Security bump; Bug #75801

author: Matsuu Takuto <matsuu@gentoo.org> 2005-01-19 22:48:55 +0000
committer: Matsuu Takuto <matsuu@gentoo.org> 2005-01-19 22:48:55 +0000
commit: 7e296e8ff41312fb4c124a29c0401b82fd0e8f28 (patch)
tree: 0cf1995a410019ac5b87514c2a3286d2da6af9c7 /app-text/cstetex
parent: Version bump for security bug #78712. (diff)
download: historical-7e296e8ff41312fb4c124a29c0401b82fd0e8f28.tar.gz
historical-7e296e8ff41312fb4c124a29c0401b82fd0e8f28.tar.bz2
historical-7e296e8ff41312fb4c124a29c0401b82fd0e8f28.zip
10 files changed, 382 insertions, 2 deletions
diff --git a/app-text/cstetex/ChangeLog b/app-text/cstetex/ChangeLog
index a498ed7cdeb5..91ec90537d7a 100644
--- a/app-text/cstetex/ChangeLog
+++ b/app-text/cstetex/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for app-text/cstetex
 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/cstetex/ChangeLog,v 1.6 2005/01/01 16:07:35 eradicator Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/cstetex/ChangeLog,v 1.7 2005/01/19 22:48:55 matsuu Exp $
+
+*cstetex-2.0.2-r1 (20 Jan 2005)
+
+  20 Jan 2005; MATSUU Takuto <matsuu@gentoo.org> +files/xdvizilla.patch,
+  +files/xpdf-3.00pl2-CAN-2004-1125.patch,
+  +files/xpdf-3.00pl3-CAN-2005-0064.patch,
+  +files/xpdf-CESA-2004-007-xpdf2-newer.diff, +files/xpdf-goo-sizet.patch,
+  +files/xpdf2-underflow.patch, +cstetex-2.0.2-r1.ebuild:
+  Security bump; Bug #75801
 
   14 Aug 2004; Sven Wegener <swegener@gentoo.org> metadata.xml:
   Corrected metadata.xml to match DTD.
diff --git a/app-text/cstetex/Manifest b/app-text/cstetex/Manifest
index cfaa1dac5278..5383c0a7ebde 100644
--- a/app-text/cstetex/Manifest
+++ b/app-text/cstetex/Manifest
@@ -1,5 +1,13 @@
-MD5 998e8f2f3c9eb1e9d771ed41498597aa ChangeLog 803
 MD5 64b7930a686280c76523622d47a7dd52 cstetex-2.0.2.ebuild 1220
+MD5 7a288e978254897f137538f51debdcff ChangeLog 1153
 MD5 d9dc13509a20a79585e3586c5d749c26 metadata.xml 454
+MD5 24db7c61da5157549890ee9f39f32b11 cstetex-2.0.2-r1.ebuild 1736
+MD5 77107ec8ba31c93b0e1bc35a9e4c9c4b files/xdvizilla.patch 912
+MD5 362296e34a1a04a6e5e2a7d9e97547c6 files/xpdf2-underflow.patch 2363
 MD5 fae07756d7cfe6b479ae7346c83514b0 files/cstetex-2.0.2.diff 658
+MD5 4237ab1861c88c20b2301cabd838ca07 files/digest-cstetex-2.0.2-r1 639
+MD5 5d40ba9d885af84bcc917ad17e2bf8e0 files/xpdf-3.00pl2-CAN-2004-1125.patch 1136
+MD5 c32a612ce419b9930ff273cf382558bf files/xpdf-3.00pl3-CAN-2005-0064.patch 346
 MD5 4237ab1861c88c20b2301cabd838ca07 files/digest-cstetex-2.0.2 639
+MD5 2fce5bedd61300fad1566a41f991a782 files/xpdf-goo-sizet.patch 1424
+MD5 87d20c86d1451638e4b7adc2f7ac8067 files/xpdf-CESA-2004-007-xpdf2-newer.diff 2718
diff --git a/app-text/cstetex/cstetex-2.0.2-r1.ebuild b/app-text/cstetex/cstetex-2.0.2-r1.ebuild
new file mode 100644
index 000000000000..5309cb513e99
--- /dev/null
+++ b/app-text/cstetex/cstetex-2.0.2-r1.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/cstetex/cstetex-2.0.2-r1.ebuild,v 1.1 2005/01/19 22:48:55 matsuu Exp $
+
+inherit tetex eutils flag-o-matic
+
+IUSE=""
+DESCRIPTION="a complete TeX distribution with Czech and Slovak support"
+HOMEPAGE="http://math.feld.cvut.cz/olsak/cstex/"
+
+CSTEX="csfonts.tar.gz csplain.tar.gz cslatex.tar.gz cspsfonts.tar.gz csfonts-t1.tar.gz"
+ENCTEX="enctex.tar.gz"
+SRC_URI="${SRC_URI} ftp://math.feld.cvut.cz/pub/olsak/enctex/${ENCTEX}"
+for FILE in ${CSTEX}; do
+	SRC_URI="${SRC_URI} ftp://math.feld.cvut.cz/pub/cstex/base/${FILE}"
+done
+
+KEYWORDS="~x86 ~amd64"
+
+src_unpack() {
+	tetex_src_unpack
+
+	cd ${S}
+	for FILE in ${CSTEX}; do
+		unpack ${FILE}
+	done
+	epatch ${FILESDIR}/${P}.diff
+	cd ${S}/texk/web2c
+	unpack ${ENCTEX}
+	epatch enctex/enctex.patch-to-7.5
+
+	# bug 75801
+	EPATCH_OPTS="-d ${S}/libs/xpdf/xpdf -p0" epatch ${FILESDIR}/xpdf-CESA-2004-007-xpdf2-newer.diff
+	EPATCH_OPTS="-d ${S}/libs/xpdf -p1" epatch ${FILESDIR}/xpdf-goo-sizet.patch
+	EPATCH_OPTS="-d ${S}/libs/xpdf -p1" epatch ${FILESDIR}/xpdf2-underflow.patch
+	EPATCH_OPTS="-d ${S}/libs/xpdf/xpdf -p0" epatch ${FILESDIR}/xpdf-3.00pl2-CAN-2004-1125.patch
+	EPATCH_OPTS="-d ${S}/libs/xpdf/xpdf -p0" epatch ${FILESDIR}/xpdf-3.00pl3-CAN-2005-0064.patch
+	EPATCH_OPTS="-d ${S} -p1" epatch ${FILESDIR}/xdvizilla.patch
+}
+
+src_install() {
+	tetex_src_install
+
+	einfo "Installing Czech files..."
+	dodir /usr/share/texmf/tex/enctex
+	cd ${S}
+	cp -v texk/web2c/enctex/*.tex ${D}/usr/share/texmf/tex/enctex
+}
+
+pkg_postrm() {
+	if [ ! -f ${ROOT}/usr/bin/tex ] ; then
+		for i in cslatex csplain pdfcslatex pdfcsplain; do
+			rm ${ROOT}/usr/bin/$i
+		done
+	fi
+}
diff --git a/app-text/cstetex/files/digest-cstetex-2.0.2-r1 b/app-text/cstetex/files/digest-cstetex-2.0.2-r1
new file mode 100644
index 000000000000..32addaf82ffc
--- /dev/null
+++ b/app-text/cstetex/files/digest-cstetex-2.0.2-r1
@@ -0,0 +1,10 @@
+MD5 a16f6bba227d55e79aeee46fbbd82d28 tetex-src-2.0.2.tar.gz 11745933
+MD5 d3bdb96f9077e43b2115d3cc471743b3 tetex-texmf-2.0.2.tar.gz 52424280
+MD5 40d4b2c5582eccbee4b6ec692c3cc253 tetex-texmfsrc-2.0.2.tar.gz 22909537
+MD5 0a0ba30552331663f496d41b8ca2a299 tetex-2.0.2-gentoo.tar.gz 1704
+MD5 af601a147d5402023c35d0c4745066a8 enctex.tar.gz 379258
+MD5 ef0758d7e263150a39a7ff6376a95df8 csfonts.tar.gz 187106
+MD5 5f0c05f9f0acf2ad2fea79f49335cc77 csplain.tar.gz 55776
+MD5 64947e5b71c100f3d018da9b11d8cee3 cslatex.tar.gz 18310
+MD5 fbcacfb1e8ff234be8fc7fffef0514d6 cspsfonts.tar.gz 122248
+MD5 13004322faea34c3580232fe438e56f5 csfonts-t1.tar.gz 1726183
diff --git a/app-text/cstetex/files/xdvizilla.patch b/app-text/cstetex/files/xdvizilla.patch
new file mode 100644
index 000000000000..bc925280a198
--- /dev/null
+++ b/app-text/cstetex/files/xdvizilla.patch
@@ -0,0 +1,30 @@
+--- tetex-bin-2.0.2/texk/xdvik/xdvizilla	2002-10-12 15:28:50.000000000 +0200
++++ tetex-bin-2.0.2.new/texk/xdvik/xdvizilla	2004-12-23 12:58:35.010332504 +0100
+@@ -33,7 +33,7 @@
+ case "$FILETYPE" in
+ 
+   *"gzip compressed data"*)
+-    FILE=/tmp/xdvizilla$$
++    FILE=`mktemp -t xdvizilla.XXXXXX` || exit 1
+     gunzip -c "$1" > $FILE
+     [ -n "$NO_RM" ] || rm -f -- "$1"
+     NO_RM=
+@@ -41,7 +41,7 @@
+     ;;
+ 
+   *"compressed data"* | *"compress'd data"*)
+-    FILE=/tmp/xdvizilla$$
++    FILE=`mktemp -t xdvizilla.XXXXXX` || exit 1
+     uncompress -c "$1" > $FILE
+     [ -n "$NO_RM" ] || rm -f -- "$1"
+     NO_RM=
+@@ -60,8 +60,7 @@
+ case "$FILETYPE" in
+ 
+   *" tar archive")
+-    TARDIR=/tmp/xdvitar$$
+-    mkdir $TARDIR
++    TARDIR=`mktemp -t -d xdvitar.XXXXXX` || exit 1
+     cat "$FILE" | (cd $TARDIR; tar xf -)
+     DVINAME=`tar tf "$FILE" | grep '\.dvi$' | head -1`
+     [ -n "$NO_RM" ] || rm -f -- "$FILE"
diff --git a/app-text/cstetex/files/xpdf-3.00pl2-CAN-2004-1125.patch b/app-text/cstetex/files/xpdf-3.00pl2-CAN-2004-1125.patch
new file mode 100644
index 000000000000..119de236d50b
--- /dev/null
+++ b/app-text/cstetex/files/xpdf-3.00pl2-CAN-2004-1125.patch
@@ -0,0 +1,37 @@
+*** Gfx.cc.orig	Sun Dec 12 16:04:43 2004
+--- Gfx.cc	Sun Dec 12 16:05:16 2004
+***************
+*** 2654,2660 ****
+      haveMask = gFalse;
+      dict->lookup("Mask", &maskObj);
+      if (maskObj.isArray()) {
+!       for (i = 0; i < maskObj.arrayGetLength(); ++i) {
+  	maskObj.arrayGet(i, &obj1);
+  	maskColors[i] = obj1.getInt();
+  	obj1.free();
+--- 2654,2662 ----
+      haveMask = gFalse;
+      dict->lookup("Mask", &maskObj);
+      if (maskObj.isArray()) {
+!       for (i = 0;
+! 	   i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
+! 	   ++i) {
+  	maskObj.arrayGet(i, &obj1);
+  	maskColors[i] = obj1.getInt();
+  	obj1.free();
+*** GfxState.cc.orig	Sun Dec 12 16:04:48 2004
+--- GfxState.cc	Sun Dec 12 16:06:38 2004
+***************
+*** 708,713 ****
+--- 708,718 ----
+    }
+    nCompsA = obj2.getInt();
+    obj2.free();
++   if (nCompsA > gfxColorMaxComps) {
++     error(-1, "ICCBased color space with too many (%d > %d) components",
++ 	  nCompsA, gfxColorMaxComps);
++     nCompsA = gfxColorMaxComps;
++   }
+    if (dict->lookup("Alternate", &obj2)->isNull() ||
+        !(altA = GfxColorSpace::parse(&obj2))) {
+      switch (nCompsA) {
diff --git a/app-text/cstetex/files/xpdf-3.00pl3-CAN-2005-0064.patch b/app-text/cstetex/files/xpdf-3.00pl3-CAN-2005-0064.patch
new file mode 100644
index 000000000000..d7d2294c8527
--- /dev/null
+++ b/app-text/cstetex/files/xpdf-3.00pl3-CAN-2005-0064.patch
@@ -0,0 +1,14 @@
+*** XRef.cc.orig	Wed Jan 12 17:10:53 2005
+--- XRef.cc	Wed Jan 12 17:11:22 2005
+***************
+*** 793,798 ****
+--- 793,801 ----
+  	} else {
+  	  keyLength = 5;
+  	}
++ 	if (keyLength > 16) {
++ 	  keyLength = 16;
++ 	}
+  	permFlags = permissions.getInt();
+  	if (encVersion >= 1 && encVersion <= 2 &&
+  	    encRevision >= 2 && encRevision <= 3) {
diff --git a/app-text/cstetex/files/xpdf-CESA-2004-007-xpdf2-newer.diff b/app-text/cstetex/files/xpdf-CESA-2004-007-xpdf2-newer.diff
new file mode 100644
index 000000000000..55a24458c9a4
--- /dev/null
+++ b/app-text/cstetex/files/xpdf-CESA-2004-007-xpdf2-newer.diff
@@ -0,0 +1,78 @@
+--- XRef.cc.orig	2004-09-17 23:54:38.000000000 -0700
++++ XRef.cc	2004-09-25 17:59:36.000000000 -0700
+@@ -76,6 +76,12 @@
+ 
+   // trailer is ok - read the xref table
+   } else {
++    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++      error(-1, "Invalid 'size' inside xref table.");
++      ok = gFalse;
++      errCode = errDamaged;
++      return;
++    }
+     entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry));
+     for (i = 0; i < size; ++i) {
+       entries[i].offset = 0xffffffff;
+@@ -267,6 +273,10 @@
+     // table size
+     if (first + n > size) {
+       newSize = size + 256;
++      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++        error(-1, "Invalid 'newSize'");
++        goto err2;
++      }
+       entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry));
+       for (i = size; i < newSize; ++i) {
+ 	entries[i].offset = 0xffffffff;
+@@ -410,6 +420,10 @@
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
++	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	          error(-1, "Invalid 'obj' parameters.");
++	          return gFalse;
++	        }
+ 		entries = (XRefEntry *)
+ 		            grealloc(entries, newSize * sizeof(XRefEntry));
+ 		for (i = size; i < newSize; ++i) {
+@@ -431,6 +445,11 @@
+     } else if (!strncmp(p, "endstream", 9)) {
+       if (streamEndsLen == streamEndsSize) {
+ 	streamEndsSize += 64;
++        if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) {
++          error(-1, "Invalid 'endstream' parameter.");
++          return gFalse;
++        }
++
+ 	streamEnds = (Guint *)grealloc(streamEnds,
+ 				       streamEndsSize * sizeof(int));
+       }
+--- Catalog.cc.orig	2004-10-18 16:26:39.388666476 +0200
++++ Catalog.cc	2004-10-18 16:27:28.004749073 +0200
+@@ -62,6 +62,12 @@
+   }
+   pagesSize = numPages0 = obj.getInt();
+   obj.free();
++  if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
++      pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++    error(-1, "Invalid 'pagesSize'");
++    ok = gFalse;
++    return;
++  }
+   pages = (Page **)gmalloc(pagesSize * sizeof(Page *));
+   pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref));
+   for (i = 0; i < pagesSize; ++i) {
+@@ -186,6 +192,11 @@
+       }
+       if (start >= pagesSize) {
+ 	pagesSize += 32;
++        if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
++            pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++          error(-1, "Invalid 'pagesSize' parameter.");
++          goto err3;
++        }
+ 	pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *));
+ 	pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref));
+ 	for (j = pagesSize - 32; j < pagesSize; ++j) {
+
+
diff --git a/app-text/cstetex/files/xpdf-goo-sizet.patch b/app-text/cstetex/files/xpdf-goo-sizet.patch
new file mode 100644
index 000000000000..5d90c5120bd4
--- /dev/null
+++ b/app-text/cstetex/files/xpdf-goo-sizet.patch
@@ -0,0 +1,57 @@
+diff -ru xpdf-2.02pl1/goo/gmem.c xpdf-2.02pl1/goo/gmem.c
+--- xpdf-2.02pl1/goo/gmem.c	2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.c	2004-10-29 15:13:34.866919791 +0200
+@@ -53,9 +53,9 @@
+ 
+ #endif /* DEBUG_MEM */
+ 
+-void *gmalloc(int size) {
++void *gmalloc(size_t size) {
+ #ifdef DEBUG_MEM
+-  int size1;
++  size_t size1;
+   char *mem;
+   GMemHdr *hdr;
+   void *data;
+@@ -94,11 +94,11 @@
+ #endif
+ }
+ 
+-void *grealloc(void *p, int size) {
++void *grealloc(void *p, size_t size) {
+ #ifdef DEBUG_MEM
+   GMemHdr *hdr;
+   void *q;
+-  int oldSize;
++  size_t oldSize;
+ 
+   if (size == 0) {
+     if (p)
+@@ -137,7 +137,7 @@
+ 
+ void gfree(void *p) {
+ #ifdef DEBUG_MEM
+-  int size;
++  size_t size;
+   GMemHdr *hdr;
+   GMemHdr *prevHdr, *q;
+   int lst;
+diff -ru xpdf-2.02pl1/goo/gmem.h xpdf-2.02pl1/goo/gmem.h
+--- xpdf-2.02pl1/goo/gmem.h	2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.h	2004-10-29 15:13:50.864027201 +0200
+@@ -19,13 +19,13 @@
+  * Same as malloc, but prints error message and exits if malloc()
+  * returns NULL.
+  */
+-extern void *gmalloc(int size);
++extern void *gmalloc(size_t size);
+ 
+ /*
+  * Same as realloc, but prints error message and exits if realloc()
+  * returns NULL.  If <p> is NULL, calls malloc instead of realloc().
+  */
+-extern void *grealloc(void *p, int size);
++extern void *grealloc(void *p, size_t size);
+ 
+ /*
+  * Same as free, but checks for and ignores NULL pointers.
diff --git a/app-text/cstetex/files/xpdf2-underflow.patch b/app-text/cstetex/files/xpdf2-underflow.patch
new file mode 100644
index 000000000000..9371be84352e
--- /dev/null
+++ b/app-text/cstetex/files/xpdf2-underflow.patch
@@ -0,0 +1,81 @@
+diff -ru xpdf-2.02pl1/xpdf/XRef.cc xpdf-2.02pl1/xpdf/XRef.cc
+--- xpdf-2.02pl1/xpdf/XRef.cc	2004-10-29 15:16:45.790089001 +0200
++++ xpdf-2.02pl1/xpdf/XRef.cc	2004-10-29 15:11:54.132168025 +0200
+@@ -66,6 +66,8 @@
+   start = str->getStart();
+   pos = readTrailer();
+ 
++  entries = NULL;
++
+   // if there was a problem with the trailer,
+   // try to reconstruct the xref table
+   if (pos == 0) {
+@@ -76,7 +78,7 @@
+ 
+   // trailer is ok - read the xref table
+   } else {
+-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++    if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {
+       error(-1, "Invalid 'size' inside xref table.");
+       ok = gFalse;
+       errCode = errDamaged;
+@@ -181,7 +183,7 @@
+     n = atoi(p);
+     while ('0' <= *p && *p <= '9') ++p;
+     while (isspace(*p)) ++p;
+-    if (p == buf)
++    if ((p == buf) || (n < 0)) /* must make progress */
+       return 0;
+     pos1 += (p - buf) + n * 20;
+   }
+@@ -255,6 +257,10 @@
+     }
+     s[i] = '\0';
+     first = atoi(s);
++    if (first < 0) {
++        error(-1, "Invalid 'first'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -266,6 +272,10 @@
+     }
+     s[i] = '\0';
+     n = atoi(s);
++    if (n<=0) {
++        error(-1, "Invalid 'n'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -273,7 +283,7 @@
+     // table size
+     if (first + n > size) {
+       newSize = size + 256;
+-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++      if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+         error(-1, "Invalid 'newSize'");
+         goto err2;
+       }
+@@ -406,6 +416,10 @@
+     // look for object
+     } else if (isdigit(*p)) {
+       num = atoi(p);
++      if (num < 0) {
++	error(-1, "Invalid 'num' parameters.");
++	return gFalse;
++      }
+       do {
+ 	++p;
+       } while (*p && isdigit(*p));
+@@ -425,7 +439,7 @@
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
+-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	        if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+ 	          error(-1, "Invalid 'obj' parameters.");
+ 	          return gFalse;
+ 	        }
author	Matsuu Takuto <matsuu@gentoo.org>	2005-01-19 22:48:55 +0000
committer	Matsuu Takuto <matsuu@gentoo.org>	2005-01-19 22:48:55 +0000
commit	7e296e8ff41312fb4c124a29c0401b82fd0e8f28 (patch)
tree	0cf1995a410019ac5b87514c2a3286d2da6af9c7 /app-text/cstetex
parent	Version bump for security bug #78712. (diff)
download	historical-7e296e8ff41312fb4c124a29c0401b82fd0e8f28.tar.gz historical-7e296e8ff41312fb4c124a29c0401b82fd0e8f28.tar.bz2 historical-7e296e8ff41312fb4c124a29c0401b82fd0e8f28.zip