[MacPorts] #29631: t1lib needs patch for afm parser; has other unpatched issues
#29631: t1lib needs patch for afm parser; has other unpatched issues ------------------------------+--------------------------------------------- Reporter: gnwiii@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: graphics | Port: t1lib ------------------------------+--------------------------------------------- t1lib is the subject of 4 Security Vulnerabilities Published In 2011 http://www.cvedetails.com/cve/CVE-2011-1554/ http://www.cvedetails.com/cve/CVE-2011-1553/ http://www.cvedetails.com/cve/CVE-2011-1552/ http://www.cvedetails.com/cve/CVE-2011-0764/ and in 2010: http://www.cvedetails.com/cve/CVE-2010-2642/, http://secunia.com/advisories/cve_reference/CVE-2010-2642/ texlive 2011-pretest provides a patch for some issues in the AFM parser: patch-01-buffer-limit (new): Avoid buffer overflow in lib/t1lib/parseAFM.c token() and linetoken(). http://secunia.com/advisories/43491/ -- Ticket URL: <https://trac.macports.org/ticket/29631> MacPorts <http://www.macports.org/> Ports system for Mac OS
#29631: t1lib needs patch for afm parser; has other unpatched issues ------------------------------+--------------------------------------------- Reporter: gnwiii@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: graphics | Port: t1lib ------------------------------+--------------------------------------------- Comment(by gnwiii@…): Note that the patch file was intended to use "patch -p1". On my system, t1lib was being used for texlive and xpdf. For xpdf, upstream suggests that t1lib not be used (https://trac.macports.org/ticket/29629). I'm investigating how t1lib is used by texlive. -- Ticket URL: <https://trac.macports.org/ticket/29631#comment:2> MacPorts <http://www.macports.org/> Ports system for Mac OS
#29631: t1lib needs patch for afm parser; has other unpatched issues ------------------------------+--------------------------------------------- Reporter: gnwiii@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: haspatch | Port: t1lib ------------------------------+--------------------------------------------- Changes (by jmr@…): * keywords: graphics => haspatch * cc: gnwiii@… (removed) * cc: devans@…, takanori@…, dports@…, ricci@… (added) Comment: Adding maintainers of ports that use t1lib (evince, pTeX, texlive-bin, xpdf) to Cc. -- Ticket URL: <https://trac.macports.org/ticket/29631#comment:3> MacPorts <http://www.macports.org/> Ports system for Mac OS
#29631: t1lib needs patch for afm parser; has other unpatched issues ------------------------------+--------------------------------------------- Reporter: gnwiii@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: haspatch | Port: t1lib ------------------------------+--------------------------------------------- Comment(by dports@…): Replying to [comment:2 gnwiii@…]:
I'm investigating how t1lib is used by texlive.
It's used by xdvi, and some related utilities. Beyond that, I'm not sure. -- Ticket URL: <https://trac.macports.org/ticket/29631#comment:4> MacPorts <http://www.macports.org/> Ports system for Mac OS
#29631: t1lib needs patch for afm parser; has other unpatched issues ------------------------------+--------------------------------------------- Reporter: gnwiii@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: haspatch | Port: t1lib ------------------------------+--------------------------------------------- Comment(by dports@…): I committed the patch in r79146. The other issues still remain. Do you know if there are patches available for any of them? -- Ticket URL: <https://trac.macports.org/ticket/29631#comment:5> MacPorts <http://www.macports.org/> Ports system for Mac OS
#29631: t1lib needs patch for afm parser; has other unpatched issues ------------------------------+--------------------------------------------- Reporter: gnwiii@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: haspatch | Port: t1lib ------------------------------+--------------------------------------------- Comment(by gnwiii@…): Replying to [comment:5 dports@…]:
I committed the patch in r79146.
The other issues still remain. Do you know if there are patches available for any of them?
I haven't encountered more patches. I'm watching to see what problems crop up in xpdf to see if we can live without t1lib. -- Ticket URL: <https://trac.macports.org/ticket/29631#comment:6> MacPorts <http://www.macports.org/> Ports system for Mac OS
participants (1)
-
MacPorts