From f9d12a4ac14cbec8b578c481469e105c810cf3a4 Mon Sep 17 00:00:00 2001 From: trevor Date: Sat, 13 Jul 2002 23:49:19 +0000 Subject: security fix: correct bugs 115788 and 150339 (Mozilla passes requests for huge fonts, leading to loss of X (and probably VNC) session) Obtained from: attachment 87432 on bugzilla.mozilla.org --- www/mozilla-devel/Makefile | 3 +- www/mozilla-devel/files/patch-nsFontMetricsGTK.cpp | 40 ++++++++++++++++++++++ .../files/patch-nsFontMetricsXlib.cpp | 40 ++++++++++++++++++++++ 3 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 www/mozilla-devel/files/patch-nsFontMetricsGTK.cpp create mode 100644 www/mozilla-devel/files/patch-nsFontMetricsXlib.cpp (limited to 'www/mozilla-devel') diff --git a/www/mozilla-devel/Makefile b/www/mozilla-devel/Makefile index 5b13a5f..1576e0c 100644 --- a/www/mozilla-devel/Makefile +++ b/www/mozilla-devel/Makefile @@ -8,6 +8,7 @@ PORTNAME= mozilla PORTVERSION= 1.0 PORTEPOCH= 1 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_MOZILLA} \ http://people.FreeBSD.org/~sobomax/:local @@ -18,8 +19,6 @@ DISTFILES= ${PORTNAME}-source-${PORTVERSION:S/.rc/rc/}${EXTRACT_SUFX} \ MAINTAINER= gnome@FreeBSD.org -FORBIDDEN= "see http://bugzilla.mozilla.org/show_bug.cgi?id=150339 " - BUILD_DEPENDS= zip:${PORTSDIR}/archivers/zip \ freetype-config:${PORTSDIR}/print/freetype2 LIB_DEPENDS= ORBit.2:${PORTSDIR}/devel/ORBit \ diff --git a/www/mozilla-devel/files/patch-nsFontMetricsGTK.cpp b/www/mozilla-devel/files/patch-nsFontMetricsGTK.cpp new file mode 100644 index 0000000..3bab909 --- /dev/null +++ b/www/mozilla-devel/files/patch-nsFontMetricsGTK.cpp @@ -0,0 +1,40 @@ +$FreeBSD$ + +As reported by Mikko Rapeli and Tom Vogt at +http://bugzilla.mozilla.org/show_bug.cgi?id=115788 and +http://bugzilla.mozilla.org/show_bug.cgi?id=150339 the X server can +abort when Mozilla requests a huge (scalable) font. This is also +likely to happen to the X font server, or to Xvnc. + +This patch is from +http://bugzilla.mozilla.org/attachment.cgi?id=87432&action=view +. + +--- gfx/src/gtk/nsFontMetricsGTK.cpp Mon Jun 10 01:02:08 2002 ++++ gfx/src/gtk/nsFontMetricsGTK.cpp Thu Jun 13 00:06:33 2002 +@@ -87,6 +87,12 @@ + #undef USER_DEFINED + #define USER_DEFINED "x-user-def" + ++// This is the scaling factor that we keep fonts limited to against ++// the display size. If a pixel size is requested that is more than ++// this factor larger than the height of the display, it's clamped to ++// that value instead of the requested size. ++#define FONT_MAX_FONT_SCALE 2 ++ + #undef NOISY_FONTS + #undef REALLY_NOISY_FONTS + +@@ -1276,7 +1282,12 @@ + + float app2dev; + mDeviceContext->GetAppUnitsToDevUnits(app2dev); ++ + mPixelSize = NSToIntRound(app2dev * mFont->size); ++ // Make sure to clamp the pixel size to something reasonable so we ++ // don't make the X server blow up. ++ mPixelSize = PR_MIN(gdk_screen_height() * FONT_MAX_FONT_SCALE, mPixelSize); ++ + mStretchIndex = 4; // normal + mStyleIndex = mFont->style; + diff --git a/www/mozilla-devel/files/patch-nsFontMetricsXlib.cpp b/www/mozilla-devel/files/patch-nsFontMetricsXlib.cpp new file mode 100644 index 0000000..fd470f6 --- /dev/null +++ b/www/mozilla-devel/files/patch-nsFontMetricsXlib.cpp @@ -0,0 +1,40 @@ +$FreeBSD$ + +As reported by Mikko Rapeli and Tom Vogt at +http://bugzilla.mozilla.org/show_bug.cgi?id=115788 and +http://bugzilla.mozilla.org/show_bug.cgi?id=150339 the X server can +abort when Mozilla requests a huge (scalable) font. This is also +likely to happen to the X font server, or to Xvnc. + +This patch is from +http://bugzilla.mozilla.org/attachment.cgi?id=87432&action=view +. + +--- gfx/src/xlib/nsFontMetricsXlib.cpp Tue Jun 11 16:20:31 2002 ++++ gfx/src/xlib/nsFontMetricsXlib.cpp Thu Jun 13 00:05:47 2002 +@@ -99,6 +99,12 @@ + #undef USER_DEFINED + #define USER_DEFINED "x-user-def" + ++// This is the scaling factor that we keep fonts limited to against ++// the display size. If a pixel size is requested that is more than ++// this factor larger than the height of the display, it's clamped to ++// that value instead of the requested size. ++#define FONT_MAX_FONT_SCALE 2 ++ + #undef NOISY_FONTS + #undef REALLY_NOISY_FONTS + +@@ -1480,7 +1486,12 @@ + + float app2dev; + mDeviceContext->GetAppUnitsToDevUnits(app2dev); ++ + mPixelSize = NSToIntRound(app2dev * mFont->size); ++ // Make sure to clamp the pixel size to something reasonable so we ++ // don't make the X server blow up. ++ mPixelSize = PR_MIN(XHeightOfScreen(xxlib_rgb_get_screen(gXlibRgbHandle)) * FONT_MAX_FONT_SCALE, mPixelSize); ++ + mStretchIndex = 4; // Normal + mStyleIndex = mFont->style; + -- cgit v1.1