SLFO-pool/texlive
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main texlive revision bc335b9d26a220c1432f0398584eb353

Browse Source
This commit is contained in:
Adrian Schröter 2024-06-12 22:36:25 +02:00
parent 842356a344
commit 7462a00e95
4 changed files with 159 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
source-CVE-2023-46048.patch Normal file
View File

@ -0,0 +1,118 @@
---
texk/dvipsk/writet1.c | 15 ++++++++++++---
texk/web2c/luatexdir/font/writet1.c | 15 ++++++++++++---
texk/web2c/pdftexdir/writet1.c | 15 ++++++++++++---
3 files changed, 36 insertions(+), 9 deletions(-)
--- texk/dvipsk/writet1.c
+++ texk/dvipsk/writet1.c 2024-04-02 00:00:00.000000000 +0000
@@ -769,7 +769,10 @@ static char **t1_builtin_enc(void)
*t1_buf_array == '/' && valid_code(i)) {
if (strcmp(t1_buf_array + 1, notdef) != 0)
glyph_names[i] = xstrdup(t1_buf_array + 1);
- p = strstr(p, " put") + strlen(" put");
+ p = strstr(p, " put");
+ if (!p)
+ pdftex_fail("invalid pfb, no put found in dup");
+ p += strlen(" put");
skip(p, ' ');
}
/*
@@ -778,7 +781,10 @@ static char **t1_builtin_enc(void)
else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2
&& valid_code(a) && valid_code(b)) {
copy_glyph_names(glyph_names, a, b);
- p = strstr(p, " get put") + strlen(" get put");
+ p = strstr(p, " get put");
+ if (!p)
+ pdftex_fail("invalid pfb, no get put found in dup dup");
+ p += strlen(" get put");
skip(p, ' ');
}
/*
@@ -789,7 +795,10 @@ static char **t1_builtin_enc(void)
&& valid_code(a) && valid_code(b) && valid_code(c)) {
for (i = 0; i < c; i++)
copy_glyph_names(glyph_names, a + i, b + i);
- p = strstr(p, " putinterval") + strlen(" putinterval");
+ p = strstr(p, " putinterval");
+ if (!p)
+ pdftex_fail("invalid pfb, no putinterval found in dup dup");
+ p += strlen(" putinterval");
skip(p, ' ');
}
/*
--- texk/web2c/luatexdir/font/writet1.c
+++ texk/web2c/luatexdir/font/writet1.c 2024-04-02 12:52:03.939492105 +0000
@@ -814,13 +814,19 @@ static char **t1_builtin_enc(void)
*t1_buf_array == '/' && valid_code(i)) {
if (strcmp(t1_buf_array + 1, notdef) != 0)
glyph_names[i] = xstrdup(t1_buf_array + 1);
- p = strstr(p, " put") + strlen(" put");
+ p = strstr(p, " put");
+ if (!p)
+ formatted_error("type 1","invalid pfb, no put found in dup");
+ p += strlen(" put");
skip_char(p, ' ');
}
/*tex Check for |dup dup <to> exch <from> get put|. */
else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2 && valid_code(a) && valid_code(b)) {
copy_glyph_names(glyph_names, a, b);
- p = strstr(p, " get put") + strlen(" get put");
+ p = strstr(p, " get put");
+ if (!p)
+ formatted_error("type 1","invalid pfb, no get put found in dup dupp");
+ p += strlen(" get put");
skip_char(p, ' ');
}
/*tex Check for |dup dup <from> <size> getinterval <to> exch putinterval|. */
@@ -828,7 +834,10 @@ static char **t1_builtin_enc(void)
&a, &c, &b) == 3 && valid_code(a) && valid_code(b) && valid_code(c)) {
for (i = 0; i < c; i++)
copy_glyph_names(glyph_names, a + i, b + i);
- p = strstr(p, " putinterval") + strlen(" putinterval");
+ p = strstr(p, " putinterval");
+ if (!p)
+ formatted_error("type 1","invalid pfb, no putinterval found in dup dup");
+ p += strlen(" putinterval");
skip_char(p, ' ');
}
/*tex Check for |def or |readonly def|. */
--- texk/web2c/pdftexdir/writet1.c
+++ texk/web2c/pdftexdir/writet1.c 2024-04-02 00:00:00.000000000 +0000
@@ -841,7 +841,10 @@ static char **t1_builtin_enc(void)
*t1_buf_array == '/' && valid_code(i)) {
if (strcmp(t1_buf_array + 1, notdef) != 0)
glyph_names[i] = xstrdup(t1_buf_array + 1);
- p = strstr(p, " put") + strlen(" put");
+ p = strstr(p, " put");
+ if (!p)
+ pdftex_fail("invalid pfb, no put found in dup");
+ p += strlen(" put");
skip(p, ' ');
}
/*
@@ -850,7 +853,10 @@ static char **t1_builtin_enc(void)
else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2
&& valid_code(a) && valid_code(b)) {
copy_glyph_names(glyph_names, a, b);
- p = strstr(p, " get put") + strlen(" get put");
+ p = strstr(p, " get put");
+ if (!p)
+ pdftex_fail("invalid pfb, no get put found in dup dup");
+ p += strlen(" get put");
skip(p, ' ');
}
/*
@@ -861,7 +867,10 @@ static char **t1_builtin_enc(void)
&& valid_code(a) && valid_code(b) && valid_code(c)) {
for (i = 0; i < c; i++)
copy_glyph_names(glyph_names, a + i, b + i);
- p = strstr(p, " putinterval") + strlen(" putinterval");
+ p = strstr(p, " putinterval");
+ if (!p)
+ pdftex_fail("invalid pfb, no putinterval found in dup dup");
+ p += strlen(" putinterval");
skip(p, ' ');
}
/*

25
source-CVE-2023-46051.patch Normal file
View File

@ -0,0 +1,25 @@
---
texk/web2c/pdftexdir/tounicode.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- texk/web2c/pdftexdir/tounicode.c
+++ texk/web2c/pdftexdir/tounicode.c 2024-04-02 00:00:00.000000000 +0000
@@ -535,10 +535,17 @@ void undumptounicode(void)
void **result;
glyph_unicode_entry *gu = new_glyph_unicode_entry();
undumpcharptr(gu->name);
+ if (gu->name == NULL) {
+ pdftex_fail("undumpcharptr(gu->name) got NULL");
+ }
generic_undump(gu->code);
- if (gu->code == UNI_STRING)
+ if (gu->code == UNI_STRING) {
undumpcharptr(gu->unicode_seq);
+ if (gu->unicode_seq == NULL) {
+ pdftex_fail("undumpcharptr(gu->unicode_seq) got NULL");
+ }
+ }
result = avl_probe(glyph_unicode_tree, gu);
assert(*result == gu);

10
texlive.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Apr 3 13:17:43 UTC 2024 - Dr. Werner Fink <werner@suse.de>
- Add patch source-CVE-2023-46048.patch
* Fix for bsc#1222126 (CVE-2023-46048)
NULL pointer dereference in texk/web2c/pdftexdir/writet1.c
- Add patch source-CVE-2023-46051.patch
* Fix for bsc#1222127 (CVE-2023-46051)q
NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c
------------------------------------------------------------------- -------------------------------------------------------------------
Fri May 5 07:02:45 UTC 2023 - Dr. Werner Fink <werner@suse.de> Fri May 5 07:02:45 UTC 2023 - Dr. Werner Fink <werner@suse.de>

6
texlive.spec
View File

@ -277,6 +277,10 @@ Patch62: source-psutils-kpathsea.dif
# Missed luajit fix for ppc/ppc64/ppc64le and riscv64 # Missed luajit fix for ppc/ppc64/ppc64le and riscv64
# PATCH-FIX-SUSE Support luajit fix for arm64 # PATCH-FIX-SUSE Support luajit fix for arm64
Patch106: 0006-Fix-register-allocation-bug-in-arm64.patch Patch106: 0006-Fix-register-allocation-bug-in-arm64.patch
# PATCH-FIX-UPSTREAM Upstream fix for CVE-2023-46048
Patch107: source-CVE-2023-46048.patch
# PATCH-FIX-UPSTREAM Upstream fix for CVE-2023-46051
Patch108: source-CVE-2023-46051.patch
Prefix: %{_bindir} Prefix: %{_bindir}
Provides: pdfjam = %{version} Provides: pdfjam = %{version}
Obsoletes: pdfjam < %{version} Obsoletes: pdfjam < %{version}
@ -4110,6 +4114,8 @@ pushd libs/luajit/LuaJIT-src/
#Missed patch ppc and risc #Missed patch ppc and risc
%patch106 -p1 -b .arm64 %patch106 -p1 -b .arm64
popd popd
%patch107 -p0
%patch108 -p0
%patch0 -p0 -b .p0 %patch0 -p0 -b .p0
%if %{with luametatex} %if %{with luametatex}
pushd ../luametatex* pushd ../luametatex*