rpms/tetex/F-7 tetex-3.0-CVE-2007-4033.patch, NONE, 1.1 tetex-3.0-CVE-2007-5393.patch, NONE, 1.1 tetex-3.0-xdvi-maxchar.patch, NONE, 1.1 tetex.spec, 1.112, 1.113
Jindrich Novy (jnovy)
fedora-extras-commits at redhat.com
Thu Nov 8 12:27:36 UTC 2007
- Previous message: rpms/compat-wxGTK26/devel wxGTK-2.6.4-config-script.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 compat-wxGTK26.spec, 1.11, 1.12 sources, 1.2, 1.3 wxGTK-2.6.3-config-script.patch, 1.1, NONE wxGTK-2.6.3.2-cvs.patch, 1.1, NONE
- Next message: rpms/compat-wxGTK26/F-8 wxGTK-2.6.4-config-script.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 compat-wxGTK26.spec, 1.9, 1.10 sources, 1.2, 1.3 wxGTK-2.6.3.2-cvs.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/extras/rpms/tetex/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31459
Modified Files:
tetex.spec
Added Files:
tetex-3.0-CVE-2007-4033.patch tetex-3.0-CVE-2007-5393.patch
tetex-3.0-xdvi-maxchar.patch
Log Message:
- fix t1lib flaw CVE-2007-4033 (#352271)
- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
- xdvi won't segfault if DVI file contains character which
is not present in font (#243630)
- enable compilation with ccache
tetex-3.0-CVE-2007-4033.patch:
--- NEW FILE tetex-3.0-CVE-2007-4033.patch ---
diff -up tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 tetex-src-3.0/libs/t1lib/t1env.c
--- tetex-src-3.0/libs/t1lib/t1env.c.CVE-2007-4033 2004-01-27 23:26:31.000000000 +0100
+++ tetex-src-3.0/libs/t1lib/t1env.c 2007-11-02 12:48:20.000000000 +0100
@@ -568,6 +568,12 @@ char *intT1_Env_GetCompletePath( char *F
#endif
strcat( pathbuf, DIRECTORY_SEP);
/* And finally the filename: */
+ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
+ let's try next pathbuf */
+ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
+ i++;
+ continue;
+ }
strcat( pathbuf, StrippedName);
/* Check for existence of the path: */
tetex-3.0-CVE-2007-5393.patch:
--- NEW FILE tetex-3.0-CVE-2007-5393.patch ---
diff -up tetex-src-3.0/libs/xpdf/xpdf/Stream.h.CVE-2007-5393 tetex-src-3.0/libs/xpdf/xpdf/Stream.h
--- tetex-src-3.0/libs/xpdf/xpdf/Stream.h.CVE-2007-5393 2007-11-01 13:38:05.000000000 +0100
+++ tetex-src-3.0/libs/xpdf/xpdf/Stream.h 2007-11-01 13:38:05.000000000 +0100
@@ -523,13 +523,15 @@ private:
int row; // current row
int inputBuf; // input buffer
int inputBits; // number of bits in input buffer
- short *refLine; // reference line changing elements
- int b1; // index into refLine
- short *codingLine; // coding line changing elements
- int a0; // index into codingLine
+ int *refLine; // reference line changing elements
+ int *codingLine; // coding line changing elements
+ int a0i; // index into codingLine
+ GBool err; // error on current line
int outputBits; // remaining ouput bits
int buf; // character buffer
+ void addPixels(int a1, int black);
+ void addPixelsNeg(int a1, int black);
short getTwoDimCode();
short getWhiteCode();
short getBlackCode();
diff -up tetex-src-3.0/libs/xpdf/xpdf/Stream.cc.CVE-2007-5393 tetex-src-3.0/libs/xpdf/xpdf/Stream.cc
--- tetex-src-3.0/libs/xpdf/xpdf/Stream.cc.CVE-2007-5393 2007-11-01 13:38:05.000000000 +0100
+++ tetex-src-3.0/libs/xpdf/xpdf/Stream.cc 2007-11-01 14:00:13.000000000 +0100
@@ -1291,16 +1291,24 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
rows = rowsA;
endOfBlock = endOfBlockA;
black = blackA;
- refLine = (short *)gmalloc((columns + 3) * sizeof(short));
- codingLine = (short *)gmalloc((columns + 2) * sizeof(short));
+ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns
+ // ---> max codingLine size = columns + 1
+ // refLine has one extra guard entry at the end
+ // ---> max refLine size = columns + 2
+ if (columns + 2 <= 0 || sizeof(int) >= INT_MAX / (columns + 2)) {
+ fprintf(stderr, "Bogus memory allocation size\n");
+ exit(1);
+ }
+ codingLine = (int *)gmalloc((columns + 1) * sizeof(int));
+ refLine = (int *)gmalloc((columns + 2) * sizeof(int));
eof = gFalse;
row = 0;
nextLine2D = encoding < 0;
inputBits = 0;
- codingLine[0] = 0;
- codingLine[1] = refLine[2] = columns;
- a0 = 1;
+ codingLine[0] = columns;
+ a0i = 0;
+ outputBits = 0;
buf = EOF;
}
@@ -1320,8 +1328,9 @@ void CCITTFaxStream::reset() {
nextLine2D = encoding < 0;
inputBits = 0;
codingLine[0] = 0;
- codingLine[1] = refLine[2] = columns;
- a0 = 1;
+ codingLine[1] = columns;
+ a0i = 1;
+ outputBits = 0;
buf = EOF;
// skip any initial zero bits and end-of-line marker, and get the 2D
@@ -1338,159 +1347,228 @@ void CCITTFaxStream::reset() {
}
}
+inline void CCITTFaxStream::addPixels(int a1, int blackPixels) {
+ if (a1 > codingLine[a0i]) {
+ if (a1 > columns) {
+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+ err = gTrue;
+ a1 = columns;
+ }
+ if ((a0i & 1) ^ blackPixels) {
+ ++a0i;
+ }
+ codingLine[a0i] = a1;
+ }
+}
+
+inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) {
+ if (a1 > codingLine[a0i]) {
+ if (a1 > columns) {
+ error(getPos(), "CCITTFax row is wrong length (%d)", a1);
+ err = gTrue;
+ a1 = columns;
+ }
+ if ((a0i & 1) ^ blackPixels) {
+ ++a0i;
+ }
+ codingLine[a0i] = a1;
+ } else if (a1 < codingLine[a0i]) {
+ if (a1 < 0) {
+ error(getPos(), "Invalid CCITTFax code");
+ err = gTrue;
+ a1 = 0;
+ }
+ while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
+ --a0i;
+ }
+ codingLine[a0i] = a1;
+ }
+}
+
int CCITTFaxStream::lookChar() {
short code1, code2, code3;
- int a0New;
- GBool err, gotEOL;
- int ret;
- int bits, i;
+ int b1i, blackPixels, i, bits;
+ GBool gotEOL;
- // if at eof just return EOF
- if (eof && codingLine[a0] >= columns) {
- return EOF;
+ if (buf != EOF) {
+ return buf;
}
-
+
// read the next row
- err = gFalse;
- if (codingLine[a0] >= columns) {
+ if (outputBits == 0) {
+
+ // it at oef just return EOF
+ if (eof) {
+ return EOF;
+ }
+
+ err = gFalse;
// 2-D encoding
if (nextLine2D) {
for (i = 0; codingLine[i] < columns; ++i)
refLine[i] = codingLine[i];
- refLine[i] = refLine[i + 1] = columns;
- b1 = 1;
- a0New = codingLine[a0 = 0] = 0;
- do {
+ refLine[i++] = columns;
+ refLine[i] = columns;
+ codingLine[0] = 0;
+ a0i = 0;
+ b1i = 0;
+ blackPixels = 0;
+ // invariant:
+ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1]
+ // <= columns
+ // exception at left edge:
+ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible
+ // exception at right edge:
+ // refLine[b1i] = refLine[b1i+1] = columns is possible
+ while (codingLine[a0i] < columns) {
code1 = getTwoDimCode();
switch (code1) {
case twoDimPass:
- if (refLine[b1] < columns) {
- a0New = refLine[b1 + 1];
- b1 += 2;
+ addPixels(refLine[b1i + 1], blackPixels);
+ if (refLine[b1i + 1] < columns) {
+ b1i += 2;
}
break;
case twoDimHoriz:
- if ((a0 & 1) == 0) {
- code1 = code2 = 0;
- do {
- code1 += code3 = getWhiteCode();
+ code1 = code2 = 0;
+ if (blackPixels) {
+ do {
+ code1 += code3 = getBlackCode();
} while (code3 >= 64);
do {
- code2 += code3 = getBlackCode();
+ code2 += code3 = getWhiteCode();
} while (code3 >= 64);
} else {
- code1 = code2 = 0;
do {
- code1 += code3 = getBlackCode();
+ code1 += code3 = getWhiteCode();
} while (code3 >= 64);
do {
- code2 += code3 = getWhiteCode();
+ code2 += code3 = getBlackCode();
} while (code3 >= 64);
}
- if (code1 > 0 || code2 > 0) {
- codingLine[a0 + 1] = a0New + code1;
- ++a0;
- a0New = codingLine[a0 + 1] = codingLine[a0] + code2;
- ++a0;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ addPixels(codingLine[a0i] + code1, blackPixels);
+ if (codingLine[a0i] < columns) {
+ addPixels(codingLine[a0i] + code2, blackPixels ^ 1);
}
- break;
- case twoDimVert0:
- a0New = codingLine[++a0] = refLine[b1];
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
+ case twoDimVertR3:
+ addPixels(refLine[b1i] + 3, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
+ case twoDimVertR2:
+ addPixels(refLine[b1i] + 2, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
+ }
+ break;
case twoDimVertR1:
- a0New = codingLine[++a0] = refLine[b1] + 1;
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ addPixels(refLine[b1i] + 1, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertL1:
- a0New = codingLine[++a0] = refLine[b1] - 1;
- --b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVert0:
+ addPixels(refLine[b1i], blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ ++b1i;
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
+ }
break;
- case twoDimVertR2:
- a0New = codingLine[++a0] = refLine[b1] + 2;
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertL3:
+ addPixelsNeg(refLine[b1i] - 3, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ if (b1i > 0) {
+ --b1i;
+ } else {
+ ++b1i;
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
case twoDimVertL2:
- a0New = codingLine[++a0] = refLine[b1] - 2;
- --b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
- break;
- case twoDimVertR3:
- a0New = codingLine[++a0] = refLine[b1] + 3;
- if (refLine[b1] < columns) {
- ++b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ addPixelsNeg(refLine[b1i] - 2, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ if (b1i > 0) {
+ --b1i;
+ } else {
+ ++b1i;
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
}
break;
- case twoDimVertL3:
- a0New = codingLine[++a0] = refLine[b1] - 3;
- --b1;
- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns)
- b1 += 2;
+ case twoDimVertL1:
+ addPixelsNeg(refLine[b1i] - 1, blackPixels);
+ blackPixels ^= 1;
+ if (codingLine[a0i] < columns) {
+ if (b1i > 0) {
+ --b1i;
+ } else {
+ ++b1i;
+ }
+ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) {
+ b1i += 2;
+ }
+ }
break;
case EOF:
+ addPixels(columns, 0);
eof = gTrue;
- codingLine[a0 = 0] = columns;
- return EOF;
+ break;
default:
error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1);
+ addPixels(columns, 0);
err = gTrue;
break;
}
- } while (codingLine[a0] < columns);
+ } while (codingLine[a0i] < columns);
// 1-D encoding
} else {
- codingLine[a0 = 0] = 0;
- while (1) {
+ codingLine[0] = 0;
+ a0i = 0;
+ blackPixels = 0;
+ while (codingLine[a0i] < columns) {
code1 = 0;
- do {
- code1 += code3 = getWhiteCode();
- } while (code3 >= 64);
- codingLine[a0+1] = codingLine[a0] + code1;
- ++a0;
- if (codingLine[a0] >= columns)
- break;
- code2 = 0;
- do {
- code2 += code3 = getBlackCode();
- } while (code3 >= 64);
- codingLine[a0+1] = codingLine[a0] + code2;
- ++a0;
- if (codingLine[a0] >= columns)
- break;
+ if (blackPixels) {
+ do {
+ code1 += code3 = getBlackCode();
+ } while (code3 >= 64);
+ } else {
+ do {
+ code1 += code3 = getWhiteCode();
+ } while (code3 >= 64);
+ }
+ addPixels(codingLine[a0i] + code1, blackPixels);
+ blackPixels ^= 1;
}
}
- if (codingLine[a0] != columns) {
- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]);
- // force the row to be the correct length
- while (codingLine[a0] > columns) {
- --a0;
- }
- codingLine[++a0] = columns;
- err = gTrue;
- }
-
// byte-align the row
if (byteAlign) {
inputBits &= ~7;
@@ -1564,11 +1642,11 @@ int CCITTFaxStream::lookChar() {
}
}
- a0 = 0;
- outputBits = codingLine[1] - codingLine[0];
- if (outputBits == 0) {
- a0 = 1;
- outputBits = codingLine[2] - codingLine[1];
+ // set up for output
+ if (codingLine[0] > 0) {
+ outputBits = codingLine[a0i = 0];
+ } else {
+ outputBits = codingLine[a0i = 1];
}
++row;
@@ -1576,39 +1654,43 @@ int CCITTFaxStream::lookChar() {
// get a byte
if (outputBits >= 8) {
- ret = ((a0 & 1) == 0) ? 0xff : 0x00;
- if ((outputBits -= 8) == 0) {
- ++a0;
- if (codingLine[a0] < columns) {
- outputBits = codingLine[a0 + 1] - codingLine[a0];
- }
+ buf = (a0i & 1) ? 0x00 : 0xff;
+ outputBits -= 8;
+ if (outputBits == 0 && codingLine[a0i] < columns) {
+ ++a0i;
+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
}
} else {
bits = 8;
- ret = 0;
+ buf = 0;
do {
if (outputBits > bits) {
- i = bits;
- bits = 0;
- if ((a0 & 1) == 0) {
- ret |= 0xff >> (8 - i);
+ buf <<= bits;
+ if (!(a0i & 1)) {
+ buf |= 0xff >> (8 - bits);
}
- outputBits -= i;
+ outputBits -= bits;
+ bits = 0;
} else {
- i = outputBits;
- bits -= outputBits;
- if ((a0 & 1) == 0) {
- ret |= (0xff >> (8 - i)) << bits;
+ buf <<= outputBits;
+ if (!(a0i & 1)) {
+ buf |= 0xff >> (8 - outputBits);
}
+ bits -= outputBits;
outputBits = 0;
- ++a0;
- if (codingLine[a0] < columns) {
- outputBits = codingLine[a0 + 1] - codingLine[a0];
+ if (codingLine[a0i] < columns) {
+ ++a0i;
+ outputBits = codingLine[a0i] - codingLine[a0i - 1];
+ } else if (bits > 0) {
+ buf <<= bits;
+ bits = 0;
}
}
- } while (bits > 0 && codingLine[a0] < columns);
+ } while (bits);
+ }
+ if (black) {
+ buf ^= 0xff;
}
- buf = black ? (ret ^ 0xff) : ret;
return buf;
}
@@ -1650,6 +1732,9 @@ short CCITTFaxStream::getWhiteCode() {
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(12);
+ if (code == EOF) {
+ return 1;
+ }
if ((code >> 5) == 0) {
p = &whiteTab1[code];
} else {
@@ -1662,6 +1747,9 @@ short CCITTFaxStream::getWhiteCode() {
} else {
for (n = 1; n <= 9; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 9) {
code <<= 9 - n;
}
@@ -1673,6 +1761,9 @@ short CCITTFaxStream::getWhiteCode() {
}
for (n = 11; n <= 12; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 12) {
code <<= 12 - n;
}
@@ -1698,9 +1789,12 @@ short CCITTFaxStream::getBlackCode() {
code = 0; // make gcc happy
if (endOfBlock) {
code = lookBits(13);
+ if (code == EOF) {
+ return 1;
+ }
if ((code >> 7) == 0) {
p = &blackTab1[code];
- } else if ((code >> 9) == 0) {
+ } else if ((code >> 9) == 0 && (code >> 7) != 0) {
p = &blackTab2[(code >> 1) - 64];
} else {
p = &blackTab3[code >> 7];
@@ -1712,6 +1806,9 @@ short CCITTFaxStream::getBlackCode() {
} else {
for (n = 2; n <= 6; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 6) {
code <<= 6 - n;
}
@@ -1723,6 +1820,9 @@ short CCITTFaxStream::getBlackCode() {
}
for (n = 7; n <= 12; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 12) {
code <<= 12 - n;
}
@@ -1736,6 +1836,9 @@ short CCITTFaxStream::getBlackCode() {
}
for (n = 10; n <= 13; ++n) {
code = lookBits(n);
+ if (code == EOF) {
+ return 1;
+ }
if (n < 13) {
code <<= 13 - n;
}
@@ -1962,6 +2065,12 @@ void DCTStream::reset() {
// allocate a buffer for the whole image
bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
+ if (bufWidth <= 0 || bufHeight <= 0 ||
+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
+ error(getPos(), "Invalid image size in DCT stream");
+ y = height;
+ return;
+ }
for (i = 0; i < numComps; ++i) {
frameBuf[i] = (int *)gmalloc(bufWidth * bufHeight * sizeof(int));
memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
@@ -3015,6 +3124,11 @@ GBool DCTStream::readScanInfo() {
}
scanInfo.firstCoeff = str->getChar();
scanInfo.lastCoeff = str->getChar();
+ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 ||
+ scanInfo.firstCoeff > scanInfo.lastCoeff) {
+ error(getPos(), "Bad DCT coefficient numbers in scan info block");
+ return gFalse;
+ }
c = str->getChar();
scanInfo.ah = (c >> 4) & 0x0f;
scanInfo.al = c & 0x0f;
tetex-3.0-xdvi-maxchar.patch:
--- NEW FILE tetex-3.0-xdvi-maxchar.patch ---
diff -up tetex-src-3.0/texk/xdvik/dvi-draw.c.maxchar tetex-src-3.0/texk/xdvik/dvi-draw.c
--- tetex-src-3.0/texk/xdvik/dvi-draw.c.maxchar 2004-11-30 01:45:11.000000000 +0100
+++ tetex-src-3.0/texk/xdvik/dvi-draw.c 2007-10-16 13:57:25.000000000 +0200
@@ -5906,6 +5906,8 @@ get_t1_glyph(
t1libid, currinf.fontp->scale,
size, currwin.shrinkfactor));
+ if (ch > maxchar)
+ return NULL;
/* Check if the glyph already has been rendered */
if ((g = &currinf.fontp->glyph[ch])->bitmap.bits == NULL) {
int bitmapbytes;
Index: tetex.spec
===================================================================
RCS file: /cvs/extras/rpms/tetex/F-7/tetex.spec,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- tetex.spec 10 Aug 2007 12:50:34 -0000 1.112
+++ tetex.spec 8 Nov 2007 12:27:03 -0000 1.113
@@ -11,7 +11,7 @@
Summary: The TeX text formatting system.
Name: tetex
Version: 3.0
-Release: 40.1%{?dist}
+Release: 40.2%{?dist}
License: distributable
Group: Applications/Publishing
Requires: tmpwatch, dialog, ed
@@ -90,6 +90,9 @@
Patch23: tetex-3.0-footfix.patch
Patch24: tetex-3.0-CVE-2007-0650.patch
Patch25: tetex-3.0-CVE-2007-3387.patch
+Patch26: tetex-3.0-xdvi-maxchar.patch
+Patch27: tetex-3.0-CVE-2007-4033.patch
+Patch28: tetex-3.0-CVE-2007-5393.patch
######
# Japanization patches
@@ -313,6 +316,12 @@
%patch24 -p1 -b .CVE-2007-0650
# fix xpdf integer overflow CVE-2007-3387 (#248194)
%patch25 -p1 -b .CVE-2007-3387
+# xdvi won't segfault when DVI file contains characters not present in font (#243630)
+%patch26 -p1 -b .maxchar
+# fix t1lib flaw CVE-2007-4033 (#352271)
+%patch27 -p1 -b .CVE-2007-4033
+# fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
+%patch28 -p1 -b .CVE-2007-5393
%if %{enable_japanese}
mkdir texmf/ptex-texmf
@@ -406,6 +415,8 @@
%build
set -x
+# define CCACHE_DIR to let the build pass with ccache enabled.
+export CCACHE_DIR=$HOME/.ccache
unset TEXINPUTS || :
unset HOME || :
@@ -465,6 +476,7 @@
%endif
%install
+export CCACHE_DIR=$HOME/.ccache
unset TEXINPUTS || :
unset HOME || :
rm -rf ${RPM_BUILD_ROOT}
@@ -865,6 +877,13 @@
%defattr(-,root,root)
%changelog
+* Thu Nov 8 2007 Jindrich Novy <jnovy at redhat.com> 3.0-40.2
+- fix t1lib flaw CVE-2007-4033 (#352271)
+- fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121)
+- xdvi won't segfault if DVI file contains character which
+ is not present in font (#243630)
+- enable compilation with ccache
+
* Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-40.1
- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251514)
- don't mess up file contexts while running texhash (#235032)
- Previous message: rpms/compat-wxGTK26/devel wxGTK-2.6.4-config-script.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 compat-wxGTK26.spec, 1.11, 1.12 sources, 1.2, 1.3 wxGTK-2.6.3-config-script.patch, 1.1, NONE wxGTK-2.6.3.2-cvs.patch, 1.1, NONE
- Next message: rpms/compat-wxGTK26/F-8 wxGTK-2.6.4-config-script.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 compat-wxGTK26.spec, 1.9, 1.10 sources, 1.2, 1.3 wxGTK-2.6.3.2-cvs.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list