Add a patch from upstream to prevent buffer overflow with too long hrefs using dvips -z

Package-Manager: portage-2.1.3.15
author: Alexis Ballier <aballier@gentoo.org> 2007-10-22 06:22:28 +0000
committer: Alexis Ballier <aballier@gentoo.org> 2007-10-22 06:22:28 +0000
commit: e760cb95c042b9781f182846cf5eeb69c3c1df9f (patch)
tree: 732d735a63041a471c7eac913ec156ce0831f6eb /app-text
parent: Stable for HPPA (bug #195700). (diff)
download: historical-e760cb95c042b9781f182846cf5eeb69c3c1df9f.tar.gz
historical-e760cb95c042b9781f182846cf5eeb69c3c1df9f.tar.bz2
historical-e760cb95c042b9781f182846cf5eeb69c3c1df9f.zip
5 files changed, 118 insertions, 16 deletions
diff --git a/app-text/texlive-core/ChangeLog b/app-text/texlive-core/ChangeLog
index 44a782a15c08..716919fff442 100644
--- a/app-text/texlive-core/ChangeLog
+++ b/app-text/texlive-core/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-text/texlive-core
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/texlive-core/ChangeLog,v 1.9 2007/10/21 11:32:02 aballier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/texlive-core/ChangeLog,v 1.10 2007/10/22 06:22:27 aballier Exp $
+
+*texlive-core-2007-r2 (22 Oct 2007)
+
+  22 Oct 2007; Alexis Ballier <aballier@gentoo.org>
+  +files/2007/texlive-core-2007-dvips_bufferoverflow.patch,
+  -texlive-core-2007-r1.ebuild, +texlive-core-2007-r2.ebuild:
+  Add a patch from upstream to prevent buffer overflow with too long hrefs
+  using dvips -z
 
 *texlive-core-2007-r1 (21 Oct 2007)
 
diff --git a/app-text/texlive-core/Manifest b/app-text/texlive-core/Manifest
index dce720ef0612..249a29766c00 100644
--- a/app-text/texlive-core/Manifest
+++ b/app-text/texlive-core/Manifest
@@ -9,6 +9,10 @@ AUX 2007/tetex-3.0_p1-xpdf-CVE-2007-3387.patch 516 RMD160 fcfa307061c6052cec241a
 MD5 ab265d1313af1348b7f431ab5accbcbe files/2007/tetex-3.0_p1-xpdf-CVE-2007-3387.patch 516
 RMD160 fcfa307061c6052cec241adda6d7541105afa5bf files/2007/tetex-3.0_p1-xpdf-CVE-2007-3387.patch 516
 SHA256 7cebc7643f54462de5504aeb6c331860beb9aae947bc80132d0ac8f9b0a2f109 files/2007/tetex-3.0_p1-xpdf-CVE-2007-3387.patch 516
+AUX 2007/texlive-core-2007-dvips_bufferoverflow.patch 3032 RMD160 d82c40767b8614180e1487a95c923b99e92161b5 SHA1 1616aff45e9412ad861d75019a2c88a5122e5b23 SHA256 d5942c40589199d19dd4407b9bcdfeb13a2559de59e70ca986c3c16040788f6b
+MD5 65b84b563d53e426b5a78f1302c45863 files/2007/texlive-core-2007-dvips_bufferoverflow.patch 3032
+RMD160 d82c40767b8614180e1487a95c923b99e92161b5 files/2007/texlive-core-2007-dvips_bufferoverflow.patch 3032
+SHA256 d5942c40589199d19dd4407b9bcdfeb13a2559de59e70ca986c3c16040788f6b files/2007/texlive-core-2007-dvips_bufferoverflow.patch 3032
 AUX 2007/texlive-core-2007-icu-xetex-execstacks.patch 550 RMD160 85ed534a2eb2b77fd8bafa1db405c904167712cb SHA1 fc9a44364ddebfb732be4d3d7e39ba3a547dbc2b SHA256 854b108962c6b42e74ae34658b3b18199618b80a86c677ed01a56fc43e6b6de4
 MD5 a3cb6ff84b0bd80e82d7224ea5b39740 files/2007/texlive-core-2007-icu-xetex-execstacks.patch 550
 RMD160 85ed534a2eb2b77fd8bafa1db405c904167712cb files/2007/texlive-core-2007-icu-xetex-execstacks.patch 550
@@ -95,25 +99,25 @@ DIST texlive-module-lib-regex-2007.zip 873 RMD160 1525034c3434b534a238b90730fe56
 DIST texlive-module-lib-zlib-2007.zip 1221 RMD160 c2dc6572cd09ef2494a8b299334b902df6567f4c SHA1 2c2a4814b2eaba74da4ae35521b521f83f688ab8 SHA256 9f9ab01c861946667c218e0e2ebea7bbb74a65e94ce9cb699b99cfd51fbcfd5a
 DIST texlive-module-mft-2007.zip 9083 RMD160 a07d22432636f38a7639a5385ed3e96626041e45 SHA1 fc5585b86daf583779dacc9e25d0e615ba6519e4 SHA256 6d4a52492a03b41fdfc50532a9061ad94723c67ec5ded1d0ea549ee4978511a4
 DIST texlive-module-mkind-english-2007.zip 2264 RMD160 c2d9e9164ed10f55bda56247e94d9bf63adf93e6 SHA1 6660cefd619df95f80f63146f0501cc8dc02e344 SHA256 333fb0b1b4b12764fb16a93ced43721a781202cf0fcb71c5eed4a4903dca5d5c
-EBUILD texlive-core-2007-r1.ebuild 7279 RMD160 e5e90b4d4e22a51d628118d86a6794d6d64afc4e SHA1 3df58b2da03618b9a76bb734d578be5bc08d4606 SHA256 54cb0f0a3a3f9671344821f9ec8b942339307dfb1bac6c51d11bffd9821f80ea
-MD5 0f61dbc5ce68e0410788741e74b77411 texlive-core-2007-r1.ebuild 7279
-RMD160 e5e90b4d4e22a51d628118d86a6794d6d64afc4e texlive-core-2007-r1.ebuild 7279
-SHA256 54cb0f0a3a3f9671344821f9ec8b942339307dfb1bac6c51d11bffd9821f80ea texlive-core-2007-r1.ebuild 7279
-MISC ChangeLog 2230 RMD160 51d7f8a25911a2a07a10f320f6378c750547f686 SHA1 702cb9626afdaa0e55ea913b33cd01481abe2009 SHA256 39f26ff7e00914f31fc4a9337c4dd3b26d5699d963b00e1128307018776a139c
-MD5 a7c244def60623a6d3b4ddf4d88a0d15 ChangeLog 2230
-RMD160 51d7f8a25911a2a07a10f320f6378c750547f686 ChangeLog 2230
-SHA256 39f26ff7e00914f31fc4a9337c4dd3b26d5699d963b00e1128307018776a139c ChangeLog 2230
+EBUILD texlive-core-2007-r2.ebuild 7399 RMD160 c09b265d6a19978715eff795e5a96ef26facce7c SHA1 677611718182b5854af96b7b4dee706706b1d73c SHA256 a91398cf950a837d1da5072a8da04a56941fe590f0fc5c83be96bc17c4374c20
+MD5 6b2a46ff57cd750f08d388eca486c5e5 texlive-core-2007-r2.ebuild 7399
+RMD160 c09b265d6a19978715eff795e5a96ef26facce7c texlive-core-2007-r2.ebuild 7399
+SHA256 a91398cf950a837d1da5072a8da04a56941fe590f0fc5c83be96bc17c4374c20 texlive-core-2007-r2.ebuild 7399
+MISC ChangeLog 2535 RMD160 9a0a8e2b14834382e5514accc268fc2daf413244 SHA1 021168f9637af40c046ed69eafc714ea7915a098 SHA256 fb2c0dfe8155ae29aebf88029576f4ae25087b703f7ca7195c9988b731614e63
+MD5 917b1cc6f194dab8a27c5c20f613d745 ChangeLog 2535
+RMD160 9a0a8e2b14834382e5514accc268fc2daf413244 ChangeLog 2535
+SHA256 fb2c0dfe8155ae29aebf88029576f4ae25087b703f7ca7195c9988b731614e63 ChangeLog 2535
 MISC metadata.xml 327 RMD160 10186cf048d44753bf4cec722eed45d2ade12316 SHA1 0254321c012da0e8f80aec6f29a0fb5b17675d4d SHA256 e520223493249c261b48f7f7460ed7c262d35383484e730cfefba51fde1195be
 MD5 10ddcc0c6d2a7a76dd92dffa01ca03ca metadata.xml 327
 RMD160 10186cf048d44753bf4cec722eed45d2ade12316 metadata.xml 327
 SHA256 e520223493249c261b48f7f7460ed7c262d35383484e730cfefba51fde1195be metadata.xml 327
-MD5 ce038c7eaf6971f7bb7aa8af4e1992eb files/digest-texlive-core-2007-r1 13910
-RMD160 a35861ced4172658b14517c8880d2a193f876372 files/digest-texlive-core-2007-r1 13910
-SHA256 b5566af1308a9159c3e2bf536780a99f874ed08617817776d3a0b89ec93494f2 files/digest-texlive-core-2007-r1 13910
+MD5 ce038c7eaf6971f7bb7aa8af4e1992eb files/digest-texlive-core-2007-r2 13910
+RMD160 a35861ced4172658b14517c8880d2a193f876372 files/digest-texlive-core-2007-r2 13910
+SHA256 b5566af1308a9159c3e2bf536780a99f874ed08617817776d3a0b89ec93494f2 files/digest-texlive-core-2007-r2 13910
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.7 (GNU/Linux)
 
-iD8DBQFHGzjNvFcC4BYPU0oRAoC4AJ93t8Ys3/SmIFHb7cTlufwuEZJSWACgugDg
-Ls05iWOA/2lc3bkFQBYosxg=
-=FRXV
+iD8DBQFHHEHGvFcC4BYPU0oRAstwAJ4nUhRb1ZSb/CXUQlSZ2ggZJC9RvgCcCDA9
+UoGLj6abWvunVleN3sQroBE=
+=nxcp
 -----END PGP SIGNATURE-----
diff --git a/app-text/texlive-core/files/2007/texlive-core-2007-dvips_bufferoverflow.patch b/app-text/texlive-core/files/2007/texlive-core-2007-dvips_bufferoverflow.patch
new file mode 100644
index 000000000000..3f4732f1a249
--- /dev/null
+++ b/app-text/texlive-core/files/2007/texlive-core-2007-dvips_bufferoverflow.patch
@@ -0,0 +1,87 @@
+hps.c (stamp_external, stamp_hps): protext against long strings.
+    From Bastien Roucaries via Norbert, 21 Oct 2007 13:22:19,
+    Debian bug 447081.
+
+Index: texk/dvipsk/hps.c
+===================================================================
+--- texk/dvipsk/hps.c	(revision 5253)
++++ texk/dvipsk/hps.c	(revision 5254)
+@@ -441,20 +441,29 @@
+ 
+ void stamp_hps P1C(Hps_link *, pl)
+ {
+-  char tmpbuf[200] ;
++  char * tmpbuf;
+   if (pl == NULL) {
+-    error("Null pointer, oh no!") ;
++    error("stamp_hps: null pl pointer, oh no!") ;
+     return ;
+-  } else {
+-    /* print out the proper pdfm with local page info only 
+-     *  target info will be in the target dictionary */
+-    (void)sprintf(tmpbuf, 
+-		  " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
+-		  pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
+-		  pl->color[0], pl->color[1], pl->color[2]) ;
+-    cmdout(tmpbuf) ; 
+-  }
++  } 
++  if(pl->title == NULL) {
++    error("stamp_hps: null pl->title pointer, oh no!") ;
++    return ;
++  } 
++
++  tmpbuf = (char *) xmalloc(strlen(pl->title)+200);
++
++  /* print out the proper pdfm with local page info only 
++   *  target info will be in the target dictionary */
++  (void)sprintf(tmpbuf, 
++		" (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", 
++		pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
++		pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
++		pl->color[0], pl->color[1], pl->color[2]) ;
++  cmdout(tmpbuf) ; 
++  free(tmpbuf);
+   
++  
+ }
+ 
+ /* For external URL's, we just pass them through as a string. The hyperps
+@@ -462,18 +471,27 @@
+  */
+ void stamp_external P2C(char *, s, Hps_link *, pl) 
+ {
+-  char tmpbuf[200];
++  char *tmpbuf;
+   if (pl == NULL) {
+-    error("Null pointer, oh no!") ;
++    error("stamp_external: null pl pointer, oh no!") ;
+     return ;
+-  } else {
+-    /* print out the proper pdfm with local page info only 
+-     *  target info will be in the target dictionary */
+-    (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
+-		  pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
+-		  pl->color[0], pl->color[1], pl->color[2], s) ;
+-    cmdout(tmpbuf) ;
+-  }
++  } 
++
++  if (s == NULL) {
++    error("stamp_external: null s pointer, oh no!") ;
++    return ;
++  } 
++
++  tmpbuf = (char *) xmalloc(strlen(s) + 200);
++
++  /* print out the proper pdfm with local page info only 
++   *  target info will be in the target dictionary */
++  (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ",
++		pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury,
++		pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4],
++		pl->color[0], pl->color[1], pl->color[2], s) ;
++  cmdout(tmpbuf) ;
++  free(tmpbuf);
+ }
+ 
+ void finish_hps P1H(void) {
diff --git a/app-text/texlive-core/files/digest-texlive-core-2007-r1 b/app-text/texlive-core/files/digest-texlive-core-2007-r2
index 4e987019c1ec..4e987019c1ec 100644
--- a/app-text/texlive-core/files/digest-texlive-core-2007-r1
+++ b/app-text/texlive-core/files/digest-texlive-core-2007-r2
diff --git a/app-text/texlive-core/texlive-core-2007-r1.ebuild b/app-text/texlive-core/texlive-core-2007-r2.ebuild
index 4a10dc685c33..287378e5c223 100644
--- a/app-text/texlive-core/texlive-core-2007-r1.ebuild
+++ b/app-text/texlive-core/texlive-core-2007-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/texlive-core/texlive-core-2007-r1.ebuild,v 1.1 2007/10/21 11:32:02 aballier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/texlive-core/texlive-core-2007-r2.ebuild,v 1.1 2007/10/22 06:22:27 aballier Exp $
 
 inherit eutils flag-o-matic toolchain-funcs libtool autotools texlive-common
 
@@ -77,6 +77,9 @@ src_unpack() {
 # supported
 	epatch "${FILESDIR}/${PV}/${P}-icu-xetex-execstacks.patch"
 
+# See http://permalink.gmane.org/gmane.comp.tex.live/14939
+	epatch "${FILESDIR}/${PV}/${P}-dvips_bufferoverflow.patch"
+
 	sed -i -e "/mktexlsr/,+3d" -e "s/\(updmap-sys\)/\1 --nohash/" \
 		Makefile.in || die "sed failed"
author	Alexis Ballier <aballier@gentoo.org>	2007-10-22 06:22:28 +0000
committer	Alexis Ballier <aballier@gentoo.org>	2007-10-22 06:22:28 +0000
commit	e760cb95c042b9781f182846cf5eeb69c3c1df9f (patch)
tree	732d735a63041a471c7eac913ec156ce0831f6eb /app-text
parent	Stable for HPPA (bug #195700). (diff)
download	historical-e760cb95c042b9781f182846cf5eeb69c3c1df9f.tar.gz historical-e760cb95c042b9781f182846cf5eeb69c3c1df9f.tar.bz2 historical-e760cb95c042b9781f182846cf5eeb69c3c1df9f.zip