Tue Apr 20 21:26:20 2010 UTC ()
Pullup ticket #3084 - requested by minskim
print/dvipsk: security patch

Revisions pulled up:
- print/dvipsk/Makefile				1.5
- print/dvipsk/distinfo				1.4
- print/dvipsk/patches/patch-ab			1.3
---
Module Name:    pkgsrc
Committed By:   minskim
Date:           Tue Apr 20 17:07:28 UTC 2010

Modified Files:
        pkgsrc/print/dvipsk: Makefile distinfo
Added Files:
        pkgsrc/print/dvipsk/patches: patch-ab

Log Message:
Avoid integer overflow (CVE-2010-0739).

Patch from TeX Live repository (Revision 17559).


(tron)
diff -r1.4 -r1.4.2.1 pkgsrc/print/dvipsk/Makefile
diff -r1.3 -r1.3.2.1 pkgsrc/print/dvipsk/distinfo
diff -r0 -r1.3.2.2 pkgsrc/print/dvipsk/patches/patch-ab
cvs diff -r1.4 -r1.4.2.1 pkgsrc/print/dvipsk/Makefile (switch to unified diff)

--- pkgsrc/print/dvipsk/Makefile 2010/01/16 03:47:31 1.4
+++ pkgsrc/print/dvipsk/Makefile 2010/04/20 21:26:19 1.4.2.1
@@ -1,64 +1,65 @@ @@ -1,64 +1,65 @@
1# $NetBSD: Makefile,v 1.4 2010/01/16 03:47:31 minskim Exp $ 1# $NetBSD: Makefile,v 1.4.2.1 2010/04/20 21:26:19 tron Exp $
2 2
3DISTNAME= texlive-20091011-source 3DISTNAME= texlive-20091011-source
4PKGNAME= dvipsk-5.98 4PKGNAME= dvipsk-5.98
 5PKGREVISION= 1
5CATEGORIES= print 6CATEGORIES= print
6MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/} 7MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/texlive/Source/}
7EXTRACT_SUFX= .tar.xz 8EXTRACT_SUFX= .tar.xz
8 9
9MAINTAINER= minskim@NetBSD.org 10MAINTAINER= minskim@NetBSD.org
10HOMEPAGE= http://www.radicaleye.com/dvips.html 11HOMEPAGE= http://www.radicaleye.com/dvips.html
11COMMENT= DVI-to-PostScript translator 12COMMENT= DVI-to-PostScript translator
12 13
13CONFLICTS+= teTeX-bin<3.0nb24 14CONFLICTS+= teTeX-bin<3.0nb24
14CONFLICTS+= teTeX-texmf<3.0nb9 15CONFLICTS+= teTeX-texmf<3.0nb9
15BUILD_DEPENDS+= texlive-tetex-[0-9]*:../../print/texlive-tetex 16BUILD_DEPENDS+= texlive-tetex-[0-9]*:../../print/texlive-tetex
16DEPENDS+= tex-dvips>=2009.16376:../../print/tex-dvips 17DEPENDS+= tex-dvips>=2009.16376:../../print/tex-dvips
17 18
18EXTRACT_ELEMENTS= ${DISTNAME}/build-aux \ 19EXTRACT_ELEMENTS= ${DISTNAME}/build-aux \
19 ${DISTNAME}/texk/dvipsk 20 ${DISTNAME}/texk/dvipsk
20 21
21PKG_DESTDIR_SUPPORT= user-destdir 22PKG_DESTDIR_SUPPORT= user-destdir
22 23
23GNU_CONFIGURE= yes 24GNU_CONFIGURE= yes
24INFO_FILES= yes 25INFO_FILES= yes
25USE_LIBTOOL= yes 26USE_LIBTOOL= yes
26WRKSRC= ${WRKDIR}/${DISTNAME}/texk/dvipsk 27WRKSRC= ${WRKDIR}/${DISTNAME}/texk/dvipsk
27 28
28CONFIGURE_ARGS+= --with-system-kpathsea \ 29CONFIGURE_ARGS+= --with-system-kpathsea \
29 --with-kpathsea-includes=${BUILDLINK_PREFIX.kpathsea}/include \ 30 --with-kpathsea-includes=${BUILDLINK_PREFIX.kpathsea}/include \
30 --with-kpathsea-libdir=${BUILDLINK_PREFIX.kpathsea}/lib 31 --with-kpathsea-libdir=${BUILDLINK_PREFIX.kpathsea}/lib
31 32
32PKG_SYSCONFSUBDIR= texmf 33PKG_SYSCONFSUBDIR= texmf
33 34
34MAKE_DIRS+= ${PKG_SYSCONFDIR}/dvips/config 35MAKE_DIRS+= ${PKG_SYSCONFDIR}/dvips/config
35CONF_FILES= ${PREFIX}/share/texmf-dist/dvips/config/config.ps \ 36CONF_FILES= ${PREFIX}/share/texmf-dist/dvips/config/config.ps \
36 ${PKG_SYSCONFDIR}/dvips/config/config.ps 37 ${PKG_SYSCONFDIR}/dvips/config/config.ps
37 38
38BUILD_DEFS+= PAPERSIZE 39BUILD_DEFS+= PAPERSIZE
39LOWER_PAPERSIZE_cmd= ${ECHO} ${PAPERSIZE} | ${TR} '[A-Z]' '[a-z]' 40LOWER_PAPERSIZE_cmd= ${ECHO} ${PAPERSIZE} | ${TR} '[A-Z]' '[a-z]'
40LOWER_PAPERSIZE= ${LOWER_PAPERSIZE_cmd:sh} 41LOWER_PAPERSIZE= ${LOWER_PAPERSIZE_cmd:sh}
41 42
42INSTALLATION_DIRS+= share/texmf-dist/dvips/config 43INSTALLATION_DIRS+= share/texmf-dist/dvips/config
43 44
44TEX_TEXMF_DIRS+= ${PKG_SYSCONFDIR} 45TEX_TEXMF_DIRS+= ${PKG_SYSCONFDIR}
45TEX_TEXMF_DIRS+= ${PREFIX}/share/texmf 46TEX_TEXMF_DIRS+= ${PREFIX}/share/texmf
46TEX_TEXMF_DIRS+= ${PREFIX}/share/texmf-dist 47TEX_TEXMF_DIRS+= ${PREFIX}/share/texmf-dist
47 48
48.include "../../print/kpathsea/buildlink3.mk" 49.include "../../print/kpathsea/buildlink3.mk"
49.include "../../print/kpathsea/texmf.mk" 50.include "../../print/kpathsea/texmf.mk"
50 51
51post-build: 52post-build:
52 ${MKDIR} -p ${WRKSRC}/texmf/dvips/config 53 ${MKDIR} -p ${WRKSRC}/texmf/dvips/config
53 ${CP} ${LOCALBASE}/share/texmf/dvips/config/config.ps \ 54 ${CP} ${LOCALBASE}/share/texmf/dvips/config/config.ps \
54 ${WRKSRC}/texmf/dvips/config 55 ${WRKSRC}/texmf/dvips/config
55 env TEXMFCONFIG=${LOCALBASE}/share/texmf \ 56 env TEXMFCONFIG=${LOCALBASE}/share/texmf \
56 TFC_TEXMFCONFIG=${WRKSRC}/texmf \ 57 TFC_TEXMFCONFIG=${WRKSRC}/texmf \
57 configPsFile=${WRKSRC}/config.ps \ 58 configPsFile=${WRKSRC}/config.ps \
58 ${LOCALBASE}/bin/texconfig dvips paper ${LOWER_PAPERSIZE} 59 ${LOCALBASE}/bin/texconfig dvips paper ${LOWER_PAPERSIZE}
59 60
60post-install: 61post-install:
61 ${INSTALL_DATA} ${WRKSRC}/texmf/dvips/config/config.ps \ 62 ${INSTALL_DATA} ${WRKSRC}/texmf/dvips/config/config.ps \
62 ${DESTDIR}${PREFIX}/share/texmf-dist/dvips/config 63 ${DESTDIR}${PREFIX}/share/texmf-dist/dvips/config
63 64
64.include "../../mk/bsd.pkg.mk" 65.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.3.2.1 pkgsrc/print/dvipsk/distinfo (switch to unified diff)

--- pkgsrc/print/dvipsk/distinfo 2010/01/16 03:47:31 1.3
+++ pkgsrc/print/dvipsk/distinfo 2010/04/20 21:26:19 1.3.2.1
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
1$NetBSD: distinfo,v 1.3 2010/01/16 03:47:31 minskim Exp $ 1$NetBSD: distinfo,v 1.3.2.1 2010/04/20 21:26:19 tron Exp $
2 2
3SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d 3SHA1 (texlive-20091011-source.tar.xz) = 82fc9fcdb82c63a00f4b08a51733c761cbda897d
4RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9 4RMD160 (texlive-20091011-source.tar.xz) = 81b86cd93e629d6b1b3d7918848dd76babc0d5a9
5Size (texlive-20091011-source.tar.xz) = 29683728 bytes 5Size (texlive-20091011-source.tar.xz) = 29683728 bytes
6SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf 6SHA1 (patch-aa) = 825b091fecb17e8cc9135a0341b90e49ffd56baf
 7SHA1 (patch-ab) = 4acf55b8027b9b2edc64c01568d3c22b50b7eafa
File Added: pkgsrc/print/dvipsk/patches/Attic/patch-ab
$NetBSD: patch-ab,v 1.3.2.2 2010/04/20 21:26:19 tron Exp $

--- dospecial.c.orig	2009-06-23 09:46:14.000000000 +0000
+++ dospecial.c
@@ -334,6 +334,12 @@ predospecial(integer numbytes, Boolean s
    static int omega_specials = 0;
 
    if (nextstring + numbytes > maxstring) {
+      if (numbytes < 0
+          || (numbytes > 0 && 2 > INT_MAX / numbytes)
+          || 2 * numbytes > 1000 + 2 * numbytes) {
+         error("! Integer overflow in predospecial");
+         exit(1);
+      }
       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
       maxstring = nextstring + 2 * numbytes + 700 ;
    }