--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: /usr/bin/mpost: indirect readfrom makes a file path leak into the read string
- From: Andreas Beckmann <debian@abeckmann.de>
- Date: Fri, 01 Jul 2011 15:35:57 +0200
- Message-id: <20110701133557.19629.78491.reportbug@calzone.localnet>
Package: texlive-binaries
Version: 2009-8
Severity: normal
File: /usr/bin/mpost
Tags: upstream patch fixed-upstream
mpost does some internal string corruption for the following construct:
===== oops.mp ======
def oops(expr arg) =
show arg;
enddef;
beginfig(0)
string blah;
blah:="blah/blah";
oops("first");
readfrom blah;
readfrom "doesnotexist";
oops("OK");
readfrom blah;
oops("OOPS");
readfrom blah;
readfrom "doesnotexist";
oops("OK again");
endfig;
end;
==========
$ mpost oops
This is MetaPost, version 1.208 (kpathsea version 5.0.0)
(./oops.mp
>> "first"
>> "OK"
>> "blah/OOPS"
>> "OK again" [0] )
1 output file written: oops.0
Transcript written on oops.log.
The actual script was much mor complicated and the currupted strings
were actually files - that did not exist.
I checked metapost upstream svn repository (not texlive which only
imports a release from time to time) at
http://foundry.supelec.fr/gf/project/metapost
After bisecting branch 1.2 I came up with revision 1401 which fixes that
problem: "fix bug #417: indirect readfrom makes a file path leak into the
read string", cherry picked patch attached.
http://foundry.supelec.fr/gf/project/metapost/scmsvn/?action=browse&path=%2Fbranches%2F1.2%2F&pathrev=1401
Unfortunately bug #417 is not publically viewable.
Another possibility would be to upgrade metapost from 1.208 to 1.212,
the last release from 1.2 branch. Commit 1401 was done between 1.211 and
1.212.
Andreas
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (800, 'stable'), (750, 'oldstable'), (700, 'testing'), (600, 'unstable'), (500, 'stable-updates'), (130, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages texlive-binaries depends on:
ii ed 1.4-3 The classic UNIX line editor
ii libc6 2.13-7 Embedded GNU C Library: Shared lib
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.6.0-10 GCC support library
ii libkpathsea5 2009-8 TeX Live: path search library for
ii libncurses5 5.7+20100313-5 shared libraries for terminal hand
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libpoppler5 0.12.4-1.2 PDF rendering library
ii libstdc++6 4.6.0-10 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxaw7 2:1.0.7-1 X11 Athena Widget library
ii libxmu6 2:1.0.5-2 X11 miscellaneous utility library
ii libxpm4 1:3.5.8-1 X11 pixmap library
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii perl 5.12.3-7+b1 Larry Wall's Practical Extraction
ii tex-common 2.08.1 common infrastructure for building
ii texlive-common 2009-11 TeX Live: Base component
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
texlive-binaries recommends no packages.
texlive-binaries suggests no packages.
-- no debconf information
------------------------------------------------------------------------
r1401 | taco | 2010-10-13 14:26:03 +0200 (Wed, 13 Oct 2010) | 2 lines
Changed paths:
M /branches/1.2/source/texk/web2c/mplibdir/mp.w
fix bug #417: indirect readfrom makes a file path leak into the read string
------------------------------------------------------------------------
Index: source/texk/web2c/mplibdir/mp.w
===================================================================
--- source/texk/web2c/mplibdir/mp.w (revision 1400)
+++ source/texk/web2c/mplibdir/mp.w (revision 1401)
@@ -16261,10 +16261,11 @@
@c
void mp_end_name (MP mp) {
- pool_pointer s; /* length of area, name, and extension */
+ pool_pointer s,orig; /* length of area, name, and extension */
unsigned int len;
/* "my/w.mp" */
s = mp->str_start[mp->str_ptr];
+ orig = s;
if ( mp->area_delimiter<0 ) {
mp->cur_area=xstrdup("");
} else {
@@ -16280,7 +16281,7 @@
len = (unsigned)(mp->ext_delimiter-s);
}
copy_pool_segment(mp->cur_name,s,len);
- mp->pool_ptr=s; /* don't need this partial string */
+ mp->pool_ptr=orig; /* don't need this partial string */
}
@ Conversely, here is a routine that takes three strings and prints a file
--- End Message ---
--- Begin Message ---
Source: texlive-bin
Source-Version: 2011.20120322-1
We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive:
libkpathsea-dev_2011.20120322-1_amd64.deb
to main/t/texlive-bin/libkpathsea-dev_2011.20120322-1_amd64.deb
libkpathsea6_2011.20120322-1_amd64.deb
to main/t/texlive-bin/libkpathsea6_2011.20120322-1_amd64.deb
libptexenc-dev_2011.20120322-1_amd64.deb
to main/t/texlive-bin/libptexenc-dev_2011.20120322-1_amd64.deb
libptexenc1_2011.20120322-1_amd64.deb
to main/t/texlive-bin/libptexenc1_2011.20120322-1_amd64.deb
texlive-bin_2011.20120322-1.debian.tar.gz
to main/t/texlive-bin/texlive-bin_2011.20120322-1.debian.tar.gz
texlive-bin_2011.20120322-1.dsc
to main/t/texlive-bin/texlive-bin_2011.20120322-1.dsc
texlive-bin_2011.20120322.orig.tar.gz
to main/t/texlive-bin/texlive-bin_2011.20120322.orig.tar.gz
texlive-binaries_2011.20120322-1_amd64.deb
to main/t/texlive-bin/texlive-binaries_2011.20120322-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 632328@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texlive-bin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 23 Mar 2012 08:35:10 +0900
Source: texlive-bin
Binary: texlive-binaries libkpathsea6 libkpathsea-dev libptexenc1 libptexenc-dev
Architecture: source amd64
Version: 2011.20120322-1
Distribution: unstable
Urgency: low
Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description:
libkpathsea-dev - TeX Live: path search library for TeX (development part)
libkpathsea6 - TeX Live: path search library for TeX (runtime part)
libptexenc-dev - TeX Live: path search library for TeX (development part)
libptexenc1 - TeX Live: ptex encoding library
texlive-binaries - Binaries for TeX Live
Closes: 269638 382075 632328 632658 649949 660105 662520 663519 664074
Changes:
texlive-bin (2011.20120322-1) unstable; urgency=low
.
[ Hilmar Preuße ]
* Do not declare an versioned B-D for g++ on armel, reapplied
* we still need 60_unneeded_linking (new version based on am files)
(Closes: #664074)
* built using libpng15 (Closes: #662520) (Closes: #649949)
* use libpoppler-private-dev instead of libpoppler-dev (Closes: #660105)
.
List of fixed bugs in new TeX Live
* fix string corruptionin Metapost (Closes: #632328)
* MP failed to create .mpx files for .mp files not in current dir
(Closes: #632658)
* bibtex is able to handle unicode (Closes: #382075)
* dvips info page describes debugging options correctly
(Closes: #269638)
* FTBFS on KFreeBSD fixed upstream (Closes: #663519)
Checksums-Sha1:
d120c7b46147b3fb07ae7bc7c9602cf49fe636cf 1702 texlive-bin_2011.20120322-1.dsc
ef6ac0ca4399a76afc4aad06dedce66465d872a9 134202118 texlive-bin_2011.20120322.orig.tar.gz
e1b66d9c1eba01ca6ad6b47b28b6e1630473323a 86337 texlive-bin_2011.20120322-1.debian.tar.gz
0c89f491308adf50c530f9bd3d68dd245fbb208c 20483442 texlive-binaries_2011.20120322-1_amd64.deb
572a13a5fd9dcfb88dd4602f6f76a56632cccc6b 160654 libkpathsea6_2011.20120322-1_amd64.deb
10dcc951311071fd3aba5d64194c2603967ce032 186006 libkpathsea-dev_2011.20120322-1_amd64.deb
de644c6e7ef3167cc67e2574579a9777d38473be 53654 libptexenc1_2011.20120322-1_amd64.deb
7c7437fc78c12af483921d2e92936b13915012b5 53084 libptexenc-dev_2011.20120322-1_amd64.deb
Checksums-Sha256:
63396b5b89a397bd34eb0a3c2a1c36fd157849cc02c82a738daf7badf9455848 1702 texlive-bin_2011.20120322-1.dsc
c2b6f3a5c6ffdd4da4dca2e4e8f71217522ae32624decb074389919b651f0210 134202118 texlive-bin_2011.20120322.orig.tar.gz
8821e2f5683695ae39863ae6f399c12ddcc598f015ff3f00b8aedbd1655f08c1 86337 texlive-bin_2011.20120322-1.debian.tar.gz
129b1ffe9e0b6292f2444a4db782cb314560ddb7feb2e61805aee485d921080a 20483442 texlive-binaries_2011.20120322-1_amd64.deb
b0eae8e63c9539bdd7de6800a3e2963b98161e3b90d580a086f4dab7e3acf3e1 160654 libkpathsea6_2011.20120322-1_amd64.deb
1f2024400cbea99710fdca7501b9c823bb15fd333676986995e3bf12c3320995 186006 libkpathsea-dev_2011.20120322-1_amd64.deb
fbdb9baac2ce6664aeb19cbce4778f41e24ff5bf0ea9419672c5797e50449d8d 53654 libptexenc1_2011.20120322-1_amd64.deb
82502f844fe1f8ae07080f30dca640ebbbc30f293f9c2c450a48aa4976c746df 53084 libptexenc-dev_2011.20120322-1_amd64.deb
Files:
9c602f44316ad2e291409521f300b42a 1702 tex optional texlive-bin_2011.20120322-1.dsc
6b3fda65f1b1d4d37edd140e439b4ffe 134202118 tex optional texlive-bin_2011.20120322.orig.tar.gz
eb2627d92911357a6b1331f4b349cafb 86337 tex optional texlive-bin_2011.20120322-1.debian.tar.gz
9f797701350e27492756dbbae3c0f032 20483442 tex optional texlive-binaries_2011.20120322-1_amd64.deb
dafe2db2ba43d52048163fa5eee60e6a 160654 libs optional libkpathsea6_2011.20120322-1_amd64.deb
1084b34326ebc16fa45b08f0cf911760 186006 libdevel optional libkpathsea-dev_2011.20120322-1_amd64.deb
78d480193469645293c12b19af92ba4b 53654 libs optional libptexenc1_2011.20120322-1_amd64.deb
60262b244213190144d944ee74515c06 53084 libdevel optional libptexenc-dev_2011.20120322-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFPa8KU0r9KownFsJQRAndAAJ9JjrWexAiUBNr6lUrxhQg3pTkEUgCeOgRA
6u3EomDYcAedxSx9i2rxmYo=
=BRB8
-----END PGP SIGNATURE-----
--- End Message ---