diff --git a/CVE-2023-46048.patch b/CVE-2023-46048.patch new file mode 100644 index 0000000000000000000000000000000000000000..583095f052e825bc97cd6f2f3601f1298003e787 --- /dev/null +++ b/CVE-2023-46048.patch @@ -0,0 +1,54 @@ +Origin: +https://github.com/TeX-Live/texlive-source/commit/33b330bc48ed2df69daf80a81be3cde8bf794816 +https://tug.org/pipermail/tex-live/2023-August/049402.html + +From 33b330bc48ed2df69daf80a81be3cde8bf794816 Mon Sep 17 00:00:00 2001 +From: Karl Berry +Date: Sat, 26 Aug 2023 17:50:10 +0000 +Subject: [PATCH] guard against corrupt pfb in dup tests, pdftex r910 + +git-svn-id: svn://tug.org/texlive/trunk/Build/source@68069 c570f23f-e606-0410-a88d-b1316a301751 +--- + texlive-20180414-source/texk/web2c/pdftexdir/writet1.c | 15 ++++++++++++--- + 1 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c b/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c +index 0444d46be0..f2a8386cab 100644 +--- a/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c ++++ b/texlive-20180414-source/texk/web2c/pdftexdir/writet1.c +@@ -841,7 +841,10 @@ static char **t1_builtin_enc(void) + *t1_buf_array == '/' && valid_code(i)) { + if (strcmp(t1_buf_array + 1, notdef) != 0) + glyph_names[i] = xstrdup(t1_buf_array + 1); +- p = strstr(p, " put") + strlen(" put"); ++ p = strstr(p, " put"); ++ if (!p) ++ pdftex_fail("invalid pfb, no put found in dup"); ++ p += strlen(" put"); + skip(p, ' '); + } + /* +@@ -850,7 +853,10 @@ static char **t1_builtin_enc(void) + else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2 + && valid_code(a) && valid_code(b)) { + copy_glyph_names(glyph_names, a, b); +- p = strstr(p, " get put") + strlen(" get put"); ++ p = strstr(p, " get put"); ++ if (!p) ++ pdftex_fail("invalid pfb, no get put found in dup dup"); ++ p += strlen(" get put"); + skip(p, ' '); + } + /* +@@ -861,7 +867,10 @@ static char **t1_builtin_enc(void) + && valid_code(a) && valid_code(b) && valid_code(c)) { + for (i = 0; i < c; i++) + copy_glyph_names(glyph_names, a + i, b + i); +- p = strstr(p, " putinterval") + strlen(" putinterval"); ++ p = strstr(p, " putinterval"); ++ if (!p) ++ pdftex_fail("invalid pfb, no putinterval found in dup dup"); ++ p += strlen(" putinterval"); + skip(p, ' '); + } + /* diff --git a/texlive-base.spec b/texlive-base.spec index f9e67f678dc8321c1344c2606b650831cd3886cc..046bef579d98f4344edf635a2588cb6b59013c42 100644 --- a/texlive-base.spec +++ b/texlive-base.spec @@ -4,7 +4,7 @@ Name: texlive-base Version: 20180414 -Release: 32 +Release: 33 Epoch: 7 Summary: TeX formatting system License: ASL 2.0 and Artistic 2.0 and BSD and GFDL-1.1-or-later and GPL+ and GPLv2 and GPLv3 and Knuth-CTAN and LGPLv2+ and LGPLv3+ and LPPL-1.2 and LPPL-1.3 and LPPL-1.3c and OFL-1.1 and Public Domain @@ -380,6 +380,7 @@ Patch0003: texlive-20180414-synctex-version.patch Patch0004: texlive-base-CVE-2018-17407.patch Patch0005: remove-support-of-poppler.patch Patch0006: CVE-2023-32700.patch +Patch0007: CVE-2023-46048.patch BuildRequires: xz libXaw-devel libXi-devel ncurses-devel bison flex file perl(Digest::MD5) texinfo gcc-c++ BuildRequires: gd-devel freetype-devel libpng-devel zlib-devel @@ -8095,6 +8096,9 @@ done <<< "$list" %doc %{_datadir}/texlive/texmf-dist/doc/latex/yplan/ %changelog +* Mon Aug 05 2024 wangkai <13474090681@163.com> - 7:20180414-33 +- Fix CVE-2023-46048 + * Mon Jul 03 2023 yaoxin - 7:20180414-32 - Fix CVE-2023-32700