apply upstream fix for CVE-2018-17407
This commit is contained in:
parent
1b232674e3
commit
6c3463610c
39
texlive-base-CVE-2018-17407.patch
Normal file
39
texlive-base-CVE-2018-17407.patch
Normal file
@ -0,0 +1,39 @@
|
||||
diff -up texlive-base-20180414/source/texk/dvipsk/writet1.c.CVE-2018-17407 texlive-base-20180414/source/texk/dvipsk/writet1.c
|
||||
--- texlive-base-20180414/source/texk/dvipsk/writet1.c.CVE-2018-17407 2018-10-01 11:03:50.140899732 -0400
|
||||
+++ texlive-base-20180414/source/texk/dvipsk/writet1.c 2018-10-01 11:04:31.425999765 -0400
|
||||
@@ -1449,7 +1449,9 @@ static void t1_check_unusual_charstring(
|
||||
*(strend(t1_buf_array) - 1) = ' ';
|
||||
|
||||
t1_getline();
|
||||
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
||||
strcat(t1_buf_array, t1_line_array);
|
||||
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
||||
strcpy(t1_line_array, t1_buf_array);
|
||||
t1_line_ptr = eol(t1_line_array);
|
||||
}
|
||||
diff -up texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407 texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w
|
||||
--- texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w.CVE-2018-17407 2018-10-01 11:05:54.404187837 -0400
|
||||
+++ texlive-base-20180414/source/texk/web2c/luatexdir/font/writet1.w 2018-10-01 11:06:33.537335758 -0400
|
||||
@@ -1625,7 +1625,9 @@ static void t1_check_unusual_charstring(
|
||||
if (sscanf(p, "%i", &i) != 1) {
|
||||
strcpy(t1_buf_array, t1_line_array);
|
||||
t1_getline();
|
||||
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
||||
strcat(t1_buf_array, t1_line_array);
|
||||
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
||||
strcpy(t1_line_array, t1_buf_array);
|
||||
t1_line_ptr = eol(t1_line_array);
|
||||
}
|
||||
diff -up texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407 texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c
|
||||
--- texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c.CVE-2018-17407 2018-10-01 11:06:57.881806099 -0400
|
||||
+++ texlive-base-20180414/source/texk/web2c/pdftexdir/writet1.c 2018-10-01 11:08:06.424314628 -0400
|
||||
@@ -1598,7 +1598,9 @@ static void t1_check_unusual_charstring(
|
||||
*(strend(t1_buf_array) - 1) = ' ';
|
||||
|
||||
t1_getline();
|
||||
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
||||
strcat(t1_buf_array, t1_line_array);
|
||||
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
||||
strcpy(t1_line_array, t1_buf_array);
|
||||
t1_line_ptr = eol(t1_line_array);
|
||||
}
|
@ -21,7 +21,7 @@
|
||||
|
||||
Name: %{shortname}-base
|
||||
Version: %{source_date}
|
||||
Release: 22%{?dist}
|
||||
Release: 23%{?dist}
|
||||
Epoch: 7
|
||||
Summary: TeX formatting system
|
||||
# The only files in the base package are directories, cache, and license texts
|
||||
@ -407,6 +407,7 @@ Patch8: texlive-20180414-texinfo-path-fix.patch
|
||||
Patch11: texlive-20180215-disable-more-failing-tests.patch
|
||||
Patch12: texlive-20180414-poppler-0.64.patch
|
||||
Patch13: texlive-20180414-synctex-version.patch
|
||||
Patch14: texlive-base-CVE-2018-17407.patch
|
||||
|
||||
# Can't do this because it causes everything else to be noarch
|
||||
# BuildArch: noarch
|
||||
@ -6389,6 +6390,7 @@ xz -dc %{SOURCE0} | tar x
|
||||
%patch11 -p0 -b .dt
|
||||
%patch12 -p1 -b .poppler-0.64
|
||||
%patch13 -p1 -b .synctex-version
|
||||
%patch14 -p1 -b .CVE-2018-17407
|
||||
# Setup copies of the licenses
|
||||
for l in `unxz -c %{SOURCE3} | tar t`; do
|
||||
ln -s %{_texdir}/licenses/$l $l
|
||||
@ -8732,6 +8734,9 @@ done <<< "$list"
|
||||
%doc %{_texdir}/texmf-dist/doc/latex/yplan/
|
||||
|
||||
%changelog
|
||||
* Mon Oct 1 2018 Tom Callaway <spot@fedoraproject.org> - 7:20180414-23
|
||||
- apply upstream fix for CVE-2018-17407
|
||||
|
||||
* Wed Sep 19 2018 Tom Callaway <spot@fedoraproject.org> - 7:20180414-22
|
||||
- fix lyluatex provides
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user