diff options
author | joerg <joerg@pkgsrc.org> | 2006-03-29 17:20:09 +0000 |
---|---|---|
committer | joerg <joerg@pkgsrc.org> | 2006-03-29 17:20:09 +0000 |
commit | 9ad2ba16ecb24eaae98469df122869adb31c45ff (patch) | |
tree | efd8186b8884b095cae9102ddf4228ceb58cad63 | |
parent | 19b807398eaa1e3352c1639644f19eb983b472c6 (diff) | |
download | pkgsrc-9ad2ba16ecb24eaae98469df122869adb31c45ff.tar.gz |
Update xpdf to 3.01 patch level 2. The patch level addresses a number of
vulnerabilities reported and adds at least some constraint checks not
done before.
-rw-r--r-- | print/xpdf/Makefile | 7 | ||||
-rw-r--r-- | print/xpdf/distinfo | 12 | ||||
-rw-r--r-- | print/xpdf/patches/patch-ao | 51 | ||||
-rw-r--r-- | print/xpdf/patches/patch-aq | 32 | ||||
-rw-r--r-- | print/xpdf/patches/patch-at | 101 |
5 files changed, 9 insertions, 194 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile index 606136bafc2..0912d76d563 100644 --- a/print/xpdf/Makefile +++ b/print/xpdf/Makefile @@ -1,15 +1,14 @@ -# $NetBSD: Makefile,v 1.54 2006/03/04 21:30:32 jlam Exp $ +# $NetBSD: Makefile,v 1.55 2006/03/29 17:20:09 joerg Exp $ DISTNAME= xpdf-3.01 -PKGNAME= ${DISTNAME}pl1 -PKGREVISION= 5 +PKGNAME= ${DISTNAME}pl2 CATEGORIES= print MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \ http://gd.tuwien.ac.at/publishing/xpdf/ PATCH_SITES= ${MASTER_SITES} -PATCHFILES= xpdf-3.01pl1.patch +PATCHFILES= xpdf-3.01pl2.patch PATCH_DIST_STRIP= -p1 MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo index 9592ca11cff..b4de9253806 100644 --- a/print/xpdf/distinfo +++ b/print/xpdf/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.25 2006/01/22 23:13:33 tron Exp $ +$NetBSD: distinfo,v 1.26 2006/03/29 17:20:09 joerg Exp $ SHA1 (xpdf-3.01.tar.gz) = 472cbf0f3df4e20a3ab7ada2e704b4e10d1d385b RMD160 (xpdf-3.01.tar.gz) = d734065ce12db8d0c37d9d0ac0ca7c287be59442 Size (xpdf-3.01.tar.gz) = 599778 bytes -SHA1 (xpdf-3.01pl1.patch) = b8906e23b8de6c49f9e50aedaa160f17ea040f08 -RMD160 (xpdf-3.01pl1.patch) = 123403a98df5d8191ac1f7b3780fb6c6e0bf344f -Size (xpdf-3.01pl1.patch) = 4936 bytes +SHA1 (xpdf-3.01pl2.patch) = c04ce1cc5ef30aa47ea528124d2ffbd840d22472 +RMD160 (xpdf-3.01pl2.patch) = 5425c78f300b6e6eadf7a68327849c7f91b42b9f +Size (xpdf-3.01pl2.patch) = 12097 bytes SHA1 (patch-aa) = 6664207f59076a2612cf4141b7ab4b072b404e3a SHA1 (patch-ab) = fd4205c477ee4ac7660b8c1a707ea7b528ac4f90 SHA1 (patch-ac) = 6fa74df05e01510c792eb2b20f670e6903f30aa2 @@ -20,8 +20,6 @@ SHA1 (patch-ak) = ed9506fd0cba7e350608cd40b1f794253f30e917 SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a -SHA1 (patch-ao) = 9faff0cca36db1a8030e6cc0587e66105c9026b2 -SHA1 (patch-aq) = ab8d29fe9743711fd57fe5b0506c1dc31e65c40e +SHA1 (patch-ao) = 3bd1be205e87cdbe3f2329e932c540185a7c3d09 SHA1 (patch-ar) = f3d320991e189a21244acd31ca5cc6cfdb18bd96 -SHA1 (patch-at) = ca00e6cf293e3683bda41d03b6b140175c992884 SHA1 (patch-au) = af765089ee88369da0afef534f46ec50c5cc6d4f diff --git a/print/xpdf/patches/patch-ao b/print/xpdf/patches/patch-ao index 52c236062ab..7db03857de9 100644 --- a/print/xpdf/patches/patch-ao +++ b/print/xpdf/patches/patch-ao @@ -1,56 +1,7 @@ -$NetBSD: patch-ao,v 1.3 2006/01/22 23:13:33 tron Exp $ +$NetBSD: patch-ao,v 1.4 2006/03/29 17:20:09 joerg Exp $ --- xpdf/JBIG2Stream.cc.orig 2005-08-17 06:34:31.000000000 +0100 +++ xpdf/JBIG2Stream.cc 2006-01-22 22:48:31.000000000 +0000 -@@ -7,6 +7,7 @@ - //======================================================================== - - #include <aconf.h> -+#include <limits.h> - - #ifdef USE_GCC_PRAGMAS - #pragma implementation -@@ -681,9 +682,15 @@ - w = wA; - h = hA; - line = (wA + 7) >> 3; -- // need to allocate one extra guard byte for use in combine() -- data = (Guchar *)gmalloc(h * line + 1); -- data[h * line] = 0; -+ -+ if (h < 0 || line <= 0 || h >= INT_MAX / line) { -+ data = NULL; -+ } -+ else { -+ // need to allocate one extra guard byte for use in combine() -+ data = (Guchar *)gmalloc(h * line + 1); -+ data[h * line] = 0; -+ } - } - - JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap): -@@ -692,6 +699,12 @@ - w = bitmap->w; - h = bitmap->h; - line = bitmap->line; -+ -+ if (h < 0 || line <= 0 || h >= INT_MAX / line) { -+ data = NULL; -+ return; -+ } -+ - // need to allocate one extra guard byte for use in combine() - data = (Guchar *)gmalloc(h * line + 1); - memcpy(data, bitmap->data, h * line); -@@ -720,7 +733,7 @@ - } - - void JBIG2Bitmap::expand(int newH, Guint pixel) { -- if (newH <= h) { -+ if (newH <= h || line <= 0 || newH >= INT_MAX / line) { - return; - } - // need to allocate one extra guard byte for use in combine() @@ -2305,6 +2318,15 @@ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); return; diff --git a/print/xpdf/patches/patch-aq b/print/xpdf/patches/patch-aq deleted file mode 100644 index 26fca77eb60..00000000000 --- a/print/xpdf/patches/patch-aq +++ /dev/null @@ -1,32 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2006/01/22 23:13:33 tron Exp $ - ---- xpdf/JPXStream.cc.orig 2006-01-22 22:52:51.000000000 +0000 -+++ xpdf/JPXStream.cc 2006-01-22 22:48:31.000000000 +0000 -@@ -7,6 +7,7 @@ - //======================================================================== - - #include <aconf.h> -+#include <limits.h> - - #ifdef USE_GCC_PRAGMAS - #pragma implementation -@@ -818,13 +819,15 @@ - / img.xTileSize; - img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1) - / img.yTileSize; -- nTiles = img.nXTiles * img.nYTiles; - // check for overflow before allocating memory -- if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) { -- error(getPos(), "Bad tile count in JPX SIZ marker segment"); -- return gFalse; -+ if (img.nXTiles <= 0 || img.nYTiles <= 0 || -+ img.nXTiles >= INT_MAX/img.nYTiles) { -+ error(getPos(), "Bad tile count in JPX SIZ marker segment"); -+ return gFalse; - } -+ nTiles = img.nXTiles * img.nYTiles; - img.tiles = (JPXTile *)gmallocn(nTiles, sizeof(JPXTile)); -+ - for (i = 0; i < img.nXTiles * img.nYTiles; ++i) { - img.tiles[i].tileComps = (JPXTileComp *)gmallocn(img.nComps, - sizeof(JPXTileComp)); diff --git a/print/xpdf/patches/patch-at b/print/xpdf/patches/patch-at deleted file mode 100644 index abe8cbdd061..00000000000 --- a/print/xpdf/patches/patch-at +++ /dev/null @@ -1,101 +0,0 @@ -$NetBSD: patch-at,v 1.2 2006/01/22 23:13:33 tron Exp $ - ---- xpdf/Stream.cc.orig 2006-01-22 23:03:34.000000000 +0000 -+++ xpdf/Stream.cc 2006-01-22 23:03:00.000000000 +0000 -@@ -15,6 +15,7 @@ - #include <stdio.h> - #include <stdlib.h> - #include <stddef.h> -+#include <limits.h> - #ifndef WIN32 - #include <unistd.h> - #endif -@@ -401,8 +402,6 @@ - - StreamPredictor::StreamPredictor(Stream *strA, int predictorA, - int widthA, int nCompsA, int nBitsA) { -- int totalBits; -- - str = strA; - predictor = predictorA; - width = widthA; -@@ -411,15 +410,17 @@ - predLine = NULL; - ok = gFalse; - -+ if (width <= 0 || nComps <= 0 || nBits <= 0 || -+ nComps >= INT_MAX/nBits || -+ width >= INT_MAX/nComps/nBits) { -+ return; -+ } - nVals = width * nComps; -- totalBits = nVals * nBits; -- if (totalBits == 0 || -- (totalBits / nBits) / nComps != width || -- totalBits + 7 < 0) { -+ if (nVals * nBits + 7 <= 0) { - return; - } - pixBytes = (nComps * nBits + 7) >> 3; -- rowBytes = ((totalBits + 7) >> 3) + pixBytes; -+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; - if (rowBytes < 0) { - return; - } -@@ -1275,7 +1276,7 @@ - endOfLine = endOfLineA; - byteAlign = byteAlignA; - columns = columnsA; -- if (columns < 1) { -+ if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) { - columns = 1; - } - rows = rowsA; -@@ -2922,10 +2923,6 @@ - error(getPos(), "Bad number of components in DCT stream", prec); - return gFalse; - } -- if (numComps <= 0 || numComps > 4) { -- error(getPos(), "Bad number of components in DCT stream", prec); -- return gFalse; -- } - if (prec != 8) { - error(getPos(), "Bad DCT precision %d", prec); - return gFalse; -@@ -2952,6 +2949,10 @@ - height = read16(); - width = read16(); - numComps = str->getChar(); -+ if (numComps <= 0 || numComps > 4) { -+ error(getPos(), "Bad number of components in DCT stream", prec); -+ return gFalse; -+ } - if (prec != 8) { - error(getPos(), "Bad DCT precision %d", prec); - return gFalse; -@@ -2974,6 +2975,10 @@ - - length = read16() - 2; - scanInfo.numComps = str->getChar(); -+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) { -+ error(getPos(), "Bad number of components in DCT stream"); -+ return gFalse; -+ } - --length; - if (length != 2 * scanInfo.numComps + 3) { - error(getPos(), "Bad DCT scan info block"); -@@ -3058,12 +3063,12 @@ - while (length > 0) { - index = str->getChar(); - --length; -- if ((index & 0x0f) >= 4) { -+ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) { - error(getPos(), "Bad DCT Huffman table"); - return gFalse; - } - if (index & 0x10) { -- index &= 0x0f; -+ index &= 0x03; - if (index >= numACHuffTables) - numACHuffTables = index+1; - tbl = &acHuffTables[index]; |