summary refs log tree commit diff
path: root/gnu/packages/patches/texlive-bin-CVE-2018-17407.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/texlive-bin-CVE-2018-17407.patch')
-rw-r--r--gnu/packages/patches/texlive-bin-CVE-2018-17407.patch249
1 files changed, 0 insertions, 249 deletions
diff --git a/gnu/packages/patches/texlive-bin-CVE-2018-17407.patch b/gnu/packages/patches/texlive-bin-CVE-2018-17407.patch
deleted file mode 100644
index 63646d420c..0000000000
--- a/gnu/packages/patches/texlive-bin-CVE-2018-17407.patch
+++ /dev/null
@@ -1,249 +0,0 @@
-This patch adds support for newer versions of Poppler and some upstream
-TexLive fixes, including one for CVE-2018-17407.
-
-It is taken from Linux From Scratch:
-<http://www.linuxfromscratch.org/patches/blfs/svn/texlive-20180414-source-upstream_fixes-3.patch>.
-
-Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
-Date: 2018-12-26
-Initial Package Version: 20180414
-Upstream Status: Applied
-Origin: Upstream
-Description: Two fixes, cherry-picked from svn plus a CVE fix.
-I have removed the partial fixes for various system versions of poppler.
-
-r47469 Fix segfault in dvipdfm-x (XeTeX) on 1/2/4-bit transparent indexed PNGs.
-
-r47477 Fix a ptex regression for discontinuous kinsoku table.
-
-Also, via fedora (I got lost in svn) a critical fix for CVE-2018-17407
-
-"A buffer overflow in the handling of Type 1 fonts allows arbitrary code
-execution when a malicious font is loaded by one of the vulnerable tools:
-pdflatex, pdftex, dvips, or luatex."
-
-diff -Naur a/texk/dvipdfm-x/pngimage.c b/texk/dvipdfm-x/pngimage.c
---- a/texk/dvipdfm-x/pngimage.c	2018-02-17 08:41:35.000000000 +0000
-+++ b/texk/dvipdfm-x/pngimage.c	2018-10-09 01:52:01.648670875 +0100
-@@ -964,12 +964,16 @@
-   png_bytep   trans;
-   int         num_trans;
-   png_uint_32 i;
-+  png_byte    bpc, mask, shift;
- 
-   if (!png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS) ||
-       !png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, NULL)) {
-     WARN("%s: PNG does not have valid tRNS chunk but tRNS is requested.", PNG_DEBUG_STR);
-     return NULL;
-   }
-+  bpc   = png_get_bit_depth(png_ptr, info_ptr);
-+  mask  = 0xff >> (8 - bpc);
-+  shift = 8 - bpc;
- 
-   smask = pdf_new_stream(STREAM_COMPRESS);
-   dict  = pdf_stream_dict(smask);
-@@ -981,7 +985,8 @@
-   pdf_add_dict(dict, pdf_new_name("ColorSpace"), pdf_new_name("DeviceGray"));
-   pdf_add_dict(dict, pdf_new_name("BitsPerComponent"), pdf_new_number(8));
-   for (i = 0; i < width*height; i++) {
--    png_byte idx = image_data_ptr[i];
-+    /* data is packed for 1/2/4 bpc formats, msb first */
-+    png_byte idx = (image_data_ptr[bpc * i / 8] >> (shift - bpc * i % 8)) & mask;
-     smask_data_ptr[i] = (idx < num_trans) ? trans[idx] : 0xff;
-   }
-   pdf_add_stream(smask, (char *)smask_data_ptr, width*height);
-diff -Naur a/texk/dvipsk/writet1.c b/texk/dvipsk/writet1.c
---- a/texk/dvipsk/writet1.c	2016-11-25 18:24:26.000000000 +0000
-+++ b/texk/dvipsk/writet1.c	2018-10-09 01:52:01.648670875 +0100
-@@ -1449,7 +1449,9 @@
-         *(strend(t1_buf_array) - 1) = ' ';
- 
-         t1_getline();
-+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
-         strcat(t1_buf_array, t1_line_array);
-+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
-         strcpy(t1_line_array, t1_buf_array);
-         t1_line_ptr = eol(t1_line_array);
-     }
-diff -Naur a/texk/web2c/luatexdir/font/writet1.w b/texk/web2c/luatexdir/font/writet1.w
---- a/texk/web2c/luatexdir/font/writet1.w	2016-11-25 18:24:34.000000000 +0000
-+++ b/texk/web2c/luatexdir/font/writet1.w	2018-10-09 01:52:01.648670875 +0100
-@@ -1625,7 +1625,9 @@
-     if (sscanf(p, "%i", &i) != 1) {
-         strcpy(t1_buf_array, t1_line_array);
-         t1_getline();
-+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
-         strcat(t1_buf_array, t1_line_array);
-+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
-         strcpy(t1_line_array, t1_buf_array);
-         t1_line_ptr = eol(t1_line_array);
-     }
-diff -Naur a/texk/web2c/luatexdir/image/pdftoepdf.w b/texk/web2c/luatexdir/image/pdftoepdf.w
---- a/texk/web2c/luatexdir/image/pdftoepdf.w	2018-01-17 18:00:12.000000000 +0000
-+++ b/texk/web2c/luatexdir/image/pdftoepdf.w	2018-10-09 01:52:01.648670875 +0100
-@@ -472,10 +472,10 @@
-         break;
-     */
-     case objString:
--        copyString(pdf, obj->getString());
-+        copyString(pdf, (GooString *)obj->getString());
-         break;
-     case objName:
--        copyName(pdf, obj->getName());
-+        copyName(pdf, (char *)obj->getName());
-         break;
-     case objNull:
-         pdf_add_null(pdf);
-diff -Naur a/texk/web2c/luatexdir/lua/lepdflib.cc b/texk/web2c/luatexdir/lua/lepdflib.cc
---- a/texk/web2c/luatexdir/lua/lepdflib.cc	2018-02-14 14:44:38.000000000 +0000
-+++ b/texk/web2c/luatexdir/lua/lepdflib.cc	2018-10-09 01:52:01.649670868 +0100
-@@ -674,7 +674,7 @@
-     uin = (udstruct *) luaL_checkudata(L, 1, M_##in);          \
-     if (uin->pd != NULL && uin->pd->pc != uin->pc)             \
-         pdfdoc_changed_error(L);                               \
--    gs = ((in *) uin->d)->function();                          \
-+    gs = (GooString *)((in *) uin->d)->function();             \
-     if (gs != NULL)                                            \
-         lua_pushlstring(L, gs->getCString(), gs->getLength()); \
-     else                                                       \
-@@ -1813,7 +1813,7 @@
-     if (uin->pd != NULL && uin->pd->pc != uin->pc)
-         pdfdoc_changed_error(L);
-     if (((Object *) uin->d)->isString()) {
--        gs = ((Object *) uin->d)->getString();
-+        gs = (GooString *)((Object *) uin->d)->getString();
-         lua_pushlstring(L, gs->getCString(), gs->getLength());
-     } else
-         lua_pushnil(L);
-diff -Naur a/texk/web2c/pdftexdir/writet1.c b/texk/web2c/pdftexdir/writet1.c
---- a/texk/web2c/pdftexdir/writet1.c	2016-11-25 18:24:37.000000000 +0000
-+++ b/texk/web2c/pdftexdir/writet1.c	2018-10-09 01:52:01.649670868 +0100
-@@ -1598,7 +1598,9 @@
-         *(strend(t1_buf_array) - 1) = ' ';
- 
-         t1_getline();
-+        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
-         strcat(t1_buf_array, t1_line_array);
-+        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
-         strcpy(t1_line_array, t1_buf_array);
-         t1_line_ptr = eol(t1_line_array);
-     }
-diff -Naur a/texk/web2c/ptexdir/ptex_version.h b/texk/web2c/ptexdir/ptex_version.h
---- a/texk/web2c/ptexdir/ptex_version.h	2018-01-21 03:48:06.000000000 +0000
-+++ b/texk/web2c/ptexdir/ptex_version.h	2018-10-09 01:52:01.649670868 +0100
-@@ -1 +1 @@
--#define PTEX_VERSION "p3.8.0"
-+#define PTEX_VERSION "p3.8.1"
-diff -Naur a/texk/web2c/ptexdir/tests/free_ixsp.tex b/texk/web2c/ptexdir/tests/free_ixsp.tex
---- a/texk/web2c/ptexdir/tests/free_ixsp.tex	1970-01-01 01:00:00.000000000 +0100
-+++ b/texk/web2c/ptexdir/tests/free_ixsp.tex	2018-10-09 01:52:01.649670868 +0100
-@@ -0,0 +1,53 @@
-+%#!eptex -ini -etex
-+\let\dump\relax
-+\batchmode
-+\input plain
-+
-+\errorstopmode
-+\catcode`@=11
-+\newcount\@tempcnta
-+\newcount\@tempcntb
-+\newcount\@tempcntc
-+\mathchardef\LIM=256
-+
-+\def\MYCHAR#1{%
-+  \@tempcntc=\numexpr7*#1+"101\relax
-+  \@tempcnta=\@tempcntc\divide\@tempcnta 94
-+  \@tempcntb=\numexpr\@tempcntc-94*\@tempcnta+1\relax
-+  \ifnum\@tempcntb<0\advance\@tempcntb94 \advance\@tempcnta-1\fi
-+  \advance\@tempcnta18 % 18区以降
-+  \CNTA=\kuten\numexpr"100*\@tempcnta+\@tempcntb\relax
-+}
-+
-+\newcount\CNT\newcount\CNTA
-+\CNT=0
-+\loop
-+  \MYCHAR\CNT
-+  \message{\the\CNT.}
-+  \inhibitxspcode\CNTA=1\relax
-+  \advance\CNT1\relax
-+  \ifnum\CNT<\LIM
-+\repeat
-+
-+\newcount\CNTB
-+
-+\loop
-+  \MYCHAR\CNTB
-+  \global\inhibitxspcode\CNTA=3
-+{%
-+\CNT=0
-+\loop
-+  \MYCHAR\CNT
-+  \count@=\numexpr 1-\inhibitxspcode\CNTA\relax
-+  \ifnum\count@=0\else\ifnum\CNTB=\CNT\else
-+    \errmessage{<\the\CNTB, \the\CNT, \the\inhibitxspcode\CNTA>}\fi\fi
-+  \advance\CNT1\relax
-+  \ifnum\CNT<\LIM
-+\repeat
-+}
-+  \MYCHAR\CNTB
-+  \global\inhibitxspcode\CNTA=1\relax
-+  \advance\CNTB1\relax
-+  \ifnum\CNTB<\LIM
-+\repeat
-+\bye
-diff -Naur a/texk/web2c/ptexdir/tests/free_pena.tex b/texk/web2c/ptexdir/tests/free_pena.tex
---- a/texk/web2c/ptexdir/tests/free_pena.tex	1970-01-01 01:00:00.000000000 +0100
-+++ b/texk/web2c/ptexdir/tests/free_pena.tex	2018-10-09 01:52:01.649670868 +0100
-@@ -0,0 +1,52 @@
-+%#!eptex -ini -etex
-+\let\dump\relax
-+\batchmode
-+\input plain
-+
-+\errorstopmode
-+\catcode`@=11
-+\newcount\@tempcnta
-+\newcount\@tempcntb
-+\newcount\@tempcntc
-+\mathchardef\LIM=256
-+
-+\def\MYCHAR#1{%
-+  \@tempcntc=\numexpr7*#1+"101\relax
-+  \@tempcnta=\@tempcntc\divide\@tempcnta 94
-+  \@tempcntb=\numexpr\@tempcntc-94*\@tempcnta+1\relax
-+  \ifnum\@tempcntb<0\advance\@tempcntb94 \advance\@tempcnta-1\fi
-+  \advance\@tempcnta18 % 18区以降
-+  \CNTA=\kuten\numexpr"100*\@tempcnta+\@tempcntb\relax
-+}
-+
-+\newcount\CNT\newcount\CNTA
-+\CNT=0
-+\loop
-+  \MYCHAR\CNT
-+  \message{\the\CNT.}
-+  \prebreakpenalty\CNTA=\numexpr\CNT+1\relax
-+  \advance\CNT1\relax
-+  \ifnum\CNT<\LIM
-+\repeat
-+
-+\newcount\CNTB
-+
-+\loop
-+  \MYCHAR\CNTB
-+  \global\prebreakpenalty\CNTA=0
-+{%
-+\CNT=0
-+\loop
-+  \MYCHAR\CNT
-+  \count@=\numexpr -\CNT-1+\prebreakpenalty\CNTA\relax
-+  \ifnum\count@=0\else\ifnum\CNTB=\CNT\else\errmessage{<\the\CNTB, \the\CNT>}\fi\fi
-+  \advance\CNT1\relax
-+  \ifnum\CNT<\LIM
-+\repeat
-+}
-+  \MYCHAR\CNTB
-+  \global\prebreakpenalty\CNTA=\numexpr\CNTB+1\relax
-+  \advance\CNTB1\relax
-+  \ifnum\CNTB<\LIM
-+\repeat
-+\bye
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-25 00:13:05 +0000