[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1085395: marked as done (bookworm-pu: package texlive-bin/2022.20220321.62855-5.1+deb12u2)

Your message dated Sat, 11 Jan 2025 11:03:09 +0000
with message-id <E1tWZGn-009jcC-NA@coccia.debian.org>
and subject line Close 1085395
has caused the Debian Bug report #1085395,
regarding bookworm-pu: package texlive-bin/2022.20220321.62855-5.1+deb12u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1085395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085395
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: texlive-bin@packages.debian.org
Control: affects -1 + src:texlive-bin

[ Reason ]
- Fix a security leak.
- Fix a bug, which could lead to data loss (text in documents).

[ Impact ]
The texlive-bin package in Debian stable currently suffers from
the (low) security leak and the bug, which could lead to unexpected
results, when typesettings documents.

[ Tests ]
The texlive-bin package has an own test suite, which is provided
by upstream. It is called at the end of the build.

[ Risks ]
Both patches are contained in Debian unstable for a while, and
thouroughly tested.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
- Fix for CVE-2024-25262, which is listes in the Debian Tracker.
- As described in https://tex.stackexchange.com/q/652458
  https://tex.stackexchange.com/q/652458, luatex loses or changes
  text (not formatting!) in particular circumstances.

[ Other ]
The debdiff is not really minimal, it contains a disabled patch. This
is how it is currently in the git repo. Let me know, if I should create
another package and remove that patch.

diff -Nru texlive-bin-2022.20220321.62855/debian/changelog texlive-bin-2022.20220321.62855/debian/changelog
--- texlive-bin-2022.20220321.62855/debian/changelog	2023-06-27 22:07:12.000000000 +0200
+++ texlive-bin-2022.20220321.62855/debian/changelog	2024-10-11 22:47:45.000000000 +0200
@@ -1,3 +1,11 @@
+texlive-bin (2022.20220321.62855-5.1+deb12u2) bookworm; urgency=medium
+
+  * Add patches from upstream for "luatex loses or changes text when
+    discretionaries with priorities are used" (Closes: #1041441).
+  * Add patch for CVE-2024-25262.
+
+ -- Hilmar Preuße <hille42@debian.org>  Fri, 11 Oct 2024 22:47:45 +0200
+
 texlive-bin (2022.20220321.62855-5.1+deb12u1) bookworm; urgency=medium
 
   * Stop building *jit* binaries on i386 based arches to make TL installable
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch
--- texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch	1970-01-01 01:00:00.000000000 +0100
+++ texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch	2024-10-11 22:41:06.000000000 +0200
@@ -0,0 +1,90 @@
+From ad3b0d706c71bb6f3309a236e98e8fb644121bc6 Mon Sep 17 00:00:00 2001
+From: Luigi Scarso <luigi.scarso@gmail.com>
+Date: Sat, 30 Jul 2022 14:48:29 +0000
+Subject: [PATCH] Take exception pre/port disc font from wordstart (H.Hagen).
+ Fixed some missed files in trunk from latest update from TexLive
+
+[[Split portion of a mixed commit.]]
+---
+ source/texk/web2c/luatexdir/ChangeLog         |  3 ++
+ source/texk/web2c/luatexdir/lang/texlang.c    | 28 +++++++++++++------
+ .../texk/web2c/luatexdir/luatex_svnversion.h  |  2 +-
+ 3 files changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/source/texk/web2c/luatexdir/lang/texlang.c b/source/texk/web2c/luatexdir/lang/texlang.c
+index 67ef25ca1..f9e53bbba 100644
+--- a/texk/web2c/luatexdir/lang/texlang.c
++++ b/texk/web2c/luatexdir/lang/texlang.c
+@@ -358,7 +358,9 @@ static halfword insert_discretionary(halfword t, halfword pre, halfword post, ha
+         f = get_cur_font();
+     }
+     for (g = pre; g != null; g = vlink(g)) {
+-        font(g) = f;
++        if (! font(g)) {
++            font(g) = f;
++        }
+         if (attr != null) {
+             delete_attribute_ref(node_attr(g));
+             node_attr(g) = attr;
+@@ -366,7 +368,9 @@ static halfword insert_discretionary(halfword t, halfword pre, halfword post, ha
+         }
+     }
+     for (g = post; g != null; g = vlink(g)) {
+-        font(g) = f;
++        if (! font(g)) {
++            font(g) = f;
++        }
+         if (attr != null) {
+             delete_attribute_ref(node_attr(g));
+             node_attr(g) = attr;
+@@ -531,9 +535,14 @@ char *exception_strings(struct tex_language *lang)
+     The sequence from |wordstart| to |r| can contain only normal characters it
+     could be faster to modify a halfword pointer and return an integer
+ 
++    We now take the font from the wordstart (as in \LUAMETATEX) but leave the
++    rest as it is, because we don't want to break compatibility (end June 2022).
++    We make a copy now of the parent and hope for the best. Backporting would be
++    too intrusive so this has to do. It went unnoticed for ages anyway.
++
+ */
+ 
+-static halfword find_exception_part(unsigned int *j, unsigned int *uword, int len)
++static halfword find_exception_part(unsigned int *j, unsigned int *uword, int len, halfword parent)
+ {
+     halfword g = null, gg = null;
+     register unsigned i = *j;
+@@ -541,13 +550,16 @@ static halfword find_exception_part(unsigned int *j, unsigned int *uword, int le
+     i++;
+     while (i < (unsigned) len && uword[i + 1] != '}') {
+         if (g == null) {
+-            gg = new_char(0, (int) uword[i + 1]);
++         /* gg = new_char(font(parent), (int) uword[i + 1]); */
++            gg = copy_node(parent);
+             g = gg;
+         } else {
+-            halfword s = new_char(0, (int) uword[i + 1]);
++         /* halfword s = new_char(font(parent), (int) uword[i + 1]); */
++            halfword s = copy_node(parent);
+             couple_nodes(g, s);
+-            g = vlink(g);
++            g = s;
+         }
++        character(g) = (int) uword[i + 1];
+         i++;
+     }
+     *j = ++i;
+@@ -614,12 +626,12 @@ static void do_exception(halfword wordstart, halfword r, char *replacement)
+             halfword gg, hh, replace = null;
+             int repl;
+             /*tex |pre| */
+-            gg = find_exception_part(&i, uword, (int) len);
++            gg = find_exception_part(&i, uword, (int) len, wordstart);
+             if (i == len || uword[i + 1] != '{') {
+                 tex_error("broken pattern 1", PAT_ERROR);
+             }
+             /*tex |post| */
+-            hh = find_exception_part(&i, uword, (int) len);
++            hh = find_exception_part(&i, uword, (int) len, wordstart);
+             if (i == len || uword[i + 1] != '{') {
+                 tex_error("broken pattern 2", PAT_ERROR);
+             }
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch
--- texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch	1970-01-01 01:00:00.000000000 +0100
+++ texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch	2024-10-11 22:41:06.000000000 +0200
@@ -0,0 +1,24 @@
+From be0377afd9573be47495ac97be42ecc4dae5f0a2 Mon Sep 17 00:00:00 2001
+From: Luigi Scarso <luigi.scarso@gmail.com>
+Date: Sat, 30 Jul 2022 20:41:39 +0000
+Subject: [PATCH] Backtrack replace pointer when successive disc in exceptions
+ (H. Hagen)
+
+---
+ source/texk/web2c/luatexdir/ChangeLog           | 3 +++
+ source/texk/web2c/luatexdir/lang/texlang.c      | 1 +
+ source/texk/web2c/luatexdir/luatex_svnversion.h | 2 +-
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/source/texk/web2c/luatexdir/lang/texlang.c b/source/texk/web2c/luatexdir/lang/texlang.c
+index f9e53bbba..a0d067251 100644
+--- a/texk/web2c/luatexdir/lang/texlang.c
++++ b/texk/web2c/luatexdir/lang/texlang.c
+@@ -705,6 +705,7 @@ static void do_exception(halfword wordstart, halfword r, char *replacement)
+             /*tex check if we have two exceptions in a row */
+             if (uword[i + 1] == '{') {
+                 i--;
++t = alink(t);
+             }
+         } else {
+             t = vlink(t);
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff
--- texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff	1970-01-01 01:00:00.000000000 +0100
+++ texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff	2024-10-11 22:41:06.000000000 +0200
@@ -0,0 +1,22 @@
+From: https://github.com/TeX-Live/texlive-source/pull/63/commits/87bd510f8b8acff7096159423f87251d82288700
+Date: Fri, 16 Jan 2024 00:00:00 +0100
+Subject: Fix for CVE-2024-25262.
+Origin: upstream
+
+diff --git a/texk/ttfdump/libttf/hdmx.c b/texk/ttfdump/libttf/hdmx.c
+index d91b98eb1b..a0ee60ca59 100644
+--- a/texk/ttfdump/libttf/hdmx.c
++++ b/texk/ttfdump/libttf/hdmx.c
+@@ -44,7 +44,11 @@ static void ttfLoadHDMX (FILE *fp,HDMXPtr hdmx,ULONG offset)
+ 	    hdmx->Records[i].PixelSize = ttfGetBYTE(fp);
+ 	    hdmx->Records[i].MaxWidth = ttfGetBYTE(fp);
+ 	    hdmx->Records[i].Width = XCALLOC (hdmx->size, BYTE);
+-	    fread ((hdmx->Records+i)->Width, sizeof(BYTE), hdmx->numGlyphs+1,fp);
++	    //if hdmx->numGlyphs+1 > hdmx->size,it will coredump,so we read min(hdmx->numGlyphs+1,hdmx->size) and truncate the remainder.
++	    if (hdmx->numGlyphs+1 <= hdmx->size)
++	    	fread ((hdmx->Records+i)->Width, sizeof(BYTE), hdmx->numGlyphs+1,fp);
++	    else
++		fread ((hdmx->Records+i)->Width, sizeof(BYTE), hdmx->size,fp);
+ 	}
+ }
+ 
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/series texlive-bin-2022.20220321.62855/debian/patches/series
--- texlive-bin-2022.20220321.62855/debian/patches/series	2023-06-27 22:07:12.000000000 +0200
+++ texlive-bin-2022.20220321.62855/debian/patches/series	2024-10-11 22:41:06.000000000 +0200
@@ -15,3 +15,6 @@
 wrong-manual-section_axohelp.1
 CVE-2023-32700.patch
 CVE-2023-32668.patch
+#ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch
+be0377afd9573be47495ac97be42ecc4dae5f0a2.patch
+CVE-2024-25262.diff

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 12.9
This update has been released as part of 12.9. Thank you for your contribution.

--- End Message ---
Reply to: