head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.114 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.4.0.112 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.4.0.110 pkgsrc-2025Q3-base:1.4 pkgsrc-2025Q2:1.4.0.108 pkgsrc-2025Q2-base:1.4 pkgsrc-2025Q1:1.4.0.106 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.4.0.104 pkgsrc-2024Q4-base:1.4 pkgsrc-2024Q3:1.4.0.102 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.100 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.98 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.4.0.96 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.94 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.92 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.90 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.88 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.86 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.84 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.82 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.80 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.78 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.76 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.74 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.72 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.70 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.66 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.46 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.68 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.64 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.62 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.60 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.58 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.56 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.54 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.52 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.50 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.48 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.44 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.42 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.40 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.38 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.36 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.34 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.32 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.30 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.28 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.26 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.24 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.22 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.20 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.18 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.16 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.14 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.12 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.10 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.8 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.6 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.4 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.2 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.3.0.8 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.6 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.2 pkgsrc-2011Q1-base:1.3 pkgsrc-2009Q4:1.2.0.12 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.10 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.8 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.6 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.4 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.2 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.1.0.4 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.2 pkgsrc-2007Q3-base:1.1; locks; strict; comment @# @; 1.4 date 2012.01.16.12.42.56; author drochner; state Exp; branches; next 1.3; 1.3 date 2011.03.08.17.13.33; author drochner; state Exp; branches; next 1.2; 1.2 date 2008.02.11.18.53.39; author bjs; state dead; branches; next 1.1; 1.1 date 2007.09.28.08.42.08; author drochner; state Exp; branches; next ; desc @@ 1.4 log @fix an off-by-one in an earlier fix, from gnome bug #643882 @ text @$NetBSD: patch-ai,v 1.3 2011/03/08 17:13:33 drochner Exp $ --- lib/t1lib/parseAFM.c.orig 2007-12-23 15:49:42.000000000 +0000 +++ lib/t1lib/parseAFM.c @@@@ -199,7 +199,7 @@@@ static char *token(stream) idx = 0; while (ch != EOF && ch != ' ' && ch != CR && ch != LF && - ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){ + ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';' && idx < (MAX_NAME - 1)){ ident[idx++] = ch; ch = fgetc(stream); } /* while */ @@@@ -235,7 +235,7 @@@@ static char *linetoken(stream) while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); idx = 0; - while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z) + while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1)) { ident[idx++] = ch; ch = fgetc(stream); @ 1.3 log @adopt evince/patch-ba to fix 2 possible buffer overflows in AFM file parsing (SA43491), bump PKGREV @ text @d1 1 a1 1 $NetBSD$ d10 1 a10 1 + ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME){ d19 1 a19 1 + while (ch != EOF && ch != CR && ch != LF && ch != CTRL_Z && idx < MAX_NAME) @ 1.2 log @ Update to version 5.1.2. Patches removed above are no longer needed, as they appear to have been incorporated upstream. Additionally, the following changes apply: December 2006: t1lib-5.1.1: --------------------------- - DESTDIR support was missing and has been addded in install-target i for type1afm. - A bug fix in Anti-Aliasing subsampling code, which could make t1lib crash under certain conditions. - Small number of further fixes, in particular with respect to the build mechanism. December 2007: t1lib-5.1.2: --------------------------- - Small number of fixes reported by users. The fixes pertain to a vulnerability issue, memory access issues. - More decent handling if Encoding and / or FontBBox specification are missing (which is invalid with respect to the specification, but recoverable). @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.1 2007/09/28 08:42:08 drochner Exp $ d3 4 a6 13 --- lib/t1lib/t1env.c.orig 2007-09-28 10:35:07.000000000 +0200 +++ lib/t1lib/t1env.c @@@@ -611,6 +611,12 @@@@ char *intT1_Env_GetCompletePath( char *F #endif strcat( pathbuf, DIRECTORY_SEP); /* And finally the filename: */ + /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf + let's try next pathbuf */ + if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) { + i++; + continue; + } strcat( pathbuf, StrippedName); d8 15 a22 1 /* Check for existence of the path: */ @ 1.1 log @add a patch from Ubuntu to fix CVE-2007-4033 (buffer overflow in path handling), bump PKGREVISION (from Martti Kuparinen) @ text @d1 1 a1 1 $NetBSD$ @