apply upstream fix for CVE-2018-17407

2018-10-01 11:33:09 -04:00 · 2018-10-01 11:33:09 -04:00 · 6c3463610c
commit 6c3463610c
parent 1b232674e3
2 changed files with 45 additions and 1 deletions
--- a/texlive-base-CVE-2018-17407.patch
+++ b/texlive-base-CVE-2018-17407.patch
@ -0,0 +1,39 @@
 diff -up texlive-base-20180414/source/texk/dvipsk/writet1.c.CVE-2018-17407 texlive-base-20180414/source/texk/dvipsk/writet1.c
 --- texlive-base-20180414/source/texk/dvipsk/writet1.c.CVE-2018-17407	2018-10-01 11:03:50.140899732 -0400
 +++ texlive-base-20180414/source/texk/dvipsk/writet1.c	2018-10-01 11:04:31.425999765 -0400
@@ -1449,7 +1449,9 @@ static void t1_check_unusual_charstring(
         *(strend(t1_buf_array) - 1) = ' ';
         t1_getline();
 +        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcat(t1_buf_array, t1_line_array);
 +        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcpy(t1_line_array, t1_buf_array);
         t1_line_ptr = eol(t1_line_array);
     }
 diff -up texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407 texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w
 --- texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407	2018-10-01 11:05:54.404187837 -0400
 +++ texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w	2018-10-01 11:06:33.537335758 -0400
@@ -1625,7 +1625,9 @@ static void t1_check_unusual_charstring(
     if (sscanf(p, "%i", &i) != 1) {
         strcpy(t1_buf_array, t1_line_array);
         t1_getline();
 +        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcat(t1_buf_array, t1_line_array);
 +        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcpy(t1_line_array, t1_buf_array);
         t1_line_ptr = eol(t1_line_array);
     }
 diff -up texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407 texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c
 --- texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407	2018-10-01 11:06:57.881806099 -0400
 +++ texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c	2018-10-01 11:08:06.424314628 -0400
@@ -1598,7 +1598,9 @@ static void t1_check_unusual_charstring(
         *(strend(t1_buf_array) - 1) = ' ';
         t1_getline();
 +        alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcat(t1_buf_array, t1_line_array);
 +        alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
         strcpy(t1_line_array, t1_buf_array);
         t1_line_ptr = eol(t1_line_array);
     }
--- a/texlive-base.spec
+++ b/texlive-base.spec
@ -21,7 +21,7 @@
 Name: %{shortname}-base
 Version: %{source_date}
-Release: 22%{?dist}
+Release: 23%{?dist}
 Epoch: 7
 Summary: TeX formatting system
 # The only files in the base package are directories, cache, and license texts
@ -407,6 +407,7 @@ Patch8: texlive-20180414-texinfo-path-fix.patch
 Patch11: texlive-20180215-disable-more-failing-tests.patch
 Patch12: texlive-20180414-poppler-0.64.patch
 Patch13: texlive-20180414-synctex-version.patch
 Patch14: texlive-base-CVE-2018-17407.patch
 # Can't do this because it causes everything else to be noarch
 # BuildArch: noarch
@ -6389,6 +6390,7 @@ xz -dc %{SOURCE0} | tar x
 %patch11 -p0 -b .dt
 %patch12 -p1 -b .poppler-0.64
 %patch13 -p1 -b .synctex-version
 %patch14 -p1 -b .CVE-2018-17407
 # Setup copies of the licenses
 for l in `unxz -c %{SOURCE3} | tar t`; do
 ln -s %{_texdir}/licenses/$l $l
@ -8732,6 +8734,9 @@ done <<< "$list"
 %doc %{_texdir}/texmf-dist/doc/latex/yplan/
 %changelog
 * Mon Oct  1 2018 Tom Callaway <spot@fedoraproject.org> - 7:20180414-23
 - apply upstream fix for CVE-2018-17407
 * Wed Sep 19 2018 Tom Callaway <spot@fedoraproject.org> - 7:20180414-22
 - fix lyluatex provides