mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-03 18:09:18 -05:00
0fa5055597
The origin disappeared, and the new revision does not include all the Poppler fixes. Adjust the package to take Arch's Poppler patches instead. * gnu/packages/patches/texlive-bin-CVE-2018-17407.patch: New file. * gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch, gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/tex.scm (texlive-bin)[source](patches): Likewise. [arguments]: Likewise.
249 lines
8.7 KiB
Diff
249 lines
8.7 KiB
Diff
This patch adds support for newer versions of Poppler and some upstream
|
|
TexLive fixes, including one for CVE-2018-17407.
|
|
|
|
It is taken from Linux From Scratch:
|
|
<http://www.linuxfromscratch.org/patches/blfs/svn/texlive-20180414-source-upstream_fixes-3.patch>.
|
|
|
|
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
|
|
Date: 2018-12-26
|
|
Initial Package Version: 20180414
|
|
Upstream Status: Applied
|
|
Origin: Upstream
|
|
Description: Two fixes, cherry-picked from svn plus a CVE fix.
|
|
I have removed the partial fixes for various system versions of poppler.
|
|
|
|
r47469 Fix segfault in dvipdfm-x (XeTeX) on 1/2/4-bit transparent indexed PNGs.
|
|
|
|
r47477 Fix a ptex regression for discontinuous kinsoku table.
|
|
|
|
Also, via fedora (I got lost in svn) a critical fix for CVE-2018-17407
|
|
|
|
"A buffer overflow in the handling of Type 1 fonts allows arbitrary code
|
|
execution when a malicious font is loaded by one of the vulnerable tools:
|
|
pdflatex, pdftex, dvips, or luatex."
|
|
|
|
diff -Naur a/texk/dvipdfm-x/pngimage.c b/texk/dvipdfm-x/pngimage.c
|
|
--- a/texk/dvipdfm-x/pngimage.c 2018-02-17 08:41:35.000000000 +0000
|
|
+++ b/texk/dvipdfm-x/pngimage.c 2018-10-09 01:52:01.648670875 +0100
|
|
@@ -964,12 +964,16 @@
|
|
png_bytep trans;
|
|
int num_trans;
|
|
png_uint_32 i;
|
|
+ png_byte bpc, mask, shift;
|
|
|
|
if (!png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS) ||
|
|
!png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, NULL)) {
|
|
WARN("%s: PNG does not have valid tRNS chunk but tRNS is requested.", PNG_DEBUG_STR);
|
|
return NULL;
|
|
}
|
|
+ bpc = png_get_bit_depth(png_ptr, info_ptr);
|
|
+ mask = 0xff >> (8 - bpc);
|
|
+ shift = 8 - bpc;
|
|
|
|
smask = pdf_new_stream(STREAM_COMPRESS);
|
|
dict = pdf_stream_dict(smask);
|
|
@@ -981,7 +985,8 @@
|
|
pdf_add_dict(dict, pdf_new_name("ColorSpace"), pdf_new_name("DeviceGray"));
|
|
pdf_add_dict(dict, pdf_new_name("BitsPerComponent"), pdf_new_number(8));
|
|
for (i = 0; i < width*height; i++) {
|
|
- png_byte idx = image_data_ptr[i];
|
|
+ /* data is packed for 1/2/4 bpc formats, msb first */
|
|
+ png_byte idx = (image_data_ptr[bpc * i / 8] >> (shift - bpc * i % 8)) & mask;
|
|
smask_data_ptr[i] = (idx < num_trans) ? trans[idx] : 0xff;
|
|
}
|
|
pdf_add_stream(smask, (char *)smask_data_ptr, width*height);
|
|
diff -Naur a/texk/dvipsk/writet1.c b/texk/dvipsk/writet1.c
|
|
--- a/texk/dvipsk/writet1.c 2016-11-25 18:24:26.000000000 +0000
|
|
+++ b/texk/dvipsk/writet1.c 2018-10-09 01:52:01.648670875 +0100
|
|
@@ -1449,7 +1449,9 @@
|
|
*(strend(t1_buf_array) - 1) = ' ';
|
|
|
|
t1_getline();
|
|
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcat(t1_buf_array, t1_line_array);
|
|
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcpy(t1_line_array, t1_buf_array);
|
|
t1_line_ptr = eol(t1_line_array);
|
|
}
|
|
diff -Naur a/texk/web2c/luatexdir/font/writet1.w b/texk/web2c/luatexdir/font/writet1.w
|
|
--- a/texk/web2c/luatexdir/font/writet1.w 2016-11-25 18:24:34.000000000 +0000
|
|
+++ b/texk/web2c/luatexdir/font/writet1.w 2018-10-09 01:52:01.648670875 +0100
|
|
@@ -1625,7 +1625,9 @@
|
|
if (sscanf(p, "%i", &i) != 1) {
|
|
strcpy(t1_buf_array, t1_line_array);
|
|
t1_getline();
|
|
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcat(t1_buf_array, t1_line_array);
|
|
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcpy(t1_line_array, t1_buf_array);
|
|
t1_line_ptr = eol(t1_line_array);
|
|
}
|
|
diff -Naur a/texk/web2c/luatexdir/image/pdftoepdf.w b/texk/web2c/luatexdir/image/pdftoepdf.w
|
|
--- a/texk/web2c/luatexdir/image/pdftoepdf.w 2018-01-17 18:00:12.000000000 +0000
|
|
+++ b/texk/web2c/luatexdir/image/pdftoepdf.w 2018-10-09 01:52:01.648670875 +0100
|
|
@@ -472,10 +472,10 @@
|
|
break;
|
|
*/
|
|
case objString:
|
|
- copyString(pdf, obj->getString());
|
|
+ copyString(pdf, (GooString *)obj->getString());
|
|
break;
|
|
case objName:
|
|
- copyName(pdf, obj->getName());
|
|
+ copyName(pdf, (char *)obj->getName());
|
|
break;
|
|
case objNull:
|
|
pdf_add_null(pdf);
|
|
diff -Naur a/texk/web2c/luatexdir/lua/lepdflib.cc b/texk/web2c/luatexdir/lua/lepdflib.cc
|
|
--- a/texk/web2c/luatexdir/lua/lepdflib.cc 2018-02-14 14:44:38.000000000 +0000
|
|
+++ b/texk/web2c/luatexdir/lua/lepdflib.cc 2018-10-09 01:52:01.649670868 +0100
|
|
@@ -674,7 +674,7 @@
|
|
uin = (udstruct *) luaL_checkudata(L, 1, M_##in); \
|
|
if (uin->pd != NULL && uin->pd->pc != uin->pc) \
|
|
pdfdoc_changed_error(L); \
|
|
- gs = ((in *) uin->d)->function(); \
|
|
+ gs = (GooString *)((in *) uin->d)->function(); \
|
|
if (gs != NULL) \
|
|
lua_pushlstring(L, gs->getCString(), gs->getLength()); \
|
|
else \
|
|
@@ -1813,7 +1813,7 @@
|
|
if (uin->pd != NULL && uin->pd->pc != uin->pc)
|
|
pdfdoc_changed_error(L);
|
|
if (((Object *) uin->d)->isString()) {
|
|
- gs = ((Object *) uin->d)->getString();
|
|
+ gs = (GooString *)((Object *) uin->d)->getString();
|
|
lua_pushlstring(L, gs->getCString(), gs->getLength());
|
|
} else
|
|
lua_pushnil(L);
|
|
diff -Naur a/texk/web2c/pdftexdir/writet1.c b/texk/web2c/pdftexdir/writet1.c
|
|
--- a/texk/web2c/pdftexdir/writet1.c 2016-11-25 18:24:37.000000000 +0000
|
|
+++ b/texk/web2c/pdftexdir/writet1.c 2018-10-09 01:52:01.649670868 +0100
|
|
@@ -1598,7 +1598,9 @@
|
|
*(strend(t1_buf_array) - 1) = ' ';
|
|
|
|
t1_getline();
|
|
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcat(t1_buf_array, t1_line_array);
|
|
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcpy(t1_line_array, t1_buf_array);
|
|
t1_line_ptr = eol(t1_line_array);
|
|
}
|
|
diff -Naur a/texk/web2c/ptexdir/ptex_version.h b/texk/web2c/ptexdir/ptex_version.h
|
|
--- a/texk/web2c/ptexdir/ptex_version.h 2018-01-21 03:48:06.000000000 +0000
|
|
+++ b/texk/web2c/ptexdir/ptex_version.h 2018-10-09 01:52:01.649670868 +0100
|
|
@@ -1 +1 @@
|
|
-#define PTEX_VERSION "p3.8.0"
|
|
+#define PTEX_VERSION "p3.8.1"
|
|
diff -Naur a/texk/web2c/ptexdir/tests/free_ixsp.tex b/texk/web2c/ptexdir/tests/free_ixsp.tex
|
|
--- a/texk/web2c/ptexdir/tests/free_ixsp.tex 1970-01-01 01:00:00.000000000 +0100
|
|
+++ b/texk/web2c/ptexdir/tests/free_ixsp.tex 2018-10-09 01:52:01.649670868 +0100
|
|
@@ -0,0 +1,53 @@
|
|
+%#!eptex -ini -etex
|
|
+\let\dump\relax
|
|
+\batchmode
|
|
+\input plain
|
|
+
|
|
+\errorstopmode
|
|
+\catcode`@=11
|
|
+\newcount\@tempcnta
|
|
+\newcount\@tempcntb
|
|
+\newcount\@tempcntc
|
|
+\mathchardef\LIM=256
|
|
+
|
|
+\def\MYCHAR#1{%
|
|
+ \@tempcntc=\numexpr7*#1+"101\relax
|
|
+ \@tempcnta=\@tempcntc\divide\@tempcnta 94
|
|
+ \@tempcntb=\numexpr\@tempcntc-94*\@tempcnta+1\relax
|
|
+ \ifnum\@tempcntb<0\advance\@tempcntb94 \advance\@tempcnta-1\fi
|
|
+ \advance\@tempcnta18 % 18区以降
|
|
+ \CNTA=\kuten\numexpr"100*\@tempcnta+\@tempcntb\relax
|
|
+}
|
|
+
|
|
+\newcount\CNT\newcount\CNTA
|
|
+\CNT=0
|
|
+\loop
|
|
+ \MYCHAR\CNT
|
|
+ \message{\the\CNT.}
|
|
+ \inhibitxspcode\CNTA=1\relax
|
|
+ \advance\CNT1\relax
|
|
+ \ifnum\CNT<\LIM
|
|
+\repeat
|
|
+
|
|
+\newcount\CNTB
|
|
+
|
|
+\loop
|
|
+ \MYCHAR\CNTB
|
|
+ \global\inhibitxspcode\CNTA=3
|
|
+{%
|
|
+\CNT=0
|
|
+\loop
|
|
+ \MYCHAR\CNT
|
|
+ \count@=\numexpr 1-\inhibitxspcode\CNTA\relax
|
|
+ \ifnum\count@=0\else\ifnum\CNTB=\CNT\else
|
|
+ \errmessage{<\the\CNTB, \the\CNT, \the\inhibitxspcode\CNTA>}\fi\fi
|
|
+ \advance\CNT1\relax
|
|
+ \ifnum\CNT<\LIM
|
|
+\repeat
|
|
+}
|
|
+ \MYCHAR\CNTB
|
|
+ \global\inhibitxspcode\CNTA=1\relax
|
|
+ \advance\CNTB1\relax
|
|
+ \ifnum\CNTB<\LIM
|
|
+\repeat
|
|
+\bye
|
|
diff -Naur a/texk/web2c/ptexdir/tests/free_pena.tex b/texk/web2c/ptexdir/tests/free_pena.tex
|
|
--- a/texk/web2c/ptexdir/tests/free_pena.tex 1970-01-01 01:00:00.000000000 +0100
|
|
+++ b/texk/web2c/ptexdir/tests/free_pena.tex 2018-10-09 01:52:01.649670868 +0100
|
|
@@ -0,0 +1,52 @@
|
|
+%#!eptex -ini -etex
|
|
+\let\dump\relax
|
|
+\batchmode
|
|
+\input plain
|
|
+
|
|
+\errorstopmode
|
|
+\catcode`@=11
|
|
+\newcount\@tempcnta
|
|
+\newcount\@tempcntb
|
|
+\newcount\@tempcntc
|
|
+\mathchardef\LIM=256
|
|
+
|
|
+\def\MYCHAR#1{%
|
|
+ \@tempcntc=\numexpr7*#1+"101\relax
|
|
+ \@tempcnta=\@tempcntc\divide\@tempcnta 94
|
|
+ \@tempcntb=\numexpr\@tempcntc-94*\@tempcnta+1\relax
|
|
+ \ifnum\@tempcntb<0\advance\@tempcntb94 \advance\@tempcnta-1\fi
|
|
+ \advance\@tempcnta18 % 18区以降
|
|
+ \CNTA=\kuten\numexpr"100*\@tempcnta+\@tempcntb\relax
|
|
+}
|
|
+
|
|
+\newcount\CNT\newcount\CNTA
|
|
+\CNT=0
|
|
+\loop
|
|
+ \MYCHAR\CNT
|
|
+ \message{\the\CNT.}
|
|
+ \prebreakpenalty\CNTA=\numexpr\CNT+1\relax
|
|
+ \advance\CNT1\relax
|
|
+ \ifnum\CNT<\LIM
|
|
+\repeat
|
|
+
|
|
+\newcount\CNTB
|
|
+
|
|
+\loop
|
|
+ \MYCHAR\CNTB
|
|
+ \global\prebreakpenalty\CNTA=0
|
|
+{%
|
|
+\CNT=0
|
|
+\loop
|
|
+ \MYCHAR\CNT
|
|
+ \count@=\numexpr -\CNT-1+\prebreakpenalty\CNTA\relax
|
|
+ \ifnum\count@=0\else\ifnum\CNTB=\CNT\else\errmessage{<\the\CNTB, \the\CNT>}\fi\fi
|
|
+ \advance\CNT1\relax
|
|
+ \ifnum\CNT<\LIM
|
|
+\repeat
|
|
+}
|
|
+ \MYCHAR\CNTB
|
|
+ \global\prebreakpenalty\CNTA=\numexpr\CNTB+1\relax
|
|
+ \advance\CNTB1\relax
|
|
+ \ifnum\CNTB<\LIM
|
|
+\repeat
|
|
+\bye
|