[pkgsrc/trunk]: pkgsrc/print/poppler apply a patch from xpdf to fix an intege...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bbd6aa1bf136
branches:  trunk
changeset: 531578:bbd6aa1bf136
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Aug 02 14:41:18 2007 +0000

description:
apply a patch from xpdf to fix an integer overflow vulnerability
(CVE-2007-3387)
bump PKGREVISION

diffstat:

 print/poppler/Makefile         |   4 ++--
 print/poppler/distinfo         |   3 ++-
 print/poppler/patches/patch-af |  30 ++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 3 deletions(-)

diffs (63 lines):

diff -r 82868d779dc7 -r bbd6aa1bf136 print/poppler/Makefile
--- a/print/poppler/Makefile    Thu Aug 02 14:20:37 2007 +0000
+++ b/print/poppler/Makefile    Thu Aug 02 14:41:18 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.20 2007/01/17 15:53:09 drochner Exp $
+# $NetBSD: Makefile,v 1.21 2007/08/02 14:41:18 drochner Exp $
 #
 
 .include "../../print/poppler/Makefile.common"
 
-PKGREVISION=   1
+PKGREVISION=   2
 
 COMMENT=               PDF rendering library
 
diff -r 82868d779dc7 -r bbd6aa1bf136 print/poppler/distinfo
--- a/print/poppler/distinfo    Thu Aug 02 14:20:37 2007 +0000
+++ b/print/poppler/distinfo    Thu Aug 02 14:41:18 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2007/01/17 15:53:09 drochner Exp $
+$NetBSD: distinfo,v 1.17 2007/08/02 14:41:18 drochner Exp $
 
 SHA1 (poppler-0.5.4.tar.gz) = edf4e4ff17ef86a7f60f097949ad7db53fa2c3b1
 RMD160 (poppler-0.5.4.tar.gz) = f28c89b03388757067505df3c60a1d878626b0dd
@@ -8,3 +8,4 @@
 SHA1 (patch-ac) = ba2f2e83897e4c56541da6e9e4f1b61d60fea9b0
 SHA1 (patch-ad) = 437c1514654d3c4caa00f674de9dbd3d66e58127
 SHA1 (patch-ae) = 9f118e4d70df1c523807aa5faeda798a3d7f74f1
+SHA1 (patch-af) = e27499a90ebf76f376a411e310fe16c21d22f30e
diff -r 82868d779dc7 -r bbd6aa1bf136 print/poppler/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/poppler/patches/patch-af    Thu Aug 02 14:41:18 2007 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-af,v 1.1 2007/08/02 14:41:19 drochner Exp $
+
+--- poppler/Stream.cc.orig     2007-08-02 10:28:59.000000000 +0200
++++ poppler/Stream.cc
+@@ -422,12 +422,6 @@ StreamPredictor::StreamPredictor(Stream 
+   ok = gFalse;
+ 
+   nVals = width * nComps;
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX/nBits ||
+-      width >= INT_MAX/nComps/nBits ||
+-      nVals * nBits + 7 < 0) {
+-    return;
+-  }
+   totalBits = nVals * nBits;
+   if (totalBits == 0 ||
+       (totalBits / nBits) / nComps != width ||
+@@ -436,7 +430,11 @@ StreamPredictor::StreamPredictor(Stream 
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
+   rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0) {
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps > gfxColorMaxComps ||
++      nBits > 16 ||
++      width >= INT_MAX / nComps ||      // check for overflow in nVals
++      nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+     return;
+   }
+   predLine = (Guchar *)gmalloc(rowBytes);