Pullup ticket #3084 - requested by minskim print/dvipsk: security patch Revisions pulled up: - print/dvipsk/Makefile 1.5 - print/dvipsk/distinfo 1.4 - print/dvipsk/patches/patch-ab 1.3 --- Module Name: pkgsrc Committed By: minskim Date: Tue Apr 20 17:07:28 UTC 2010 Modified Files: pkgsrc/print/dvipsk: Makefile distinfo Added Files: pkgsrc/print/dvipsk/patches: patch-ab Log Message: Avoid integer overflow (CVE-2010-0739). Patch from TeX Live repository (Revision 17559).diff -r1.4 -r1.4.2.1 pkgsrc/print/dvipsk/Makefile
(tron)
@@ -1,17 +1,18 @@ | @@ -1,17 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.4 2010/01/16 03:47:31 minskim Exp $ | 1 | # $NetBSD: Makefile,v 1.4.2.1 2010/04/20 21:26:19 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= texlive-20091011-source | 3 | DISTNAME= texlive-20091011-source | |
4 | PKGNAME= dvipsk-5.98 | 4 | PKGNAME= dvipsk-5.98 | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= print | 6 | CATEGORIES= print | |
6 | MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/} | 7 | MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/} | |
7 | EXTRACT_SUFX= .tar.xz | 8 | EXTRACT_SUFX= .tar.xz | |
8 | 9 | |||
9 | MAINTAINER= minskim@NetBSD.org | 10 | MAINTAINER= minskim@NetBSD.org | |
10 | HOMEPAGE= http://www.radicaleye.com/dvips.html | 11 | HOMEPAGE= http://www.radicaleye.com/dvips.html | |
11 | COMMENT= DVI-to-PostScript translator | 12 | COMMENT= DVI-to-PostScript translator | |
12 | 13 | |||
13 | CONFLICTS+= teTeX-bin<3.0nb24 | 14 | CONFLICTS+= teTeX-bin<3.0nb24 | |
14 | CONFLICTS+= teTeX-texmf<3.0nb9 | 15 | CONFLICTS+= teTeX-texmf<3.0nb9 | |
15 | BUILD_DEPENDS+= texlive-tetex-[0-9]*:../../print/texlive-tetex | 16 | BUILD_DEPENDS+= texlive-tetex-[0-9]*:../../print/texlive-tetex | |
16 | DEPENDS+= tex-dvips>=2009.16376:../../print/tex-dvips | 17 | DEPENDS+= tex-dvips>=2009.16376:../../print/tex-dvips | |
17 | 18 |
@@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.3 2010/01/16 03:47:31 minskim Exp $ | 1 | $NetBSD: distinfo,v 1.3.2.1 2010/04/20 21:26:19 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d | 3 | SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d | |
4 | RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9 | 4 | RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9 | |
5 | Size (texlive-20091011-source.tar.xz) = 29683728 bytes | 5 | Size (texlive-20091011-source.tar.xz) = 29683728 bytes | |
6 | SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf | 6 | SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf | |
7 | SHA1 (patch-ab) = 4acf55b8027b9b2edc64c01568d3c22b50b7eafa |
$NetBSD: patch-ab,v 1.3.2.2 2010/04/20 21:26:19 tron Exp $
--- dospecial.c.orig 2009-06-23 09:46:14.000000000 +0000
+++ dospecial.c
@@ -334,6 +334,12 @@ predospecial(integer numbytes, Boolean s
static int omega_specials = 0;
if (nextstring + numbytes > maxstring) {
+ if (numbytes < 0
+ || (numbytes > 0 && 2 > INT_MAX / numbytes)
+ || 2 * numbytes > 1000 + 2 * numbytes) {
+ error("! Integer overflow in predospecial");
+ exit(1);
+ }
p = nextstring = mymalloc(1000 + 2 * numbytes) ;
maxstring = nextstring + 2 * numbytes + 700 ;
}