rpms/evince
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Remove evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch

Browse Source 
Change the way thumbnailer is integrated with system
This commit is contained in:
Marek Kasik 2011-01-12 13:28:06 +01:00
parent 0aa0ad6610
commit 9606608904
2 changed files with 6 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
View File

@ -1,96 +0,0 @@
commit d4139205b010ed06310d14284e63114e88ec6de2
Author: José Aliste <jaliste@src.gnome.org>
Date: Tue Dec 7 15:56:47 2010 -0300
backends: Fix several security issues in the dvi-backend.
See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643.
diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c
index 164366b..361e23d 100644
--- a/backend/dvi/mdvi-lib/afmparse.c
+++ b/backend/dvi/mdvi-lib/afmparse.c
@@ -160,7 +160,7 @@ static char *token(FILE *stream)
idx = 0;
while (ch != EOF && ch != ' ' && ch != lineterm
- && ch != '\t' && ch != ':' && ch != ';')
+ && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME)
{
ident[idx++] = ch;
ch = fgetc(stream);
diff --git a/backend/dvi/mdvi-lib/dviread.c b/backend/dvi/mdvi-lib/dviread.c
index cd8cfa9..d014320 100644
--- a/backend/dvi/mdvi-lib/dviread.c
+++ b/backend/dvi/mdvi-lib/dviread.c
@@ -1507,6 +1507,10 @@ int special(DviContext *dvi, int opcode)
Int32 arg;
arg = dugetn(dvi, opcode - DVI_XXX1 + 1);
+ if (arg <= 0) {
+ dvierr(dvi, _("malformed special length\n"));
+ return -1;
+ }
s = mdvi_malloc(arg + 1);
dread(dvi, s, arg);
s[arg] = 0;
diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c
index a579186..08377e6 100644
--- a/backend/dvi/mdvi-lib/pk.c
+++ b/backend/dvi/mdvi-lib/pk.c
@@ -469,6 +469,15 @@ static int pk_load_font(DviParams *unused, DviFont *font)
}
if(feof(p))
break;
+
+ /* Although the PK format support bigger char codes,
+ * XeTeX and other extended TeX engines support charcodes up to
+ * 65536, while normal TeX engine supports only charcode up to 255.*/
+ if (cc < 0 || cc > 65536) {
+ mdvi_error (_("%s: unexpected charcode (%d)\n"),
+ font->fontname,cc);
+ goto error;
+ }
if(cc < loc)
loc = cc;
if(cc > hic)
@@ -512,7 +521,7 @@ static int pk_load_font(DviParams *unused, DviFont *font)
}
/* resize font char data */
- if(loc > 0 || hic < maxch-1) {
+ if(loc > 0 && hic < maxch-1) {
memmove(font->chars, font->chars + loc,
(hic - loc + 1) * sizeof(DviFontChar));
font->chars = xresize(font->chars,
diff --git a/backend/dvi/mdvi-lib/tfmfile.c b/backend/dvi/mdvi-lib/tfmfile.c
index 73ebf26..8c2a30b 100644
--- a/backend/dvi/mdvi-lib/tfmfile.c
+++ b/backend/dvi/mdvi-lib/tfmfile.c
@@ -172,7 +172,8 @@ int tfm_load_file(const char *filename, TFMInfo *info)
/* We read the entire TFM file into core */
if(fstat(fileno(in), &st) < 0)
return -1;
- if(st.st_size == 0)
+ /* according to the spec, TFM files are smaller than 16K */
+ if(st.st_size == 0 || st.st_size >= 16384)
goto bad_tfm;
/* allocate a word-aligned buffer to hold the file */
diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c
index fb49847..a5ae3bb 100644
--- a/backend/dvi/mdvi-lib/vf.c
+++ b/backend/dvi/mdvi-lib/vf.c
@@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font)
cc = fuget1(p);
tfm = fuget3(p);
}
+ if (cc < 0 || cc > 65536) {
+ /* TeX engines do not support char codes bigger than 65535 */
+ mdvi_error(_("(vf) %s: unexpected character %d\n"),
+ font->fontname, cc);
+ goto error;
+ }
if(loc < 0 || cc < loc)
loc = cc;
if(hic < 0 || cc > hic)

25
evince.spec
View File

@ -5,7 +5,7 @@
Name: evince Name: evince
Version: 2.91.5 Version: 2.91.5
Release: 1%{?dist} Release: 2%{?dist}
Summary: Document viewer Summary: Document viewer
License: GPLv2+ and GFDL License: GPLv2+ and GFDL
@ -15,9 +15,6 @@ Source0: http://download.gnome.org/sources/%{name}/2.91/%{name}-%{version
# https://bugzilla.redhat.com/show_bug.cgi?id=562648 # https://bugzilla.redhat.com/show_bug.cgi?id=562648
Patch2: evince-t1font-mapping.patch Patch2: evince-t1font-mapping.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=667573
Patch3: evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: poppler-glib-devel >= %{poppler_version} BuildRequires: poppler-glib-devel >= %{poppler_version}
@ -113,7 +110,6 @@ It adds an additional tab called "Document" to the file properties dialog.
%prep %prep
%setup -q %setup -q
%patch2 -p1 -b .t1font-map %patch2 -p1 -b .t1font-map
%patch3 -p1 -b .CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643
%build %build
automake automake
@ -153,25 +149,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/icon-theme.cache rm -f $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/icon-theme.cache
%pre
%gconf_schema_prepare evince-thumbnailer evince-thumbnailer-ps
%gconf_schema_prepare evince-thumbnailer-comics evince-thumbnailer-djvu
%gconf_schema_prepare evince-thumbnailer-dvi
%post %post
%gconf_schema_upgrade evince-thumbnailer evince-thumbnailer-ps
%gconf_schema_upgrade evince-thumbnailer-comics evince-thumbnailer-djvu
%gconf_schema_upgrade evince-thumbnailer-dvi
update-desktop-database &> /dev/null ||: update-desktop-database &> /dev/null ||:
touch --no-create %{_datadir}/icons/hicolor >&/dev/null || : touch --no-create %{_datadir}/icons/hicolor >&/dev/null || :
%post libs -p /sbin/ldconfig %post libs -p /sbin/ldconfig
%preun
%gconf_schema_remove evince-thumbnailer evince-thumbnailer-ps
%gconf_schema_remove evince-thumbnailer-comics evince-thumbnailer-djvu
%gconf_schema_remove evince-thumbnailer-dvi
%postun %postun
update-desktop-database &> /dev/null ||: update-desktop-database &> /dev/null ||:
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
@ -189,7 +172,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas ||:
%files -f evince.lang %files -f evince.lang
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_bindir}/* %{_bindir}/*
%{_sysconfdir}/gconf/schemas/*
%{_datadir}/%{name}/ %{_datadir}/%{name}/
%{_datadir}/applications/%{name}.desktop %{_datadir}/applications/%{name}.desktop
%{_datadir}/icons/hicolor/*/apps/evince.* %{_datadir}/icons/hicolor/*/apps/evince.*
@ -198,6 +180,7 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas ||:
%{_datadir}/dbus-1/services/org.gnome.evince.Daemon.service %{_datadir}/dbus-1/services/org.gnome.evince.Daemon.service
%{_datadir}/glib-2.0/schemas/org.gnome.Evince.gschema.xml %{_datadir}/glib-2.0/schemas/org.gnome.Evince.gschema.xml
%{_datadir}/GConf/gsettings/evince.convert %{_datadir}/GConf/gsettings/evince.convert
%{_datadir}/thumbnailers/evince.thumbnailer
%files libs %files libs
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -247,6 +230,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas ||:
%{_libdir}/nautilus/extensions-3.0/libevince-properties-page.so %{_libdir}/nautilus/extensions-3.0/libevince-properties-page.so
%changelog %changelog
* Wed Jan 12 2011 Marek Kasik <mkasik@redhat.com> - 2.91.5-2
- Remove evince-CVE-2010-2640_CVE-2010-2641_CVE-2010-2642_CVE-2010-2643.patch
- Change the way thumbnailer is integrated with system
* Tue Jan 11 2011 Matthias Clasen <mclasen@redhat.com> 2.91.5-1 * Tue Jan 11 2011 Matthias Clasen <mclasen@redhat.com> 2.91.5-1
- Update to 2.91.5 - Update to 2.91.5