87 lines
3.7 KiB
Plaintext
87 lines
3.7 KiB
Plaintext
Extracted from svn source tree of TeXLive for CVE-2018-17407 (bsc#1109673)
|
|
------------------------------------------------------------------------
|
|
r48697 | preining | 2018-09-19 06:02:06 +0200 (Wed, 19 Sep 2018) | 1 line
|
|
|
|
writet1 protection against buffer overflow
|
|
------------------------------------------------------------------------
|
|
| Index: Build/source/texk/dvipsk/ChangeLog
|
|
| ===================================================================
|
|
| --- Build/source/texk/dvipsk/ChangeLog (revision 48696)
|
|
| +++ Build/source/texk/dvipsk/ChangeLog (revision 48697)
|
|
| @@ -1,3 +1,8 @@
|
|
| +2018-09-18 Nick Roessler <nicholas.e.roessler@gmail.com>
|
|
| +
|
|
| + * writet1.c (t1_check_unusual_charstring): protect against buffer
|
|
| + overflow.
|
|
| +
|
|
| 2018-04-14 Karl Berry <karl@tug.org>
|
|
|
|
|
| * Version 5.998 for TeX Live 2018 release.
|
|
Index: Build/source/texk/dvipsk/writet1.c
|
|
===================================================================
|
|
--- Build/source/texk/dvipsk/writet1.c (revision 48696)
|
|
+++ Build/source/texk/dvipsk/writet1.c (revision 48697)
|
|
@@ -1449,7 +1449,9 @@
|
|
*(strend(t1_buf_array) - 1) = ' ';
|
|
|
|
t1_getline();
|
|
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcat(t1_buf_array, t1_line_array);
|
|
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcpy(t1_line_array, t1_buf_array);
|
|
t1_line_ptr = eol(t1_line_array);
|
|
}
|
|
| Index: Build/source/texk/web2c/luatexdir/ChangeLog
|
|
| ===================================================================
|
|
| --- Build/source/texk/web2c/luatexdir/ChangeLog (revision 48696)
|
|
| +++ Build/source/texk/web2c/luatexdir/ChangeLog (revision 48697)
|
|
| @@ -1,3 +1,7 @@
|
|
| +2018-09-18 Nick Roessler <nicholas.e.roessler@gmail.com>
|
|
| + * fonts/writet1.w (t1_check_unusual_charstring): protect against
|
|
| + buffer overflow.
|
|
| +
|
|
| 2018-08-27 Luigi Scarso <luigi.scarso@gmail.com>
|
|
| * dropped dependency from gmp and mpfr
|
|
|
|
|
Index: Build/source/texk/web2c/luatexdir/font/writet1.c
|
|
===================================================================
|
|
--- Build/source/texk/web2c/luatexdir/font/writet1.w (revision 48696)
|
|
+++ Build/source/texk/web2c/luatexdir/font/writet1.w (revision 48697)
|
|
@@ -1581,7 +1581,9 @@
|
|
if (sscanf(p, "%i", &i) != 1) {
|
|
strcpy(t1_buf_array, t1_line_array);
|
|
t1_getline();
|
|
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcat(t1_buf_array, t1_line_array);
|
|
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcpy(t1_line_array, t1_buf_array);
|
|
t1_line_ptr = eol(t1_line_array);
|
|
}
|
|
| Index: Build/source/texk/web2c/pdftexdir/ChangeLog
|
|
| ===================================================================
|
|
| --- Build/source/texk/web2c/pdftexdir/ChangeLog (revision 48696)
|
|
| +++ Build/source/texk/web2c/pdftexdir/ChangeLog (revision 48697)
|
|
| @@ -1,3 +1,8 @@
|
|
| +2018-09-18 Nick Roessler <nicholas.e.roessler@gmail.com>
|
|
| +
|
|
| + * writet1.c (t1_check_unusual_charstring): protect against buffer
|
|
| + overflow.
|
|
| +
|
|
| 2018-09-09 Karl Berry <karl@tug.org>
|
|
|
|
|
| * expanded.test,
|
|
Index: Build/source/texk/web2c/pdftexdir/writet1.c
|
|
===================================================================
|
|
--- Build/source/texk/web2c/pdftexdir/writet1.c (revision 48696)
|
|
+++ Build/source/texk/web2c/pdftexdir/writet1.c (revision 48697)
|
|
@@ -1598,7 +1598,9 @@
|
|
*(strend(t1_buf_array) - 1) = ' ';
|
|
|
|
t1_getline();
|
|
+ alloc_array(t1_buf, strlen(t1_line_array) + strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcat(t1_buf_array, t1_line_array);
|
|
+ alloc_array(t1_line, strlen(t1_buf_array) + 1, T1_BUF_SIZE);
|
|
strcpy(t1_line_array, t1_buf_array);
|
|
t1_line_ptr = eol(t1_line_array);
|
|
}
|