rpms/texlive-base
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f42
rpms:f43
rpms:main
rpms:f41
rpms:f40
rpms:f39
rpms:f37
rpms:f38
rpms:f36
rpms:f35
rpms:f34
rpms:f32
rpms:f33
rpms:f30
rpms:f31
rpms:f29
rpms:f28
rpms:eln
...
pull from: rpms:f31
Branches Tags
rpms:f42
rpms:f43
rpms:main
rpms:rawhide
rpms:f41
rpms:f40
rpms:f39
rpms:f37
rpms:f38
rpms:f36
rpms:f35
rpms:f34
rpms:f32
rpms:f33
rpms:f30
rpms:f31
rpms:f29
rpms:f28
rpms:eln
Sign in to create a new pull request.

1 commit
rawhide ... f31

Author SHA1 Message Date
Than Ngo
f000b96b2a fix bz#1798119 - buffer overflow in TexOpen() function, CVE-2019-19601 2020-02-05 13:13:05 +01:00
2 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

16
texlive-base-20190410-CVE-2019-19601.patch Normal file
View file

@ -0,0 +1,16 @@
diff -up texlive-base-20190410/source/texk/detex/detex-src/detex.l.me texlive-base-20190410/source/texk/detex/detex-src/detex.l
--- texlive-base-20190410/source/texk/detex/detex-src/detex.l.me 2020-02-05 12:54:36.100840384 +0100
+++ texlive-base-20190410/source/texk/detex/detex-src/detex.l 2020-02-05 13:00:28.476320773 +0100
@@ -898,10 +898,10 @@ TexOpen(char *sbFile)
#else
if (*sbFile == '/') { /* absolute path */
#endif
- (void)sprintf(sbFullPath, "%s", sbFile);
+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s", sbFile);
iPath = csbInputPaths; /* only check once */
} else
- (void)sprintf(sbFullPath, "%s/%s", rgsbInputPaths[iPath], sbFile);
+ (void)snprintf(sbFullPath, PATH_MAX-1, "%s/%s", rgsbInputPaths[iPath], sbFile);
#ifdef OS2
pch = sbFullPath;
while (pch = strchr(pch, '\\'))

9
texlive-base.spec
View file

@ -17,7 +17,7 @@
Name: %{shortname}-base
Version: %{source_date}
Release: 7%{?dist}
Release: 8%{?dist}
Epoch: 7
Summary: TeX formatting system
# The only files in the base package are directories, cache, and license texts
@ -431,7 +431,8 @@ Patch20: texlive-20190410-dvisvgm-fix-libgs-detection.patch
Patch21: texlive-20190410-tlmgr-ignore-warning.patch
# Fix latex-papersize for python3 (thanks to upstream)
Patch22: texlive-base-latex-papersize-py3.patch
# bz#1798119, buffer overflow, CVE-2019-19601
Patch23: texlive-base-20190410-CVE-2019-19601.patch
# Can't do this because it causes everything else to be noarch
# BuildArch: noarch
@ -6548,6 +6549,7 @@ xz -dc %{SOURCE0} | tar x
%endif
%patch19 -p1 -b .shh
%patch20 -p1 -b .fix-libgs-detection
%patch23 -p1 -b .CVE-2019-19601
# Setup copies of the licenses
for l in `unxz -c %{SOURCE3} | tar t`; do
@ -9033,6 +9035,9 @@ done <<< "$list"
%doc %{_texdir}/texmf-dist/doc/latex/yplan/
%changelog
* Wed Feb 05 2020 Than Ngo <than@redhat.com> - 7:20190410-8
- fix bz#1798119 - buffer overflow in TexOpen() function, CVE-2019-19601
* Fri Jan 10 2020 Tom Callaway <spot@fedoraproject.org> - 7:20190410-7
- fix python3 issue with pdfbook2 (thanks to "Mildred", bz1733794)
- fix python3 issue with latex-papersize (thanks to Silas S. Brown, bz1783964)