rpms/tetex/F-7 tetex-3.0-CVE-2007-3387.patch, NONE, 1.1 tetex.spec, 1.110, 1.111
Jindrich Novy (jnovy)
fedora-extras-commits at redhat.com
Fri Aug 10 12:47:35 UTC 2007
- Previous message (by thread): rpms/kernel-xen-2.6/F-7 linux-2.6-xen-add-packet_auxdata-cmsg-1.patch, NONE, 1.1 linux-2.6-xen-add-packet_auxdata-cmsg-2.patch, NONE, 1.1 linux-2.6-xen-af_packet-no-skb_checksum_setup.patch, NONE, 1.1 kernel-xen.spec, 1.41, 1.42
- Next message (by thread): rpms/tetex/F-7 tetex.spec, 1.111, 1.112 tetex-3.0-mktexlsrfix.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/extras/rpms/tetex/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14156
Modified Files:
tetex.spec
Added Files:
tetex-3.0-CVE-2007-3387.patch
Log Message:
- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251514)
- don't mess up file contexts while running texhash (#235032)
tetex-3.0-CVE-2007-3387.patch:
--- NEW FILE tetex-3.0-CVE-2007-3387.patch ---
--- tetex-src-3.0/libs/xpdf/xpdf/Stream.cc.CVE-2007-3387 2007-07-26 17:13:02.000000000 +0200
+++ tetex-src-3.0/libs/xpdf/xpdf/Stream.cc 2007-07-26 17:21:58.000000000 +0200
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
+#include <limits.h>
#ifndef WIN32
#include <unistd.h>
#endif
@@ -32,6 +33,7 @@
#include "JBIG2Stream.h"
#include "JPXStream.h"
#include "Stream-CCITT.h"
+#include "GfxState.h"
#ifdef __DJGPP__
static GBool setDJSYSFLAGS = gFalse;
@@ -429,6 +431,13 @@ StreamPredictor::StreamPredictor(Stream
if (rowBytes < 0) {
return;
}
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps > gfxColorMaxComps ||
+ nBits > 16 ||
+ width >= INT_MAX / nComps || // check for overflow in nVals
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+ return;
+ }
predLine = (Guchar *)gmalloc(rowBytes);
memset(predLine, 0, rowBytes);
predIdx = rowBytes;
Index: tetex.spec
===================================================================
RCS file: /cvs/extras/rpms/tetex/F-7/tetex.spec,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- tetex.spec 4 May 2007 10:29:16 -0000 1.110
+++ tetex.spec 10 Aug 2007 12:47:02 -0000 1.111
@@ -11,7 +11,7 @@
Summary: The TeX text formatting system.
Name: tetex
Version: 3.0
-Release: 40%{?dist}
+Release: 41%{?dist}
License: distributable
Group: Applications/Publishing
Requires: tmpwatch, dialog, ed
@@ -88,8 +88,8 @@
Patch21: tetex-3.0-dvipdfm.patch
Patch22: tetex-3.0-selinux.patch
Patch23: tetex-3.0-footfix.patch
-Patch24: tetex-3.0-mktexlsrfix.patch
-Patch25: tetex-3.0-CVE-2007-0650.patch
+Patch24: tetex-3.0-CVE-2007-0650.patch
+Patch25: tetex-3.0-CVE-2007-3387.patch
######
# Japanization patches
@@ -309,10 +309,10 @@
%patch22 -p1 -b .selinux
# fix para option in footmisc package (#188701)
%patch23 -p1 -b .footfix
-# don't inherit incorrect permissions for ls-R from parent directory (#220239)
-%patch24 -p1 -b .mktexlsrfix
# fix a couple of string overflows in makeindex - CVE-2007-0650 (#225491)
-%patch25 -p1 -b .CVE-2007-0650
+%patch24 -p1 -b .CVE-2007-0650
+# fix xpdf integer overflow CVE-2007-3387 (#248194)
+%patch25 -p1 -b .CVE-2007-3387
%if %{enable_japanese}
mkdir texmf/ptex-texmf
@@ -865,6 +865,10 @@
%defattr(-,root,root)
%changelog
+* Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-41
+- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251514)
+- don't mess up file contexts while running texhash (#235032)
+
* Fri May 4 2007 Jindrich Novy <jnovy at redhat.com> 3.0-40
- fix dvipdft and xdvizilla scripts (#238761)
- Previous message (by thread): rpms/kernel-xen-2.6/F-7 linux-2.6-xen-add-packet_auxdata-cmsg-1.patch, NONE, 1.1 linux-2.6-xen-add-packet_auxdata-cmsg-2.patch, NONE, 1.1 linux-2.6-xen-af_packet-no-skb_checksum_setup.patch, NONE, 1.1 kernel-xen.spec, 1.41, 1.42
- Next message (by thread): rpms/tetex/F-7 tetex.spec, 1.111, 1.112 tetex-3.0-mktexlsrfix.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list