!67 [sync] PR-61: Fix CVE-2023-46048

From: @openeuler-sync-bot Reviewed-by: @wk333 Signed-off-by: @wk333
2024-08-08 01:07:43 +00:00 · 2024-08-08 01:07:43 +00:00 · dcf9c9bf2f
commit dcf9c9bf2f
parent c55f1090dd 40082354ab
2 changed files with 61 additions and 3 deletions
--- a/CVE-2023-46048.patch
+++ b/CVE-2023-46048.patch
@ -0,0 +1,54 @@
+Origin:
+https://github.com/TeX-Live/texlive-source/commit/33b330bc48ed2df69daf80a81be3cde8bf794816
+https://tug.org/pipermail/tex-live/2023-August/049402.html
+
+From 33b330bc48ed2df69daf80a81be3cde8bf794816 Mon Sep 17 00:00:00 2001
+From: Karl Berry <karl@freefriends.org>
+Date: Sat, 26 Aug 2023 17:50:10 +0000
+Subject: [PATCH] guard against corrupt pfb in dup tests, pdftex r910
+
+git-svn-id: svn://tug.org/texlive/trunk/Build/source@68069 c570f23f-e606-0410-a88d-b1316a301751
+---
+ texlive-20180414-source/texk/web2c/pdftexdir/writet1.c | 15 ++++++++++++---
+ 1 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c b/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c
+index 0444d46be0..f2a8386cab 100644
+--- a/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c
+++ b/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c
+@@ -841,7 +841,10 @@ static char **t1_builtin_enc(void)
+                 *t1_buf_array == '/' && valid_code(i)) {
+                 if (strcmp(t1_buf_array + 1, notdef) != 0)
+                     glyph_names[i] = xstrdup(t1_buf_array + 1);
+-                p = strstr(p, " put") + strlen(" put");
+                p = strstr(p, " put");
+                if (!p)
+                    pdftex_fail("invalid pfb, no put found in dup");
+                p += strlen(" put");
+                 skip(p, ' ');
+             }
+             /*
+@@ -850,7 +853,10 @@ static char **t1_builtin_enc(void)
+             else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2
+                      && valid_code(a) && valid_code(b)) {
+                 copy_glyph_names(glyph_names, a, b);
+-                p = strstr(p, " get put") + strlen(" get put");
+                p = strstr(p, " get put");
+                if (!p)
+                    pdftex_fail("invalid pfb, no get put found in dup dup");
+                p += strlen(" get put");
+                 skip(p, ' ');
+             }
+             /*
+@@ -861,7 +867,10 @@ static char **t1_builtin_enc(void)
+                      && valid_code(a) && valid_code(b) && valid_code(c)) {
+                 for (i = 0; i < c; i++)
+                     copy_glyph_names(glyph_names, a + i, b + i);
+-                p = strstr(p, " putinterval") + strlen(" putinterval");
+                p = strstr(p, " putinterval");
+                if (!p)
+                   pdftex_fail("invalid pfb, no putinterval found in dup dup");
+                p += strlen(" putinterval");
+                 skip(p, ' ');
+             }
+             /*
--- a/texlive-base.spec
+++ b/texlive-base.spec
@ -4,7 +4,7 @@

 Name:           texlive-base
 Version:        20180414
-Release:        37
+Release:        38
 Epoch:          7
 Summary:        TeX formatting system
 License:        ASL 2.0 and LGPL-2.1-only and Zlib and OFL-1.1 and Public Domain and LGPL-2.0-only and GPLv2+ and MPL-1.1 and Libpng and LGPL-3.0-only and BSL-1.0 and GPLv2 and GPLv3 and CPL-1.0 and IJG and MIT and LPPL-1.3c and ICU and psutils
@ -381,6 +381,7 @@ Patch0006:      texlive-base-CVE-2018-17407.patch
 Patch0007:      fix-build-error-when-srctopdf-is-ok.patch
 Patch0008:      remove-support-of-poppler.patch
 Patch0009:      CVE-2023-32700.patch
+Patch0010:      CVE-2023-46048.patch
 Patch1000:	1000-add-sw_64-support-not-upstream-modified-files.patch

 BuildRequires:  xz libXaw-devel libXi-devel ncurses-devel bison flex file perl(Digest::MD5) texinfo gcc-c++
@ -8123,7 +8124,10 @@ done <<< "$list"
 %doc %{_datadir}/texlive/texmf-dist/doc/latex/yplan/

 %changelog
-* Sat Mar 18 2024 hefq343 <fengqing.he@shingroup.cn@> - 7:20180414-37
+* Mon Aug 05 2024 wangkai <13474090681@163.com> - 7:20180414-38
+- Fix CVE-2023-46048
+
+* Mon Mar 18 2024 hefq343 <fengqing.he@shingroup.cn> - 7:20180414-37
 - add ppc64le support

 * Fri Aug 11 2023 yeqinglong <yeqinglong@kylinsec.com.cn> - 7:20180414-36
@ -8132,7 +8136,7 @@ done <<< "$list"
 * Mon Jul 03 2023 yaoxin <yao_xin001@hoperun.com> - 7:20180414-35
 - Fix CVE-2023-32700

-* Tue Jan 06 2023 misaka00251 <liuxin@iscas.ac.cn> - 20180414-34
+* Fri Jan 06 2023 misaka00251 <liuxin@iscas.ac.cn> - 20180414-34
 - Fix build on riscv64

 * Wed Jan 19 2022 xu_ping <xuping33@huawei.com> - 20180414-33