rpms/tetex/F-8 tetex-3.0-CVE-2007-0650.patch, 1.1, 1.2 tetex.spec, 1.126, 1.127
Jindrich Novy (jnovy)
fedora-extras-commits at redhat.com
Sat Apr 5 08:15:33 UTC 2008
Author: jnovy
Update of /cvs/extras/rpms/tetex/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24205
Modified Files:
tetex-3.0-CVE-2007-0650.patch tetex.spec
Log Message:
- update CVE-2005-0650 patch for makeindex, increase file name size limit and
fix error message in case of overflow (#225491)
tetex-3.0-CVE-2007-0650.patch:
Index: tetex-3.0-CVE-2007-0650.patch
===================================================================
RCS file: /cvs/extras/rpms/tetex/F-8/tetex-3.0-CVE-2007-0650.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- tetex-3.0-CVE-2007-0650.patch 2 Feb 2007 12:38:06 -0000 1.1
+++ tetex-3.0-CVE-2007-0650.patch 5 Apr 2008 08:15:25 -0000 1.2
@@ -1,6 +1,16 @@
+diff -up tetex-src-3.0/texk/makeindexk/mkind.c.CVE-2007-0650 tetex-src-3.0/texk/makeindexk/mkind.c
--- tetex-src-3.0/texk/makeindexk/mkind.c.CVE-2007-0650 2002-10-02 14:26:37.000000000 +0200
-+++ tetex-src-3.0/texk/makeindexk/mkind.c 2007-02-02 12:29:31.000000000 +0100
-@@ -179,7 +179,9 @@
++++ tetex-src-3.0/texk/makeindexk/mkind.c 2008-04-05 10:03:39.000000000 +0200
+@@ -53,7 +53,7 @@ FILE *ind_fp;
+ FILE *ilg_fp;
+
+ char *pgm_fn;
+-char sty_fn[LINE_MAX];
++char sty_fn[STRING_MAX];
+ char *idx_fn;
+ char ind[STRING_MAX];
+ char *ind_fn;
+@@ -179,7 +179,9 @@ char *argv[];
argc--;
if (argc <= 0)
FATAL("Expected -p <num>\n","");
@@ -11,7 +21,7 @@
init_page = TRUE;
if (STREQ(pageno, EVEN)) {
log_given = TRUE;
-@@ -230,7 +232,7 @@
+@@ -230,7 +232,7 @@ char *argv[];
char tmp[STRING_MAX + 5];
/* base set by last call to check_idx */
@@ -20,7 +30,7 @@
if (0 == access(tmp, R_OK)) {
open_sty (tmp);
sty_given = TRUE;
-@@ -405,9 +407,9 @@
+@@ -405,9 +407,9 @@ int open_fn;
STRING_MAX,totmem);
#endif /* DEBUG */
@@ -32,7 +42,7 @@
if ((open_fn &&
((idx_fp = OPEN_IN(idx_fn)) == NULL)
) ||
-@@ -434,7 +436,7 @@
+@@ -434,7 +436,7 @@ int log_given;
/* index output file */
if (!ind_given) {
@@ -41,7 +51,7 @@
ind_fn = ind;
}
if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)
-@@ -442,14 +444,14 @@
+@@ -442,14 +444,14 @@ int log_given;
/* index transcript file */
if (!ilg_given) {
@@ -58,22 +68,22 @@
if ((log_fp = OPEN_IN(log_fn)) == NULL) {
FATAL("Source log file %s not found.\n", log_fn);
} else {
-@@ -505,6 +507,9 @@
+@@ -505,6 +507,9 @@ char *fn;
if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {
FATAL("Index style file %s not found.\n", fn);
} else {
+ if (strlen(found) >= sizeof(sty_fn)) {
-+ FATAL("Style file %s too long.\n", found);
++ FATAL("Style file name %s too long.\n", found);
+ }
strcpy(sty_fn,found);
if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {
FATAL("Could not open style file %s.\n", sty_fn);
-@@ -512,6 +517,9 @@
+@@ -512,6 +517,9 @@ char *fn;
}
#else
if ((path = getenv(STYLE_PATH)) == NULL) {
+ if (strlen(fn) >= sizeof(sty_fn)) {
-+ FATAL("Style file %s too long.\n", fn);
++ FATAL("Style file name %s too long.\n", fn);
+ }
/* style input path not defined */
strcpy(sty_fn, fn);
Index: tetex.spec
===================================================================
RCS file: /cvs/extras/rpms/tetex/F-8/tetex.spec,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -r1.126 -r1.127
--- tetex.spec 31 Mar 2008 12:39:18 -0000 1.126
+++ tetex.spec 5 Apr 2008 08:15:25 -0000 1.127
@@ -900,6 +900,8 @@
%changelog
* Mon Mar 31 2008 Jindrich Novy <jnovy at redhat.com> 3.0-44.9
- ensure that /sbin/restorecon is installed for %%post in tetex-fonts (#439623)
+- update CVE-2005-0650 patch for makeindex, increase file name size limit and
+ fix error message in case of overflow (#225491)
* Sat Feb 16 2008 Jindrich Novy <jnovy at redhat.com> 3.0-44.8
- rebuild
More information about the fedora-extras-commits
mailing list