pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q3]: pkgsrc/print/poppler Pullup ticket 955 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/78143adbeb05
branches: pkgsrc-2005Q3
changeset: 499745:78143adbeb05
user: seb <seb%pkgsrc.org@localhost>
date: Thu Dec 15 01:00:51 2005 +0000
description:
Pullup ticket 955 - requested by Lubomir Sedlacik
security fix via patch for print/poppler
Module Name: pkgsrc
Committed By: salo
Date: Sun Dec 11 05:08:50 UTC 2005
Modified Files:
pkgsrc/print/poppler: Makefile distinfo
Added Files:
pkgsrc/print/poppler/patches: patch-aa patch-ab patch-ac
Log Message:
Security fixes for CVE-2005-3191, CVE-2005-3192 and CVE-2005-3193.
Patches from xpdf.
diffstat:
print/poppler/Makefile | 6 +-
print/poppler/distinfo | 5 ++-
print/poppler/patches/patch-ab | 31 ++++++++++++++++
print/poppler/patches/patch-ac | 78 ++++++++++++++++++++++++++++++++++++++++++
print/poppler/patches/patch-ad | 23 ++++++++++++
5 files changed, 139 insertions(+), 4 deletions(-)
diffs (181 lines):
diff -r 1c04f996020d -r 78143adbeb05 print/poppler/Makefile
--- a/print/poppler/Makefile Mon Dec 12 23:05:56 2005 +0000
+++ b/print/poppler/Makefile Thu Dec 15 01:00:51 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.1.1.1 2005/07/08 20:31:34 reed Exp $
+# $NetBSD: Makefile,v 1.1.1.1.2.1 2005/12/15 01:00:51 seb Exp $
#
DISTNAME= poppler-0.3.3
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= print
MASTER_SITES= http://poppler.freedesktop.org/
@@ -10,7 +10,7 @@
HOMEPAGE= http://poppler.freedesktop.org/
COMMENT= PDF rendering library
-USE_TOOLS= gmake
+USE_TOOLS+= gmake pkg-config
USE_LIBTOOL= yes
LIBTOOL_OVERRIDE= ${WRKSRC}/libtool
#PKGCONFIG_OVERRIDE+= ${WRKSRC}/poppler-cairo.pc.in
diff -r 1c04f996020d -r 78143adbeb05 print/poppler/distinfo
--- a/print/poppler/distinfo Mon Dec 12 23:05:56 2005 +0000
+++ b/print/poppler/distinfo Thu Dec 15 01:00:51 2005 +0000
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.1.1.1 2005/07/08 20:31:34 reed Exp $
+$NetBSD: distinfo,v 1.1.1.1.2.1 2005/12/15 01:00:51 seb Exp $
SHA1 (poppler-0.3.3.tar.gz) = 4dd3e060815a307dfb217dbe7dd7d52c7f688edf
RMD160 (poppler-0.3.3.tar.gz) = a607766a46a39ae27cbd1bdfd5866c1bc74cf4d3
Size (poppler-0.3.3.tar.gz) = 742493 bytes
SHA1 (patch-aa) = be585bf002516f55d98cff5a7902327c41733c09
+SHA1 (patch-ab) = 6bbd1edcdba2564f470474f71b7824dfaf302a7d
+SHA1 (patch-ac) = db8e38a2e4382bd14bbb5edc9979df5ce2927943
+SHA1 (patch-ad) = 9900a274d586bf4f4d814716b1296e4d5e5f9429
diff -r 1c04f996020d -r 78143adbeb05 print/poppler/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/poppler/patches/patch-ab Thu Dec 15 01:00:51 2005 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ab,v 1.1.2.2 2005/12/15 01:00:51 seb Exp $
+
+Security fix for CVE-2005-3193.
+
+--- poppler/JPXStream.cc.orig 2005-03-03 20:46:03.000000000 +0100
++++ poppler/JPXStream.cc 2005-12-11 06:14:42.000000000 +0100
+@@ -666,7 +666,7 @@ GBool JPXStream::readCodestream(Guint le
+ int segType;
+ GBool haveSIZ, haveCOD, haveQCD, haveSOT;
+ Guint precinctSize, style;
+- Guint segLen, capabilities, comp, i, j, r;
++ Guint segLen, capabilities, nTiles, comp, i, j, r;
+
+ //----- main header
+ haveSIZ = haveCOD = haveQCD = haveSOT = gFalse;
+@@ -701,8 +701,13 @@ GBool JPXStream::readCodestream(Guint le
+ / img.xTileSize;
+ img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
+ / img.yTileSize;
+- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles *
+- sizeof(JPXTile));
++ nTiles = img.nXTiles * img.nYTiles;
++ // check for overflow before allocating memory
++ if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) {
++ error(getPos(), "Bad tile count in JPX SIZ marker segment");
++ return gFalse;
++ }
++ img.tiles = (JPXTile *)gmalloc(nTiles * sizeof(JPXTile));
+ for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
+ img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps *
+ sizeof(JPXTileComp));
diff -r 1c04f996020d -r 78143adbeb05 print/poppler/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/poppler/patches/patch-ac Thu Dec 15 01:00:51 2005 +0000
@@ -0,0 +1,78 @@
+$NetBSD: patch-ac,v 1.1.2.2 2005/12/15 01:00:51 seb Exp $
+
+Security fix for CVE-2005-3191 and CVE-2005-3192.
+
+--- poppler/Stream.cc.orig 2005-04-28 17:23:34.000000000 +0200
++++ poppler/Stream.cc 2005-12-11 06:14:45.000000000 +0100
+@@ -415,18 +415,33 @@ void ImageStream::skipLine() {
+
+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
+ int widthA, int nCompsA, int nBitsA) {
++ int totalBits;
++
+ str = strA;
+ predictor = predictorA;
+ width = widthA;
+ nComps = nCompsA;
+ nBits = nBitsA;
++ predLine = NULL;
++ ok = gFalse;
+
+ nVals = width * nComps;
++ totalBits = nVals * nBits;
++ if (totalBits == 0 ||
++ (totalBits / nBits) / nComps != width ||
++ totalBits + 7 < 0) {
++ return;
++ }
+ pixBytes = (nComps * nBits + 7) >> 3;
+- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++ rowBytes = ((totalBits + 7) >> 3) + pixBytes;
++ if (rowBytes < 0) {
++ return;
++ }
+ predLine = (Guchar *)gmalloc(rowBytes);
+ memset(predLine, 0, rowBytes);
+ predIdx = rowBytes;
++
++ ok = gTrue;
+ }
+
+ StreamPredictor::~StreamPredictor() {
+@@ -1020,6 +1035,10 @@ LZWStream::LZWStream(Stream *strA, int p
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if (!pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+@@ -2907,6 +2926,14 @@ GBool DCTStream::readBaselineSOF() {
+ height = read16();
+ width = read16();
+ numComps = str->getChar();
++ if (numComps <= 0 || numComps > 4) {
++ error(getPos(), "Bad number of components in DCT stream", prec);
++ return gFalse;
++ }
++ if (numComps <= 0 || numComps > 4) {
++ error(getPos(), "Bad number of components in DCT stream", prec);
++ return gFalse;
++ }
+ if (prec != 8) {
+ error(getPos(), "Bad DCT precision %d", prec);
+ return gFalse;
+@@ -3268,6 +3295,10 @@ FlateStream::FlateStream(Stream *strA, i
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if (!pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
diff -r 1c04f996020d -r 78143adbeb05 print/poppler/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/poppler/patches/patch-ad Thu Dec 15 01:00:51 2005 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-ad,v 1.1.2.1 2005/12/15 01:00:51 seb Exp $
+
+Security fix for CVE-2005-3192.
+
+--- poppler/Stream.h.orig 2005-04-28 17:23:34.000000000 +0200
++++ poppler/Stream.h 2005-12-11 06:14:47.000000000 +0100
+@@ -231,6 +231,8 @@ public:
+
+ ~StreamPredictor();
+
++ GBool isOk() { return ok; }
++
+ int lookChar();
+ int getChar();
+
+@@ -248,6 +250,7 @@ private:
+ int rowBytes; // bytes per line
+ Guchar *predLine; // line buffer
+ int predIdx; // current index in predLine
++ GBool ok;
+ };
+
+ //------------------------------------------------------------------------
Home |
Main Index |
Thread Index |
Old Index