head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.4 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.2 pkgsrc-2010Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2011.05.02.11.15.42; author adam; state dead; branches; next 1.1; 1.1 date 2010.12.07.16.58.12; author drochner; state Exp; branches; next ; desc @@ 1.2 log @Changes 20110222: * Did a lot of work to improve the accuracy in remove overlap. Improved accuracy means that it is less likely to do the wrong thing. Problems happen when there are points or intersections very close to each other. (So quadratic glyphs are more likely to have problems than cubics simply because they have more points, on average). * Fix various error messages. * Remove some obsolete documentation. * Technical fixes to stroking code. * Add a miterlimit to stroking code. * FontForge was using the wrong MIME type for svg files. W3C has changed it and it's now "image/svg+xml" not "image/svg-xml" or "image/svg". * Since Inkscape images tend to be at unexpected y positions, force the view to rescale/recenter itself if the result after a paste/import is outside the current window. (Inkscape tends to put things at the top of a page, but the origin is at the bottom, and FF looks at the origin. * A line joint of 180 degrees (which shouldn't have happened in stroking, but did) caused an infinite loop. * Typo in add extrema code (again). * More... @ text @$NetBSD: patch-al,v 1.1 2010/12/07 16:58:12 drochner Exp $ CVE-2010-4259 --- fontforge/fvimportbdf.c.orig 2010-04-16 03:02:02.000000000 +0000 +++ fontforge/fvimportbdf.c @@@@ -560,7 +560,7 @@@@ static int slurp_header(FILE *bdf, int * } if ( strcmp(tok,"FONT")==0 ) { - if ( sscanf(buf,"-%*[^-]-%[^-]-%[^-]-%[^-]-%*[^-]-", family, weight, italic )!=0 ) { + if ( sscanf(buf,"-%*[^-]-%99[^-]-%99[^-]-%99[^-]-%*[^-]-", family, weight, italic )!=0 ) { char *pt=buf; int dcnt=0; while ( *pt=='-' && dcnt<7 ) { ++pt; ++dcnt; } @@@@ -616,26 +616,30 @@@@ static int slurp_header(FILE *bdf, int * sscanf(buf, "%d", &defs->metricsset ); else if ( strcmp(tok,"VVECTOR")==0 ) sscanf(buf, "%*d %d", &defs->vertical_origin ); + /* For foundry, fontname and encname, only copy up to the buffer size */ else if ( strcmp(tok,"FOUNDRY")==0 ) - sscanf(buf, "%[^\"]", foundry ); + sscanf(buf, "%99[^\"]", foundry ); else if ( strcmp(tok,"FONT_NAME")==0 ) - sscanf(buf, "%[^\"]", fontname ); + sscanf(buf, "%99[^\"]", fontname ); else if ( strcmp(tok,"CHARSET_REGISTRY")==0 ) - sscanf(buf, "%[^\"]", encname ); + sscanf(buf, "%99[^\"]", encname ); else if ( strcmp(tok,"CHARSET_ENCODING")==0 ) { enc = 0; if ( sscanf(buf, " %d", &enc )!=1 ) sscanf(buf, "%d", &enc ); + /* These properties should be copied up to the buffer length too */ } else if ( strcmp(tok,"FAMILY_NAME")==0 ) { - strcpy(family,buf); + strncpy(family,buf,99); } else if ( strcmp(tok,"FULL_NAME")==0 || strcmp(tok,"FACE_NAME")==0 ) { - strcpy(full,buf); + strncpy(full,buf,99); } else if ( strcmp(tok,"WEIGHT_NAME")==0 ) - strcpy(weight,buf); + strncpy(weight,buf,99); else if ( strcmp(tok,"SLANT")==0 ) - strcpy(italic,buf); + strncpy(italic,buf,99); else if ( strcmp(tok,"COPYRIGHT")==0 ) { - strcpy(comments,buf); + /* LS: Assume the size of the passed-in buffer is 1000, see below in + * COMMENT */ + strncpy(comments,buf,999); found_copyright = true; } else if ( strcmp(tok,"COMMENT")==0 && !found_copyright ) { char *pt = comments+strlen(comments); @ 1.1 log @-make this pkg work with pkg-1.4.x The fix is a hack. There is code to deal with png versions, but it is not complete for 1.4.x, and fooled by bl3 wrappers renaming the library behind the pkg's back. -patch format string problems leading to possible buffer overflow (CVE-2010-4259), from Redhat bug#659359 bump PKGREV @ text @d1 1 a1 1 $NetBSD$ @