summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortez <tez>2010-10-13 21:29:42 +0000
committertez <tez>2010-10-13 21:29:42 +0000
commit3b64e923e2de237859f6e8902dfd4e8a7e089ae1 (patch)
tree070365fb1d9083709b1a5247540a3201effcf655
parent23f5c40d9f1531c0201ebc88ef520dcae44eb04f (diff)
downloadpkgsrc-3b64e923e2de237859f6e8902dfd4e8a7e089ae1.tar.gz
Fixes for CVE-2010-3702 and CVE-2010-3704 from openbsd ports and cross
checked with redhat (bugs 595245 and 638960)
-rw-r--r--print/xpdf/Makefile4
-rw-r--r--print/xpdf/distinfo4
-rw-r--r--print/xpdf/patches/patch-bc23
-rw-r--r--print/xpdf/patches/patch-bd31
4 files changed, 59 insertions, 3 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile
index e61685a91e9..13d14a1919a 100644
--- a/print/xpdf/Makefile
+++ b/print/xpdf/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.72 2010/06/13 08:56:04 spz Exp $
+# $NetBSD: Makefile,v 1.73 2010/10/13 21:29:42 tez Exp $
DISTNAME= xpdf-3.02
PKGNAME= xpdf-3.02pl4
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= print
MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \
${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo
index 2a6b0960e81..7e2778d2ea1 100644
--- a/print/xpdf/distinfo
+++ b/print/xpdf/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.37 2010/06/13 08:56:04 spz Exp $
+$NetBSD: distinfo,v 1.38 2010/10/13 21:29:42 tez Exp $
SHA1 (xpdf-3.02.tar.gz) = f9940698840c8a8045677e8be68ab8580903e20a
RMD160 (xpdf-3.02.tar.gz) = e900cb8670b8c430beaa45895fb474411cb1958d
@@ -33,3 +33,5 @@ SHA1 (patch-ap) = 5961dfe22ac087a7df0311235b4fab27d7554c58
SHA1 (patch-aq) = 1df0efb9fdde90df0597ba2a56c6030e7446e185
SHA1 (patch-ar) = 5e4719a30a0412d9d731dbef8179c38bba67db94
SHA1 (patch-bb) = d38757d5e4a331d49149acfff897cfe7bc0a5e3b
+SHA1 (patch-bc) = 856c7012bf794135aecdb70f726ccec14aa0a7cc
+SHA1 (patch-bd) = 8cd3fabac230fcda0d5db39d4b777802f5a75114
diff --git a/print/xpdf/patches/patch-bc b/print/xpdf/patches/patch-bc
new file mode 100644
index 00000000000..7d629666fed
--- /dev/null
+++ b/print/xpdf/patches/patch-bc
@@ -0,0 +1,23 @@
+$NetbBSD$
+
+Fix for CVE-2010-3702
+from http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/xpdf/patches/patch-xpdf_Gfx_cc.diff?r1=1.3;r2=1.4
+
+--- xpdf/Gfx.cc.orig 2010-10-13 14:50:46.467717900 -0500
++++ xpdf/Gfx.cc 2010-10-13 15:01:30.882241300 -0500
+@@ -443,6 +443,7 @@
+
+ xref = xrefA;
+ subPage = gFalse;
++ parser = NULL;
+ printCommands = globalParams->getPrintCommands();
+
+ // start the resource stack
+@@ -485,6 +486,7 @@
+
+ xref = xrefA;
+ subPage = gTrue;
++ parser = NULL;
+ printCommands = globalParams->getPrintCommands();
+
+ // start the resource stack
diff --git a/print/xpdf/patches/patch-bd b/print/xpdf/patches/patch-bd
new file mode 100644
index 00000000000..73679796842
--- /dev/null
+++ b/print/xpdf/patches/patch-bd
@@ -0,0 +1,31 @@
+$NetBSD: patch-bd,v 1.1 2010/10/13 21:29:43 tez Exp $
+
+Fix for CVE-2010-3704
+from http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/xpdf/patches/patch-fofi_FoFiType1_cc?rev=1.1
+
+--- fofi/FoFiType1.cc.orig 2010-10-13 14:51:21.493696100 -0500
++++ fofi/FoFiType1.cc 2010-10-13 14:58:20.655403000 -0500
+@@ -18,6 +18,14 @@
+ #include "FoFiEncodings.h"
+ #include "FoFiType1.h"
+
++#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
++# define likely(x) __builtin_expect((x), 1)
++# define unlikely(x) __builtin_expect((x), 0)
++#else
++# define likely(x) (x)
++# define unlikely(x) (x)
++#endif
++
+ //------------------------------------------------------------------------
+ // FoFiType1
+ //------------------------------------------------------------------------
+@@ -224,7 +232,7 @@
+ code = code * 8 + (*p2 - '0');
+ }
+ }
+- if (code < 256) {
++ if (likely(code < 256 && code >= 0)) {
+ for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ if (*p == '/') {
+ ++p;