--- vftool-2.0alpha.orig/debian/patch-2 +++ vftool-2.0alpha/debian/patch-2 @@ -0,0 +1,21 @@ +From: Vincent Untz +Date: Thu, 17 Feb 2011 15:23:39 +0100 +Subject: [PATCH] backends: Fix another security issue in the dvi-backend +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=640923 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614669 + +This is similar to one of the fixes from d4139205. + +https://bugzilla.gnome.org/show_bug.cgi?id=640923 + +--- vftool-2.0alpha.orig/parseAFM.c ++++ vftool-2.0alpha/parseAFM.c +@@ -178,7 +178,7 @@ + while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); + + idx = 0; +- while (ch != EOF && ch != lineterm) ++ while (ch != EOF && ch != lineterm && idx < MAX_NAME) + { + ident[idx++] = ch; + ch = fgetc(stream); --- vftool-2.0alpha.orig/debian/patch-0 +++ vftool-2.0alpha/debian/patch-0 @@ -0,0 +1,40 @@ +--- vftool-2.0alpha.orig/MKASC2BKall ++++ vftool-2.0alpha/MKASC2BKall +@@ -11,6 +11,6 @@ + mkdir $vfdir + for t in $* + do +- ./MKASC2BK $prog `echo $t | sed -e 's/:/ /g'` \ ++ /usr/bin/MKASC2BK $prog `echo $t | sed -e 's/:/ /g'` \ + $afmdir $jfmdir $bkjfmdir $vfdir + done +--- vftool-2.0alpha.orig/MKBKV2Hall ++++ vftool-2.0alpha/MKBKV2Hall +@@ -9,6 +9,6 @@ + mkdir $vfdir + for t in $* + do +- ./MKBKV2H $prog `echo $t | sed -e 's/:/ /g'` \ ++ /usr/bin/MKBKV2H $prog `echo $t | sed -e 's/:/ /g'` \ + $datadir $jfmdir $vfdir + done +--- vftool-2.0alpha.orig/MKVSYall ++++ vftool-2.0alpha/MKVSYall +@@ -8,6 +8,6 @@ + mkdir $vfdir + for t in $* + do +- ./MKVSY $prog `echo $t | sed -e 's/:/ /g'` \ ++ /usr/bin/MKVSY $prog `echo $t | sed -e 's/:/ /g'` \ + $datadir $vfdir + done +--- vftool-2.0alpha.orig/MKVSYDall ++++ vftool-2.0alpha/MKVSYDall +@@ -8,6 +8,6 @@ + mkdir $vfdir + for t in $* + do +- ./MKVSYD $prog `echo $t | sed -e 's/:/ /g'` \ ++ /usr/bin/MKVSYD $prog `echo $t | sed -e 's/:/ /g'` \ + $datadir $vfdir + done --- vftool-2.0alpha.orig/debian/changelog +++ vftool-2.0alpha/debian/changelog @@ -0,0 +1,63 @@ +vftool (2.0alpha-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patch-3: + - fix CVE-2011-0433, a buffer overflow in linetoken() in parseAFM.c + Closes: #614669 + + -- Jonathan Wiltshire Wed, 29 Jun 2011 23:06:32 +0100 + +vftool (2.0alpha-4) unstable; urgency=low + + * Fixed FTBFS bug with a patch by Ruben Molina + Thanks to Ruben Molina. (Closes: #552876) + * Updated rules, control files. + + -- Atsuhito KOHDA Sat, 19 Dec 2009 20:00:33 +0900 + +vftool (2.0alpha-3) unstable; urgency=low + + * Removed obsolete links in /usr/doc as suggested by Joey Hess + . + + -- Atsuhito KOHDA Mon, 15 Aug 2005 09:21:04 +0900 + +vftool (2.0alpha-2) unstable; urgency=low + + * First Official release to Debian. (closes: #130512) + + -- Atsuhito KOHDA Mon, 28 Jan 2002 10:15:38 +0900 + +vftool (2.0alpha-1) unstable; urgency=low + + * New Maintainer. + * New Upstream Release. + * Changed Section from misc to tex. + * Provided rather detailed explanation on vftool in README.Debian but + we are afraid that it might be still difficult to use vftool. + + -- Atsuhito KOHDA Wed, 27 Jun 2001 12:23:56 +0900 + +vftool (1.2-3) frozen-jp unstable-jp; urgency=low + + * fixed copyright.ujis. + + -- Hayao Nakahara Tue, 16 Jun 1998 20:20:57 +0900 + +vftool (1.2-2) unstable; urgency=low + + * New Maintainer. + * compiled with libc6. + * converted documents into ja_JP.ujis. + + -- Hayao Nakahara Mon, 1 Jun 1998 09:35:57 +0900 + +vftool (1.2-1) unstable; urgency=low + + * Initial Release. + + -- Atsushi KAMOSHIDA Sat, 3 May 1997 08:22:06 +0900 + +Local variables: +mode: debian-changelog +End: --- vftool-2.0alpha.orig/debian/copyright +++ vftool-2.0alpha/debian/copyright @@ -0,0 +1,43 @@ +This package was debianized by Atsuhito KOHDA on +Wed, 27 Jun 2001 12:23:56 +0900. + +It was downloaded from ftp://ftp.math.s.chiba-u.ac.jp/tex + +Upstream Author: Takafumi Sakurai + +Copyright: + +NOTE: The author tells us that the license of vftool is same as +that of dvi2ps-j but it is not yet included in upstream distribution +so we provide here the license of dvi2ps-j, please replace dvi2ps-j +with vftool when you read it. + +All of the files included in this dvi2ps-j release, with the exception +of files that include copyright notice in them, are covered by the +following copyright: + +Copyright (c) 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997, 1999 + Takafumi Sakurai and Kazuhiro Kazama. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must include source code, or + there must be a well-publicized means of obtaining the source + code for no more than a reasonable reproduction cost. +3. The package name of the modified software must not be ``dvi2ps-j'' + or ``dvi2ps-j'' where is the version number. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. --- vftool-2.0alpha.orig/debian/Makefile +++ vftool-2.0alpha/debian/Makefile @@ -0,0 +1,66 @@ +# +# if you want to make new-format jvf (which is much smaller), let j=j +j=j +# +# builtin kanji fonts +bkfonts = '${bk-std}' +# Standard kanji font +bk-std = std \ + stdmn:min:monokan stdgt:goth:monokan \ + stdmnv:tmin:monokan-v stdgtv:tgoth:monokan-v +# +vbkfonts = '${vbk-std}' +# Standard kanji font +vbk-std = std \ + stdmn:stdmnv:stdmnvsy stdgt:stdgtv:stdgtvsy +# +vsyfonts = '${vsy-std}' +# Standard kanji font +vsy-std = std \ + stdmn:stdmnvsy stdgt:stdgtvsy +# +# where you can find ASCII Nihongo TeX jfm files: min10.tfm ... +JFM = tfm + +# + +all: a2bk + +a2bk: + -mkdir jfm + -mkdir vf + for bk in ${bkfonts}; do\ + /usr/bin/MKASC2BKall /usr/bin/mka2bk${j}vf data ${JFM} jfm vf $${bk};\ + done + +v2h: + for vbk in ${vbkfonts}; do\ + /usr/bin/MKBKV2Hall /usr/bin/mkbkv2h${j}vf data jfm vf $${vbk};\ + done + +vsy: + for vsy in ${vsyfonts}; do\ + /usr/bin/MKVSYall /usr/bin/mkvsyvf data vf $${vsy};\ + done + +vsyd: + for vsy in ${vsyfonts}; do\ + /usr/bin/MKVSYDall /usr/bin/mkvsydvf data vf $${vsy};\ + done + +n2a: + -mkdir vf + -mkdir vf/n2a + /usr/bin/MKNTT2ASC /usr/bin/mkn2a${j}vf dm min ${SUBTFM} ${JFM} vf/n2a + /usr/bin/MKNTT2ASC /usr/bin/mkn2a${j}vf dg goth ${SUBTFM} ${JFM} vf/n2a + +a2n: + -mkdir vf + -mkdir vf/a2n + /usr/bin/MKASC2NTT /usr/bin/mka2n${j}vf dm min ${SUBTFM} ${JFM} vf/a2n + /usr/bin/MKASC2NTT /usr/bin/mka2n${j}vf dg goth ${SUBTFM} ${JFM} vf/a2n + +clean: + rm -rf jfm vf + +distclean: clean --- vftool-2.0alpha.orig/debian/compat +++ vftool-2.0alpha/debian/compat @@ -0,0 +1 @@ +7 --- vftool-2.0alpha.orig/debian/patch-1 +++ vftool-2.0alpha/debian/patch-1 @@ -0,0 +1,26 @@ +--- vftool-2.0alpha.orig/mkvsyvf.c ++++ vftool-2.0alpha/mkvsyvf.c +@@ -69,7 +69,7 @@ + char mirror_end[SPLEN]; + int mirror_end_len; + +-getline(sp, lenp, f) ++mygetline(sp, lenp, f) + char *sp; + int *lenp; + FILE *f; +@@ -91,10 +91,10 @@ + fprintf(stderr, "cannot open %s\n", fn); + exit(1); + } +- getline(rotate_beg, &rotate_beg_len, f); +- getline(rotate_end, &rotate_end_len, f); +- getline(mirror_beg, &mirror_beg_len, f); +- getline(mirror_end, &mirror_end_len, f); ++ mygetline(rotate_beg, &rotate_beg_len, f); ++ mygetline(rotate_end, &rotate_end_len, f); ++ mygetline(mirror_beg, &mirror_beg_len, f); ++ mygetline(mirror_end, &mirror_end_len, f); + } + + vsyvf() --- vftool-2.0alpha.orig/debian/rules +++ vftool-2.0alpha/debian/rules @@ -0,0 +1,105 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +#export DH_COMPAT=3 + +PACK=vftool +BDIR=$(CURDIR)/debian/$(PACK)/usr/bin +DATADIR=$(CURDIR)/debian/$(PACK)/usr/share/$(PACK) + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + +build: configure-stamp build-stamp +build-stamp: + dh_testdir + + # Add here commands to compile the package. + patch -NRp1 < debian/patch-0 || true + patch -p1 < debian/patch-0 + patch -NRp1 < debian/patch-1 || true + patch -p1 < debian/patch-1 + patch -NRp1 < debian/patch-2 || true + patch -p1 < debian/patch-2 + $(MAKE) mka2bkjvf + $(MAKE) mka2bkvf + $(MAKE) mkbkv2hjvf + $(MAKE) mkbkv2hvf + $(MAKE) mkvsyvf + $(MAKE) mkvsydvf + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) clean +# -$(MAKE) clean + patch -NRp1 < debian/patch-0 || true + patch -NRp1 < debian/patch-1 || true + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # Add here commands to install the package into debian/vftool. + install -m 755 mka2bkvf mkbkv2hvf mka2bkjvf mkbkv2hjvf mkvsyvf \ + mkvsydvf $(BDIR) + install -m 755 MKASC2BK MKBKV2H MKVSY MKVSYD $(BDIR) + install -m 755 MKASC2BKall MKBKV2Hall MKVSYall MKVSYDall $(BDIR) + install -m 644 monokan.tfm monokan-v.tfm monosub.tfm $(DATADIR) + install -m 644 debian/Makefile $(DATADIR) + cp -a data $(DATADIR) + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs +# dh_installexamples +# dh_installmenu +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installman +# dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- vftool-2.0alpha.orig/debian/docs +++ vftool-2.0alpha/debian/docs @@ -0,0 +1 @@ +README vfdata.doc --- vftool-2.0alpha.orig/debian/README.Debian +++ vftool-2.0alpha/debian/README.Debian @@ -0,0 +1,42 @@ +vftool for Debian +----------------- + +This is a tool to generate VF files for dvi2ps/dvi2dvi and you can use +PostScript fonts and/or TrueType fonts etc. in your TeX files with the +VF files. + +Assume, for example, that you want to use new font "foo" in your TeX file. + +- It might be easiest to copy /usr/share/vftool to somewhere in your +working directory. + +- You should "mkdir tfm" and put foo.tfm there. Usually, for Japanese fonts, +it is enough to copy the standard min*.tfm/tmin*.tfm to foo*.tfm/tfoo*.tfm +In some case, you might want to copy goth*.tfm/tgoth*.tfm to foo*.tfm/tfoo*.tfm + +- You should modify "bkfonts", "vbkfonts" and "vsyfonts" in Makefile. +In this point, you should determine the (fake) PS font name. Let call it +"bar" here. + +bk-std = std \ + bar:foo:monokan + +will generate bar.vf, bar.tfm and foo*.vf (* = 5,6,7,8,9,10). + +vbk-std = std \ + bar:barv:barvsy + +vsy-std = std \ + bar:barvsy + +will generate barv.vf and barvsy.vf + +Then you should + +- install these VF files in $TEXMF/fonts/vf/some/where and TFM files in +$TEXMF/fonts/tfm/else/where + +- map "bar" to a resident PS font or VFlib name of some TrueType font. +The way to do this depends on drivers. + + -- Atsuhito KOHDA , Wed, 27 Jun 2001 12:23:56 +0900 --- vftool-2.0alpha.orig/debian/dirs +++ vftool-2.0alpha/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/vftool --- vftool-2.0alpha.orig/debian/control +++ vftool-2.0alpha/debian/control @@ -0,0 +1,13 @@ +Source: vftool +Section: tex +Priority: optional +Maintainer: Atsuhito KOHDA +Build-Depends: debhelper (>> 7) +Standards-Version: 3.8.2 + +Package: vftool +Architecture: any +Depends: ${shlibs:Depends} +Description: a tool to generate VF files for dvi2ps/dvi2dvi + You can use PostScript fonts and/or TrueType fonts etc. in your TeX files + with the VF files generated by vftool.