diff options
| author |   Alexis Ballier <aballier@gentoo.org> | 2007-11-07 23:05:20 +0000 |
|---|---|---|
| committer | Alexis Ballier <aballier@gentoo.org> | 2007-11-07 23:05:20 +0000 |
| commit | 7bee63341009ee0e644dfcab485a001f43160827 (patch) | |
| tree | 2ec644863bf5e91761270b084ae0d16bc293bb8d /app-text/tetex | |
| parent | Version bump (bug #198351) (diff) | |
| download | gentoo-2-7bee63341009ee0e644dfcab485a001f43160827.tar.gz gentoo-2-7bee63341009ee0e644dfcab485a001f43160827.tar.bz2 gentoo-2-7bee63341009ee0e644dfcab485a001f43160827.zip | |
security fixes for dvips, dviljk bug #198238 and libxpdf bug #196735; quote variables
(Portage version: 2.1.3.19)
Diffstat (limited to 'app-text/tetex')
| -rw-r--r-- | app-text/tetex/ChangeLog | 10 | ||||
| -rw-r--r-- | app-text/tetex/files/digest-tetex-3.0_p1-r5 | 12 | ||||
| -rw-r--r-- | app-text/tetex/files/tetex-3.0_p1-dvips_bufferoverflow.patch | 87 | ||||
| -rw-r--r-- | app-text/tetex/files/xpdf-3.02pl2.patch | 640 | ||||
| -rw-r--r-- | app-text/tetex/tetex-3.0_p1-r5.ebuild | 119 |
5 files changed, 867 insertions, 1 deletions
diff --git a/app-text/tetex/ChangeLog b/app-text/tetex/ChangeLog index 485a52c33f9e..e43a1bffd7ba 100644 --- a/app-text/tetex/ChangeLog +++ b/app-text/tetex/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-text/tetex # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-text/tetex/ChangeLog,v 1.154 2007/09/08 01:13:26 beandog Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/tetex/ChangeLog,v 1.155 2007/11/07 23:05:19 aballier Exp $ + +*tetex-3.0_p1-r5 (07 Nov 2007) + + 07 Nov 2007; Alexis Ballier <aballier@gentoo.org> + +files/tetex-3.0_p1-dvips_bufferoverflow.patch, +files/xpdf-3.02pl2.patch, + +tetex-3.0_p1-r5.ebuild: + security fixes for dvips, dviljk bug #198238 and libxpdf bug #196735; quote + variables 08 Sep 2007; Steve Dibb <beandog@gentoo.org> tetex-3.0_p1-r4.ebuild: amd64 stable, security bug 170861 diff --git a/app-text/tetex/files/digest-tetex-3.0_p1-r5 b/app-text/tetex/files/digest-tetex-3.0_p1-r5 new file mode 100644 index 000000000000..13610b97c3f0 --- /dev/null +++ b/app-text/tetex/files/digest-tetex-3.0_p1-r5 @@ -0,0 +1,12 @@ +MD5 e7cb60ace25c8c4a964c32895508e3e7 tetex-3.0_p1-dviljk-security-fixes.patch.bz2 8797 +RMD160 ac8499fcc818c4d8fe69b9e2d7fcbe04514d3a04 tetex-3.0_p1-dviljk-security-fixes.patch.bz2 8797 +SHA256 30e14cbed1ac1f2f6b5c5f0066c54394d7f2f215fb96ec3870282947ad33c520 tetex-3.0_p1-dviljk-security-fixes.patch.bz2 8797 +MD5 24568263880f911452936573211fa4e8 tetex-3.0_p1-gentoo.tar.gz 604 +RMD160 5da9d211792ab81d072f0fed65ac737aa3074a6b tetex-3.0_p1-gentoo.tar.gz 604 +SHA256 4e9236349a6d849db06fefcbbf5af7c333199312b461a06840cb8fd2eddd1ac6 tetex-3.0_p1-gentoo.tar.gz 604 +MD5 0f82ade673335256226d0321e6c5e2cf tetex-src-3.0_p1.tar.gz 13357541 +RMD160 24d5029619675ce597782562bc1b87052235d461 tetex-src-3.0_p1.tar.gz 13357541 +SHA256 e67fff941ba95222ac8f0e17395446723fd78045fc2ff548ca40cc72086a4cc1 tetex-src-3.0_p1.tar.gz 13357541 +MD5 ed9d30d9162d16ac8d5065cde6e0f6fa tetex-texmf-3.0.tar.gz 91402377 +RMD160 a1e87733fa3cbef04e39a690ed8549aeaaddb241 tetex-texmf-3.0.tar.gz 91402377 +SHA256 6c3b8fa619749cbb28ca0f8847e56773d13e0bb92f1ea34287420950373640c2 tetex-texmf-3.0.tar.gz 91402377 diff --git a/app-text/tetex/files/tetex-3.0_p1-dvips_bufferoverflow.patch b/app-text/tetex/files/tetex-3.0_p1-dvips_bufferoverflow.patch new file mode 100644 index 000000000000..3f4732f1a249 --- /dev/null +++ b/app-text/tetex/files/tetex-3.0_p1-dvips_bufferoverflow.patch @@ -0,0 +1,87 @@ +hps.c (stamp_external, stamp_hps): protext against long strings. + From Bastien Roucaries via Norbert, 21 Oct 2007 13:22:19, + Debian bug 447081. + +Index: texk/dvipsk/hps.c +=================================================================== +--- texk/dvipsk/hps.c (revision 5253) ++++ texk/dvipsk/hps.c (revision 5254) +@@ -441,20 +441,29 @@ + + void stamp_hps P1C(Hps_link *, pl) + { +- char tmpbuf[200] ; ++ char * tmpbuf; + if (pl == NULL) { +- error("Null pointer, oh no!") ; ++ error("stamp_hps: null pl pointer, oh no!") ; + return ; +- } else { +- /* print out the proper pdfm with local page info only +- * target info will be in the target dictionary */ +- (void)sprintf(tmpbuf, +- " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, +- pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], +- pl->color[0], pl->color[1], pl->color[2]) ; +- cmdout(tmpbuf) ; +- } ++ } ++ if(pl->title == NULL) { ++ error("stamp_hps: null pl->title pointer, oh no!") ; ++ return ; ++ } ++ ++ tmpbuf = (char *) xmalloc(strlen(pl->title)+200); ++ ++ /* print out the proper pdfm with local page info only ++ * target info will be in the target dictionary */ ++ (void)sprintf(tmpbuf, ++ " (%s) [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] pdfm ", ++ pl->title, pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, ++ pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], ++ pl->color[0], pl->color[1], pl->color[2]) ; ++ cmdout(tmpbuf) ; ++ free(tmpbuf); + ++ + } + + /* For external URL's, we just pass them through as a string. The hyperps +@@ -462,18 +471,27 @@ + */ + void stamp_external P2C(char *, s, Hps_link *, pl) + { +- char tmpbuf[200]; ++ char *tmpbuf; + if (pl == NULL) { +- error("Null pointer, oh no!") ; ++ error("stamp_external: null pl pointer, oh no!") ; + return ; +- } else { +- /* print out the proper pdfm with local page info only +- * target info will be in the target dictionary */ +- (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, +- pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], +- pl->color[0], pl->color[1], pl->color[2], s) ; +- cmdout(tmpbuf) ; +- } ++ } ++ ++ if (s == NULL) { ++ error("stamp_external: null s pointer, oh no!") ; ++ return ; ++ } ++ ++ tmpbuf = (char *) xmalloc(strlen(s) + 200); ++ ++ /* print out the proper pdfm with local page info only ++ * target info will be in the target dictionary */ ++ (void)sprintf(tmpbuf," [[%.0f %.0f %.0f %.0f] [%i %i %i [%i %i]] [%.0f %.0f %.0f]] (%s) pdfm ", ++ pl->rect.llx, pl->rect.lly, pl->rect.urx, pl->rect.ury, ++ pl->border[0], pl->border[1], pl->border[2], pl->border[3],pl->border[4], ++ pl->color[0], pl->color[1], pl->color[2], s) ; ++ cmdout(tmpbuf) ; ++ free(tmpbuf); + } + + void finish_hps P1H(void) { diff --git a/app-text/tetex/files/xpdf-3.02pl2.patch b/app-text/tetex/files/xpdf-3.02pl2.patch new file mode 100644 index 000000000000..1d962f328a02 --- /dev/null +++ b/app-text/tetex/files/xpdf-3.02pl2.patch @@ -0,0 +1,640 @@ +Index: tetex-src-3.0/libs/xpdf/xpdf/Stream.cc +=================================================================== +--- tetex-src-3.0.orig/libs/xpdf/xpdf/Stream.cc ++++ tetex-src-3.0/libs/xpdf/xpdf/Stream.cc +@@ -1285,19 +1285,24 @@ CCITTFaxStream::CCITTFaxStream(Stream *s + error (-1, "invalid number of columns: %d\n", columns); + exit (1); + } ++ else if (columns > INT_MAX - 2) columns = INT_MAX - 2; + rows = rowsA; + endOfBlock = endOfBlockA; + black = blackA; +- refLine = (short *)gmallocn(columns + 4, sizeof(short)); +- codingLine = (short *)gmallocn(columns + 3, sizeof(short)); ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ codingLine = (int *)gmallocn(columns + 1, sizeof(int)); ++ refLine = (int *)gmallocn(columns + 2, sizeof(int)); + + eof = gFalse; + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = refLine[2] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + + buf = EOF; + } +@@ -1316,9 +1321,9 @@ void CCITTFaxStream::reset() { + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = refLine[2] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + buf = EOF; + + // skip any initial zero bits and end-of-line marker, and get the 2D +@@ -1335,164 +1340,228 @@ void CCITTFaxStream::reset() { + } + } + ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ + int CCITTFaxStream::lookChar() { + short code1, code2, code3; +- int a0New; +- GBool err, gotEOL; +- int ret; +- int bits, i; +- +- // if at eof just return EOF +- if (eof && codingLine[a0] >= columns) { +- return EOF; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; ++ ++ if (buf != EOF) { ++ return buf; + } + + // read the next row +- err = gFalse; +- if (codingLine[a0] >= columns) { ++ if (outputBits == 0) { + ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; ++ + // 2-D encoding + if (nextLine2D) { + for (i = 0; codingLine[i] < columns; ++i) + refLine[i] = codingLine[i]; +- refLine[i] = refLine[i + 1] = columns; +- b1 = 1; +- a0New = codingLine[a0 = 0] = 0; +- do { +- code1 = getTwoDimCode(); ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { ++ code1 = getTwoDimCode(); + switch (code1) { +- case twoDimPass: +- if (refLine[b1] < columns) { +- a0New = refLine[b1 + 1]; +- b1 += 2; +- } +- break; +- case twoDimHoriz: +- if ((a0 & 1) == 0) { +- code1 = code2 = 0; +- do { +- code1 += code3 = getWhiteCode(); +- } while (code3 >= 64); +- do { +- code2 += code3 = getBlackCode(); +- } while (code3 >= 64); +- } else { +- code1 = code2 = 0; +- do { +- code1 += code3 = getBlackCode(); +- } while (code3 >= 64); +- do { +- code2 += code3 = getWhiteCode(); +- } while (code3 >= 64); +- } +- if (code1 > 0 || code2 > 0) { +- codingLine[a0 + 1] = a0New + code1; +- ++a0; +- a0New = codingLine[a0 + 1] = codingLine[a0] + code2; +- ++a0; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVert0: +- a0New = codingLine[++a0] = refLine[b1]; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVertR1: +- a0New = codingLine[++a0] = refLine[b1] + 1; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVertL1: +- if (a0 == 0 || refLine[b1] - 1 > a0New) { +- a0New = codingLine[++a0] = refLine[b1] - 1; +- --b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVertR2: +- a0New = codingLine[++a0] = refLine[b1] + 2; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVertL2: +- if (a0 == 0 || refLine[b1] - 2 > a0New) { +- a0New = codingLine[++a0] = refLine[b1] - 2; +- --b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVertR3: +- a0New = codingLine[++a0] = refLine[b1] + 3; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case twoDimVertL3: +- if (a0 == 0 || refLine[b1] - 3 > a0New) { +- a0New = codingLine[++a0] = refLine[b1] - 3; +- --b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; +- } +- break; +- case EOF: +- eof = gTrue; +- codingLine[a0 = 0] = columns; +- return EOF; +- default: +- error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); +- err = gTrue; +- break; ++ case twoDimPass: ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimHoriz: ++ code1 = code2 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ break; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR1: ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL2: ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } ++ } ++ break; ++ case EOF: ++ addPixels(columns, 0); ++ eof = gTrue; ++ break; ++ default: ++ error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); ++ err = gTrue; ++ break; ++ } + } +- } while (codingLine[a0] < columns); + + // 1-D encoding + } else { +- codingLine[a0 = 0] = 0; +- while (1) { +- code1 = 0; +- do { +- code1 += code3 = getWhiteCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code1; +- ++a0; +- if (codingLine[a0] >= columns) +- break; +- code2 = 0; +- do { +- code2 += code3 = getBlackCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code2; +- ++a0; +- if (codingLine[a0] >= columns) +- break; +- } +- } +- +- if (codingLine[a0] != columns) { +- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]); +- // force the row to be the correct length +- while (codingLine[a0] > columns) { +- --a0; ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { ++ code1 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; ++ } + } +- codingLine[++a0] = columns; +- err = gTrue; +- } + + // byte-align the row + if (byteAlign) { +@@ -1552,14 +1621,17 @@ int CCITTFaxStream::lookChar() { + // this if we know the stream contains end-of-line markers because + // the "just plow on" technique tends to work better otherwise + } else if (err && endOfLine) { +- do { ++ while (1) { ++ code1 = lookBits(13); + if (code1 == EOF) { + eof = gTrue; + return EOF; + } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } + eatBits(1); +- code1 = lookBits(13); +- } while ((code1 >> 1) != 0x001); ++ } + eatBits(12); + if (encoding > 0) { + eatBits(1); +@@ -1567,11 +1639,11 @@ int CCITTFaxStream::lookChar() { + } + } + +- a0 = 0; +- outputBits = codingLine[1] - codingLine[0]; +- if (outputBits == 0) { +- a0 = 1; +- outputBits = codingLine[2] - codingLine[1]; ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; + } + + ++row; +@@ -1579,39 +1651,43 @@ int CCITTFaxStream::lookChar() { + + // get a byte + if (outputBits >= 8) { +- ret = ((a0 & 1) == 0) ? 0xff : 0x00; +- if ((outputBits -= 8) == 0) { +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; +- } ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; + } + } else { + bits = 8; +- ret = 0; ++ buf = 0; + do { + if (outputBits > bits) { +- i = bits; +- bits = 0; +- if ((a0 & 1) == 0) { +- ret |= 0xff >> (8 - i); ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); + } +- outputBits -= i; ++ outputBits -= bits; ++ bits = 0; + } else { +- i = outputBits; +- bits -= outputBits; +- if ((a0 & 1) == 0) { +- ret |= (0xff >> (8 - i)) << bits; ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); + } ++ bits -= outputBits; + outputBits = 0; +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; + } + } +- } while (bits > 0 && codingLine[a0] < columns); ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; + } +- buf = black ? (ret ^ 0xff) : ret; + return buf; + } + +@@ -1653,6 +1729,9 @@ short CCITTFaxStream::getWhiteCode() { + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 5) == 0) { + p = &whiteTab1[code]; + } else { +@@ -1665,6 +1744,9 @@ short CCITTFaxStream::getWhiteCode() { + } else { + for (n = 1; n <= 9; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 9) { + code <<= 9 - n; + } +@@ -1676,6 +1758,9 @@ short CCITTFaxStream::getWhiteCode() { + } + for (n = 11; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1701,6 +1786,9 @@ short CCITTFaxStream::getBlackCode() { + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 7) == 0) { + p = &blackTab1[code]; + } else if ((code >> 9) == 0) { +@@ -1715,6 +1803,9 @@ short CCITTFaxStream::getBlackCode() { + } else { + for (n = 2; n <= 6; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 6) { + code <<= 6 - n; + } +@@ -1726,6 +1817,9 @@ short CCITTFaxStream::getBlackCode() { + } + for (n = 7; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1739,6 +1833,9 @@ short CCITTFaxStream::getBlackCode() { + } + for (n = 10; n <= 13; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 13) { + code <<= 13 - n; + } +@@ -1961,6 +2058,12 @@ void DCTStream::reset() { + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); +@@ -3024,6 +3127,11 @@ GBool DCTStream::readScanInfo() { + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; +Index: tetex-src-3.0/libs/xpdf/xpdf/Stream.h +=================================================================== +--- tetex-src-3.0.orig/libs/xpdf/xpdf/Stream.h ++++ tetex-src-3.0/libs/xpdf/xpdf/Stream.h +@@ -519,13 +519,15 @@ private: + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line + int outputBits; // remaining ouput bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); diff --git a/app-text/tetex/tetex-3.0_p1-r5.ebuild b/app-text/tetex/tetex-3.0_p1-r5.ebuild new file mode 100644 index 000000000000..35155f1d1e12 --- /dev/null +++ b/app-text/tetex/tetex-3.0_p1-r5.ebuild @@ -0,0 +1,119 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-text/tetex/tetex-3.0_p1-r5.ebuild,v 1.1 2007/11/07 23:05:19 aballier Exp $ + +inherit tetex-3 flag-o-matic versionator virtualx autotools + +SMALL_PV=$(get_version_component_range 1-2 ${PV}) +TETEX_TEXMF_PV=${SMALL_PV} +S="${WORKDIR}/tetex-src-${SMALL_PV}" + +TETEX_SRC="tetex-src-${PV}.tar.gz" +TETEX_TEXMF="tetex-texmf-${TETEX_TEXMF_PV:-${TETEX_PV}}.tar.gz" +#TETEX_TEXMF_SRC="tetex-texmfsrc-${TETEX_TEXMF_PV:-${TETEX_PV}}.tar.gz" +TETEX_TEXMF_SRC="" + +DESCRIPTION="a complete TeX distribution" +HOMEPAGE="http://tug.org/teTeX/" + +SRC_PATH_TETEX=ftp://cam.ctan.org/tex-archive/systems/unix/teTeX/current/distrib +SRC_URI="mirror://gentoo/${TETEX_SRC} + ${SRC_PATH_TETEX}/${TETEX_TEXMF} + mirror://gentoo/${P}-gentoo.tar.gz + mirror://gentoo/${P}-dviljk-security-fixes.patch.bz2" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" + +# these are defined in tetex.eclass and tetex-3.eclass +IUSE="" +DEPEND="${DEPEND} media-libs/gd" +RDEPEND="${RDEPEND} media-libs/gd" + +src_unpack() { + tetex-3_src_unpack + cd "${WORKDIR}" + unpack ${P}-dviljk-security-fixes.patch.bz2 + cd "${S}" + epatch "${FILESDIR}/${PN}-${SMALL_PV}-kpathsea-pic.patch" + + # bug 85404 + epatch "${FILESDIR}/${PN}-${SMALL_PV}-epstopdf-wrong-rotation.patch" + + epatch "${FILESDIR}/${P}-amd64-xdvik-wp.patch" + epatch "${FILESDIR}/${P}-mptest.patch" + + #bug 98029 + epatch "${FILESDIR}/${P}-fmtutil-etex.patch" + + #bug 115775 + epatch "${FILESDIR}/${P}-xpdf-vulnerabilities.patch" + + # bug 94860 + epatch "${FILESDIR}/${P}-pdftosrc-install.patch" + + # bug 126918 + epatch "${FILESDIR}/${P}-create-empty-files.patch" + + # bug 94901 + epatch "${FILESDIR}/${P}-dvipdfm-timezone.patch" + + # security bug #170861 + epatch "${FILESDIR}/${P}-CVE-2007-0650.patch" + + # security bug #188172 + epatch "${FILESDIR}/${P}-xpdf-CVE-2007-3387.patch" + + # security bug #198238 + epatch "${FILESDIR}/${P}-dvips_bufferoverflow.patch" + + # securty bug #196735 + epatch "${FILESDIR}/xpdf-3.02pl2.patch" + + # Construct a Gentoo site texmf directory + # that overlays the upstream supplied + epatch "${FILESDIR}/${P}-texmf-site.patch" + + # security bug #198238 + epatch "${WORKDIR}/${P}-dviljk-security-fixes.patch" + + cd "${S}/texk/dviljk" + AT_M4DIR="${S}/texk/m4" eautoreconf +} + +src_compile() { + #bug 119856 + export LC_ALL=C + + # dvipng has its own ebuild (fix for bug #129044). + # also, do not build against own lib gd (security #182055) + TETEX_ECONF="${TETEX_ECONF} --without-dvipng --with-system-gd" + + tetex-3_src_compile +} + +src_test() { + fmtutil --fmtdir "${S}/texk/web2c" --all + # The check target tries to access X display, bug #69439. + Xmake check || die "Xmake check failed." +} + +src_install() { + insinto /usr/share/texmf/dvips/pstricks + doins "${FILESDIR}/pst-circ.pro" + + # install pdftosrc man page, bug 94860 + doman "${S}/texk/web2c/pdftexdir/pdftosrc.1" + + tetex-3_src_install + + # Create Gentoo site texmf directory + keepdir /usr/share/texmf-site +} + +pkg_postinst() { + tetex-3_pkg_postinst + + elog + elog "This release removes dvipng since it is provided in app-text/dvipng" + elog +} |