Tue Apr 20 21:26:20 2010 UTC ()
Pullup ticket #3084 - requested by minskim
print/dvipsk: security patch

Revisions pulled up:
- print/dvipsk/Makefile				1.5
- print/dvipsk/distinfo				1.4
- print/dvipsk/patches/patch-ab			1.3
---
Module Name:    pkgsrc
Committed By:   minskim
Date:           Tue Apr 20 17:07:28 UTC 2010

Modified Files:
        pkgsrc/print/dvipsk: Makefile distinfo
Added Files:
        pkgsrc/print/dvipsk/patches: patch-ab

Log Message:
Avoid integer overflow (CVE-2010-0739).

Patch from TeX Live repository (Revision 17559).


(tron)
diff -r1.4 -r1.4.2.1 pkgsrc/print/dvipsk/Makefile
diff -r1.3 -r1.3.2.1 pkgsrc/print/dvipsk/distinfo
diff -r0 -r1.3.2.2 pkgsrc/print/dvipsk/patches/patch-ab
cvs diff -r1.4 -r1.4.2.1 pkgsrc/print/dvipsk/Makefile (expand / switch to unified diff)

--- pkgsrc/print/dvipsk/Makefile 2010/01/16 03:47:31 1.4
+++ pkgsrc/print/dvipsk/Makefile 2010/04/20 21:26:19 1.4.2.1
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.4 2010/01/16 03:47:31 minskim Exp $ 1# $NetBSD: Makefile,v 1.4.2.1 2010/04/20 21:26:19 tron Exp $
2 2
3DISTNAME= texlive-20091011-source 3DISTNAME= texlive-20091011-source
4PKGNAME= dvipsk-5.98 4PKGNAME= dvipsk-5.98
 5PKGREVISION= 1
5CATEGORIES= print 6CATEGORIES= print
6MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/} 7MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/}
7EXTRACT_SUFX= .tar.xz 8EXTRACT_SUFX= .tar.xz
8 9
9MAINTAINER= minskim@NetBSD.org 10MAINTAINER= minskim@NetBSD.org
10HOMEPAGE= http://www.radicaleye.com/dvips.html 11HOMEPAGE= http://www.radicaleye.com/dvips.html
11COMMENT= DVI-to-PostScript translator 12COMMENT= DVI-to-PostScript translator
12 13
13CONFLICTS+= teTeX-bin<3.0nb24 14CONFLICTS+= teTeX-bin<3.0nb24
14CONFLICTS+= teTeX-texmf<3.0nb9 15CONFLICTS+= teTeX-texmf<3.0nb9
15BUILD_DEPENDS+= texlive-tetex-[0-9]*:../../print/texlive-tetex 16BUILD_DEPENDS+= texlive-tetex-[0-9]*:../../print/texlive-tetex
16DEPENDS+= tex-dvips>=2009.16376:../../print/tex-dvips 17DEPENDS+= tex-dvips>=2009.16376:../../print/tex-dvips
17 18
cvs diff -r1.3 -r1.3.2.1 pkgsrc/print/dvipsk/distinfo (expand / switch to unified diff)

--- pkgsrc/print/dvipsk/distinfo 2010/01/16 03:47:31 1.3
+++ pkgsrc/print/dvipsk/distinfo 2010/04/20 21:26:19 1.3.2.1
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
1$NetBSD: distinfo,v 1.3 2010/01/16 03:47:31 minskim Exp $ 1$NetBSD: distinfo,v 1.3.2.1 2010/04/20 21:26:19 tron Exp $
2 2
3SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d 3SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d
4RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9 4RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9
5Size (texlive-20091011-source.tar.xz) = 29683728 bytes 5Size (texlive-20091011-source.tar.xz) = 29683728 bytes
6SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf 6SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf
 7SHA1 (patch-ab) = 4acf55b8027b9b2edc64c01568d3c22b50b7eafa
File Added: pkgsrc/print/dvipsk/patches/Attic/patch-ab
$NetBSD: patch-ab,v 1.3.2.2 2010/04/20 21:26:19 tron Exp $

--- dospecial.c.orig	2009-06-23 09:46:14.000000000 +0000
+++ dospecial.c
@@ -334,6 +334,12 @@ predospecial(integer numbytes, Boolean s
    static int omega_specials = 0;
 
    if (nextstring + numbytes > maxstring) {
+      if (numbytes < 0
+          || (numbytes > 0 && 2 > INT_MAX / numbytes)
+          || 2 * numbytes > 1000 + 2 * numbytes) {
+         error("! Integer overflow in predospecial");
+         exit(1);
+      }
       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
       maxstring = nextstring + 2 * numbytes + 700 ;
    }