[pkgsrc/trunk]: pkgsrc/print/teTeX3-bin Fix various buffer overflow vulnerabi...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/print/teTeX3-bin Fix various buffer overflow vulnerabi...
From: tonnerre <tonnerre%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 06:07:35 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/9dcad0f622f7
branches:  trunk
changeset: 542161:9dcad0f622f7
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Mon May 05 22:48:22 2008 +0000

description:
Fix various buffer overflow vulnerabilities in dvips and dviljk, and an
insecure temp file creation vulnerability in dvips. Fixes CVE-2007-5935,
CVE-2007-5936 and CVE-2007-5937. Bump PKGREVISION.

diffstat:

 print/teTeX3-bin/Makefile         |     4 +-
 print/teTeX3-bin/distinfo         |     6 +-
 print/teTeX3-bin/patches/patch-am |    82 +
 print/teTeX3-bin/patches/patch-an |    13 +
 print/teTeX3-bin/patches/patch-at |  1897 +++++++++++++++++++++++++++++++++++++
 print/teTeX3-bin/patches/patch-au |   100 +
 6 files changed, 2099 insertions(+), 3 deletions(-)

diffs (truncated from 2143 to 300 lines):

diff -r e51c65f483e4 -r 9dcad0f622f7 print/teTeX3-bin/Makefile
--- a/print/teTeX3-bin/Makefile Mon May 05 19:11:35 2008 +0000
+++ b/print/teTeX3-bin/Makefile Mon May 05 22:48:22 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2008/01/18 05:08:55 tnn Exp $
+# $NetBSD: Makefile,v 1.27 2008/05/05 22:48:22 tonnerre Exp $
 
 DISTNAME=      tetex-src-3.0
 PKGNAME=       ${DISTNAME:C/tetex/teTeX/:C/src/bin/}
-PKGREVISION=   15
+PKGREVISION=   16
 CATEGORIES=    print
 MASTER_SITES=  ${MASTER_SITE_TEX_CTAN:=systems/unix/teTeX/3.0/distrib/}
 
diff -r e51c65f483e4 -r 9dcad0f622f7 print/teTeX3-bin/distinfo
--- a/print/teTeX3-bin/distinfo Mon May 05 19:11:35 2008 +0000
+++ b/print/teTeX3-bin/distinfo Mon May 05 22:48:22 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2006/04/05 20:18:42 minskim Exp $
+$NetBSD: distinfo,v 1.8 2008/05/05 22:48:22 tonnerre Exp $
 
 SHA1 (teTeX/tetex-src-3.0.tar.gz) = 7637789f7f4929694aed1b89820f5bad4753e8fc
 RMD160 (teTeX/tetex-src-3.0.tar.gz) = 15a139f5f36993e4ed3583260e175cfb13ce7bcc
@@ -15,7 +15,11 @@
 SHA1 (patch-aj) = e9e62bdb9f956f0f8a9dc4fe9988309b7c6aa767
 SHA1 (patch-ak) = ba06c10c1151173e04f3a6cc44d44a89f1933bb8
 SHA1 (patch-al) = e1fc74bd6ea05176dfac4e99958f0e1281b89b3b
+SHA1 (patch-am) = 54d86197eee3d4e15a6c9bad6ae16ef1e0299667
+SHA1 (patch-an) = a02db18a49f61f965e0277fbc5a3fa72a5060b47
 SHA1 (patch-ap) = 0ca7341b416842fbc00a935d6cfdb0531c4169ba
 SHA1 (patch-aq) = d7a4dd4864e43cd27b1ca803f8ebfe82e65f84a7
 SHA1 (patch-ar) = 7f0c6cdca69b73bad1c8f8298e417ede1cd89d77
 SHA1 (patch-as) = 0b6c4c6b253ba1160628c19fa7080bc7c307caf3
+SHA1 (patch-at) = efadec5f03aa10ea73af52216ed4b4d71dafbb26
+SHA1 (patch-au) = a439d5bfa857636c72861d9d5ffe9243f34dc8e1
diff -r e51c65f483e4 -r 9dcad0f622f7 print/teTeX3-bin/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX3-bin/patches/patch-am Mon May 05 22:48:22 2008 +0000
@@ -0,0 +1,82 @@
+$NetBSD: patch-am,v 1.1 2008/05/05 22:48:22 tonnerre Exp $
+
+--- texk/dvipsk/hps.c
++++ texk/dvipsk/hps.c
+@@ -441,19 +441,28 @@ int href_name_match P2C(char *, h, char 
+ 
+ void stamp_hps P1C(Hps_link *, pl)
+ {
+-  char tmpbuf[200] ;
++  char * tmpbuf;
+   if (pl == NULL) {
+-    error("Null pointer, oh no!") ;
++    error("stamp_hps: null pl pointer, oh no!") ;
+     return ;
+-  } else {
+-    /* print out the proper pdfm with local page info only 
+-     *  target info will be in the target dictionary */
+-    (void)sprintf(tmpbuf, 
+-                " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
+-                pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
+-                pl->color[0], pl->color[1], pl->color[2]) ;
+-    cmdout(tmpbuf) ; 
+-  }
++  } 
++  if(pl->title == NULL) {
++    error("stamp_hps: null pl->title pointer, oh no!") ;
++    return ;
++  } 
++
++  tmpbuf = (char *) xmalloc(strlen(pl->title)+200);
++
++  /* print out the proper pdfm with local page info only 
++   *  target info will be in the target dictionary */
++  (void)sprintf(tmpbuf, 
++              " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", 
++              pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
++              pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
++              pl->color[0], pl->color[1], pl->color[2]) ;
++  cmdout(tmpbuf) ; 
++  free(tmpbuf);
++  
+   
+ }
+ 
+@@ -462,18 +471,27 @@ void stamp_hps P1C(Hps_link *, pl)
+  */
+ void stamp_external P2C(char *, s, Hps_link *, pl) 
+ {
+-  char tmpbuf[200];
++  char *tmpbuf;
+   if (pl == NULL) {
+-    error("Null pointer, oh no!") ;
++    error("stamp_external: null pl pointer, oh no!") ;
+     return ;
+-  } else {
+-    /* print out the proper pdfm with local page info only 
+-     *  target info will be in the target dictionary */
+-    (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
+-                pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
+-                pl->color[0], pl->color[1], pl->color[2], s) ;
+-    cmdout(tmpbuf) ;
+-  }
++  } 
++
++  if (s == NULL) {
++    error("stamp_external: null s pointer, oh no!") ;
++    return ;
++  } 
++
++  tmpbuf = (char *) xmalloc(strlen(s) + 200);
++
++  /* print out the proper pdfm with local page info only 
++   *  target info will be in the target dictionary */
++  (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ",
++              pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
++              pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
++              pl->color[0], pl->color[1], pl->color[2], s) ;
++  cmdout(tmpbuf) ;
++  free(tmpbuf);
+ }
+ 
+ void finish_hps P1H(void) {
diff -r e51c65f483e4 -r 9dcad0f622f7 print/teTeX3-bin/patches/patch-an
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX3-bin/patches/patch-an Mon May 05 22:48:22 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-an,v 1.1 2008/05/05 22:48:22 tonnerre Exp $
+
+--- texk/dviljk/configure.in.orig      1999-02-08 22:42:01.000000000 +0100
++++ texk/dviljk/configure.in
+@@ -14,6 +14,8 @@ dnl These tests prevent reliable cross-c
+ AC_C_CHAR_UNSIGNED
+ AC_CHECK_SIZEOF(long)
+ 
++AC_CHECK_FUNCS(rmdir unlink mkdtemp)
++
+ AC_OUTPUT(Makefile)
+ dnl Update stamp-auto, since we just remade `c-auto.h'.
+ date >stamp-auto
diff -r e51c65f483e4 -r 9dcad0f622f7 print/teTeX3-bin/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX3-bin/patches/patch-at Mon May 05 22:48:22 2008 +0000
@@ -0,0 +1,1897 @@
+$NetBSD: patch-at,v 1.1 2008/05/05 22:48:22 tonnerre Exp $
+
+--- texk/dviljk/dvi2xx.c
++++ texk/dviljk/dvi2xx.c
+@@ -1,5 +1,5 @@
+ /* $Id: patch-at,v 1.1 2008/05/05 22:48:22 tonnerre Exp $ */
+-#define VERSION "2.6p2 (dviljk)"
++#define VERSION "dviljk (version 2.6p3)"
+ /*
+ #define DEBUGGS 1
+ */
+@@ -165,7 +165,7 @@ char    *argv[];
+ # endif
+ #endif
+ 
+-  /* Initialize pixel_files */   
++  /* Initialize pixel_files */
+   for (i = 0; i <= MAXOPEN; i++)
+     pixel_files[i].pixel_file_id = FPNULL;
+ 
+@@ -173,7 +173,7 @@ char    *argv[];
+   y_origin = YDEFAULTOFF; /* y-origin in dots                    */
+ 
+   setbuf(ERR_STREAM, NULL);
+-  (void) strcpy(G_progname, argv[0]);
++  G_progname = argv[0];
+ #ifdef KPATHSEA
+   kpse_set_progname(argv[0]);
+   kpse_set_program_enabled (kpse_pk_format, MAKE_TEX_PK_BY_DEFAULT, kpse_src_compile);
+@@ -275,7 +275,7 @@ char    *argv[];
+   EMIT1("@PJL SET PAGEPROTECT=OFF\012");
+   EMIT1("@PJL ENTER LANGUAGE=PCL\012");
+   if (econoMode && LJ6)
+-      EMIT1("@PJL SET ECONOMODE=ON\012");  
++      EMIT1("@PJL SET ECONOMODE=ON\012");
+   EMIT3("\033&u%dD\033*t%dR",RESOLUTION,RESOLUTION);
+   if (econoMode && !LJ6)
+     EMIT1("\033*v1T");
+@@ -431,8 +431,8 @@ char    *argv[];
+           /*
+             fprintf(ERR_STREAM,"FirstPart\n count %d, mod %d, pp %d\n",(int)count[0],(int)count[0]%2,PageParity);
+             */
+-          SkipMode = 
+-            (bool)(PageParity != (short)((count[0]<0 ? 
++          SkipMode =
++            (bool)(PageParity != (short)((count[0]<0 ?
+                                           labs(count[0])+1 : count[0])%2));
+           if (count[0] == 0) SkipMode = (bool)!SkipMode;
+         }
+@@ -641,7 +641,7 @@ char    *argv[];
+    is not buffered. */
+ 
+ /* read a buffered byte */
+-char 
++char
+ #if NeedFunctionPrototypes
+ b_read(FILEPTR spfp)
+ #else
+@@ -661,7 +661,7 @@ FILEPTR spfp;
+ }
+ 
+ #ifdef RISC_BUFFER
+-void 
++void
+ #if NeedFunctionPrototypes
+ b_write(FILEPTR spfp, char c) /* write a buffered byte */
+ #else
+@@ -677,7 +677,7 @@ char c;
+   buffout[boact++] = c;
+ }
+ 
+-void 
++void
+ #if NeedFunctionPrototypes
+ b_wrtmult(FILEPTR spfp, char *buf, int len) /* write a sequence of bytes to the output buffer */
+ #else
+@@ -693,22 +693,22 @@ int len;
+     write_multi(buffout,1,boact,spfp);
+     /* Copy only small blocks; large ones are written directly */
+     if (len < (BUFFSIZE/4)) {
+-      for (i = 0; i<len; i++) 
++      for (i = 0; i<len; i++)
+         buffout[i] = buf[i];
+       boact = len;
+     } else {
+-      write_multi(buf,1,len,spfp); 
++      write_multi(buf,1,len,spfp);
+       boact = 0;
+     }
+   }
+   else {
+-    for (i = 0; i<len; i++) 
++    for (i = 0; i<len; i++)
+       buffout[boact++] = buf[i];
+   }
+ }
+ 
+ /* flush the output buffer */
+-void 
++void
+ #if NeedFunctionPrototypes
+ b_oflush(FILEPTR spfp)
+ #else
+@@ -762,9 +762,9 @@ char    *str;
+ /***************************** CopyHPFile ******************************/
+ /*********************************************************************/
+ #if NeedFunctionPrototypes
+-int getnum(FILEPTR spfp, char *t, char *numstr) 
++int getnum(FILEPTR spfp, char *t, char *numstr)
+ #else
+-int getnum(spfp, t, numstr) 
++int getnum(spfp, t, numstr)
+ FILEPTR spfp;
+ char *t, *numstr;
+ #endif
+@@ -777,30 +777,30 @@ char *t, *numstr;
+ }
+ 
+ #if NeedFunctionPrototypes
+-void setOffset(char dir, char sign, int pos) 
++void setOffset(char dir, char sign, int pos)
+ #else
+-void setOffset(dir, sign, pos, first) 
++void setOffset(dir, sign, pos, first)
+ char dir, sign;
+ int pos;
+ #endif
+ {
+   if ((sign == '+' || sign == '-') && pos > 0 ) {
+     EMIT4("\033*p%c%d%c",sign,pos,dir);
+-#ifdef DEBUGGS   
++#ifdef DEBUGGS
+     fprintf(stderr, "relative: *p%c%d%c\n", sign, pos, dir);
+ #endif
+   } else if (pos>0) {
+     EMIT3("\033*p%d%c",pos,dir);
+-#ifdef DEBUGGS   
++#ifdef DEBUGGS
+     fprintf(stderr, "absolute: *p%d%c\n", pos, dir);
+ #endif
+-    if (dir == 'X') 
++    if (dir == 'X')
+       last_rx = pos;
+-    else 
++    else
+       last_ry = pos;
+   } else {
+     /*EMIT3("\033*p%d%c",pos,dir);*/
+-#ifdef DEBUGGS   
++#ifdef DEBUGGS
+     fprintf(stderr, "Relative: *p%d%c\n", pos, dir);
+ #endif
+   }
+@@ -832,7 +832,7 @@ char    *str;
+      unwanted commands from the input file and outputs the rest */
+ 
+   /* reset the input buffer */
+-  binumber = 0;
Prev by Date: [pkgsrc/trunk]: pkgsrc/chat/inspircd 1.1.19
Next by Date: [pkgsrc/trunk]: pkgsrc/x11/libdrm Add support for the userland atomic ops of ...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/chat/inspircd 1.1.19
Next by Thread: [pkgsrc/trunk]: pkgsrc/x11/libdrm Add support for the userland atomic ops of ...
Indexes:
Home | Main Index | Thread Index | Old Index