From 1ad66747260d47164df3988dd3e6f88784b5cc2d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:54:27 +0000 Subject: import texlive-2012-45.20130427_r30134.el7 --- diff --git a/SOURCES/texlive-20130427_r30134-CVE-2018-17407.patch b/SOURCES/texlive-20130427_r30134-CVE-2018-17407.patch new file mode 100644 index 0000000..c56e87a --- /dev/null +++ b/SOURCES/texlive-20130427_r30134-CVE-2018-17407.patch @@ -0,0 +1,38 @@ +diff -up texlive-20130427_r30134/source/texk/dvipsk/writet1.c.orig texlive-20130427_r30134/source/texk/dvipsk/writet1.c +--- texlive-20130427_r30134/source/texk/dvipsk/writet1.c.orig 2013-04-25 19:16:48.000000000 +0100 ++++ texlive-20130427_r30134/source/texk/dvipsk/writet1.c 2019-07-25 12:37:43.385859300 +0100 +@@ -1447,7 +1447,9 @@ static void t1_check_unusual_charstring( + *(strend(t1_buf_array) - 1) = ' '; + + t1_getline(); ++ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE); + strcat(t1_buf_array, t1_line_array); ++ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE); + strcpy(t1_line_array, t1_buf_array); + t1_line_ptr = eol(t1_line_array); + } +diff -up texlive-20130427_r30134/source/texk/web2c/pdftexdir/writet1.c.orig texlive-20130427_r30134/source/texk/web2c/pdftexdir/writet1.c +--- texlive-20130427_r30134/source/texk/web2c/pdftexdir/writet1.c.orig 2013-04-25 19:16:47.000000000 +0100 ++++ texlive-20130427_r30134/source/texk/web2c/pdftexdir/writet1.c 2019-07-25 12:37:43.386859270 +0100 +@@ -1596,7 +1596,9 @@ static void t1_check_unusual_charstring( + *(strend(t1_buf_array) - 1) = ' '; + + t1_getline(); ++ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE); + strcat(t1_buf_array, t1_line_array); ++ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE); + strcpy(t1_line_array, t1_buf_array); + t1_line_ptr = eol(t1_line_array); + } +--- texlive-2012/source/texk/web2c/luatexdir/font/writet1.w.orig 2019-08-26 18:40:06.981813698 +0200 ++++ texlive-2012/source/texk/web2c/luatexdir/font/writet1.w 2019-08-26 18:39:31.394605507 +0200 +@@ -1638,7 +1638,9 @@ + if (sscanf(p, "%i", &i) != 1) { + strcpy(t1_buf_array, t1_line_array); + t1_getline(); ++ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE); + strcat(t1_buf_array, t1_line_array); ++ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE); + strcpy(t1_line_array, t1_buf_array); + t1_line_ptr = eol(t1_line_array); + } diff --git a/SPECS/texlive.spec b/SPECS/texlive.spec index 1fb77f9..65520e5 100644 --- a/SPECS/texlive.spec +++ b/SPECS/texlive.spec @@ -1,6 +1,6 @@ %global source_date 20130427_r30134 %global tl_version 2012 -%global tl_rel 43 +%global tl_rel 45 %global tl_release %{tl_rel}.%{source_date}%{?dist} %global tl_noarch_release %{tl_rel}%{?dist} %global source_name texlive-%{source_date}-source @@ -55,6 +55,8 @@ Patch4: texlive-2012-selinux.patch Patch5: texlive-2012-warning.patch # fix memset warning Patch6: texlive-2012-memset-warning.patch +# CVE-2018-17407 +Patch7: texlive-20130427_r30134-CVE-2018-17407.patch Source0: %{source_name}.tar.xz Source1: texlive.tlpdb Source2: texlive-licenses.tar.xz @@ -31293,6 +31295,7 @@ collection-metapost package %setup -q -c -T xz -dc %{SOURCE0} | tar x [ -e %{source_name} ] && mv %{source_name} source + %patch1 -p0 for l in `unxz -c %{SOURCE2} | tar t`; do ln -s %{_texdir}/licenses/$l $l @@ -31301,6 +31304,7 @@ done %patch3 -p1 %patch4 -p1 %patch6 -p1 +%patch7 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-strict-overflow" @@ -61478,6 +61482,12 @@ fi %changelog +* Mon Aug 26 2019 Than Ngo - 2:2012-45.20130427_r30134 +- Related: #1650521, buffer overflow in t1_check_unusual_charstring function + +* Mon Jul 29 2019 Than Ngo - 2:2012-44.20130427_r30134 +- Resolves: #1650521, buffer overflow in t1_check_unusual_charstring function + * Sun Jul 22 2018 Than Ngo - 2:2012-43.20130427_r30134 - Related: #1337981 - fixed memset warning detected by rpmdiff