[pkgsrc/trunk]: pkgsrc/print/xpdf Fix vulnerability CAN-2005-3191. Patch pro...

[dillo <dillo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2a30cd545fc7
branches:  trunk
changeset: 504668:2a30cd545fc7
user:      dillo <dillo%pkgsrc.org@localhost>
date:      Sun Dec 18 20:05:32 2005 +0000

description:
Fix vulnerability CAN-2005-3191.  Patch provided by jlam.

Bump PKGREVISION to 2.

diffstat:

 print/xpdf/Makefile         |   4 ++--
 print/xpdf/distinfo         |   3 ++-
 print/xpdf/patches/patch-at |  28 ++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diffs (60 lines):

diff -r 9ce9095ce3d5 -r 2a30cd545fc7 print/xpdf/Makefile
--- a/print/xpdf/Makefile       Sun Dec 18 19:57:24 2005 +0000
+++ b/print/xpdf/Makefile       Sun Dec 18 20:05:32 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.44 2005/12/12 21:36:55 joerg Exp $
+# $NetBSD: Makefile,v 1.45 2005/12/18 20:05:32 dillo Exp $
 
 DISTNAME=      xpdf-3.01
 PKGNAME=       ${DISTNAME}pl1
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    print
 MASTER_SITES=  ftp://ftp.foolabs.com/pub/xpdf/ \
                ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
diff -r 9ce9095ce3d5 -r 2a30cd545fc7 print/xpdf/distinfo
--- a/print/xpdf/distinfo       Sun Dec 18 19:57:24 2005 +0000
+++ b/print/xpdf/distinfo       Sun Dec 18 20:05:32 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2005/12/07 09:26:58 uebayasi Exp $
+$NetBSD: distinfo,v 1.23 2005/12/18 20:05:32 dillo Exp $
 
 SHA1 (xpdf-3.01.tar.gz) = 472cbf0f3df4e20a3ab7ada2e704b4e10d1d385b
 RMD160 (xpdf-3.01.tar.gz) = d734065ce12db8d0c37d9d0ac0ca7c287be59442
@@ -21,3 +21,4 @@
 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef
 SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a
 SHA1 (patch-ar) = f3d320991e189a21244acd31ca5cc6cfdb18bd96
+SHA1 (patch-at) = 8827e22d0f3e341ed45ad92637b02a3a31f3168d
diff -r 9ce9095ce3d5 -r 2a30cd545fc7 print/xpdf/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/xpdf/patches/patch-at       Sun Dec 18 20:05:32 2005 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-at,v 1.1 2005/12/18 20:05:32 dillo Exp $
+
+--- xpdf/Stream.cc.orig        2005-12-15 22:53:25.000000000 -0500
++++ xpdf/Stream.cc
+@@ -2919,11 +2919,7 @@ GBool DCTStream::readBaselineSOF() {
+   width = read16();
+   numComps = str->getChar();
+   if (numComps <= 0 || numComps > 4) {
+-    error(getPos(), "Bad number of components in DCT stream", prec);
+-    return gFalse;
+-  }
+-  if (numComps <= 0 || numComps > 4) {
+-    error(getPos(), "Bad number of components in DCT stream", prec);
++    error(getPos(), "Bad number of components %d in DCT stream", numComps);
+     return gFalse;
+   }
+   if (prec != 8) {
+@@ -2952,6 +2948,10 @@ GBool DCTStream::readProgressiveSOF() {
+   height = read16();
+   width = read16();
+   numComps = str->getChar();
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components %d in DCT stream", numComps);
++    return gFalse;
++  }
+   if (prec != 8) {
+     error(getPos(), "Bad DCT precision %d", prec);
+     return gFalse;