packages/texlive-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!70 [sync] PR-60: Fix CVE-2023-46048, CVE-2023-46051

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-08-08 01:07:20 +00:00 committed by Gitee
commit 66cdef5b19
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 97 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2023-46048.patch Normal file
View File

@ -0,0 +1,54 @@
Origin:
https://github.com/TeX-Live/texlive-source/commit/33b330bc48ed2df69daf80a81be3cde8bf794816
https://tug.org/pipermail/tex-live/2023-August/049402.html
From 33b330bc48ed2df69daf80a81be3cde8bf794816 Mon Sep 17 00:00:00 2001
From: Karl Berry <karl@freefriends.org>
Date: Sat, 26 Aug 2023 17:50:10 +0000
Subject: [PATCH] guard against corrupt pfb in dup tests, pdftex r910
git-svn-id: svn://tug.org/texlive/trunk/Build/source@68069 c570f23f-e606-0410-a88d-b1316a301751
---
texlive-20210325-source/texk/web2c/pdftexdir/writet1.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c b/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c
index 0444d46be0..f2a8386cab 100644
--- a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c
+++ b/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c
@@ -841,7 +841,10 @@ static char **t1_builtin_enc(void)
*t1_buf_array == '/' && valid_code(i)) {
if (strcmp(t1_buf_array + 1, notdef) != 0)
glyph_names[i] = xstrdup(t1_buf_array + 1);
- p = strstr(p, " put") + strlen(" put");
+ p = strstr(p, " put");
+ if (!p)
+ pdftex_fail("invalid pfb, no put found in dup");
+ p += strlen(" put");
skip(p, ' ');
}
/*
@@ -850,7 +853,10 @@ static char **t1_builtin_enc(void)
else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2
&& valid_code(a) && valid_code(b)) {
copy_glyph_names(glyph_names, a, b);
- p = strstr(p, " get put") + strlen(" get put");
+ p = strstr(p, " get put");
+ if (!p)
+ pdftex_fail("invalid pfb, no get put found in dup dup");
+ p += strlen(" get put");
skip(p, ' ');
}
/*
@@ -861,7 +867,10 @@ static char **t1_builtin_enc(void)
&& valid_code(a) && valid_code(b) && valid_code(c)) {
for (i = 0; i < c; i++)
copy_glyph_names(glyph_names, a + i, b + i);
- p = strstr(p, " putinterval") + strlen(" putinterval");
+ p = strstr(p, " putinterval");
+ if (!p)
+ pdftex_fail("invalid pfb, no putinterval found in dup dup");
+ p += strlen(" putinterval");
skip(p, ' ');
}
/*

37
CVE-2023-46051.patch Normal file
View File

@ -0,0 +1,37 @@
Origin:
https://github.com/TeX-Live/texlive-source/commit/8215ee325f74405f795a02d247fbd99302810261
https://tug.org/pipermail/tex-live/2023-August/049415.html
From 8215ee325f74405f795a02d247fbd99302810261 Mon Sep 17 00:00:00 2001
From: Karl Berry <karl@freefriends.org>
Date: Mon, 28 Aug 2023 22:32:09 +0000
Subject: [PATCH] guard against undump of corrupt .fmt
git-svn-id: svn://tug.org/texlive/trunk/Build/source@68100 c570f23f-e606-0410-a88d-b1316a301751
---
texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c b/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c
index e658064abb..e57c36f6be 100644
--- a/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c
+++ b/texlive-20210325-source/texk/web2c/pdftexdir/tounicode.c
@@ -535,10 +535,17 @@ void undumptounicode(void)
void **result;
glyph_unicode_entry *gu = new_glyph_unicode_entry();
undumpcharptr(gu->name);
+ if (gu->name == NULL) {
+ pdftex_fail("undumpcharptr(gu->name) got NULL");
+ }
generic_undump(gu->code);
- if (gu->code == UNI_STRING)
+ if (gu->code == UNI_STRING) {
undumpcharptr(gu->unicode_seq);
+ if (gu->unicode_seq == NULL) {
+ pdftex_fail("undumpcharptr(gu->unicode_seq) got NULL");
+ }
+ }
result = avl_probe(glyph_unicode_tree, gu);
assert(*result == gu);

47
texlive-20180414-synctex-version.patch
View File

@ -1,47 +0,0 @@
From 28fe90a530c055abce7af362512b81a70d296e7d Mon Sep 17 00:00:00 2001
From: Akira Kakuto <kakuto@fuk.kindai.ac.jp>
Date: Mon, 23 Jul 2018 21:21:12 +0000
Subject: [PATCH] add synctex_version.h (report from Johannes)
git-svn-id: svn://tug.org/texlive/trunk/Build/source@48260 c570f23f-e606-0410-a88d-b1316a301751
---
texk/web2c/Makefile.in | 3 ++-
texk/web2c/synctexdir/am/synctex.am | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/texk/web2c/Makefile.in b/texk/web2c/Makefile.in
index abdd6dfef..4872c68f2 100644
--- a/texlive-20210325-source/texk/web2c/Makefile.in
+++ b/texlive-20210325-source/texk/web2c/Makefile.in
@@ -2420,7 +2420,7 @@ NROFF = nroff
MANS = $(dist_man_MANS) $(nodist_man_MANS)
DATA = $(pkgconfig_DATA)
am__syncinclude_HEADERS_DIST = synctexdir/synctex_parser.h \
- synctexdir/synctex_parser_utils.h
+ synctexdir/synctex_version.h synctexdir/synctex_parser_utils.h
HEADERS = $(syncinclude_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
@@ -4687,6 +4687,7 @@ syncincludedir = ${includedir}/synctex
pkgconfigdir = ${libdir}/pkgconfig
@SYNCTEX_TRUE@syncinclude_HEADERS = \
@SYNCTEX_TRUE@ synctexdir/synctex_parser.h \
+@SYNCTEX_TRUE@ synctexdir/synctex_version.h \
@SYNCTEX_TRUE@ synctexdir/synctex_parser_utils.h
@SYNCTEX_TRUE@pkgconfig_DATA = synctexdir/synctex.pc
diff --git a/texk/web2c/synctexdir/am/synctex.am b/texk/web2c/synctexdir/am/synctex.am
index 316ffbbae..b69cb260a 100644
--- a/texlive-20210325-source/texk/web2c/synctexdir/am/synctex.am
+++ b/texlive-20210325-source/texk/web2c/synctexdir/am/synctex.am
@@ -55,6 +55,7 @@ pkgconfigdir = ${libdir}/pkgconfig
if SYNCTEX
syncinclude_HEADERS = \
synctexdir/synctex_parser.h \
+ synctexdir/synctex_version.h \
synctexdir/synctex_parser_utils.h
pkgconfig_DATA = synctexdir/synctex.pc
--
2.17.1

39
texlive-base-CVE-2018-17407.patch
View File

@ -1,39 +0,0 @@
diff -up a/texlive-20210325-source/texk/dvipsk/writet1.c.CVE-2018-17407 a/texlive-20210325-source/texk/dvipsk/writet1.c
--- a/texlive-20210325-source/texk/dvipsk/writet1.c.CVE-2018-17407 2018-10-01 11:03:50.140899732 -0400
+++ a/texlive-20210325-source/texk/dvipsk/writet1.c 2018-10-01 11:04:31.425999765 -0400
@@ -1449,7 +1449,9 @@ static void t1_check_unusual_charstring(
*(strend(t1_buf_array) - 1) = ' ';
t1_getline();
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcat(t1_buf_array, t1_line_array);
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcpy(t1_line_array, t1_buf_array);
t1_line_ptr = eol(t1_line_array);
}
diff -up a/texlive-20210325-source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407 a/texlive-20210325-source/texk/web2c/luatexdir/font/writet1.w
--- a/texlive-20210325-source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407 2018-10-01 11:05:54.404187837 -0400
+++ a/texlive-20210325-source/texk/web2c/luatexdir/font/writet1.w 2018-10-01 11:06:33.537335758 -0400
@@ -1625,7 +1625,9 @@ static void t1_check_unusual_charstring(
if (sscanf(p, "%i", &i) != 1) {
strcpy(t1_buf_array, t1_line_array);
t1_getline();
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcat(t1_buf_array, t1_line_array);
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcpy(t1_line_array, t1_buf_array);
t1_line_ptr = eol(t1_line_array);
}
diff -up a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407 a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c
--- a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407 2018-10-01 11:06:57.881806099 -0400
+++ a/texlive-20210325-source/texk/web2c/pdftexdir/writet1.c 2018-10-01 11:08:06.424314628 -0400
@@ -1598,7 +1598,9 @@ static void t1_check_unusual_charstring(
*(strend(t1_buf_array) - 1) = ' ';
t1_getline();
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcat(t1_buf_array, t1_line_array);
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
strcpy(t1_line_array, t1_buf_array);
t1_line_ptr = eol(t1_line_array);
}

7
texlive-base.spec
View File

@ -4,7 +4,7 @@
Name: texlive-base Name: texlive-base
Version: 20210325 Version: 20210325
Release: 7 Release: 8
Epoch: 9 Epoch: 9
Summary: TeX formatting system Summary: TeX formatting system
License: ASL 2.0 and LGPL-2.1-only and Zlib and OFL-1.1 and Public Domain and LGPL-2.0-only and GPLv2+ and MPL-1.1 and Libpng and LGPL-3.0-only and BSL-1.0 and GPLv2 and GPLv3 and CPL-1.0 and IJG and MIT and LPPL-1.3c and ICU and psutils License: ASL 2.0 and LGPL-2.1-only and Zlib and OFL-1.1 and Public Domain and LGPL-2.0-only and GPLv2+ and MPL-1.1 and Libpng and LGPL-3.0-only and BSL-1.0 and GPLv2 and GPLv3 and CPL-1.0 and IJG and MIT and LPPL-1.3c and ICU and psutils
@ -428,6 +428,8 @@ Patch0032: texlive-base-20210325-mendex-weird-arch-fixes.patch
Patch0033: texlive-base-20210325-no-setpdfwrite.patch Patch0033: texlive-base-20210325-no-setpdfwrite.patch
Patch0034: CVE-2023-32700.patch Patch0034: CVE-2023-32700.patch
Patch0035: CVE-2023-46048.patch
Patch0036: CVE-2023-46051.patch
BuildRequires: xz libXaw-devel libXi-devel ncurses-devel bison flex file perl(Digest::MD5) texinfo gcc-c++ BuildRequires: xz libXaw-devel libXi-devel ncurses-devel bison flex file perl(Digest::MD5) texinfo gcc-c++
BuildRequires: gd-devel freetype-devel libpng-devel zlib-devel potrace-devel BuildRequires: gd-devel freetype-devel libpng-devel zlib-devel potrace-devel
@ -8652,6 +8654,9 @@ yes | %{_bindir}/updmap-sys --quiet --syncwithtrees >/dev/null 2>&1 || :
%doc %{_datadir}/texlive/texmf-dist/doc/latex/yplan/ %doc %{_datadir}/texlive/texmf-dist/doc/latex/yplan/
%changelog %changelog
* Mon Aug 05 2024 wangkai <13474090681@163.com> - 9:20210325-8
- Fix CVE-2023-46048, CVE-2023-46051
* Mon Nov 27 2023 jiahua.yu <jiahua.yu@shingroup.cn> - 9:20210325-7 * Mon Nov 27 2023 jiahua.yu <jiahua.yu@shingroup.cn> - 9:20210325-7
- Init support for ppc64le - Init support for ppc64le