texlive: rebuilt zlib-1.2.5; applied security patches and some patches for libpoppler-0.12

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@1973 ec354946-7b23-47d6-9f5a-488ba84defc7

t/texlive/texlive-2009-CVE-2010-0739.patch

@@ -0,0 +1,17 @@
+Index: dospecial.c
+===================================================================
+--- a/texk/dvipsk/dospecial.c	(revision 17558)
++++ b/texk/dvipsk/dospecial.c	(revision 17569)
+@@ -297,6 +297,12 @@
+    static int omega_specials = 0;
+ 
+    if (nextstring + numbytes > maxstring) {
++      if (numbytes < 0
++          || (numbytes > 0 && 2 > INT_MAX / numbytes)
++          || 2 * numbytes > 1000 + 2 * numbytes) {
++         error("! Integer overflow in predospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
+       maxstring = nextstring + 2 * numbytes + 700 ;
+    }

t/texlive/texlive-2009-CVE-2010-0827.patch

@@ -0,0 +1,28 @@
+---
+ texk/dvipsk/virtualfont.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+Index: texlive-bin-2009/texk/dvipsk/virtualfont.c
+===================================================================
+--- texlive-bin-2009.orig/texk/dvipsk/virtualfont.c	2010-05-01 02:12:57.000000000 +0900
++++ texlive-bin-2009/texk/dvipsk/virtualfont.c	2010-05-01 02:16:19.000000000 +0900
+@@ -36,7 +36,7 @@
+  *   Subroutine vfbyte returns the next byte.
+  */
+ static FILE *vffile ;
+-static char name[50] ;
++static char name[500] ;
+ void
+ badvf(char *s)
+ {
+@@ -93,6 +93,10 @@
+    if (*d==0)
+       d = vfpath ;
+ #endif
++   if (strlen(n) + 5 >= sizeof (name)) {
++     /* 5 for vf() + null */
++     error("! VF file name too long in vfopen") ; 
++   }
+ #ifdef MVSXA   /* IBM: MVS/XA */
+    (void)sprintf(name, "vf(%s)", n) ;
+ #else

t/texlive/texlive-2009-CVE-2010-1440.patch

@@ -0,0 +1,43 @@
+Fix for CVE-2010-1440
+From Jan Lieskovsky <jlieskov@redhat.com>
+
+  we decided to treat the CVE-2010-1440 issue as a completely
+  new tetex / texlive issue, rather than an incomplete fix for CVE-2010-0739
+  (in fact, the reproducer for CVE-2010-0739 is only catalyst / accelerator
+  to see this flaw on ppc architecture, but in fact, it's another occurrence
+  of integer overflow in teTeX / TeXLive code).
+
+---
+ texk/dvipsk/dospecial.c |   12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+Index: texlive-bin-2009/texk/dvipsk/dospecial.c
+===================================================================
+--- texlive-bin-2009.orig/texk/dvipsk/dospecial.c	2010-05-01 02:15:09.000000000 +0900
++++ texlive-bin-2009/texk/dvipsk/dospecial.c	2010-05-01 02:15:16.000000000 +0900
+@@ -333,7 +333,11 @@
+    int j ;
+    static int omega_specials = 0;
+ 
+-   if (nextstring + numbytes > maxstring) {
++   if (numbytes < 0 || numbytes > maxstring - nextstring) {
++      if (numbytes < 0 || numbytes > (INT_MAX - 1000) / 2 ) {
++         error("! Integer overflow in predospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * numbytes) ;
+       maxstring = nextstring + 2 * numbytes + 700 ;
+    }
+@@ -918,7 +922,11 @@
+    char seen[NKEYS] ;
+    float valseen[NKEYS] ;
+ 
+-   if (nextstring + nbytes > maxstring) {
++   if (nbytes < 0 || nbytes > maxstring - nextstring) {
++      if (nbytes < 0 || nbytes > (INT_MAX - 1000) / 2 ) {
++         error("! Integer overflow in bbdospecial");
++         exit(1);
++      }
+       p = nextstring = mymalloc(1000 + 2 * nbytes) ;
+       maxstring = nextstring + 2 * nbytes + 700 ;
+    }

t/texlive/texlive-2009-luatexdir-libpoppler-0.12.patch

@@ -0,0 +1,42 @@
+This patch is based on texlive-2009-pdftexdir-libpoppler-0.12.patch. 
+
+Fix FTBFS with poppler again, they will never be able to keep APIs
+
+Thanks to Ubuntu people for that patch
+
+===================================================================
+diff -up texlive-20091107-source/texk/web2c/luatexdir/image/pdftoepdf.cc.xpdf texlive-20091107-source/texk/web2c/luatexdir/image/pdftoepdf.cc
+--- texlive-20091107-source/texk/web2c/luatexdir/image/pdftoepdf.cc.xpdf	2009-06-25 22:05:10.000000000 +0900
++++ texlive-20091107-source/texk/web2c/luatexdir/image/pdftoepdf.cc	2010-10-01 00:34:22.405000028 +0900
+@@ -666,7 +666,7 @@ static void writeEncodings()
+     }
+     for (r = encodingList; r != NULL; r = n) {
+         n = r->next;
+-        delete r->font;
++//        delete r->font;
+         delete r;
+     }
+ }
+@@ -705,6 +705,7 @@ read_pdf_info(image_dict * idict, intege
+     Page *page;
+     int rotate;
+     PDFRectangle *pagebox;
++    int minor_pdf_version_found, major_pdf_version_found;
+     float pdf_version_found, pdf_version_wanted, xsize, ysize, xorig, yorig;
+     assert(idict != NULL);
+     assert(img_type(idict) == IMG_TYPE_PDF);
+@@ -720,8 +721,11 @@ read_pdf_info(image_dict * idict, intege
+     // this works only for PDF 1.x -- but since any versions of PDF newer
+     // than 1.x will not be backwards compatible to PDF 1.x, pdfTeX will
+     // then have to changed drastically anyway.
+-    pdf_version_found = pdf_doc->doc->getPDFVersion();
++    minor_pdf_version_found = pdf_doc->doc->getPDFMinorVersion();
++    major_pdf_version_found = pdf_doc->doc->getPDFMajorVersion();
++    pdf_version_found = major_pdf_version_found + (minor_pdf_version_found * 0.1);
+     pdf_version_wanted = 1 + (minor_pdf_version_wanted * 0.1);
++
+     if (pdf_version_found > pdf_version_wanted + 0.01) {
+         char msg[] =
+             "PDF inclusion: found PDF version <%.1f>, but at most version <%.1f> allowed";
+
+Diff finished.  Fri Oct  1 00:35:08 2010

t/texlive/texlive-2009-pdftexdir-libpoppler-0.12.patch

@@ -0,0 +1,41 @@
+Fix FTBFS with poppler again, they will never be able to keep APIs
+
+Thanks to Ubuntu people for that patch
+---
+ texk/web2c/pdftexdir/pdftoepdf.cc |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+Index: texlive-bin-2009~svn15596/texk/web2c/pdftexdir/pdftoepdf.cc
+===================================================================
+--- texlive-bin-2009~svn15596.orig/texk/web2c/pdftexdir/pdftoepdf.cc	2009-10-18 10:21:47.000000000 +0900
++++ texlive-bin-2009~svn15596/texk/web2c/pdftexdir/pdftoepdf.cc	2009-10-18 10:22:28.000000000 +0900
+@@ -650,7 +650,7 @@
+     }
+     for (r = encodingList; r != 0; r = n) {
+         n = r->next;
+-        delete r->font;
++//        delete r->font;
+         delete r;
+     }
+ }
+@@ -690,6 +690,7 @@
+     Page *page;
+     int rotate;
+     PDFRectangle *pagebox;
++    int minor_pdf_version_found, major_pdf_version_found;
+     float pdf_version_found, pdf_version_wanted;
+     // initialize
+     if (!isInit) {
+@@ -705,8 +706,11 @@
+     // this works only for PDF 1.x -- but since any versions of PDF newer
+     // than 1.x will not be backwards compatible to PDF 1.x, pdfTeX will
+     // then have to changed drastically anyway.
+-    pdf_version_found = pdf_doc->doc->getPDFVersion();
++    minor_pdf_version_found = pdf_doc->doc->getPDFMinorVersion();
++    major_pdf_version_found = pdf_doc->doc->getPDFMajorVersion();
++    pdf_version_found = major_pdf_version_found + (minor_pdf_version_found * 0.1);
+     pdf_version_wanted = 1 + (minor_pdf_version_wanted * 0.1);
++
+     if (pdf_version_found > pdf_version_wanted) {
+         char msg[] =
+             "PDF inclusion: found PDF version <%.1f>, but at most version <%.1f> allowed";

t/texlive/texlive-vl.spec

@@ -27,13 +27,15 @@
 %define exec_upddeffont    [ -x %{_sbindir}/update-defaultfont ] && %{_sbindir}/update-defaultfont 2> /dev/null
 %define vartexfonts %{_var}/lib/texmf
 
+# define zlib_version	#(rpm -q --queryformat \%\\{version\\} zlib)
+
 Autoreq: 0
 
 Summary: The TeX text formatting system
 Summary(ja): TeX 文書整形システム
 Name: texlive
 Version: 2009
-Release: 9%{?_dist_release}
+Release: 10%{?_dist_release}
 License: distributable
 Group: Applications/Publishing
 ## The TeX Live is located on http://www.tug.org/texlive/
@@ -115,17 +117,36 @@ Patch51:	http://sourceforge.jp/projects/eptex/wiki/FrontPage/attach/eptex-100420
 #Patch90:	texdoc-0.72-support-zipped-vine.patch
 
 ## others
+## libpoppler-0.12 from texlive-bin_2009-7.diff.gz
+Patch100:	texlive-2009-pdftexdir-libpoppler-0.12.patch
+Patch101:	texlive-2009-luatexdir-libpoppler-0.12.patch
+
+## security
+## from Debian
+#Patch1000:	texlive-2009-CVE-2010-0739.patch
+Patch1001:	texlive-2009-CVE-2010-0827.patch
+## this overrides the incomplete fix for CVE-2010-0793
+Patch1002:	texlive-2009-CVE-2010-1440.patch
 
 
-Requires:    coreutils ghostscript >= 8.63
-Requires:    tmpwatch libpng
+Requires:    coreutils
 Requires:    ed mktemp
+Requires:    tmpwatch
+Requires:    zlib
+Requires:    libpng
+Requires:    gd
+Requires:    ncurses
+Requires:    libjpeg
+Requires:    t1lib
+Requires:    freetype2
 Requires:    openMotif
 Requires:    poppler
 Requires:    openssl
 Requires:    libpaper
+Requires:    fontconfig
 Requires:    perl-Tk
 Requires:    nkf
+Requires:    ghostscript >= 8.63
 Requires:    libkpathsea = %{version}-%{release}
 Requires:    libptexenc = %{version}-%{release}
 %{!?with_firstbuild:Requires: texlive-common = %{version}}
@@ -145,7 +166,11 @@ BuildRequires: lzma
 %endif
 BuildRequires: unzip
 BuildRequires: bison flex
-BuildRequires: zlib-devel libpng-devel gd-devel ncurses-devel libjpeg-devel
+BuildRequires: zlib-devel
+BuildRequires: libpng-devel
+BuildRequires: gd-devel
+BuildRequires: ncurses-devel
+BuildRequires: libjpeg-devel
 BuildRequires: t1lib-devel
 BuildRequires: XOrg-devel 
 BuildRequires: freetype2-devel >= 2.1.10
@@ -160,7 +185,7 @@ BuildRequires: t1utils
 
 Provides:    jadetex
 Obsoletes:   jadetex <= 3.12-9
-Obsoletes:   tetex <= 3.0
+Obsoletes:   tetex <= 3.0-12
 Obsoletes:   dvipdfmx <= 20090522
 Obsoletes:   xdvik <= 22.84.14, xdvik-motif <= 22.84.14
 
@@ -315,7 +340,7 @@ conf_option --with-system-ncurses
 conf_option --with-system-zlib
 conf_option --with-system-pnglib
 conf_option --with-system-t1lib
-conf_option --without-system-icu
+conf_option --with-system-xpdf
 conf_option --with-system-freetype
 conf_option --with-system-freetype2
 conf_option --with-freetype2-include=`freetype-config --cflags | sed -e 's/-I//' -e 's/ .*//'`
@@ -354,6 +379,19 @@ cd eptex-%{eptexver}
 ## texdoc
 #%patch90 -p0 -b .orig
 
+## libpoppler-0.12
+(cd build/%{name}-%{texlivesrcver}-source
+%patch100 -p1 -b .xpdf
+%patch101 -p1 -b .xpdf
+)
+
+## apply security patches
+(cd build/%{name}-%{texlivesrcver}-source
+#%patch1000 
+%patch1001 -p1 -b .security
+%patch1002 -p1 -b .security
+)
+
 
 %build
 ## NOTE: 
@@ -409,7 +447,7 @@ pushd ${PREF}/../Work
 
 (cd ..
 ## Avoid pollution from internal libraries.
-%__rm -rf ./libs/{expat,freetype,freetype2,gd,jpeg,libpng,libttf,ncurses,type1,t1lib,zlib}
+%__rm -rf ./libs/{expat,freetype,freetype2,gd,jpeg,libpng,libttf,ncurses,type1,t1lib,unzip,xpdf,zlib}
 
 ## XXX Hacks to avoid accidental version clashs with system libraries.
 hack_libs=(
@@ -419,6 +457,7 @@ hack_libs=(
     freetype
     freetype2
     gd
+    xpdf
 )
 for i in  "${hack_libs[@]}"; do 
     %__mkdir_p ./libs/${i}
@@ -741,6 +780,15 @@ fi
 
 
 %changelog
+* Fri Sep 24 2010 Munehiro Yamamoto <munepi@vinelinux.org> 2009-10
+- applied some security patches from Debian
+  - texlive-2009-CVE-2010-0827.patch
+  - texlive-2009-CVE-2010-1440.patch
+- applied texlive-2009-pdftexdir-libpoppler-0.12.patch from Debian
+- applied texlive-2009-luatexdir-libpoppler-0.12.patch
+  based on texlive-2009-pdftexdir-libpoppler-0.12.patch
+- fixed some dependencies
+
 * Mon Aug 09 2010 Munehiro Yamamoto <munepi@vinelinux.org> 2009-9
 - added BuildArch: noarch in %%package doc
 - removed some comment-out sentences