigParse (FcConfig *config, + close (fd); + + ret = FcConfigParseAndLoadFromMemoryInternal (config, filename, FcStrBufDoneStatic (&sbuf), complain, load); +- complain = FcFalse; /* no need to reclaim here */ ++ complain_again = FcFalse; /* no need to reclaim here */ + bail1: + FcStrBufDestroy (&sbuf); + bail0: +@@ -3613,7 +3613,9 @@ bail0: + FcStrFree (filename); + if (realfilename) + FcStrFree (realfilename); +- if (!ret && complain) ++ if (!complain) ++ return FcTrue; ++ if (!ret && complain_again) + { + if (name) + FcConfigMessage (0, FcSevereError, "Cannot %s config file \"%s\"", load ? "load" : "scan", name); +diff --git a/test/Makefile.am b/test/Makefile.am +index f9c21581..a9fa089a 100644 +--- a/test/Makefile.am ++++ b/test/Makefile.am +@@ -131,6 +131,10 @@ TESTS += test-d1f48f11 + endif + endif + ++check_PROGRAMS += test-bz1744377 ++test_bz1744377_LDADD = $(top_builddir)/src/libfontconfig.la ++TESTS += test-bz1744377 ++ + EXTRA_DIST=run-test.sh run-test-conf.sh $(LOG_COMPILER) $(TESTDATA) out.expected-long-family-names out.expected-no-long-family-names + + CLEANFILES=out out1 out2 fonts.conf out.expected +diff --git a/test/test-bz1744377.c b/test/test-bz1744377.c +new file mode 100644 +index 00000000..d7f10535 +--- /dev/null ++++ b/test/test-bz1744377.c +@@ -0,0 +1,51 @@ ++/* ++ * fontconfig/test/test-bz1744377.c ++ * ++ * Copyright © 2000 Keith Packard ++ * ++ * Permission to use, copy, modify, distribute, and sell this software and its ++ * documentation for any purpose is hereby granted without fee, provided that ++ * the above copyright notice appear in all copies and that both that ++ * copyright notice and this permission notice appear in supporting ++ * documentation, and that the name of the author(s) not be used in ++ * advertising or publicity pertaining to distribution of the software without ++ * specific, written prior permission. The authors make no ++ * representations about the suitability of this software for any purpose. It ++ * is provided "as is" without express or implied warranty. ++ * ++ * THE AUTHOR(S) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, ++ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO ++ * EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY SPECIAL, INDIRECT OR ++ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, ++ * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER ++ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ++ * PERFORMANCE OF THIS SOFTWARE. ++ */ ++#include <fontconfig/fontconfig.h> ++ ++int ++main (void) ++{ ++ const FcChar8 *doc = "" ++ "<fontconfig>\n" ++ " <include ignore_missing=\"yes\">blahblahblah</include>\n" ++ "</fontconfig>\n" ++ ""; ++ const FcChar8 *doc2 = "" ++ "<fontconfig>\n" ++ " <include ignore_missing=\"no\">blahblahblah</include>\n" ++ "</fontconfig>\n" ++ ""; ++ FcConfig *cfg = FcConfigCreate (); ++ ++ if (!FcConfigParseAndLoadFromMemory (cfg, doc, FcTrue)) ++ return 1; ++ if (FcConfigParseAndLoadFromMemory (cfg, doc2, FcTrue)) ++ return 1; ++ if (!FcConfigParseAndLoadFromMemory (cfg, doc2, FcFalse)) ++ return 1; ++ ++ FcConfigDestroy (cfg); ++ ++ return 0; ++} +-- +2.23.0 + |