Hello community, here is the log from the commit of package texlive for openSUSE:Factory checked in at 2018-10-02 19:40:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/texlive (Old) and /work/SRC/openSUSE:Factory/.texlive.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "texlive" Tue Oct 2 19:40:49 2018 rev:51 rq:638724 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/texlive/texlive.changes 2018-07-23 17:59:27.369046292 +0200 +++ /work/SRC/openSUSE:Factory/.texlive.new/texlive.changes 2018-10-02 19:40:52.986257621 +0200 @@ -1,0 +2,7 @@ +Wed Sep 26 11:54:24 UTC 2018 - Dr. Werner Fink <[email protected]> + +- Add patch source-bsc1109673.dif to fix bsc#1109673 for CVE-2018-17407 + which is about buffer overflow in the handling of Type 1 fonts + allowing arbitrary code execution + +------------------------------------------------------------------- New: ---- source-bsc1109673.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ texlive.spec ++++++ --- /var/tmp/diff_new_pack.lxgaPK/_old 2018-10-02 19:40:55.658253652 +0200 +++ /var/tmp/diff_new_pack.lxgaPK/_new 2018-10-02 19:40:55.662253647 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -275,6 +275,8 @@ Patch52: source-tounicode.dif # PATCH-FIX-TEXLIVE Patch53: source-fix-const-poppler0.66.0.patch +# PATCH-FIX-TEXLIVE +Patch54: source-bsc1109673.dif Prefix: %{_bindir} Provides: pdfjam = %{version} Obsoletes: pdfjam < %{version} @@ -3580,6 +3582,7 @@ %if %{?pkg_vcmp:%{pkg_vcmp libpoppler-devel >= 0.66.0}}%{!?pkg_vcmp:0} %patch53 -p0 -b .poppler %endif +%patch54 -p2 -b .type1 # Correct FHS paths paths=$(find -name cnf-to-paths.awk) ++++++ source-bsc1109673.dif ++++++ Extracted from svn source tree of TeXLive for CVE-2018-17407 (bsc#1109673) ------------------------------------------------------------------------ r48697 | preining | 2018-09-19 06:02:06 +0200 (Wed, 19 Sep 2018) | 1 line writet1 protection against buffer overflow ------------------------------------------------------------------------ | Index: Build/source/texk/dvipsk/ChangeLog | =================================================================== | --- Build/source/texk/dvipsk/ChangeLog (revision 48696) | +++ Build/source/texk/dvipsk/ChangeLog (revision 48697) | @@ -1,3 +1,8 @@ | +2018-09-18 Nick Roessler <[email protected]> | + | + * writet1.c (t1_check_unusual_charstring): protect against buffer | + overflow. | + | 2018-04-14 Karl Berry <[email protected]> | | * Version 5.998 for TeX Live 2018 release. Index: Build/source/texk/dvipsk/writet1.c =================================================================== --- Build/source/texk/dvipsk/writet1.c (revision 48696) +++ Build/source/texk/dvipsk/writet1.c (revision 48697) @@ -1449,7 +1449,9 @@ *(strend(t1_buf_array) - 1) = ' '; t1_getline(); + alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE); strcat(t1_buf_array, t1_line_array); + alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE); strcpy(t1_line_array, t1_buf_array); t1_line_ptr = eol(t1_line_array); } | Index: Build/source/texk/web2c/luatexdir/ChangeLog | =================================================================== | --- Build/source/texk/web2c/luatexdir/ChangeLog (revision 48696) | +++ Build/source/texk/web2c/luatexdir/ChangeLog (revision 48697) | @@ -1,3 +1,7 @@ | +2018-09-18 Nick Roessler <[email protected]> | + * fonts/writet1.w (t1_check_unusual_charstring): protect against | + buffer overflow. | + | 2018-08-27 Luigi Scarso <[email protected]> | * dropped dependency from gmp and mpfr | Index: Build/source/texk/web2c/luatexdir/font/writet1.c =================================================================== --- Build/source/texk/web2c/luatexdir/font/writet1.w (revision 48696) +++ Build/source/texk/web2c/luatexdir/font/writet1.w (revision 48697) @@ -1581,7 +1581,9 @@ if (sscanf(p, "%i", &i) != 1) { strcpy(t1_buf_array, t1_line_array); t1_getline(); + alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE); strcat(t1_buf_array, t1_line_array); + alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE); strcpy(t1_line_array, t1_buf_array); t1_line_ptr = eol(t1_line_array); } | Index: Build/source/texk/web2c/pdftexdir/ChangeLog | =================================================================== | --- Build/source/texk/web2c/pdftexdir/ChangeLog (revision 48696) | +++ Build/source/texk/web2c/pdftexdir/ChangeLog (revision 48697) | @@ -1,3 +1,8 @@ | +2018-09-18 Nick Roessler <[email protected]> | + | + * writet1.c (t1_check_unusual_charstring): protect against buffer | + overflow. | + | 2018-09-09 Karl Berry <[email protected]> | | * expanded.test, Index: Build/source/texk/web2c/pdftexdir/writet1.c =================================================================== --- Build/source/texk/web2c/pdftexdir/writet1.c (revision 48696) +++ Build/source/texk/web2c/pdftexdir/writet1.c (revision 48697) @@ -1598,7 +1598,9 @@ *(strend(t1_buf_array) - 1) = ' '; t1_getline(); + alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE); strcat(t1_buf_array, t1_line_array); + alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE); strcpy(t1_line_array, t1_buf_array); t1_line_ptr = eol(t1_line_array); }
