Hello community,
here is the log from the commit of package texlive for openSUSE:Factory
checked in at Fri May 14 00:22:36 CEST 2010.
--------
--- texlive/texlive-bin.changes 2010-04-28 13:07:34.000000000 +0200
+++ /mounts/work_src_done/STABLE/texlive/texlive-bin.changes 2010-04-30 16:29:31.000000000 +0200
@@ -1,0 +2,5 @@
+Fri Apr 30 14:29:19 CEST 2010 - werner@suse.de
+
+- Next fix in dvipsk/dospecial.c for CVE-2010-1440 (bnc#587794)
+
+-------------------------------------------------------------------
texlive.changes: same change
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ texlive-bin.spec ++++++
--- /var/tmp/diff_new_pack.5pbDTT/_old 2010-05-14 00:20:38.000000000 +0200
+++ /var/tmp/diff_new_pack.5pbDTT/_new 2010-05-14 00:20:38.000000000 +0200
@@ -35,7 +35,7 @@
Summary: The Base System of TeXLive
Group: Productivity/Publishing/TeX/Base
Version: 2009
-Release: 7
+Release: 8
Source0: ftp://tug.org/historic/systems/texlive/2009/texlive-20091107-source.tar.xz
Source1: ftp://tug.org/historic/systems/texlive/2009/texlive-20091107-texmf.tar.xz
Source2: ftp://tug.org/historic/systems/texlive/2009/texlive-20091107-extra.tar.xz
texlive.spec: same change
++++++ pre_checkin.sh ++++++
--- /var/tmp/diff_new_pack.5pbDTT/_old 2010-05-14 00:20:38.000000000 +0200
+++ /var/tmp/diff_new_pack.5pbDTT/_new 2010-05-14 00:20:38.000000000 +0200
@@ -102,10 +102,10 @@
-e "$WARNING" \
< $input > $output
- if type -p convert_changes_to_rpm_changelog > /dev/null 2>&1 ; then
- sed -rni '1,$H; ${g;s/^\n*//g;s/(%changelog).*/\1/p;}' $output
- convert_changes_to_rpm_changelog < texlive.changes >> $output
- fi
+ #if type -p convert_changes_to_rpm_changelog > /dev/null 2>&1 ; then
+ # sed -rni '1,$H; ${g;s/^\n*//g;s/(%changelog).*/\1/p;}' $output
+ # convert_changes_to_rpm_changelog < texlive.changes >> $output
+ #fi
if test $(id -u) -eq 0 ; then
chown --reference=$input $output
fi
++++++ source-dvipng.dif ++++++
--- /var/tmp/diff_new_pack.5pbDTT/_old 2010-05-14 00:20:38.000000000 +0200
+++ /var/tmp/diff_new_pack.5pbDTT/_new 2010-05-14 00:20:38.000000000 +0200
@@ -155,21 +155,33 @@
tfontp->chr[c] = tcharptr;
tcharptr->data=position;
--- texk/dvipsk/dospecial.c
-+++ texk/dvipsk/dospecial.c 2010-04-12 14:24:43.054925381 +0000
-@@ -333,6 +333,13 @@ predospecial(integer numbytes, Boolean s
++++ texk/dvipsk/dospecial.c 2010-04-29 14:30:10.000000000 +0000
+@@ -333,7 +333,11 @@ predospecial(integer numbytes, Boolean s
int j ;
static int omega_specials = 0;
-+ if (numbytes < 0
-+ || (numbytes > 0 && 2 > INT_MAX / numbytes)
-+ || 2 * numbytes > 1000 + 2 * numbytes) {
-+ error("! Integer overflow in predospecial");
-+ exit(1);
-+ }
-+
- if (nextstring + numbytes > maxstring) {
+- if (nextstring + numbytes > maxstring) {
++ if (numbytes < 0 || numbytes > maxstring - nextstring) {
++ if (numbytes < 0 || numbytes > (INT_MAX - 1000) / 2 ) {
++ error("! Integer overflow in predospecial");
++ exit(1);
++ }
p = nextstring = mymalloc(1000 + 2 * numbytes) ;
maxstring = nextstring + 2 * numbytes + 700 ;
+ }
+@@ -918,7 +922,11 @@ bbdospecial(int nbytes)
+ char seen[NKEYS] ;
+ float valseen[NKEYS] ;
+
+- if (nextstring + nbytes > maxstring) {
++ if (nbytes < 0 || nbytes > maxstring - nextstring) {
++ if (nbytes < 0 || nbytes > (INT_MAX - 1000) / 2 ) {
++ error("! Integer overflow in bbdospecial");
++ exit(1);
++ }
+ p = nextstring = mymalloc(1000 + 2 * nbytes) ;
+ maxstring = nextstring + 2 * nbytes + 700 ;
+ }
--- texk/dvipsk/virtualfont.c
+++ texk/dvipsk/virtualfont.c 2010-04-12 14:38:15.699425323 +0000
@@ -2,6 +2,8 @@
++++++ texlive.spec.in ++++++
--- /var/tmp/diff_new_pack.5pbDTT/_old 2010-05-14 00:21:06.000000000 +0200
+++ /var/tmp/diff_new_pack.5pbDTT/_new 2010-05-14 00:21:06.000000000 +0200
@@ -1,7 +1,8 @@
-
+#
# spec file for package @@NAME@@ (Version 2009)
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
@@ -23,7 +24,7 @@
# Remark: In case of enabling ttf2pk we need also freetype(1) within the line of BuildRequires
BuildRequires: bison cairo cairo-devel dialog ed expat fdupes flex freetype2-devel gcc-c++ gd-devel ghostscript_any glitz glitz-devel jpeg libicu libicu-devel libjpeg-devel libpng-devel libpoppler-devel netpbm t1lib t1lib-devel unzip xaw3d-devel xorg-x11-devel xorg-x11-util-devel xz zip zziplib zziplib-devel
Url: http://www.tug.org/texlive/
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
PreReq: coreutils ed %fillup_prereq findutils grep %install_info_prereq sed %suseconfig_fonts_prereq @@PREREQADD@@
@@PROVIDES: TeX Dvips PicTeX@@
Requires: /usr/bin/clear /usr/bin/dialog /bin/ed /usr/bin/env /usr/bin/perl perl-Tk ghostscript_x11 cron
@@ -203,7 +204,7 @@
@@BEGIN_NOBIN@@
%package -n @@NAME@@-doc
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
Summary: The documentation of the TeXLive Base System
Group: Productivity/Publishing/TeX/Base
AutoReqProv: on
@@ -226,7 +227,7 @@
@@END_NOBIN@@
%package -n @@NAME@@-devel
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
@@PREREQ-devel@@
@@PROVIDES: WEB Kpathsea@@
Obsoletes: te_kpath te_web
@@ -264,7 +265,7 @@
%package -n @@NAME@@-cjk
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
@@PREREQ-cjk@@
Requires: texlive texlive-latex
Obsoletes: te_ptex cjk-latex
@@ -286,7 +287,7 @@
@@BEGIN_NOBIN@@
%package -n @@NAME@@-arab
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
@@PROVIDES: ArabTeX@@
Requires: texlive texlive-latex
Summary: (La)TeX Macro Package for Arab and Hebrew
@@ -308,7 +309,7 @@
@@END_NOBIN@@
%package -n @@NAME@@-metapost
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
@@PREREQ-metapost@@
@@PROVIDES: MetaPost@@
Requires: texlive texlive-latex
@@ -337,7 +338,7 @@
@@BEGIN_NOBIN@@
%package -n @@NAME@@-context
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
@@PROVIDES: CONTeXT ConTeXt@@
Requires: texlive texlive-latex /usr/bin/env /usr/bin/perl /usr/bin/ruby
Obsoletes: te_cont
@@ -359,7 +360,7 @@
@@END_NOBIN@@
%package -n @@NAME@@-omega
-License: GPL v2 or later ; TeX-License ..
+License: GPLv2+ ; TeX-License ..
@@PREREQ-omega@@
@@PROVIDES: Omega Lambda Antomega Aleph Lamed@@
Requires: texlive texlive-latex ghostscript_x11
@@ -385,7 +386,7 @@
Yannis Haralambous