Version in base suite: 2022.20220321.62855-5.1+deb12u1

Base version: texlive-bin_2022.20220321.62855-5.1+deb12u1
Target version: texlive-bin_2022.20220321.62855-5.1+deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/texlive-bin/texlive-bin_2022.20220321.62855-5.1+deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/t/texlive-bin/texlive-bin_2022.20220321.62855-5.1+deb12u2.dsc

 changelog                                              |    8 +
 patches/CVE-2024-25262.diff                            |   22 ++++
 patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch |   90 +++++++++++++++++
 patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch |   24 ++++
 patches/series                                         |    3 
 5 files changed, 147 insertions(+)

diff -Nru texlive-bin-2022.20220321.62855/debian/changelog texlive-bin-2022.20220321.62855/debian/changelog
--- texlive-bin-2022.20220321.62855/debian/changelog	2023-06-27 20:07:12.000000000 +0000
+++ texlive-bin-2022.20220321.62855/debian/changelog	2024-10-11 20:47:45.000000000 +0000
@@ -1,3 +1,11 @@
+texlive-bin (2022.20220321.62855-5.1+deb12u2) bookworm; urgency=medium
+
+  * Add patches from upstream for "luatex loses or changes text when
+    discretionaries with priorities are used" (Closes: #1041441).
+  * Add patch for CVE-2024-25262.
+
+ -- Hilmar Preuße <hille42@debian.org>  Fri, 11 Oct 2024 22:47:45 +0200
+
 texlive-bin (2022.20220321.62855-5.1+deb12u1) bookworm; urgency=medium
 
   * Stop building *jit* binaries on i386 based arches to make TL installable
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff
--- texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff	1970-01-01 00:00:00.000000000 +0000
+++ texlive-bin-2022.20220321.62855/debian/patches/CVE-2024-25262.diff	2024-10-11 20:41:06.000000000 +0000
@@ -0,0 +1,22 @@
+From: https://github.com/TeX-Live/texlive-source/pull/63/commits/87bd510f8b8acff7096159423f87251d82288700
+Date: Fri, 16 Jan 2024 00:00:00 +0100
+Subject: Fix for CVE-2024-25262.
+Origin: upstream
+
+diff --git a/texk/ttfdump/libttf/hdmx.c b/texk/ttfdump/libttf/hdmx.c
+index d91b98eb1b..a0ee60ca59 100644
+--- a/texk/ttfdump/libttf/hdmx.c
++++ b/texk/ttfdump/libttf/hdmx.c
+@@ -44,7 +44,11 @@ static void ttfLoadHDMX (FILE *fp,HDMXPtr hdmx,ULONG offset)
+ 	    hdmx->Records[i].PixelSize = ttfGetBYTE(fp);
+ 	    hdmx->Records[i].MaxWidth = ttfGetBYTE(fp);
+ 	    hdmx->Records[i].Width = XCALLOC (hdmx->size, BYTE);
+-	    fread ((hdmx->Records+i)->Width, sizeof(BYTE), hdmx->numGlyphs+1,fp);
++	    //if hdmx->numGlyphs+1 > hdmx->size,it will coredump,so we read min(hdmx->numGlyphs+1,hdmx->size) and truncate the remainder.
++	    if (hdmx->numGlyphs+1 <= hdmx->size)
++	    	fread ((hdmx->Records+i)->Width, sizeof(BYTE), hdmx->numGlyphs+1,fp);
++	    else
++		fread ((hdmx->Records+i)->Width, sizeof(BYTE), hdmx->size,fp);
+ 	}
+ }
+ 
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch
--- texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch	1970-01-01 00:00:00.000000000 +0000
+++ texlive-bin-2022.20220321.62855/debian/patches/ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch	2024-10-11 20:41:06.000000000 +0000
@@ -0,0 +1,90 @@
+From ad3b0d706c71bb6f3309a236e98e8fb644121bc6 Mon Sep 17 00:00:00 2001
+From: Luigi Scarso <luigi.scarso@gmail.com>
+Date: Sat, 30 Jul 2022 14:48:29 +0000
+Subject: [PATCH] Take exception pre/port disc font from wordstart (H.Hagen).
+ Fixed some missed files in trunk from latest update from TexLive
+
+[[Split portion of a mixed commit.]]
+---
+ source/texk/web2c/luatexdir/ChangeLog         |  3 ++
+ source/texk/web2c/luatexdir/lang/texlang.c    | 28 +++++++++++++------
+ .../texk/web2c/luatexdir/luatex_svnversion.h  |  2 +-
+ 3 files changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/source/texk/web2c/luatexdir/lang/texlang.c b/source/texk/web2c/luatexdir/lang/texlang.c
+index 67ef25ca1..f9e53bbba 100644
+--- a/texk/web2c/luatexdir/lang/texlang.c
++++ b/texk/web2c/luatexdir/lang/texlang.c
+@@ -358,7 +358,9 @@ static halfword insert_discretionary(halfword t, halfword pre, halfword post, ha
+         f = get_cur_font();
+     }
+     for (g = pre; g != null; g = vlink(g)) {
+-        font(g) = f;
++        if (! font(g)) {
++            font(g) = f;
++        }
+         if (attr != null) {
+             delete_attribute_ref(node_attr(g));
+             node_attr(g) = attr;
+@@ -366,7 +368,9 @@ static halfword insert_discretionary(halfword t, halfword pre, halfword post, ha
+         }
+     }
+     for (g = post; g != null; g = vlink(g)) {
+-        font(g) = f;
++        if (! font(g)) {
++            font(g) = f;
++        }
+         if (attr != null) {
+             delete_attribute_ref(node_attr(g));
+             node_attr(g) = attr;
+@@ -531,9 +535,14 @@ char *exception_strings(struct tex_language *lang)
+     The sequence from |wordstart| to |r| can contain only normal characters it
+     could be faster to modify a halfword pointer and return an integer
+ 
++    We now take the font from the wordstart (as in \LUAMETATEX) but leave the
++    rest as it is, because we don't want to break compatibility (end June 2022).
++    We make a copy now of the parent and hope for the best. Backporting would be
++    too intrusive so this has to do. It went unnoticed for ages anyway.
++
+ */
+ 
+-static halfword find_exception_part(unsigned int *j, unsigned int *uword, int len)
++static halfword find_exception_part(unsigned int *j, unsigned int *uword, int len, halfword parent)
+ {
+     halfword g = null, gg = null;
+     register unsigned i = *j;
+@@ -541,13 +550,16 @@ static halfword find_exception_part(unsigned int *j, unsigned int *uword, int le
+     i++;
+     while (i < (unsigned) len && uword[i + 1] != '}') {
+         if (g == null) {
+-            gg = new_char(0, (int) uword[i + 1]);
++         /* gg = new_char(font(parent), (int) uword[i + 1]); */
++            gg = copy_node(parent);
+             g = gg;
+         } else {
+-            halfword s = new_char(0, (int) uword[i + 1]);
++         /* halfword s = new_char(font(parent), (int) uword[i + 1]); */
++            halfword s = copy_node(parent);
+             couple_nodes(g, s);
+-            g = vlink(g);
++            g = s;
+         }
++        character(g) = (int) uword[i + 1];
+         i++;
+     }
+     *j = ++i;
+@@ -614,12 +626,12 @@ static void do_exception(halfword wordstart, halfword r, char *replacement)
+             halfword gg, hh, replace = null;
+             int repl;
+             /*tex |pre| */
+-            gg = find_exception_part(&i, uword, (int) len);
++            gg = find_exception_part(&i, uword, (int) len, wordstart);
+             if (i == len || uword[i + 1] != '{') {
+                 tex_error("broken pattern 1", PAT_ERROR);
+             }
+             /*tex |post| */
+-            hh = find_exception_part(&i, uword, (int) len);
++            hh = find_exception_part(&i, uword, (int) len, wordstart);
+             if (i == len || uword[i + 1] != '{') {
+                 tex_error("broken pattern 2", PAT_ERROR);
+             }
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch
--- texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch	1970-01-01 00:00:00.000000000 +0000
+++ texlive-bin-2022.20220321.62855/debian/patches/be0377afd9573be47495ac97be42ecc4dae5f0a2.patch	2024-10-11 20:41:06.000000000 +0000
@@ -0,0 +1,24 @@
+From be0377afd9573be47495ac97be42ecc4dae5f0a2 Mon Sep 17 00:00:00 2001
+From: Luigi Scarso <luigi.scarso@gmail.com>
+Date: Sat, 30 Jul 2022 20:41:39 +0000
+Subject: [PATCH] Backtrack replace pointer when successive disc in exceptions
+ (H. Hagen)
+
+---
+ source/texk/web2c/luatexdir/ChangeLog           | 3 +++
+ source/texk/web2c/luatexdir/lang/texlang.c      | 1 +
+ source/texk/web2c/luatexdir/luatex_svnversion.h | 2 +-
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/source/texk/web2c/luatexdir/lang/texlang.c b/source/texk/web2c/luatexdir/lang/texlang.c
+index f9e53bbba..a0d067251 100644
+--- a/texk/web2c/luatexdir/lang/texlang.c
++++ b/texk/web2c/luatexdir/lang/texlang.c
+@@ -705,6 +705,7 @@ static void do_exception(halfword wordstart, halfword r, char *replacement)
+             /*tex check if we have two exceptions in a row */
+             if (uword[i + 1] == '{') {
+                 i--;
++t = alink(t);
+             }
+         } else {
+             t = vlink(t);
diff -Nru texlive-bin-2022.20220321.62855/debian/patches/series texlive-bin-2022.20220321.62855/debian/patches/series
--- texlive-bin-2022.20220321.62855/debian/patches/series	2023-06-27 20:07:12.000000000 +0000
+++ texlive-bin-2022.20220321.62855/debian/patches/series	2024-10-11 20:41:06.000000000 +0000
@@ -15,3 +15,6 @@
 wrong-manual-section_axohelp.1
 CVE-2023-32700.patch
 CVE-2023-32668.patch
+#ad3b0d706c71bb6f3309a236e98e8fb644121bc6.patch
+be0377afd9573be47495ac97be42ecc4dae5f0a2.patch
+CVE-2024-25262.diff