pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q1]: pkgsrc/print/teTeX3-bin pullup ticket #2362 - request...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a28807471cbd
branches: pkgsrc-2008Q1
changeset: 540317:a28807471cbd
user: rtr <rtr%pkgsrc.org@localhost>
date: Thu May 08 14:21:48 2008 +0000
description:
pullup ticket #2362 - requested by tonnerre
teTeX3-bin: fixes security vulnerability
revisions pulled up:
- pkgsrc/print/teTeX3-bin/Makefile 1.27
- pkgsrc/print/teTeX3-bin/distinfo 1.8,1.9
- pkgsrc/print/teTeX3-bin/patches/patch-am 1.1
- pkgsrc/print/teTeX3-bin/patches/patch-an 1.1
- pkgsrc/print/teTeX3-bin/patches/patch-at 1.1,1.2
- pkgsrc/print/teTeX3-bin/patches/patch-au 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Mon May 5 22:48:22 UTC 2008
Modified Files:
dule Name: pkgsrc
Committed By: tonnerre
Date: Tue May 6 09:24:20 UTC 2008
Modified Files:
pkgsrc/print/teTeX3-bin: distinfo
pkgsrc/print/teTeX3-bin/patches: patch-at
Log Message:
Remove RCSID from patch-at so it applies again
pkgsrc/print/teTeX3-bin: Makefile distinfo
Added Files:
pkgsrc/print/teTeX3-bin/patches: patch-am patch-an patch-at
patch-au
Log Message:
Fix various buffer overflow vulnerabilities in dvips and dviljk, and an
insecure temp file creation vulnerability in dvips. Fixes CVE-2007-5935,
CVE-2007-5936 and CVE-2007-5937. Bump PKGREVISION.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue May 6 09:24:20 UTC 2008
Modified Files:
pkgsrc/print/teTeX3-bin: distinfo
pkgsrc/print/teTeX3-bin/patches: patch-at
Log Message:
Remove RCSID from patch-at so it applies again
diffstat:
print/teTeX3-bin/Makefile | 4 +-
print/teTeX3-bin/distinfo | 6 +-
print/teTeX3-bin/patches/patch-am | 82 +
print/teTeX3-bin/patches/patch-an | 13 +
print/teTeX3-bin/patches/patch-at | 1896 +++++++++++++++++++++++++++++++++++++
print/teTeX3-bin/patches/patch-au | 100 +
6 files changed, 2098 insertions(+), 3 deletions(-)
diffs (truncated from 2142 to 300 lines):
diff -r 94f085f5b336 -r a28807471cbd print/teTeX3-bin/Makefile
--- a/print/teTeX3-bin/Makefile Tue May 06 19:57:07 2008 +0000
+++ b/print/teTeX3-bin/Makefile Thu May 08 14:21:48 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2008/01/18 05:08:55 tnn Exp $
+# $NetBSD: Makefile,v 1.26.2.1 2008/05/08 14:21:48 rtr Exp $
DISTNAME= tetex-src-3.0
PKGNAME= ${DISTNAME:C/tetex/teTeX/:C/src/bin/}
-PKGREVISION= 15
+PKGREVISION= 16
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/unix/teTeX/3.0/distrib/}
diff -r 94f085f5b336 -r a28807471cbd print/teTeX3-bin/distinfo
--- a/print/teTeX3-bin/distinfo Tue May 06 19:57:07 2008 +0000
+++ b/print/teTeX3-bin/distinfo Thu May 08 14:21:48 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2006/04/05 20:18:42 minskim Exp $
+$NetBSD: distinfo,v 1.7.16.1 2008/05/08 14:21:48 rtr Exp $
SHA1 (teTeX/tetex-src-3.0.tar.gz) = 7637789f7f4929694aed1b89820f5bad4753e8fc
RMD160 (teTeX/tetex-src-3.0.tar.gz) = 15a139f5f36993e4ed3583260e175cfb13ce7bcc
@@ -15,7 +15,11 @@
SHA1 (patch-aj) = e9e62bdb9f956f0f8a9dc4fe9988309b7c6aa767
SHA1 (patch-ak) = ba06c10c1151173e04f3a6cc44d44a89f1933bb8
SHA1 (patch-al) = e1fc74bd6ea05176dfac4e99958f0e1281b89b3b
+SHA1 (patch-am) = 54d86197eee3d4e15a6c9bad6ae16ef1e0299667
+SHA1 (patch-an) = a02db18a49f61f965e0277fbc5a3fa72a5060b47
SHA1 (patch-ap) = 0ca7341b416842fbc00a935d6cfdb0531c4169ba
SHA1 (patch-aq) = d7a4dd4864e43cd27b1ca803f8ebfe82e65f84a7
SHA1 (patch-ar) = 7f0c6cdca69b73bad1c8f8298e417ede1cd89d77
SHA1 (patch-as) = 0b6c4c6b253ba1160628c19fa7080bc7c307caf3
+SHA1 (patch-at) = 4c165a3b654619e30f106ba812ae0b653e8922ba
+SHA1 (patch-au) = a439d5bfa857636c72861d9d5ffe9243f34dc8e1
diff -r 94f085f5b336 -r a28807471cbd print/teTeX3-bin/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX3-bin/patches/patch-am Thu May 08 14:21:48 2008 +0000
@@ -0,0 +1,82 @@
+$NetBSD: patch-am,v 1.1.2.2 2008/05/08 14:21:48 rtr Exp $
+
+--- texk/dvipsk/hps.c
++++ texk/dvipsk/hps.c
+@@ -441,19 +441,28 @@ int href_name_match P2C(char *, h, char
+
+ void stamp_hps P1C(Hps_link *, pl)
+ {
+- char tmpbuf[200] ;
++ char * tmpbuf;
+ if (pl == NULL) {
+- error("Null pointer, oh no!") ;
++ error("stamp_hps: null pl pointer, oh no!") ;
+ return ;
+- } else {
+- /* print out the proper pdfm with local page info only
+- * target info will be in the target dictionary */
+- (void)sprintf(tmpbuf,
+- " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
+- pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
+- pl->color[0], pl->color[1], pl->color[2]) ;
+- cmdout(tmpbuf) ;
+- }
++ }
++ if(pl->title == NULL) {
++ error("stamp_hps: null pl->title pointer, oh no!") ;
++ return ;
++ }
++
++ tmpbuf = (char *) xmalloc(strlen(pl->title)+200);
++
++ /* print out the proper pdfm with local page info only
++ * target info will be in the target dictionary */
++ (void)sprintf(tmpbuf,
++ " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ",
++ pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
++ pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
++ pl->color[0], pl->color[1], pl->color[2]) ;
++ cmdout(tmpbuf) ;
++ free(tmpbuf);
++
+
+ }
+
+@@ -462,18 +471,27 @@ void stamp_hps P1C(Hps_link *, pl)
+ */
+ void stamp_external P2C(char *, s, Hps_link *, pl)
+ {
+- char tmpbuf[200];
++ char *tmpbuf;
+ if (pl == NULL) {
+- error("Null pointer, oh no!") ;
++ error("stamp_external: null pl pointer, oh no!") ;
+ return ;
+- } else {
+- /* print out the proper pdfm with local page info only
+- * target info will be in the target dictionary */
+- (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
+- pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
+- pl->color[0], pl->color[1], pl->color[2], s) ;
+- cmdout(tmpbuf) ;
+- }
++ }
++
++ if (s == NULL) {
++ error("stamp_external: null s pointer, oh no!") ;
++ return ;
++ }
++
++ tmpbuf = (char *) xmalloc(strlen(s) + 200);
++
++ /* print out the proper pdfm with local page info only
++ * target info will be in the target dictionary */
++ (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ",
++ pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
++ pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
++ pl->color[0], pl->color[1], pl->color[2], s) ;
++ cmdout(tmpbuf) ;
++ free(tmpbuf);
+ }
+
+ void finish_hps P1H(void) {
diff -r 94f085f5b336 -r a28807471cbd print/teTeX3-bin/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX3-bin/patches/patch-an Thu May 08 14:21:48 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-an,v 1.1.2.2 2008/05/08 14:21:48 rtr Exp $
+
+--- texk/dviljk/configure.in.orig 1999-02-08 22:42:01.000000000 +0100
++++ texk/dviljk/configure.in
+@@ -14,6 +14,8 @@ dnl These tests prevent reliable cross-c
+ AC_C_CHAR_UNSIGNED
+ AC_CHECK_SIZEOF(long)
+
++AC_CHECK_FUNCS(rmdir unlink mkdtemp)
++
+ AC_OUTPUT(Makefile)
+ dnl Update stamp-auto, since we just remade `c-auto.h'.
+ date >stamp-auto
diff -r 94f085f5b336 -r a28807471cbd print/teTeX3-bin/patches/patch-at
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX3-bin/patches/patch-at Thu May 08 14:21:48 2008 +0000
@@ -0,0 +1,1896 @@
+$NetBSD: patch-at,v 1.2.2.2 2008/05/08 14:21:48 rtr Exp $
+
+--- texk/dviljk/dvi2xx.c
++++ texk/dviljk/dvi2xx.c
+@@ -2,4 +2,4 @@
+-#define VERSION "2.6p2 (dviljk)"
++#define VERSION "dviljk (version 2.6p3)"
+ /*
+ #define DEBUGGS 1
+ */
+@@ -165,7 +165,7 @@ char *argv[];
+ # endif
+ #endif
+
+- /* Initialize pixel_files */
++ /* Initialize pixel_files */
+ for (i = 0; i <= MAXOPEN; i++)
+ pixel_files[i].pixel_file_id = FPNULL;
+
+@@ -173,7 +173,7 @@ char *argv[];
+ y_origin = YDEFAULTOFF; /* y-origin in dots */
+
+ setbuf(ERR_STREAM, NULL);
+- (void) strcpy(G_progname, argv[0]);
++ G_progname = argv[0];
+ #ifdef KPATHSEA
+ kpse_set_progname(argv[0]);
+ kpse_set_program_enabled (kpse_pk_format, MAKE_TEX_PK_BY_DEFAULT, kpse_src_compile);
+@@ -275,7 +275,7 @@ char *argv[];
+ EMIT1("@PJL SET PAGEPROTECT=OFF\012");
+ EMIT1("@PJL ENTER LANGUAGE=PCL\012");
+ if (econoMode && LJ6)
+- EMIT1("@PJL SET ECONOMODE=ON\012");
++ EMIT1("@PJL SET ECONOMODE=ON\012");
+ EMIT3("\033&u%dD\033*t%dR",RESOLUTION,RESOLUTION);
+ if (econoMode && !LJ6)
+ EMIT1("\033*v1T");
+@@ -431,8 +431,8 @@ char *argv[];
+ /*
+ fprintf(ERR_STREAM,"FirstPart\n count %d, mod %d, pp %d\n",(int)count[0],(int)count[0]%2,PageParity);
+ */
+- SkipMode =
+- (bool)(PageParity != (short)((count[0]<0 ?
++ SkipMode =
++ (bool)(PageParity != (short)((count[0]<0 ?
+ labs(count[0])+1 : count[0])%2));
+ if (count[0] == 0) SkipMode = (bool)!SkipMode;
+ }
+@@ -641,7 +641,7 @@ char *argv[];
+ is not buffered. */
+
+ /* read a buffered byte */
+-char
++char
+ #if NeedFunctionPrototypes
+ b_read(FILEPTR spfp)
+ #else
+@@ -661,7 +661,7 @@ FILEPTR spfp;
+ }
+
+ #ifdef RISC_BUFFER
+-void
++void
+ #if NeedFunctionPrototypes
+ b_write(FILEPTR spfp, char c) /* write a buffered byte */
+ #else
+@@ -677,7 +677,7 @@ char c;
+ buffout[boact++] = c;
+ }
+
+-void
++void
+ #if NeedFunctionPrototypes
+ b_wrtmult(FILEPTR spfp, char *buf, int len) /* write a sequence of bytes to the output buffer */
+ #else
+@@ -693,22 +693,22 @@ int len;
+ write_multi(buffout,1,boact,spfp);
+ /* Copy only small blocks; large ones are written directly */
+ if (len < (BUFFSIZE/4)) {
+- for (i = 0; i<len; i++)
++ for (i = 0; i<len; i++)
+ buffout[i] = buf[i];
+ boact = len;
+ } else {
+- write_multi(buf,1,len,spfp);
++ write_multi(buf,1,len,spfp);
+ boact = 0;
+ }
+ }
+ else {
+- for (i = 0; i<len; i++)
++ for (i = 0; i<len; i++)
+ buffout[boact++] = buf[i];
+ }
+ }
+
+ /* flush the output buffer */
+-void
++void
+ #if NeedFunctionPrototypes
+ b_oflush(FILEPTR spfp)
+ #else
+@@ -762,9 +762,9 @@ char *str;
+ /***************************** CopyHPFile ******************************/
+ /*********************************************************************/
+ #if NeedFunctionPrototypes
+-int getnum(FILEPTR spfp, char *t, char *numstr)
++int getnum(FILEPTR spfp, char *t, char *numstr)
+ #else
+-int getnum(spfp, t, numstr)
++int getnum(spfp, t, numstr)
+ FILEPTR spfp;
+ char *t, *numstr;
+ #endif
+@@ -777,30 +777,30 @@ char *t, *numstr;
+ }
+
+ #if NeedFunctionPrototypes
+-void setOffset(char dir, char sign, int pos)
++void setOffset(char dir, char sign, int pos)
+ #else
+-void setOffset(dir, sign, pos, first)
++void setOffset(dir, sign, pos, first)
+ char dir, sign;
+ int pos;
+ #endif
+ {
+ if ((sign == '+' || sign == '-') && pos > 0 ) {
+ EMIT4("\033*p%c%d%c",sign,pos,dir);
+-#ifdef DEBUGGS
++#ifdef DEBUGGS
+ fprintf(stderr, "relative: *p%c%d%c\n", sign, pos, dir);
+ #endif
+ } else if (pos>0) {
+ EMIT3("\033*p%d%c",pos,dir);
+-#ifdef DEBUGGS
++#ifdef DEBUGGS
+ fprintf(stderr, "absolute: *p%d%c\n", pos, dir);
+ #endif
+- if (dir == 'X')
++ if (dir == 'X')
+ last_rx = pos;
+- else
++ else
+ last_ry = pos;
+ } else {
+ /*EMIT3("\033*p%d%c",pos,dir);*/
+-#ifdef DEBUGGS
++#ifdef DEBUGGS
+ fprintf(stderr, "Relative: *p%d%c\n", pos, dir);
+ #endif
+ }
+@@ -832,7 +832,7 @@ char *str;
+ unwanted commands from the input file and outputs the rest */
+
+ /* reset the input buffer */
+- binumber = 0;
++ binumber = 0;
Home |
Main Index |
Thread Index |
Old Index