pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q2]: pkgsrc/print/xpdf Pullup ticket 676 - requested by Lu...
details:   https://anonhg.NetBSD.org/pkgsrc/rev/c92dafded074
branches:  pkgsrc-2005Q2
changeset: 495982:c92dafded074
user:      snj <snj%pkgsrc.org@localhost>
date:      Sat Aug 13 05:27:41 2005 +0000
description:
Pullup ticket 676 - requested by Lubomir Sedlacik
security fix for xpdf
Revisions pulled up:
- pkgsrc/print/xpdf/Makefile            1.38
- pkgsrc/print/xpdf/distinfo            1.20
- pkgsrc/print/xpdf/patches/patch-ar    1.1
- pkgsrc/print/xpdf/patches/patch-as    1.1
   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Fri Aug 12 12:27:30 UTC 2005
   Modified Files:
           pkgsrc/print/xpdf: Makefile distinfo
   Added Files:
           pkgsrc/print/xpdf/patches: patch-ar patch-as
   Log Message:
   Security fix for CAN-2005-2097.
   "A vulnerability has been reported in Xpdf, which can be exploited by
   malicious people to cause a DoS (Denial of Service) on a vulnerable system."
   http://secunia.com/advisories/16374/
   Patches from Ubuntu and RedHat.
diffstat:
 print/xpdf/Makefile         |   3 ++-
 print/xpdf/distinfo         |   4 +++-
 print/xpdf/patches/patch-ar |  34 ++++++++++++++++++++++++++++++++++
 print/xpdf/patches/patch-as |  30 ++++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+), 2 deletions(-)
diffs (100 lines):
diff -r 6e5015f732fb -r c92dafded074 print/xpdf/Makefile
--- a/print/xpdf/Makefile       Fri Aug 12 16:23:41 2005 +0000
+++ b/print/xpdf/Makefile       Sat Aug 13 05:27:41 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.37 2005/06/01 18:03:20 jlam Exp $
+# $NetBSD: Makefile,v 1.37.2.1 2005/08/13 05:27:41 snj Exp $
 
 DISTNAME=      xpdf-3.00
 PKGNAME=       ${DISTNAME}pl3
+PKGREVISION=   1
 CATEGORIES=    print
 MASTER_SITES=  ftp://ftp.foolabs.com/pub/xpdf/ \
                ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/} \
diff -r 6e5015f732fb -r c92dafded074 print/xpdf/distinfo
--- a/print/xpdf/distinfo       Fri Aug 12 16:23:41 2005 +0000
+++ b/print/xpdf/distinfo       Sat Aug 13 05:27:41 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2005/02/24 12:51:45 agc Exp $
+$NetBSD: distinfo,v 1.19.4.1 2005/08/13 05:27:41 snj Exp $
 
 SHA1 (xpdf-3.00.tar.gz) = 080317afce0851274fec2865131f59590b54eb99
 RMD160 (xpdf-3.00.tar.gz) = d98668ac8cd059461107c4dfbd9b3fd3beff6176
@@ -28,3 +28,5 @@
 SHA1 (patch-an) = bf579a07e9b9868ed8d6a6450484c47ce9acaef0
 SHA1 (patch-ao) = fd25cab0255d24c4b55907b031f5f4ec68411576
 SHA1 (patch-ap) = 51d05bb8978003308e14274fc1ada4f1ace6d766
+SHA1 (patch-ar) = bd66ea42d4ba11bdcefcfef2988d37559f21e629
+SHA1 (patch-as) = e76bc488bc533ef3784ed863c2c5d4b0967afc29
diff -r 6e5015f732fb -r c92dafded074 print/xpdf/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/xpdf/patches/patch-ar       Sat Aug 13 05:27:41 2005 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-ar,v 1.1.2.2 2005/08/13 05:27:41 snj Exp $
+
+Fix for CAN-2005-2097, from Ubuntu and RedHat.
+
+--- fofi/FoFiTrueType.cc.orig  2004-01-22 02:26:44.000000000 +0100
++++ fofi/FoFiTrueType.cc       2005-08-12 13:49:51.000000000 +0200
+@@ -1343,6 +1343,27 @@
+     return;
+   }
+ 
++  // make sure the loca table is sane (correct length and entries are
++  // in bounds)
++  i = seekTable("loca");
++  if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
++    parsedOk = gFalse;
++    return;
++  }
++  for (j = 0; j <= nGlyphs; ++j) {
++    if (locaFmt) {
++      pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
++    } else {
++      pos = getU16BE(tables[i].offset + j*2, &parsedOk);
++    }
++    if (pos < 0 || pos > len) {
++      parsedOk = gFalse;
++    }
++  }
++  if (!parsedOk) {
++    return;
++  }
++
+   // read the post table
+   readPostTable();
+   if (!parsedOk) {
diff -r 6e5015f732fb -r c92dafded074 print/xpdf/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/xpdf/patches/patch-as       Sat Aug 13 05:27:41 2005 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-as,v 1.1.2.2 2005/08/13 05:27:41 snj Exp $
+
+Fix for CAN-2005-2097, from Ubuntu and RedHat.
+
+--- xpdf/SplashOutputDev.cc.orig       2004-01-22 02:26:45.000000000 +0100
++++ xpdf/SplashOutputDev.cc    2005-08-12 13:54:26.000000000 +0200
+@@ -621,16 +621,19 @@
+       }
+       break;
+     case fontTrueType:
+-      if (!(ff = FoFiTrueType::load(fileName->getCString()))) {
+-      goto err2;
+-      }
++      if ((ff = FoFiTrueType::load(fileName->getCString()))) {
+       codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
++      n = 256;
+       delete ff;
++      } else {
++      codeToGID = NULL;
++      n = 0;
++      }
+       if (!(fontFile = fontEngine->loadTrueTypeFont(
+                          id,
+                          fileName->getCString(),
+                          fileName == tmpFileName,
+-                         codeToGID, 256))) {
++                         codeToGID, n))) {
+       error(-1, "Couldn't create a font for '%s'",
+             gfxFont->getName() ? gfxFont->getName()->getCString()
+                                : "(unnamed)");
Home |
Main Index |
Thread Index |
Old Index