Revision bump fixing security bugs

(Portage version: 2.1.3.7)
author: Robert Buchholz <rbu@gentoo.org> 2007-09-01 17:16:35 +0000
committer: Robert Buchholz <rbu@gentoo.org> 2007-09-01 17:16:35 +0000
commit: 5b70407ff4e49d8bc9df08edf47777a09a89fc9e (patch)
tree: 23b92c04e8b755e4b023cdfe8b886091000c3674 /app-text/tetex
parent: Stable on ppc wrt bug 190572 (diff)
download: gentoo-2-5b70407ff4e49d8bc9df08edf47777a09a89fc9e.tar.gz
gentoo-2-5b70407ff4e49d8bc9df08edf47777a09a89fc9e.tar.bz2
gentoo-2-5b70407ff4e49d8bc9df08edf47777a09a89fc9e.zip
5 files changed, 220 insertions, 1 deletions
diff --git a/app-text/tetex/ChangeLog b/app-text/tetex/ChangeLog
index 99023952b5d6..c167cb16624e 100644
--- a/app-text/tetex/ChangeLog
+++ b/app-text/tetex/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for app-text/tetex
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/tetex/ChangeLog,v 1.146 2007/09/01 16:59:06 rbu Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/tetex/ChangeLog,v 1.147 2007/09/01 17:16:35 rbu Exp $
+
+*tetex-3.0_p1-r4 (01 Sep 2007)
+
+  01 Sep 2007; Robert Buchholz <rbu@gentoo.org>
+  +files/tetex-3.0_p1-CVE-2007-0650.patch,
+  +files/tetex-3.0_p1-xpdf-CVE-2007-3387.patch, +tetex-3.0_p1-r4.ebuild:
+  Revision bump fixing security bugs:
+   * 170861: Fix various buffer overflows in tetex's code (CVE-2007-0650)
+   * 182055: Link to system libgd instead of the old one in tarball (CVE-2007-2756)
+   * 188172: Patch for vulnerable XPDF code (CVE-2007-3387)
 
   01 Sep 2007; Robert Buchholz <rbu@gentoo.org> -tetex-3.0-r3.ebuild,
   -tetex-3.0-r4.ebuild, -tetex-3.0_p1.ebuild, -tetex-3.0_p1-r1.ebuild,
diff --git a/app-text/tetex/files/digest-tetex-3.0_p1-r4 b/app-text/tetex/files/digest-tetex-3.0_p1-r4
new file mode 100644
index 000000000000..393f59b561f4
--- /dev/null
+++ b/app-text/tetex/files/digest-tetex-3.0_p1-r4
@@ -0,0 +1,9 @@
+MD5 24568263880f911452936573211fa4e8 tetex-3.0_p1-gentoo.tar.gz 604
+RMD160 5da9d211792ab81d072f0fed65ac737aa3074a6b tetex-3.0_p1-gentoo.tar.gz 604
+SHA256 4e9236349a6d849db06fefcbbf5af7c333199312b461a06840cb8fd2eddd1ac6 tetex-3.0_p1-gentoo.tar.gz 604
+MD5 0f82ade673335256226d0321e6c5e2cf tetex-src-3.0_p1.tar.gz 13357541
+RMD160 24d5029619675ce597782562bc1b87052235d461 tetex-src-3.0_p1.tar.gz 13357541
+SHA256 e67fff941ba95222ac8f0e17395446723fd78045fc2ff548ca40cc72086a4cc1 tetex-src-3.0_p1.tar.gz 13357541
+MD5 ed9d30d9162d16ac8d5065cde6e0f6fa tetex-texmf-3.0.tar.gz 91402377
+RMD160 a1e87733fa3cbef04e39a690ed8549aeaaddb241 tetex-texmf-3.0.tar.gz 91402377
+SHA256 6c3b8fa619749cbb28ca0f8847e56773d13e0bb92f1ea34287420950373640c2 tetex-texmf-3.0.tar.gz 91402377
diff --git a/app-text/tetex/files/tetex-3.0_p1-CVE-2007-0650.patch b/app-text/tetex/files/tetex-3.0_p1-CVE-2007-0650.patch
new file mode 100644
index 000000000000..4df77e5dd8f1
--- /dev/null
+++ b/app-text/tetex/files/tetex-3.0_p1-CVE-2007-0650.patch
@@ -0,0 +1,80 @@
+--- tetex-src-3.0/texk/makeindexk/mkind.c.CVE-2007-0650	2002-10-02 14:26:37.000000000 +0200
++++ tetex-src-3.0/texk/makeindexk/mkind.c	2007-02-02 12:29:31.000000000 +0100
+@@ -179,7 +179,9 @@
+ 		    argc--;
+ 		    if (argc <= 0)
+ 			FATAL("Expected -p <num>\n","");
+-		    strcpy(pageno, *++argv);
++		    if (strlen(*++argv) >= sizeof(pageno))
++			FATAL("Page number too high\n","");
++		    strcpy(pageno, *argv);
+ 		    init_page = TRUE;
+ 		    if (STREQ(pageno, EVEN)) {
+ 			log_given = TRUE;
+@@ -230,7 +232,7 @@
+ 		char tmp[STRING_MAX + 5];
+ 		
+ 		/* base set by last call to check_idx */
+-		sprintf (tmp, "%s%s", base, INDEX_STY);
++		snprintf (tmp, sizeof(tmp), "%s%s", base, INDEX_STY);
+ 		if (0 == access(tmp, R_OK)) {
+ 			open_sty (tmp);
+ 			sty_given = TRUE;
+@@ -405,9 +407,9 @@
+ 		    STRING_MAX,totmem);
+ #endif /* DEBUG */
+ 
+-	    if ((idx_fn = (char *) malloc(STRING_MAX)) == NULL)
++	    if ((idx_fn = (char *) malloc(STRING_MAX+5)) == NULL)
+ 		FATAL("Not enough core...abort.\n", "");
+-	    sprintf(idx_fn, "%s%s", base, INDEX_IDX);
++	    snprintf(idx_fn, STRING_MAX+5, "%s%s", base, INDEX_IDX);
+ 	    if ((open_fn && 
+ 	 ((idx_fp = OPEN_IN(idx_fn)) == NULL)
+ 	) ||
+@@ -434,7 +436,7 @@
+ 
+     /* index output file */
+     if (!ind_given) {
+-	sprintf(ind, "%s%s", base, INDEX_IND);
++	snprintf(ind, sizeof(ind), "%s%s", base, INDEX_IND);
+ 	ind_fn = ind;
+     }
+     if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)
+@@ -442,14 +444,14 @@
+ 
+     /* index transcript file */
+     if (!ilg_given) {
+-	sprintf(ilg, "%s%s", base, INDEX_ILG);
++	snprintf(ilg, sizeof(ilg), "%s%s", base, INDEX_ILG);
+ 	ilg_fn = ilg;
+     }
+     if ((ilg_fp = OPEN_OUT(ilg_fn)) == NULL)
+ 	FATAL("Can't create transcript file %s.\n", ilg_fn);
+ 
+     if (log_given) {
+-	sprintf(log_fn, "%s%s", base, INDEX_LOG);
++	snprintf(log_fn, sizeof(log_fn), "%s%s", base, INDEX_LOG);
+ 	if ((log_fp = OPEN_IN(log_fn)) == NULL) {
+ 	    FATAL("Source log file %s not found.\n", log_fn);
+ 	} else {
+@@ -505,6 +507,9 @@
+   if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {
+      FATAL("Index style file %s not found.\n", fn);
+   } else {
++    if (strlen(found) >= sizeof(sty_fn)) {
++      FATAL("Style file %s too long.\n", found);
++    }
+     strcpy(sty_fn,found);
+     if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {
+       FATAL("Could not open style file %s.\n", sty_fn);
+@@ -512,6 +517,9 @@
+   }
+ #else
+     if ((path = getenv(STYLE_PATH)) == NULL) {
++        if (strlen(fn) >= sizeof(sty_fn)) {
++          FATAL("Style file %s too long.\n", fn);
++        }
+ 	/* style input path not defined */
+ 	strcpy(sty_fn, fn);
+ 	sty_fp = OPEN_IN(sty_fn);
diff --git a/app-text/tetex/files/tetex-3.0_p1-xpdf-CVE-2007-3387.patch b/app-text/tetex/files/tetex-3.0_p1-xpdf-CVE-2007-3387.patch
new file mode 100644
index 000000000000..da3c7a6d19f7
--- /dev/null
+++ b/app-text/tetex/files/tetex-3.0_p1-xpdf-CVE-2007-3387.patch
@@ -0,0 +1,16 @@
+--- tetex-src-3.0/libs/xpdf/xpdf/Stream.cc	Tue Feb 27 14:05:52 2007
++++ tetex-src-3.0/libs/xpdf/xpdf/Stream.cc	Thu Jul 12 15:55:49 2007
+@@ -421,7 +421,12 @@
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
+   rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0) {
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++     nComps > gfxColorMaxComps ||
++     nBits > 16 ||
++     nVals <= 0 ||
++     nVals * nBits + 7 <= 0 ||
++     rowBytes <= 0) {
+     return;
+   }
+   predLine = (Guchar *)gmalloc(rowBytes);
diff --git a/app-text/tetex/tetex-3.0_p1-r4.ebuild b/app-text/tetex/tetex-3.0_p1-r4.ebuild
new file mode 100644
index 000000000000..fb48765dabeb
--- /dev/null
+++ b/app-text/tetex/tetex-3.0_p1-r4.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/tetex/tetex-3.0_p1-r4.ebuild,v 1.1 2007/09/01 17:16:35 rbu Exp $
+
+inherit tetex-3 flag-o-matic versionator virtualx
+
+SMALL_PV=$(get_version_component_range 1-2 ${PV})
+TETEX_TEXMF_PV=${SMALL_PV}
+S="${WORKDIR}/tetex-src-${SMALL_PV}"
+
+TETEX_SRC="tetex-src-${PV}.tar.gz"
+TETEX_TEXMF="tetex-texmf-${TETEX_TEXMF_PV:-${TETEX_PV}}.tar.gz"
+#TETEX_TEXMF_SRC="tetex-texmfsrc-${TETEX_TEXMF_PV:-${TETEX_PV}}.tar.gz"
+TETEX_TEXMF_SRC=""
+
+DESCRIPTION="a complete TeX distribution"
+HOMEPAGE="http://tug.org/teTeX/"
+
+SRC_PATH_TETEX=ftp://cam.ctan.org/tex-archive/systems/unix/teTeX/current/distrib
+SRC_URI="mirror://gentoo/${TETEX_SRC}
+	${SRC_PATH_TETEX}/${TETEX_TEXMF}
+	mirror://gentoo/${P}-gentoo.tar.gz"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+
+# these are defined in tetex.eclass and tetex-3.eclass
+IUSE=""
+DEPEND="${DEPEND} media-libs/gd"
+RDEPEND="${RDEPEND} media-libs/gd"
+
+src_unpack() {
+	tetex-3_src_unpack
+	cd "${S}"
+	epatch ${FILESDIR}/${PN}-${SMALL_PV}-kpathsea-pic.patch
+
+	# bug 85404
+	epatch ${FILESDIR}/${PN}-${SMALL_PV}-epstopdf-wrong-rotation.patch
+
+	epatch ${FILESDIR}/${P}-amd64-xdvik-wp.patch
+	epatch ${FILESDIR}/${P}-mptest.patch
+
+	#bug 98029
+	epatch ${FILESDIR}/${P}-fmtutil-etex.patch
+
+	#bug 115775
+	epatch ${FILESDIR}/${P}-xpdf-vulnerabilities.patch
+
+	# bug 94860
+	epatch ${FILESDIR}/${P}-pdftosrc-install.patch
+
+	# bug 126918
+	epatch ${FILESDIR}/${P}-create-empty-files.patch
+
+	# bug 94901
+	epatch ${FILESDIR}/${P}-dvipdfm-timezone.patch
+
+	# security bug #170861
+	epatch ${FILESDIR}/${P}-CVE-2007-0650.patch
+
+	# security bug #188172
+	epatch ${FILESDIR}/${P}-xpdf-CVE-2007-3387.patch
+
+	# Construct a Gentoo site texmf directory
+	# that overlays the upstream supplied
+	epatch ${FILESDIR}/${P}-texmf-site.patch
+}
+
+src_compile() {
+	#bug 119856
+	export LC_ALL=C
+
+	# dvipng has its own ebuild (fix for bug #129044).
+	# also, do not build against own lib gd (security #182055)
+	TETEX_ECONF="${TETEX_ECONF} --without-dvipng --with-system-gd"
+
+	tetex-3_src_compile
+}
+
+src_test() {
+	fmtutil --fmtdir "${S}/texk/web2c" --all
+	# The check target tries to access X display, bug #69439.
+	Xmake check || die "Xmake check failed."
+}
+
+src_install() {
+	insinto /usr/share/texmf/dvips/pstricks
+	doins ${FILESDIR}/pst-circ.pro
+
+	# install pdftosrc man page, bug 94860
+	doman ${S}/texk/web2c/pdftexdir/pdftosrc.1
+
+	tetex-3_src_install
+
+	# Create Gentoo site texmf directory
+	keepdir /usr/share/texmf-site
+}
+
+pkg_postinst() {
+	tetex-3_pkg_postinst
+
+	elog
+	elog "This release removes dvipng since it is provided in app-text/dvipng"
+	elog
+}
author	Robert Buchholz <rbu@gentoo.org>	2007-09-01 17:16:35 +0000
committer	Robert Buchholz <rbu@gentoo.org>	2007-09-01 17:16:35 +0000
commit	5b70407ff4e49d8bc9df08edf47777a09a89fc9e (patch)
tree	23b92c04e8b755e4b023cdfe8b886091000c3674 /app-text/tetex
parent	Stable on ppc wrt bug 190572 (diff)
download	gentoo-2-5b70407ff4e49d8bc9df08edf47777a09a89fc9e.tar.gz gentoo-2-5b70407ff4e49d8bc9df08edf47777a09a89fc9e.tar.bz2 gentoo-2-5b70407ff4e49d8bc9df08edf47777a09a89fc9e.zip