diff options
author | tron <tron> | 2010-06-08 18:22:06 +0000 |
---|---|---|
committer | tron <tron> | 2010-06-08 18:22:06 +0000 |
commit | fc3785910a95a2cf79cd4f53fc3b77a842af07a5 (patch) | |
tree | 44973f12899095b1a92afdf67c4a7efef7c66396 | |
parent | cb2b3355b45edf1f2466ccb3e257c970674bd352 (diff) | |
download | pkgsrc-fc3785910a95a2cf79cd4f53fc3b77a842af07a5.tar.gz |
Pullup ticket #3143 - requested by minskim
print/dvipsk: security patch
Revisions pulled up:
- print/dvipsk/Makefile 1.6
- print/dvipsk/distinfo 1.5
- print/dvipsk/patches/patch-ab 1.4
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Jun 8 15:17:05 UTC 2010
Modified Files:
pkgsrc/print/dvipsk: Makefile distinfo
pkgsrc/print/dvipsk/patches: patch-ab
Log Message:
Fix CVE-2010-1440. Patch from TeX Live repository.
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
Live 2009 and earlier, and teTeX, allow remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via a special command in a DVI file, related to the (1)
predospecial and (2) bbdospecial functions, a different
vulnerability than CVE-2010-0739.
-rw-r--r-- | print/dvipsk/Makefile | 4 | ||||
-rw-r--r-- | print/dvipsk/distinfo | 4 | ||||
-rw-r--r-- | print/dvipsk/patches/patch-ab | 28 |
3 files changed, 26 insertions, 10 deletions
diff --git a/print/dvipsk/Makefile b/print/dvipsk/Makefile index c926c0b8f48..9c0f9d6eae2 100644 --- a/print/dvipsk/Makefile +++ b/print/dvipsk/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.4.2.1 2010/04/20 21:26:19 tron Exp $ +# $NetBSD: Makefile,v 1.4.2.2 2010/06/08 18:22:06 tron Exp $ DISTNAME= texlive-20091011-source PKGNAME= dvipsk-5.98 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/} EXTRACT_SUFX= .tar.xz diff --git a/print/dvipsk/distinfo b/print/dvipsk/distinfo index 36d4cc322da..0b456aa8fc4 100644 --- a/print/dvipsk/distinfo +++ b/print/dvipsk/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.3.2.1 2010/04/20 21:26:19 tron Exp $ +$NetBSD: distinfo,v 1.3.2.2 2010/06/08 18:22:06 tron Exp $ SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9 Size (texlive-20091011-source.tar.xz) = 29683728 bytes SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf -SHA1 (patch-ab) = 4acf55b8027b9b2edc64c01568d3c22b50b7eafa +SHA1 (patch-ab) = 0ecb16e2073813d23a8d13809de58a01bfe38e8a diff --git a/print/dvipsk/patches/patch-ab b/print/dvipsk/patches/patch-ab index 7d3bac81ccb..d5988885391 100644 --- a/print/dvipsk/patches/patch-ab +++ b/print/dvipsk/patches/patch-ab @@ -1,17 +1,33 @@ -$NetBSD: patch-ab,v 1.3.2.2 2010/04/20 21:26:19 tron Exp $ +$NetBSD: patch-ab,v 1.3.2.3 2010/06/08 18:22:06 tron Exp $ + +- CVE-2010-0739 +- CVE-2010-1440 --- dospecial.c.orig 2009-06-23 09:46:14.000000000 +0000 +++ dospecial.c -@@ -334,6 +334,12 @@ predospecial(integer numbytes, Boolean s +@@ -333,7 +333,11 @@ predospecial(integer numbytes, Boolean s + int j ; static int omega_specials = 0; - if (nextstring + numbytes > maxstring) { -+ if (numbytes < 0 -+ || (numbytes > 0 && 2 > INT_MAX / numbytes) -+ || 2 * numbytes > 1000 + 2 * numbytes) { +- if (nextstring + numbytes > maxstring) { ++ if (numbytes < 0 || numbytes > maxstring - nextstring) { ++ if (numbytes < 0 || numbytes > (INT_MAX - 1000) / 2 ) { + error("! Integer overflow in predospecial"); + exit(1); + } p = nextstring = mymalloc(1000 + 2 * numbytes) ; maxstring = nextstring + 2 * numbytes + 700 ; } +@@ -918,7 +922,11 @@ bbdospecial(int nbytes) + char seen[NKEYS] ; + float valseen[NKEYS] ; + +- if (nextstring + nbytes > maxstring) { ++ if (nbytes < 0 || nbytes > maxstring - nextstring) { ++ if (nbytes < 0 || nbytes > (INT_MAX - 1000) / 2 ) { ++ error("! Integer overflow in bbdospecial"); ++ exit(1); ++ } + p = nextstring = mymalloc(1000 + 2 * nbytes) ; + maxstring = nextstring + 2 * nbytes + 700 ; + } |