commit 89d9617d29075d341e87e334eb45769fbe6d643d · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

lout: add patch for CVE-2019-19917 and CVE-2019-19918

Robert Schütz 5 years ago 89d9617d 457ff6d2

+100

2 changed files

expand all

unified split

pkgs

tools

typesetting

lout

CVE-2019-19917-and-CVE-2019-19918.patch

default.nix

+95

pkgs/tools/typesetting/lout/CVE-2019-19917-and-CVE-2019-19918.patch

···

··· 1 + --- a/externs.h 2 + +++ b/externs.h 3 + @@ -260,6 +260,9 @@ If you're compiling this, you've got the 4 + /* that can appear correctly on one page. Can be */ 5 + /* increased to any small positive integer. */ 6 + /* */ 7 + +/* MAX_FORMAT The maximum number of characters for sscanf formats */ 8 + +/* for splitting strings with tab-delimited fields. */ 9 + +/* */ 10 + /*****************************************************************************/ 11 + 12 + #define MAX_FULL_LENGTH 8388607 /* 2**23 - 1, about 148 metres */ 13 + @@ -275,6 +278,7 @@ If you're compiling this, you've got the 14 + #define MAX_LEX_STACK 20 15 + #define MAX_CHARS 256 16 + #define MAX_HCOPIES 3 17 + +#define MAX_FORMAT 100 18 + 19 + /*****************************************************************************/ 20 + /* */ 21 + --- a/z02.c 22 + +++ b/z02.c 23 + @@ -378,7 +378,7 @@ static void srcnext(void) 24 + if( blksize != 0 && chpt < limit ) 25 + { debugcond0(DLA, DD, stack_free <= 1, "srcnext: transferring."); 26 + col = buf; 27 + - while( chtbl[(*--col = *--limit)] != NEWLINE ); 28 + + while( col > mem_block && chtbl[(*--col = *--limit)] != NEWLINE ); 29 + frst = col + 1; limit++; blksize = 0; 30 + } 31 + 32 + --- a/z33.c 33 + +++ b/z33.c 34 + @@ -847,6 +847,7 @@ BOOLEAN DbRetrieve(OBJECT db, BOOLEAN ga 35 + BOOLEAN DbRetrieveNext(OBJECT db, BOOLEAN *gall, OBJECT *sym, FULL_CHAR *tag, 36 + FULL_CHAR *seq, FILE_NUM *dfnum, long *dfpos, int *dlnum, long *cont) 37 + { FULL_CHAR line[MAX_BUFF], *cline, fname[MAX_BUFF]; int symnum; 38 + + char format[MAX_FORMAT]; 39 + ifdebug(DPP, D, ProfileOn("DbRetrieveNext")); 40 + debug2(DBS, DD, "DbRetrieveNext( %s, %ld )", string(db), *cont); 41 + assert(reading(db), "DbRetrieveNext: not reading"); 42 + @@ -858,6 +859,8 @@ BOOLEAN DbRetrieveNext(OBJECT db, BOOLEA 43 + return FALSE; 44 + } 45 + 46 + + sprintf(format, "%%d&%%%d[^\t]\t%%%d[^\t]\t%%*[^\t]\t%%ld\t%%d\t%%%d[^\n\f]", MAX_BUFF-1, MAX_BUFF-1, MAX_BUFF-1); 47 + + 48 + if( in_memory(db) ) 49 + { 50 + /* get next entry from internal database */ 51 + @@ -868,7 +871,7 @@ BOOLEAN DbRetrieveNext(OBJECT db, BOOLEA 52 + } 53 + cline = (FULL_CHAR *) db_lines(db)[*cont]; 54 + *gall = (cline[0] == '0' ? 1 : 0); 55 + - sscanf((char *)&cline[*gall], "%d&%[^\t]\t%[^\t]\t%*[^\t]\t%ld\t%d\t%[^\n\f]", 56 + + sscanf((char *)&cline[*gall], format, 57 + &symnum, tag, seq, dfpos, dlnum, fname); 58 + *cont = *cont + 1; 59 + } 60 + @@ -882,7 +885,7 @@ BOOLEAN DbRetrieveNext(OBJECT db, BOOLEA 61 + return FALSE; 62 + } 63 + *gall = (line[0] == '0' ? 1 : 0); 64 + - sscanf((char *)&line[*gall], "%d&%[^\t]\t%[^\t]\t%*[^\t]\t%ld\t%d\t%[^\n\f]", 65 + + sscanf((char *)&line[*gall], format, 66 + &symnum, tag, seq, dfpos, dlnum, fname); 67 + *cont = ftell(db_filep(db)); 68 + } 69 + --- a/z39.c 70 + +++ b/z39.c 71 + @@ -79,11 +79,13 @@ int strcollcmp(char *a, char *b) 72 + int strcollcmp(char *a, char *b) 73 + { char a1[MAX_BUFF], a2[MAX_BUFF], a3[MAX_BUFF]; 74 + char b1[MAX_BUFF], b2[MAX_BUFF], b3[MAX_BUFF]; 75 + + char format[MAX_FORMAT]; 76 + int order; 77 + + sprintf(format, "%%%d[^\t]\t%%%d[^\t]\t%%%d[^\t]", MAX_BUFF-1, MAX_BUFF-1, MAX_BUFF-1); 78 + a1[0] = a2[0] = a3[0] = '\0'; 79 + - sscanf(a, "%[^\t]\t%[^\t]\t%[^\t]", a1, a2, a3); 80 + + sscanf(a, format, a1, a2, a3); 81 + b1[0] = b2[0] = b3[0] = '\0'; 82 + - sscanf(b, "%[^\t]\t%[^\t]\t%[^\t]", b1, b2, b3); 83 + + sscanf(b, format, b1, b2, b3); 84 + order = strcoll(a1, b1); 85 + if( order == 0 ) 86 + { 87 + @@ -251,7 +253,7 @@ FULL_CHAR *StringQuotedWord(OBJECT x) 88 + *q++ = CH_QUOTE; 89 + for( p = string(x); *p != '\0'; p++ ) 90 + { 91 + - for( r = (FULL_CHAR *) quoted_string[*p]; *r != '\0'; *q++ = *r++ ); 92 + + for( r = (FULL_CHAR *) quoted_string[*p]; *r != '\0' && q < &buff[MAX_BUFF-2]; *q++ = *r++ ); 93 + } 94 + *q++ = CH_QUOTE; 95 + *q++ = '\0';

pkgs/tools/typesetting/lout/default.nix

··· 14 sha256 = "1gb8vb1wl7ikn269dd1c7ihqhkyrwk19jwx5kd0rdvbk6g7g25ix"; 15 }; 16 17 buildInputs = [ ghostscript ]; 18 builder = ./builder.sh; 19

··· 14 sha256 = "1gb8vb1wl7ikn269dd1c7ihqhkyrwk19jwx5kd0rdvbk6g7g25ix"; 15 }; 16 17 + patches = [ 18 + # https://build.opensuse.org/request/show/843612 19 + ./CVE-2019-19917-and-CVE-2019-19918.patch 20 + ]; 21 + 22 buildInputs = [ ghostscript ]; 23 builder = ./builder.sh; 24