[pkgsrc/trunk]: pkgsrc/print/xpdf Update xpdf to 3.01 patch level 2. The patc...

[joerg <joerg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c4596e13cca0
branches:  trunk
changeset: 510170:c4596e13cca0
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Wed Mar 29 17:20:09 2006 +0000

description:
Update xpdf to 3.01 patch level 2. The patch level addresses a number of
vulnerabilities reported and adds at least some constraint checks not
done before.

diffstat:

 print/xpdf/Makefile         |    7 +-
 print/xpdf/distinfo         |   12 ++---
 print/xpdf/patches/patch-ao |   51 +---------------------
 print/xpdf/patches/patch-aq |   32 -------------
 print/xpdf/patches/patch-at |  101 --------------------------------------------
 5 files changed, 9 insertions(+), 194 deletions(-)

diffs (253 lines):

diff -r 92d681293f18 -r c4596e13cca0 print/xpdf/Makefile
--- a/print/xpdf/Makefile       Wed Mar 29 14:13:05 2006 +0000
+++ b/print/xpdf/Makefile       Wed Mar 29 17:20:09 2006 +0000
@@ -1,15 +1,14 @@
-# $NetBSD: Makefile,v 1.54 2006/03/04 21:30:32 jlam Exp $
+# $NetBSD: Makefile,v 1.55 2006/03/29 17:20:09 joerg Exp $
 
 DISTNAME=      xpdf-3.01
-PKGNAME=       ${DISTNAME}pl1
-PKGREVISION=   5
+PKGNAME=       ${DISTNAME}pl2
 CATEGORIES=    print
 MASTER_SITES=  ftp://ftp.foolabs.com/pub/xpdf/ \
                ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
                http://gd.tuwien.ac.at/publishing/xpdf/
 
 PATCH_SITES=           ${MASTER_SITES}
-PATCHFILES=            xpdf-3.01pl1.patch
+PATCHFILES=            xpdf-3.01pl2.patch
 PATCH_DIST_STRIP=      -p1
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 92d681293f18 -r c4596e13cca0 print/xpdf/distinfo
--- a/print/xpdf/distinfo       Wed Mar 29 14:13:05 2006 +0000
+++ b/print/xpdf/distinfo       Wed Mar 29 17:20:09 2006 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.25 2006/01/22 23:13:33 tron Exp $
+$NetBSD: distinfo,v 1.26 2006/03/29 17:20:09 joerg Exp $
 
 SHA1 (xpdf-3.01.tar.gz) = 472cbf0f3df4e20a3ab7ada2e704b4e10d1d385b
 RMD160 (xpdf-3.01.tar.gz) = d734065ce12db8d0c37d9d0ac0ca7c287be59442
 Size (xpdf-3.01.tar.gz) = 599778 bytes
-SHA1 (xpdf-3.01pl1.patch) = b8906e23b8de6c49f9e50aedaa160f17ea040f08
-RMD160 (xpdf-3.01pl1.patch) = 123403a98df5d8191ac1f7b3780fb6c6e0bf344f
-Size (xpdf-3.01pl1.patch) = 4936 bytes
+SHA1 (xpdf-3.01pl2.patch) = c04ce1cc5ef30aa47ea528124d2ffbd840d22472
+RMD160 (xpdf-3.01pl2.patch) = 5425c78f300b6e6eadf7a68327849c7f91b42b9f
+Size (xpdf-3.01pl2.patch) = 12097 bytes
 SHA1 (patch-aa) = 6664207f59076a2612cf4141b7ab4b072b404e3a
 SHA1 (patch-ab) = fd4205c477ee4ac7660b8c1a707ea7b528ac4f90
 SHA1 (patch-ac) = 6fa74df05e01510c792eb2b20f670e6903f30aa2
@@ -20,8 +20,6 @@
 SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6
 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef
 SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a
-SHA1 (patch-ao) = 9faff0cca36db1a8030e6cc0587e66105c9026b2
-SHA1 (patch-aq) = ab8d29fe9743711fd57fe5b0506c1dc31e65c40e
+SHA1 (patch-ao) = 3bd1be205e87cdbe3f2329e932c540185a7c3d09
 SHA1 (patch-ar) = f3d320991e189a21244acd31ca5cc6cfdb18bd96
-SHA1 (patch-at) = ca00e6cf293e3683bda41d03b6b140175c992884
 SHA1 (patch-au) = af765089ee88369da0afef534f46ec50c5cc6d4f
diff -r 92d681293f18 -r c4596e13cca0 print/xpdf/patches/patch-ao
--- a/print/xpdf/patches/patch-ao       Wed Mar 29 14:13:05 2006 +0000
+++ b/print/xpdf/patches/patch-ao       Wed Mar 29 17:20:09 2006 +0000
@@ -1,56 +1,7 @@
-$NetBSD: patch-ao,v 1.3 2006/01/22 23:13:33 tron Exp $
+$NetBSD: patch-ao,v 1.4 2006/03/29 17:20:09 joerg Exp $
 
 --- xpdf/JBIG2Stream.cc.orig   2005-08-17 06:34:31.000000000 +0100
 +++ xpdf/JBIG2Stream.cc        2006-01-22 22:48:31.000000000 +0000
-@@ -7,6 +7,7 @@
- //========================================================================
- 
- #include <aconf.h>
-+#include <limits.h>
- 
- #ifdef USE_GCC_PRAGMAS
- #pragma implementation
-@@ -681,9 +682,15 @@
-   w = wA;
-   h = hA;
-   line = (wA + 7) >> 3;
--  // need to allocate one extra guard byte for use in combine()
--  data = (Guchar *)gmalloc(h * line + 1);
--  data[h * line] = 0;
-+
-+  if (h < 0 || line <= 0 || h >= INT_MAX / line) {
-+    data = NULL;
-+  }
-+  else {
-+    // need to allocate one extra guard byte for use in combine()
-+    data = (Guchar *)gmalloc(h * line + 1);
-+    data[h * line] = 0;
-+  }
- }
- 
- JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap):
-@@ -692,6 +699,12 @@
-   w = bitmap->w;
-   h = bitmap->h;
-   line = bitmap->line;
-+
-+  if (h < 0 || line <= 0 || h >= INT_MAX / line) {
-+    data = NULL;
-+    return;
-+  }
-+ 
-   // need to allocate one extra guard byte for use in combine()
-   data = (Guchar *)gmalloc(h * line + 1);
-   memcpy(data, bitmap->data, h * line);
-@@ -720,7 +733,7 @@
- }
- 
- void JBIG2Bitmap::expand(int newH, Guint pixel) {
--  if (newH <= h) {
-+  if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
-     return;
-   }
-   // need to allocate one extra guard byte for use in combine()
 @@ -2305,6 +2318,15 @@
      error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
      return;
diff -r 92d681293f18 -r c4596e13cca0 print/xpdf/patches/patch-aq
--- a/print/xpdf/patches/patch-aq       Wed Mar 29 14:13:05 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2006/01/22 23:13:33 tron Exp $
-
---- xpdf/JPXStream.cc.orig     2006-01-22 22:52:51.000000000 +0000
-+++ xpdf/JPXStream.cc  2006-01-22 22:48:31.000000000 +0000
-@@ -7,6 +7,7 @@
- //========================================================================
- 
- #include <aconf.h>
-+#include <limits.h>
- 
- #ifdef USE_GCC_PRAGMAS
- #pragma implementation
-@@ -818,13 +819,15 @@
-                   / img.xTileSize;
-       img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
-                   / img.yTileSize;
--      nTiles = img.nXTiles * img.nYTiles;
-       // check for overflow before allocating memory
--      if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) {
--      error(getPos(), "Bad tile count in JPX SIZ marker segment");
--      return gFalse;
-+      if (img.nXTiles <= 0 || img.nYTiles <= 0 || 
-+              img.nXTiles >= INT_MAX/img.nYTiles) {
-+          error(getPos(), "Bad tile count in JPX SIZ marker segment");
-+          return gFalse;
-       }
-+      nTiles = img.nXTiles * img.nYTiles;
-       img.tiles = (JPXTile *)gmallocn(nTiles, sizeof(JPXTile));
-+
-       for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
-       img.tiles[i].tileComps = (JPXTileComp *)gmallocn(img.nComps,
-                                                        sizeof(JPXTileComp));
diff -r 92d681293f18 -r c4596e13cca0 print/xpdf/patches/patch-at
--- a/print/xpdf/patches/patch-at       Wed Mar 29 14:13:05 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,101 +0,0 @@
-$NetBSD: patch-at,v 1.2 2006/01/22 23:13:33 tron Exp $
-
---- xpdf/Stream.cc.orig        2006-01-22 23:03:34.000000000 +0000
-+++ xpdf/Stream.cc     2006-01-22 23:03:00.000000000 +0000
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <stddef.h>
-+#include <limits.h>
- #ifndef WIN32
- #include <unistd.h>
- #endif
-@@ -401,8 +402,6 @@
- 
- StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
-                                int widthA, int nCompsA, int nBitsA) {
--  int totalBits;
--
-   str = strA;
-   predictor = predictorA;
-   width = widthA;
-@@ -411,15 +410,17 @@
-   predLine = NULL;
-   ok = gFalse;
- 
-+  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-+      nComps >= INT_MAX/nBits ||
-+      width >= INT_MAX/nComps/nBits) {
-+    return;
-+  }
-   nVals = width * nComps;
--  totalBits = nVals * nBits;
--  if (totalBits == 0 ||
--      (totalBits / nBits) / nComps != width ||
--      totalBits + 7 < 0) {
-+  if (nVals * nBits + 7 <= 0) {
-     return;
-   }
-   pixBytes = (nComps * nBits + 7) >> 3;
--  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
-+  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-   if (rowBytes < 0) {
-     return;
-   }
-@@ -1275,7 +1276,7 @@
-   endOfLine = endOfLineA;
-   byteAlign = byteAlignA;
-   columns = columnsA;
--  if (columns < 1) {
-+  if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) {
-     columns = 1;
-   }
-   rows = rowsA;
-@@ -2922,10 +2923,6 @@
-     error(getPos(), "Bad number of components in DCT stream", prec);
-     return gFalse;
-   }
--  if (numComps <= 0 || numComps > 4) {
--    error(getPos(), "Bad number of components in DCT stream", prec);
--    return gFalse;
--  }
-   if (prec != 8) {
-     error(getPos(), "Bad DCT precision %d", prec);
-     return gFalse;
-@@ -2952,6 +2949,10 @@
-   height = read16();
-   width = read16();
-   numComps = str->getChar();
-+  if (numComps <= 0 || numComps > 4) {
-+    error(getPos(), "Bad number of components in DCT stream", prec);
-+    return gFalse;
-+  }
-   if (prec != 8) {
-     error(getPos(), "Bad DCT precision %d", prec);
-     return gFalse;
-@@ -2974,6 +2975,10 @@
- 
-   length = read16() - 2;
-   scanInfo.numComps = str->getChar();
-+  if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
-+    error(getPos(), "Bad number of components in DCT stream");
-+    return gFalse;
-+  }
-   --length;
-   if (length != 2 * scanInfo.numComps + 3) {
-     error(getPos(), "Bad DCT scan info block");
-@@ -3058,12 +3063,12 @@
-   while (length > 0) {
-     index = str->getChar();
-     --length;
--    if ((index & 0x0f) >= 4) {
-+    if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
-       error(getPos(), "Bad DCT Huffman table");
-       return gFalse;
-     }
-     if (index & 0x10) {
--      index &= 0x0f;
-+      index &= 0x03;
-       if (index >= numACHuffTables)
-       numACHuffTables = index+1;
-       tbl = &acHuffTables[index];