summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoerg <joerg@pkgsrc.org>2006-03-29 17:20:09 +0000
committerjoerg <joerg@pkgsrc.org>2006-03-29 17:20:09 +0000
commit9ad2ba16ecb24eaae98469df122869adb31c45ff (patch)
treeefd8186b8884b095cae9102ddf4228ceb58cad63
parent19b807398eaa1e3352c1639644f19eb983b472c6 (diff)
downloadpkgsrc-9ad2ba16ecb24eaae98469df122869adb31c45ff.tar.gz
Update xpdf to 3.01 patch level 2. The patch level addresses a number of
vulnerabilities reported and adds at least some constraint checks not done before.
-rw-r--r--print/xpdf/Makefile7
-rw-r--r--print/xpdf/distinfo12
-rw-r--r--print/xpdf/patches/patch-ao51
-rw-r--r--print/xpdf/patches/patch-aq32
-rw-r--r--print/xpdf/patches/patch-at101
5 files changed, 9 insertions, 194 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile
index 606136bafc2..0912d76d563 100644
--- a/print/xpdf/Makefile
+++ b/print/xpdf/Makefile
@@ -1,15 +1,14 @@
-# $NetBSD: Makefile,v 1.54 2006/03/04 21:30:32 jlam Exp $
+# $NetBSD: Makefile,v 1.55 2006/03/29 17:20:09 joerg Exp $
DISTNAME= xpdf-3.01
-PKGNAME= ${DISTNAME}pl1
-PKGREVISION= 5
+PKGNAME= ${DISTNAME}pl2
CATEGORIES= print
MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \
${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
http://gd.tuwien.ac.at/publishing/xpdf/
PATCH_SITES= ${MASTER_SITES}
-PATCHFILES= xpdf-3.01pl1.patch
+PATCHFILES= xpdf-3.01pl2.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= pkgsrc-users@NetBSD.org
diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo
index 9592ca11cff..b4de9253806 100644
--- a/print/xpdf/distinfo
+++ b/print/xpdf/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.25 2006/01/22 23:13:33 tron Exp $
+$NetBSD: distinfo,v 1.26 2006/03/29 17:20:09 joerg Exp $
SHA1 (xpdf-3.01.tar.gz) = 472cbf0f3df4e20a3ab7ada2e704b4e10d1d385b
RMD160 (xpdf-3.01.tar.gz) = d734065ce12db8d0c37d9d0ac0ca7c287be59442
Size (xpdf-3.01.tar.gz) = 599778 bytes
-SHA1 (xpdf-3.01pl1.patch) = b8906e23b8de6c49f9e50aedaa160f17ea040f08
-RMD160 (xpdf-3.01pl1.patch) = 123403a98df5d8191ac1f7b3780fb6c6e0bf344f
-Size (xpdf-3.01pl1.patch) = 4936 bytes
+SHA1 (xpdf-3.01pl2.patch) = c04ce1cc5ef30aa47ea528124d2ffbd840d22472
+RMD160 (xpdf-3.01pl2.patch) = 5425c78f300b6e6eadf7a68327849c7f91b42b9f
+Size (xpdf-3.01pl2.patch) = 12097 bytes
SHA1 (patch-aa) = 6664207f59076a2612cf4141b7ab4b072b404e3a
SHA1 (patch-ab) = fd4205c477ee4ac7660b8c1a707ea7b528ac4f90
SHA1 (patch-ac) = 6fa74df05e01510c792eb2b20f670e6903f30aa2
@@ -20,8 +20,6 @@ SHA1 (patch-ak) = ed9506fd0cba7e350608cd40b1f794253f30e917
SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6
SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef
SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a
-SHA1 (patch-ao) = 9faff0cca36db1a8030e6cc0587e66105c9026b2
-SHA1 (patch-aq) = ab8d29fe9743711fd57fe5b0506c1dc31e65c40e
+SHA1 (patch-ao) = 3bd1be205e87cdbe3f2329e932c540185a7c3d09
SHA1 (patch-ar) = f3d320991e189a21244acd31ca5cc6cfdb18bd96
-SHA1 (patch-at) = ca00e6cf293e3683bda41d03b6b140175c992884
SHA1 (patch-au) = af765089ee88369da0afef534f46ec50c5cc6d4f
diff --git a/print/xpdf/patches/patch-ao b/print/xpdf/patches/patch-ao
index 52c236062ab..7db03857de9 100644
--- a/print/xpdf/patches/patch-ao
+++ b/print/xpdf/patches/patch-ao
@@ -1,56 +1,7 @@
-$NetBSD: patch-ao,v 1.3 2006/01/22 23:13:33 tron Exp $
+$NetBSD: patch-ao,v 1.4 2006/03/29 17:20:09 joerg Exp $
--- xpdf/JBIG2Stream.cc.orig 2005-08-17 06:34:31.000000000 +0100
+++ xpdf/JBIG2Stream.cc 2006-01-22 22:48:31.000000000 +0000
-@@ -7,6 +7,7 @@
- //========================================================================
-
- #include <aconf.h>
-+#include <limits.h>
-
- #ifdef USE_GCC_PRAGMAS
- #pragma implementation
-@@ -681,9 +682,15 @@
- w = wA;
- h = hA;
- line = (wA + 7) >> 3;
-- // need to allocate one extra guard byte for use in combine()
-- data = (Guchar *)gmalloc(h * line + 1);
-- data[h * line] = 0;
-+
-+ if (h < 0 || line <= 0 || h >= INT_MAX / line) {
-+ data = NULL;
-+ }
-+ else {
-+ // need to allocate one extra guard byte for use in combine()
-+ data = (Guchar *)gmalloc(h * line + 1);
-+ data[h * line] = 0;
-+ }
- }
-
- JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap):
-@@ -692,6 +699,12 @@
- w = bitmap->w;
- h = bitmap->h;
- line = bitmap->line;
-+
-+ if (h < 0 || line <= 0 || h >= INT_MAX / line) {
-+ data = NULL;
-+ return;
-+ }
-+
- // need to allocate one extra guard byte for use in combine()
- data = (Guchar *)gmalloc(h * line + 1);
- memcpy(data, bitmap->data, h * line);
-@@ -720,7 +733,7 @@
- }
-
- void JBIG2Bitmap::expand(int newH, Guint pixel) {
-- if (newH <= h) {
-+ if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
- return;
- }
- // need to allocate one extra guard byte for use in combine()
@@ -2305,6 +2318,15 @@
error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
return;
diff --git a/print/xpdf/patches/patch-aq b/print/xpdf/patches/patch-aq
deleted file mode 100644
index 26fca77eb60..00000000000
--- a/print/xpdf/patches/patch-aq
+++ /dev/null
@@ -1,32 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2006/01/22 23:13:33 tron Exp $
-
---- xpdf/JPXStream.cc.orig 2006-01-22 22:52:51.000000000 +0000
-+++ xpdf/JPXStream.cc 2006-01-22 22:48:31.000000000 +0000
-@@ -7,6 +7,7 @@
- //========================================================================
-
- #include <aconf.h>
-+#include <limits.h>
-
- #ifdef USE_GCC_PRAGMAS
- #pragma implementation
-@@ -818,13 +819,15 @@
- / img.xTileSize;
- img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
- / img.yTileSize;
-- nTiles = img.nXTiles * img.nYTiles;
- // check for overflow before allocating memory
-- if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) {
-- error(getPos(), "Bad tile count in JPX SIZ marker segment");
-- return gFalse;
-+ if (img.nXTiles <= 0 || img.nYTiles <= 0 ||
-+ img.nXTiles >= INT_MAX/img.nYTiles) {
-+ error(getPos(), "Bad tile count in JPX SIZ marker segment");
-+ return gFalse;
- }
-+ nTiles = img.nXTiles * img.nYTiles;
- img.tiles = (JPXTile *)gmallocn(nTiles, sizeof(JPXTile));
-+
- for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
- img.tiles[i].tileComps = (JPXTileComp *)gmallocn(img.nComps,
- sizeof(JPXTileComp));
diff --git a/print/xpdf/patches/patch-at b/print/xpdf/patches/patch-at
deleted file mode 100644
index abe8cbdd061..00000000000
--- a/print/xpdf/patches/patch-at
+++ /dev/null
@@ -1,101 +0,0 @@
-$NetBSD: patch-at,v 1.2 2006/01/22 23:13:33 tron Exp $
-
---- xpdf/Stream.cc.orig 2006-01-22 23:03:34.000000000 +0000
-+++ xpdf/Stream.cc 2006-01-22 23:03:00.000000000 +0000
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <stddef.h>
-+#include <limits.h>
- #ifndef WIN32
- #include <unistd.h>
- #endif
-@@ -401,8 +402,6 @@
-
- StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
- int widthA, int nCompsA, int nBitsA) {
-- int totalBits;
--
- str = strA;
- predictor = predictorA;
- width = widthA;
-@@ -411,15 +410,17 @@
- predLine = NULL;
- ok = gFalse;
-
-+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-+ nComps >= INT_MAX/nBits ||
-+ width >= INT_MAX/nComps/nBits) {
-+ return;
-+ }
- nVals = width * nComps;
-- totalBits = nVals * nBits;
-- if (totalBits == 0 ||
-- (totalBits / nBits) / nComps != width ||
-- totalBits + 7 < 0) {
-+ if (nVals * nBits + 7 <= 0) {
- return;
- }
- pixBytes = (nComps * nBits + 7) >> 3;
-- rowBytes = ((totalBits + 7) >> 3) + pixBytes;
-+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
- if (rowBytes < 0) {
- return;
- }
-@@ -1275,7 +1276,7 @@
- endOfLine = endOfLineA;
- byteAlign = byteAlignA;
- columns = columnsA;
-- if (columns < 1) {
-+ if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) {
- columns = 1;
- }
- rows = rowsA;
-@@ -2922,10 +2923,6 @@
- error(getPos(), "Bad number of components in DCT stream", prec);
- return gFalse;
- }
-- if (numComps <= 0 || numComps > 4) {
-- error(getPos(), "Bad number of components in DCT stream", prec);
-- return gFalse;
-- }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-@@ -2952,6 +2949,10 @@
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream", prec);
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-@@ -2974,6 +2975,10 @@
-
- length = read16() - 2;
- scanInfo.numComps = str->getChar();
-+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream");
-+ return gFalse;
-+ }
- --length;
- if (length != 2 * scanInfo.numComps + 3) {
- error(getPos(), "Bad DCT scan info block");
-@@ -3058,12 +3063,12 @@
- while (length > 0) {
- index = str->getChar();
- --length;
-- if ((index & 0x0f) >= 4) {
-+ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
- error(getPos(), "Bad DCT Huffman table");
- return gFalse;
- }
- if (index & 0x10) {
-- index &= 0x0f;
-+ index &= 0x03;
- if (index >= numACHuffTables)
- numACHuffTables = index+1;
- tbl = &acHuffTables[index];