diff --git a/texlive-execshield.patch b/texlive-execshield.patch new file mode 100644 index 0000000..291db17 --- /dev/null +++ b/texlive-execshield.patch @@ -0,0 +1,12 @@ +diff -up texlive-2007/libs/icu-xetex/tools/pkgdata/make.c.execshield texlive-2007/libs/icu-xetex/tools/pkgdata/make.c +--- texlive-2007/libs/icu-xetex/tools/pkgdata/make.c.execshield 2006-07-25 14:37:43.000000000 +0200 ++++ texlive-2007/libs/icu-xetex/tools/pkgdata/make.c 2010-05-24 15:07:38.721047876 +0200 +@@ -429,7 +429,7 @@ pkg_mak_writeAssemblyHeader(FileStream * + T_FileStream_writeLine(f, "\n"); + T_FileStream_writeLine(f, "$(TEMP_DIR)/$(NAME)_dat.o : $(TEMP_DIR)/$(NAME).dat\n"); + T_FileStream_writeLine(f, "\t$(INVOKE) $(GENCCODE) $(GENCCODE_ASSEMBLY) -n $(NAME) -e $(ENTRYPOINT) -d $(TEMP_DIR) $<\n"); +- T_FileStream_writeLine(f, "\t$(COMPILE.c) $(DYNAMICCPPFLAGS) $(DYNAMICCXXFLAGS) -o $@ $(TEMP_DIR)/$(NAME)_dat"ASM_SUFFIX"\n"); ++ T_FileStream_writeLine(f, "\t$(COMPILE.c) $(DYNAMICCPPFLAGS) $(DYNAMICCXXFLAGS) -Wa,--noexecstack -o $@ $(TEMP_DIR)/$(NAME)_dat"ASM_SUFFIX"\n"); + T_FileStream_writeLine(f, "\t$(RMV) $(TEMP_DIR)/$(NAME)_dat"ASM_SUFFIX"\n"); + T_FileStream_writeLine(f, "\n"); + T_FileStream_writeLine(f, "else\n"); diff --git a/texlive.spec b/texlive.spec index 15992b3..32cfb47 100644 --- a/texlive.spec +++ b/texlive.spec @@ -21,7 +21,7 @@ Name: texlive Version: %{texlive_ver} -Release: 52%{?dist} +Release: 53%{?dist} Summary: Binaries for the TeX formatting system Group: Applications/Publishing @@ -80,6 +80,7 @@ Patch33: texlive-poolfix.patch Patch34: texlive-dvipsconfig.patch Patch35: texlive-CVE-2010-0829-dvipng-multiple-array-indexing-errors.patch Patch36: texlive-CVE-2010-0739,1440-integer-overflows.patch +Patch37: texlive-execshield.patch ###### # mpeters contributed patches @@ -415,6 +416,7 @@ chmod -x texk/dvipdfm/encodings.c %patch34 -p1 -b .dvipsconfig %patch35 -p1 -b .CVE-2010-0829 %patch36 -p1 -b .CVE-2010-0739,1440 +%patch37 -p1 -b .execshield # fix non utf man pages %patch42 -p1 -b .notutf8-2 @@ -495,6 +497,8 @@ pushd texk $RPM_BUILD_DIR/%{name}-%{version}/texk/autoconf2.13 -m $RPM_BUILD_DIR/%{name}-%{version}/texk/etc/autoconf popd +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +export CXXFLAGS="$CFLAGS" %configure \ %if %{default_letter_paper} --disable-a4 \ @@ -900,7 +904,6 @@ fi %{_bindir}/mag %{_bindir}/makeindex %{_bindir}/makempx -%{_bindir}/mf-nowin %{_bindir}/mft %{_bindir}/mkindex %{_bindir}/mkocp @@ -992,7 +995,6 @@ fi %{_mandir}/man1/mag.1* %{_mandir}/man1/makeindex.1* %{_mandir}/man1/makempx.1* -%{_mandir}/man1/mf-nowin.1* %{_mandir}/man1/mft.1* %{_mandir}/man1/mkindex.1* %{_mandir}/man1/mkocp.1* @@ -1057,6 +1059,7 @@ fi %{_bindir}/epstopdf %{_bindir}/gsftopk %{_bindir}/mf +%{_bindir}/mf-nowin %{_bindir}/mktexpk %{_bindir}/pdfcrop %{_bindir}/ps4pdf @@ -1065,6 +1068,7 @@ fi %{_mandir}/man1/epstopdf.1* %{_mandir}/man1/gsftopk.1* %{_mandir}/man1/mf.1* +%{_mandir}/man1/mf-nowin.1* %{_mandir}/man1/mktexpk.1* %{_mandir}/man1/thumbpdf.1* @@ -1255,6 +1259,11 @@ fi %{_mandir}/man1/texutil.1* %changelog +* Fri Jun 18 2010 Jindrich Novy 2007-53 +- clear executable stack flag in xetex binary +- fix cross-package symlink, move mf-nowin to texlive-utils +- compile with -fno-strict-aliasing + * Mon May 10 2010 Jindrich Novy 2007-52 - fix CVE-2010-0739 and CVE-2010-1440 (#584795)