rpms/tetex/FC-6 tetex-3.0-CVE-2007-3387.patch, NONE, 1.1 tetex.spec, 1.104, 1.105 tetex-3.0-mktexlsrfix.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Aug 10 12:59:19 UTC 2007
- Previous message (by thread): rpms/libvorbis/FC-6 libvorbis.spec,1.26,1.27
- Next message (by thread): rpms/kernel/FC-6 linux-2.6-drivers_pci_no_mmconf.patch, NONE, 1.1 linux-2.6-serial-revert-platform-conversion.patch, NONE, 1.1 patch-2.6.22.2.bz2.sign, NONE, 1.1 .cvsignore, 1.566, 1.567 kernel-2.6.spec, 1.3006, 1.3007 linux-2.6-sched-cfs.patch, 1.10, 1.11 linux-2.6-utrace-ptrace-compat-ia64.patch, 1.1, 1.2 linux-2.6-utrace-regset-ia64.patch, 1.1, 1.2 sources, 1.530, 1.531 upstream, 1.450, 1.451 linux-2.6-acpi-dock-oops.patch, 1.2, NONE linux-2.6-bluetooth-hangup-tty-before-rfcomm.patch, 1.1, NONE linux-2.6-cpufreq-acpi-fix-msr-write.patch, 1.1, NONE linux-2.6-i386-hpet-check-if-the-counter-works.patch, 1.1, NONE linux-2.6-input-rfkill-wrong-size-flags.patch, 1.1, NONE linux-2.6-ipc-shm-fix-user-leakage.patch, 1.1, NONE linux-2.6-jbd-fix-transaction-dropping.patch, 1.1, NONE linux-2.6-libata-ich8m-add-pciid.patch, 1.1, NONE linux-2.6-libata-unbreak-smart-2.patch, 1.2, NONE linux-2.6-libata-unbreak-smart.patch, 1.1, NONE linux-2.6-net-dst_entry-reorder-crash.patch, 1.1, NONE linux-2.6-net_sched_fix_deadlock.! patch, 1.1, NONE linux-2.6-seq_operations-leak.patch, 1.1, NONE linux-2.6-tcp-sack-fix-leak-msgs.patch, 1.1, NONE linux-2.6-usb-ftdi_sio-fix-oops.patch, 1.1, NONE patch-2.6.22.1.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/dist/rpms/tetex/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv15739
Modified Files:
tetex.spec
Added Files:
tetex-3.0-CVE-2007-3387.patch
Removed Files:
tetex-3.0-mktexlsrfix.patch
Log Message:
- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251515)
- don't mess up file contexts while running texhash (#235032)
tetex-3.0-CVE-2007-3387.patch:
Stream.cc | 9 +++++++++
1 files changed, 9 insertions(+)
--- NEW FILE tetex-3.0-CVE-2007-3387.patch ---
--- tetex-src-3.0/libs/xpdf/xpdf/Stream.cc.CVE-2007-3387 2007-07-26 17:13:02.000000000 +0200
+++ tetex-src-3.0/libs/xpdf/xpdf/Stream.cc 2007-07-26 17:21:58.000000000 +0200
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
+#include <limits.h>
#ifndef WIN32
#include <unistd.h>
#endif
@@ -32,6 +33,7 @@
#include "JBIG2Stream.h"
#include "JPXStream.h"
#include "Stream-CCITT.h"
+#include "GfxState.h"
#ifdef __DJGPP__
static GBool setDJSYSFLAGS = gFalse;
@@ -429,6 +431,13 @@ StreamPredictor::StreamPredictor(Stream
if (rowBytes < 0) {
return;
}
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps > gfxColorMaxComps ||
+ nBits > 16 ||
+ width >= INT_MAX / nComps || // check for overflow in nVals
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+ return;
+ }
predLine = (Guchar *)gmalloc(rowBytes);
memset(predLine, 0, rowBytes);
predIdx = rowBytes;
Index: tetex.spec
===================================================================
RCS file: /cvs/dist/rpms/tetex/FC-6/tetex.spec,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- tetex.spec 11 Apr 2007 10:33:05 -0000 1.104
+++ tetex.spec 10 Aug 2007 12:59:16 -0000 1.105
@@ -11,7 +11,7 @@
Summary: The TeX text formatting system.
Name: tetex
Version: 3.0
-Release: 34%{?dist}
+Release: 35%{?dist}
License: distributable
Group: Applications/Publishing
Requires: tmpwatch, dialog, ed
@@ -88,8 +88,8 @@
Patch21: tetex-3.0-dvipdfm.patch
Patch22: tetex-3.0-selinux.patch
Patch23: tetex-3.0-footfix.patch
-Patch24: tetex-3.0-mktexlsrfix.patch
-Patch25: tetex-3.0-CVE-2007-0650.patch
+Patch24: tetex-3.0-CVE-2007-0650.patch
+Patch25: tetex-3.0-CVE-2007-3387.patch
######
# Japanization patches
@@ -309,10 +309,10 @@
%patch22 -p1 -b .selinux
# fix para option in footmisc package (#188701)
%patch23 -p1 -b .footfix
-# don't inherit incorrect permissions for ls-R from parent directory (#220239)
-%patch24 -p1 -b .mktexlsrfix
# fix a couple of string overflows in makeindex - CVE-2007-0650 (#225491)
-%patch25 -p1 -b .CVE-2007-0650
+%patch24 -p1 -b .CVE-2007-0650
+# fix xpdf integer overflow CVE-2007-3387 (#248194)
+%patch25 -p1 -b .CVE-2007-3387
%if %{enable_japanese}
mkdir texmf/ptex-texmf
@@ -865,6 +865,10 @@
%defattr(-,root,root)
%changelog
+* Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-35
+- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251515)
+- don't mess up file contexts while running texhash (#235032)
+
* Wed Apr 14 2007 Jindrich Novy <jnovy at redhat.com> 3.0-34
- update nomencl package from CTAN (#234466)
- texdoc now searches in $TEXDOCS instead of $TEXMF/doc (#232769)
--- tetex-3.0-mktexlsrfix.patch DELETED ---
- Previous message (by thread): rpms/libvorbis/FC-6 libvorbis.spec,1.26,1.27
- Next message (by thread): rpms/kernel/FC-6 linux-2.6-drivers_pci_no_mmconf.patch, NONE, 1.1 linux-2.6-serial-revert-platform-conversion.patch, NONE, 1.1 patch-2.6.22.2.bz2.sign, NONE, 1.1 .cvsignore, 1.566, 1.567 kernel-2.6.spec, 1.3006, 1.3007 linux-2.6-sched-cfs.patch, 1.10, 1.11 linux-2.6-utrace-ptrace-compat-ia64.patch, 1.1, 1.2 linux-2.6-utrace-regset-ia64.patch, 1.1, 1.2 sources, 1.530, 1.531 upstream, 1.450, 1.451 linux-2.6-acpi-dock-oops.patch, 1.2, NONE linux-2.6-bluetooth-hangup-tty-before-rfcomm.patch, 1.1, NONE linux-2.6-cpufreq-acpi-fix-msr-write.patch, 1.1, NONE linux-2.6-i386-hpet-check-if-the-counter-works.patch, 1.1, NONE linux-2.6-input-rfkill-wrong-size-flags.patch, 1.1, NONE linux-2.6-ipc-shm-fix-user-leakage.patch, 1.1, NONE linux-2.6-jbd-fix-transaction-dropping.patch, 1.1, NONE linux-2.6-libata-ich8m-add-pciid.patch, 1.1, NONE linux-2.6-libata-unbreak-smart-2.patch, 1.2, NONE linux-2.6-libata-unbreak-smart.patch, 1.1, NONE linux-2.6-net-dst_entry-reorder-crash.patch, 1.1, NONE linux-2.6-net_sched_fix_deadlock.! patch, 1.1, NONE linux-2.6-seq_operations-leak.patch, 1.1, NONE linux-2.6-tcp-sack-fix-leak-msgs.patch, 1.1, NONE linux-2.6-usb-ftdi_sio-fix-oops.patch, 1.1, NONE patch-2.6.22.1.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list