[65573] trunk/dports/tex/pTeX

takanori at macports.org takanori at macports.org
Sat Mar 27 20:36:42 PDT 2010 

Revision: 65573
          http://trac.macports.org/changeset/65573
Author:   takanori at macports.org
Date:     2010-03-27 20:36:41 -0700 (Sat, 27 Mar 2010)
Log Message:
-----------
pTeX:
 - Minor security fixes in dvipsk. (CVE-2010-0739, CVE-2010-0827)
 - Update jsclases to 20100314,	   minijs to 20100317.

Modified Paths:
--------------
    trunk/dports/tex/pTeX/Portfile
    trunk/dports/tex/pTeX/files/patch-1check-archive.sh.diff
    trunk/dports/tex/pTeX/files/patch-2extract-src.sh.diff
    trunk/dports/tex/pTeX/files/patch-md5sum_texsrc.traditional.diff

Added Paths:
-----------
    trunk/dports/tex/pTeX/files/minijs_sty-20100317.diff
    trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0739.diff
    trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0827.diff

Modified: trunk/dports/tex/pTeX/Portfile
===================================================================
--- trunk/dports/tex/pTeX/Portfile	2010-03-28 03:35:37 UTC (rev 65572)
+++ trunk/dports/tex/pTeX/Portfile	2010-03-28 03:36:41 UTC (rev 65573)
@@ -3,13 +3,12 @@
 PortSystem      1.0
 
 name            pTeX
-version         20100218
-revision        1
+version         20100328
 epoch           ${version}
 set ver_ptetex3     20080616
 set ver_dvipdfmx    20090708
 set ver_dvipsk      5.97-p1.7b-20090509
-set ver_jsclasses   090222
+set ver_jsclasses   100314
 set ver_txfonts     3.2.1
 set ver_pxfonts     1.1.1
 categories      tex print textproc japanese
@@ -58,7 +57,7 @@
                 ${distname}${extract.suffix}    rmd160 50bcf8986d1cb5f23e578ba97d7ade20bb05f3a2 \
                 dvipdfmx-${ver_dvipdfmx}.tar.gz rmd160 41b57a20264a569222f3b59ac023dff427e2fddf \
                 dvipsk-${ver_dvipsk}.tar.gz     rmd160 c15135bcd4c01143a921d5eaeadd43247738289e \
-                jsclasses-${ver_jsclasses}.zip  rmd160 070ee272072166dccde9c957eb03f0395aa96cfe \
+                jsclasses-${ver_jsclasses}.zip  rmd160 7e2704ca941fa6e4cd4e0d200fd3387b4052f4e0 \
                 txfonts-${ver_txfonts}.zip      rmd160 e0881b33012ae10a7557ee773439df62e600e56d \
                 pxfonts-${ver_pxfonts}.zip      rmd160 9a2e8df4b779dab2c93704f0716f3d69dcbac6fe \
                 cmap-gs871.tar.gz               rmd160 1fb4a51914f6b17050d984414e0490d9a5e6edc9
@@ -181,6 +180,8 @@
         }
     }
 
+    system "cd ${destroot}${prefix}/share/texmf/packages/jsclasses && patch -p0 < ${filespath}/minijs_sty-20100317.diff"
+
     # Update ls-R, map and fmt files (before packaging)
     set destroot_var "PATH=\"${destroot}${prefix}/bin:$env(PATH)\" TEXMFMAIN=${destroot}${prefix}/share/texmf LD_LIBRARY_PATH=${destroot}${prefix}/lib"
     system "${destroot_var} mktexlsr"

Added: trunk/dports/tex/pTeX/files/minijs_sty-20100317.diff
===================================================================
--- trunk/dports/tex/pTeX/files/minijs_sty-20100317.diff	                        (rev 0)
+++ trunk/dports/tex/pTeX/files/minijs_sty-20100317.diff	2010-03-28 03:36:41 UTC (rev 65573)
@@ -0,0 +1,11 @@
+--- minijs.sty.orig	2009-11-23 14:53:26.000000000 +0900
++++ minijs.sty	2010-03-17 08:50:05.000000000 +0900
+@@ -13,7 +13,7 @@
+     \let\@currsize#1%
+   \fi
+   \fontsize{#2}{#3}\selectfont
+-  \ifdim\parindent>\z@ \parindent=1zw \fi
++% \ifdim\parindent>\z@ \parindent=1zw \fi
+   \kanjiskip=0zw plus .1zw minus .01zw
+   \xkanjiskip=0.25em plus 0.15em minus 0.06em}
+ \DeclareRobustCommand\rmfamily

Modified: trunk/dports/tex/pTeX/files/patch-1check-archive.sh.diff
===================================================================
--- trunk/dports/tex/pTeX/files/patch-1check-archive.sh.diff	2010-03-28 03:35:37 UTC (rev 65572)
+++ trunk/dports/tex/pTeX/files/patch-1check-archive.sh.diff	2010-03-28 03:36:41 UTC (rev 65573)
@@ -17,7 +17,7 @@
  40f757c7c16bce50915893170ed9b916  macro/eclepsf.sty
  601835d441df357d28f93c4d4534dbe0  macro/epsbox.sty
 -bac445d00f782ed55efdfb0380dbb303  macro/jsclasses-071024.zip
-+eab726afd7249145578df56daa3d805f  macro/jsclasses-090222.zip
++d8a31910c27ffae3106b47e8e94c97bf  macro/jsclasses-100314.zip
  4c6224bbdc50345999714c32958eb186  macro/otfstable-speedup.patch
  0fd496d0e9b365457e161d18da9dfffb  macro/otfstable.zip
  50382fd31d95532cbc3d6803bc882578  macro/powerdot.tar.gz

Modified: trunk/dports/tex/pTeX/files/patch-2extract-src.sh.diff
===================================================================
--- trunk/dports/tex/pTeX/files/patch-2extract-src.sh.diff	2010-03-28 03:35:37 UTC (rev 65572)
+++ trunk/dports/tex/pTeX/files/patch-2extract-src.sh.diff	2010-03-28 03:36:41 UTC (rev 65573)
@@ -55,12 +55,14 @@
  ## disable installing 'config.ps'
  $CP $SRC/texk/${P}dvipsk/Makefile.in       $SRC/texk/${P}dvipsk/Makefile.in.jp
  $CP $SRC/texk/${P}dvipsk/Makefile.in.tetex $SRC/texk/${P}dvipsk/Makefile.in
-@@ -255,6 +248,9 @@
+@@ -255,6 +248,11 @@
  # Fix xpdf integer overflow CVE-2007-3387 (impoted from tetex-3.0-35.fc6)
  cpatch security/tetex-3.0-CVE-2007-3387.patch      1 $SRC
  
 +cpatch security/bibtex-CVE-2009-1284.diff          1 $SRC
 +cpatch security/jbibtex-CVE-2009-1284.diff         1 $SRC
++cpatch security/dvipsk-CVE-2010-0739.diff          1 $SRC
++cpatch security/dvipsk-CVE-2010-0827.diff          1 $SRC
 +
  #exit # uncomment if 'mktemp' command doesn't exist
  # Don't use PID for temporary file names in scripts. (impoted from FC4)

Modified: trunk/dports/tex/pTeX/files/patch-md5sum_texsrc.traditional.diff
===================================================================
--- trunk/dports/tex/pTeX/files/patch-md5sum_texsrc.traditional.diff	2010-03-28 03:35:37 UTC (rev 65572)
+++ trunk/dports/tex/pTeX/files/patch-md5sum_texsrc.traditional.diff	2010-03-28 03:36:41 UTC (rev 65573)
@@ -1,5 +1,5 @@
---- md5sum/texsrc.traditional.orig	2008-06-16 15:02:58.000000000 +0900
-+++ md5sum/texsrc.traditional	2010-02-18 22:56:02.000000000 +0900
+--- md5sum/texsrc.traditional.orig	2010-03-28 09:38:04.000000000 +0900
++++ md5sum/texsrc.traditional	2010-03-28 09:39:44.000000000 +0900
 @@ -72,29 +72,29 @@
  aa8bcb252fdfab1e6164e338b6a791ce  ./texk/dvipdfm/ebb.c
  c98e0303e74020945a281afd04b09182  ./texk/dvipdfm/pdfdoc.c
@@ -20,7 +20,8 @@
 -92579eca220d2279787ddb98b5b1e439  ./texk/dvipsk/config.ps
 +185c9d7f7053cf318cd9c30b2b8b92b2  ./texk/dvipsk/config.ps
  724c33d501d97c61a405429341757a2d  ./texk/dvipsk/dopage.c
- 28ea2b6d495b6fc506a8739a6a9b4671  ./texk/dvipsk/dospecial.c
+-28ea2b6d495b6fc506a8739a6a9b4671  ./texk/dvipsk/dospecial.c
++93bd892425fa393963530bc6d2d92739  ./texk/dvipsk/dospecial.c
  76cce1c3de62281469971a3e0304329b  ./texk/dvipsk/download.c
  727a5cb6d89cc7f3fb06e4b6377c011b  ./texk/dvipsk/drawPS.c
 -3c796d1ddaa2592d8a7a6ce10aa374fc  ./texk/dvipsk/dvips.c
@@ -42,7 +43,7 @@
  e1470e1f32786c791bcbd56200a4aee2  ./texk/dvipsk/loadfont.c
  24d3678dccfe858ea7279c886b806d88  ./texk/dvipsk/makefont.c
  f2f7c392d4e66ec77502b744b011944b  ./texk/dvipsk/output.c
-@@ -102,7 +102,7 @@
+@@ -102,15 +102,15 @@
  6b4c69fba5ed485f5493417568553d9f  ./texk/dvipsk/protos.h
  3373bff6f5dd1abf8fa0d50d248d8c4c  ./texk/dvipsk/psfonts_jp.map
  b696de7e767b4851bd5b365275d64efd  ./texk/dvipsk/ptexmac.h
@@ -51,11 +52,12 @@
  6fa821496c1a2c54bc63195115146b93  ./texk/dvipsk/scanpage.c
  ba8269e7e632189373cbd0e5e8111e6b  ./texk/dvipsk/search.c
  21d945921692a53e2d3b245f71cd6bdc  ./texk/dvipsk/skippage.c
-@@ -110,7 +110,7 @@
+ b3a3036b948b99c267e5aafec00d798b  ./texk/dvipsk/squeeze.c
  5160809d6a1fcfb43b783faac6567345  ./texk/dvipsk/tex.lpro
  08c813d19b9c1945bbeee04bdfe404d7  ./texk/dvipsk/tfmload.c
- 99cade12db7701a596fc68c0487b4178  ./texk/dvipsk/virtualfont.c
+-99cade12db7701a596fc68c0487b4178  ./texk/dvipsk/virtualfont.c
 -78bd7cd03858724fb8066d520043866e  ./texk/dvipsk/writet1.c
++d04e96f6f94ba1e953f856c6dad8f2f7  ./texk/dvipsk/virtualfont.c
 +9a58f3f25db62543dd9fb1e7e7a017fc  ./texk/dvipsk/writet1.c
  383ef540698559ab73f11dd317f111af  ./texk/kpathsea/BUGS
  2e4745385a79e7e3222b1a2d13692d6d  ./texk/kpathsea/ChangeLog

Added: trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0739.diff
===================================================================
--- trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0739.diff	                        (rev 0)
+++ trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0739.diff	2010-03-28 03:36:41 UTC (rev 65573)
@@ -0,0 +1,15 @@
+--- tetex-src-3.0/texk/dvipsk/dospecial.c.orig	2010-03-28 09:07:31.000000000 +0900
++++ tetex-src-3.0/texk/dvipsk/dospecial.c	2010-03-28 09:27:27.000000000 +0900
+@@ -412,6 +412,12 @@
+    static int omega_specials = 0;
+ 
+    if (nextstring + numbytes > maxstring) {
++      if (numbytes < 0
++	  || (numbytes > 0 && 2 > INT_MAX / numbytes)
++	  || 2 * numbytes > 1000 + 2 * numbytes) {
++         error("! Integer overflow in predospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
+       maxstring = nextstring + 2 * numbytes + 700 ;
+    }

Added: trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0827.diff
===================================================================
--- trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0827.diff	                        (rev 0)
+++ trunk/dports/tex/pTeX/files/security/dvipsk-CVE-2010-0827.diff	2010-03-28 03:36:41 UTC (rev 65573)
@@ -0,0 +1,48 @@
+--- tetex-src-3.0/texk/dvipsk/virtualfont.c.orig	2010-03-28 09:07:31.000000000 +0900
++++ tetex-src-3.0/texk/dvipsk/virtualfont.c	2010-03-28 09:17:20.000000000 +0900
+@@ -5,6 +5,7 @@
+ #include "dvips.h" /* The copyright notice in that file is included too! */
+ #ifdef KPATHSEA
+ #include <kpathsea/c-pathmx.h>
++#include <kpathsea/concatn.h>
+ #endif
+ /*
+  *   These are the external routines we use.
+@@ -36,12 +37,12 @@
+  *   Subroutine vfbyte returns the next byte.
+  */
+ static FILE *vffile ;
+-static char name[50] ;
++static char name[500] ;
+ void
+ badvf P1C(char *, s)
+ {
+-   (void)sprintf(errbuf,"! Bad VF file %s: %s",name,s) ;
+-   error(errbuf);
++   char *msg = concatn("! Bad VF file ", name, ":", s);
++   error(msg);
+ }
+ 
+ shalfword
+@@ -93,6 +94,10 @@
+    if (*d==0)
+       d = vfpath ;
+ #endif
++   if (strlen(n) + 5 >= sizeof (name)) {
++     /* 5 for vf() + null */
++     error("! VF file name too long in vfopen") ;
++   }
+ #ifdef MVSXA   /* IBM: MVS/XA */
+    (void)sprintf(name, "vf(%s)", n) ;
+ #else
+@@ -223,8 +228,8 @@
+    k = (integer)(alpha * (real)vfquad()) ;
+    if ((id != 9 && id != 11) &&
+        (k > curfnt->designsize + 2 || k < curfnt->designsize - 2)) {
+-      (void)sprintf(errbuf,"Design size mismatch in font %s", name) ;
+-      error(errbuf) ;
++      char *msg = concat("Design size mismatch in font ", name);
++      error(msg);
+    }
+ /*
+  * Now we look for font definitions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20100327/c25974be/attachment.html>

More information about the macports-changes mailing list