From 9f89ddaf5b317ca96af6ab0caf3564138c5efc5d Mon Sep 17 00:00:00 2001
From: minskim <minskim>
Date: Tue, 20 Apr 2010 17:07:28 +0000
Subject: Avoid integer overflow (CVE-2010-0739).

Patch from TeX Live repository (Revision 17559).
---
 print/dvipsk/Makefile         |  3 ++-
 print/dvipsk/distinfo         |  3 ++-
 print/dvipsk/patches/patch-ab | 17 +++++++++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 print/dvipsk/patches/patch-ab

(limited to 'print')

diff --git a/print/dvipsk/Makefile b/print/dvipsk/Makefile
index 7c378f0deae..334e42bf846 100644
--- a/print/dvipsk/Makefile
+++ b/print/dvipsk/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2010/01/16 03:47:31 minskim Exp $
+# $NetBSD: Makefile,v 1.5 2010/04/20 17:07:28 minskim Exp $
 
 DISTNAME=	texlive-20091011-source
 PKGNAME=	dvipsk-5.98
+PKGREVISION=	1
 CATEGORIES=	print
 MASTER_SITES=	${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/}
 EXTRACT_SUFX=	.tar.xz
diff --git a/print/dvipsk/distinfo b/print/dvipsk/distinfo
index 7aed89d00e2..0fbf4c621f9 100644
--- a/print/dvipsk/distinfo
+++ b/print/dvipsk/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2010/01/16 03:47:31 minskim Exp $
+$NetBSD: distinfo,v 1.4 2010/04/20 17:07:28 minskim Exp $
 
 SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d
 RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9
 Size (texlive-20091011-source.tar.xz) = 29683728 bytes
 SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf
+SHA1 (patch-ab) = 4acf55b8027b9b2edc64c01568d3c22b50b7eafa
diff --git a/print/dvipsk/patches/patch-ab b/print/dvipsk/patches/patch-ab
new file mode 100644
index 00000000000..22e51443e80
--- /dev/null
+++ b/print/dvipsk/patches/patch-ab
@@ -0,0 +1,17 @@
+$NetBSD: patch-ab,v 1.3 2010/04/20 17:07:28 minskim Exp $
+
+--- dospecial.c.orig	2009-06-23 09:46:14.000000000 +0000
++++ dospecial.c
+@@ -334,6 +334,12 @@ predospecial(integer numbytes, Boolean s
+    static int omega_specials = 0;
+ 
+    if (nextstring + numbytes > maxstring) {
++      if (numbytes < 0
++          || (numbytes > 0 && 2 > INT_MAX / numbytes)
++          || 2 * numbytes > 1000 + 2 * numbytes) {
++         error("! Integer overflow in predospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
+       maxstring = nextstring + 2 * numbytes + 700 ;
+    }
-- 
cgit v1.2.3