Gentoo Archives: gentoo-commits

From: "Pacho Ramos (pacho)" <pacho@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-text/evince/files: evince-2.32.0-libdocument-segfault.patch evince-2.32.0-dvi-CVEs.patch evince-2.32.0-pk-fonts.patch evince-2.27.4-smclient-configure.patch
Date: Tue, 18 Jan 2011 09:05:02
Message-Id: 20110118090451.4186920054@flycatcher.gentoo.org
1 pacho 11/01/18 09:04:51
2
3 Added: evince-2.32.0-libdocument-segfault.patch
4 evince-2.32.0-dvi-CVEs.patch
5 evince-2.32.0-pk-fonts.patch
6 Removed: evince-2.27.4-smclient-configure.patch
7 Log:
8 Revision bump including upstream patches for fixing security bugs in dvi backend, libdocument segfaults and problem with pk fonts after applying security patch. Remove old.
9
10 (Portage version: 2.1.9.31/cvs/Linux x86_64)
11
12 Revision Changes Path
13 1.1 app-text/evince/files/evince-2.32.0-libdocument-segfault.patch
14
15 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/evince/files/evince-2.32.0-libdocument-segfault.patch?rev=1.1&view=markup
16 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/evince/files/evince-2.32.0-libdocument-segfault.patch?rev=1.1&content-type=text/plain
17
18 Index: evince-2.32.0-libdocument-segfault.patch
19 ===================================================================
20 From a933a516e9b6a4199d22055f9041747e00498901 Mon Sep 17 00:00:00 2001
21 From: José Aliste <jaliste@×××××××××.org>
22 Date: Wed, 29 Sep 2010 16:22:32 +0000
23 Subject: [libdocument] Check for NULL in synctex_backward_search.
24
25 Fixes bug #630845
26 ---
27 diff --git a/libdocument/ev-document.c b/libdocument/ev-document.c
28 index 70349dc..742b51c 100644
29 --- a/libdocument/ev-document.c
30 +++ b/libdocument/ev-document.c
31 @@ -419,11 +419,16 @@ ev_document_synctex_backward_search (EvDocument *document,
32 /* We assume that a backward search returns either zero or one result_node */
33 node = synctex_next_result (scanner);
34 if (node != NULL) {
35 - result = g_new (EvSourceLink, 1);
36 - result->filename = synctex_scanner_get_name (scanner,
37 - synctex_node_tag (node));
38 - result->line = synctex_node_line (node);
39 - result->col = synctex_node_column (node);
40 + const gchar *filename;
41 +
42 + filename = synctex_scanner_get_name (scanner, synctex_node_tag (node));
43 +
44 + if (filename) {
45 + result = g_new (EvSourceLink, 1);
46 + result->filename = filename;
47 + result->line = synctex_node_line (node);
48 + result->col = synctex_node_column (node);
49 + }
50 }
51 }
52
53 --
54 cgit v0.8.3.1
55
56
57
58 1.1 app-text/evince/files/evince-2.32.0-dvi-CVEs.patch
59
60 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/evince/files/evince-2.32.0-dvi-CVEs.patch?rev=1.1&view=markup
61 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/evince/files/evince-2.32.0-dvi-CVEs.patch?rev=1.1&content-type=text/plain
62
63 Index: evince-2.32.0-dvi-CVEs.patch
64 ===================================================================
65 From 8e473c9796b9a61b811213e7892fd36fd570303a Mon Sep 17 00:00:00 2001
66 From: José Aliste <jaliste@×××××××××.org>
67 Date: Tue, 07 Dec 2010 18:56:47 +0000
68 Subject: backends: Fix several security issues in the dvi-backend.
69
70 See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
71 ---
72 diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c
73 index 164366b..361e23d 100644
74 --- a/backend/dvi/mdvi-lib/afmparse.c
75 +++ b/backend/dvi/mdvi-lib/afmparse.c
76 @@ -160,7 +160,7 @@ static char *token(FILE *stream)
77
78 idx = 0;
79 while (ch != EOF && ch != ' ' && ch != lineterm
80 - && ch != '\t' && ch != ':' && ch != ';')
81 + && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME)
82 {
83 ident[idx++] = ch;
84 ch = fgetc(stream);
85 diff --git a/backend/dvi/mdvi-lib/dviread.c b/backend/dvi/mdvi-lib/dviread.c
86 index 97b7b84..ac98068 100644
87 --- a/backend/dvi/mdvi-lib/dviread.c
88 +++ b/backend/dvi/mdvi-lib/dviread.c
89 @@ -1537,6 +1537,10 @@ int special(DviContext *dvi, int opcode)
90 Int32 arg;
91
92 arg = dugetn(dvi, opcode - DVI_XXX1 + 1);
93 + if (arg <= 0) {
94 + dvierr(dvi, _("malformed special length\n"));
95 + return -1;
96 + }
97 s = mdvi_malloc(arg + 1);
98 dread(dvi, s, arg);
99 s[arg] = 0;
100 diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
101 index a579186..08377e6 100644
102 --- a/backend/dvi/mdvi-lib/pk.c
103 +++ b/backend/dvi/mdvi-lib/pk.c
104 @@ -469,6 +469,15 @@ static int pk_load_font(DviParams *unused, DviFont *font)
105 }
106 if(feof(p))
107 break;
108 +
109 + /* Although the PK format support bigger char codes,
110 + * XeTeX and other extended TeX engines support charcodes up to
111 + * 65536, while normal TeX engine supports only charcode up to 255.*/
112 + if (cc < 0 || cc > 65536) {
113 + mdvi_error (_("%s: unexpected charcode (%d)\n"),
114 + font->fontname,cc);
115 + goto error;
116 + }
117 if(cc < loc)
118 loc = cc;
119 if(cc > hic)
120 @@ -512,7 +521,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
121 }
122
123 /* resize font char data */
124 - if(loc > 0 || hic < maxch-1) {
125 + if(loc > 0 && hic < maxch-1) {
126 memmove(font->chars, font->chars + loc,
127 (hic - loc + 1) * sizeof(DviFontChar));
128 font->chars = xresize(font->chars,
129 diff --git a/backend/dvi/mdvi-lib/tfmfile.c b/backend/dvi/mdvi-lib/tfmfile.c
130 index 73ebf26..8c2a30b 100644
131 --- a/backend/dvi/mdvi-lib/tfmfile.c
132 +++ b/backend/dvi/mdvi-lib/tfmfile.c
133 @@ -172,7 +172,8 @@ int tfm_load_file(const char *filename, TFMInfo *info)
134 /* We read the entire TFM file into core */
135 if(fstat(fileno(in), &st) < 0)
136 return -1;
137 - if(st.st_size == 0)
138 + /* according to the spec, TFM files are smaller than 16K */
139 + if(st.st_size == 0 || st.st_size >= 16384)
140 goto bad_tfm;
141
142 /* allocate a word-aligned buffer to hold the file */
143 diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c
144 index fb49847..a5ae3bb 100644
145 --- a/backend/dvi/mdvi-lib/vf.c
146 +++ b/backend/dvi/mdvi-lib/vf.c
147 @@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font)
148 cc = fuget1(p);
149 tfm = fuget3(p);
150 }
151 + if (cc < 0 || cc > 65536) {
152 + /* TeX engines do not support char codes bigger than 65535 */
153 + mdvi_error(_("(vf) %s: unexpected character %d\n"),
154 + font->fontname, cc);
155 + goto error;
156 + }
157 if(loc < 0 || cc < loc)
158 loc = cc;
159 if(hic < 0 || cc > hic)
160 --
161 cgit v0.8.3.1
162
163
164
165 1.1 app-text/evince/files/evince-2.32.0-pk-fonts.patch
166
167 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/evince/files/evince-2.32.0-pk-fonts.patch?rev=1.1&view=markup
168 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-text/evince/files/evince-2.32.0-pk-fonts.patch?rev=1.1&content-type=text/plain
169
170 Index: evince-2.32.0-pk-fonts.patch
171 ===================================================================
172 From 0a6e8aabcc46d47b5d84e5414cd0e07d57ef171b Mon Sep 17 00:00:00 2001
173 From: José Aliste <jaliste@×××××××××.org>
174 Date: Mon, 17 Jan 2011 17:30:00 +0000
175 Subject: Fix problem with some pk fonts.
176
177 ---
178 diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
179 index 08377e6..a911613 100644
180 --- a/backend/dvi/mdvi-lib/pk.c
181 +++ b/backend/dvi/mdvi-lib/pk.c
182 @@ -328,13 +328,14 @@ static int pk_load_font(DviParams *unused, DviFont *font)
183 {
184 int i;
185 int flag_byte;
186 - int loc, hic, maxch;
187 + int hic, maxch;
188 Int32 checksum;
189 FILE *p;
190 #ifndef NODEBUG
191 char s[256];
192 #endif
193 long alpha, beta, z;
194 + unsigned int loc;
195
196 font->chars = xnalloc(DviFontChar, 256);
197 p = font->in;
198 @@ -521,7 +522,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
199 }
200
201 /* resize font char data */
202 - if(loc > 0 && hic < maxch-1) {
203 + if(loc > 0 || hic < maxch-1) {
204 memmove(font->chars, font->chars + loc,
205 (hic - loc + 1) * sizeof(DviFontChar));
206 font->chars = xresize(font->chars,
207 --
208 cgit v0.8.3.1