security fixes from and for http://secunia.com/advisories/41596/ plus

the necessary backporting to poppler-0.14.2 (and a pkgrev bump): poppler/Form.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=473de6f88a055bb03470b4af5fa584be8cb5fda4 Fix memory leak if obj2 is not a dict poppler/Dict.h poppler/Form.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=d2578bd66129466b2dd114b6407c147598e09d2b Avoid loops in Form::fieldLookup poppler/Stream.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3 Fix memory leak fofi/FoFiType1.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 Fix crash in broken pdf (code < 0) poppler/Decrypt.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=a2dab0238a69240dad08eca2083110b52ce488b7 Initialize properly charactersRead poppler/Gfx.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=2fe825deac055be82b220d0127169cb3d61387a8 Make sure obj1 is a num before reading it poppler/Gfx.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=3422638b2a39cbdd33a114a7d7debc0a5f688501 Fix crash in broken pdf (parser->getStream() is 0) poppler/Gfx.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf Properly initialize parser poppler/Gfx.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=dfdf3602bde47d1be7788a44722c258bfa0c6d6e Give a value to color.c[i] poppler/Function.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f Properly initialize stack poppler/Function.cc http://cgit.freedesktop.org/poppler/poppler/commit/?id=26a5817ffec9f05ac63db6c5cd5b1f0871d271c7 Fix crash when idx is out of range
author: spz <spz> 2010-10-01 21:32:33 +0000
committer: spz <spz> 2010-10-01 21:32:33 +0000
commit: 180466e4e8e4ccc820ae288c762174012546099b (patch)
tree: 0bdd4383f9a6a8d469a84710704e5445e0ba46f1 /print/poppler
parent: 95f4829d2346d5bb0999d6393c65499d1f328cd3 (diff)
download: pkgsrc-180466e4e8e4ccc820ae288c762174012546099b.tar.gz
10 files changed, 488 insertions, 7 deletions
diff --git a/print/poppler/Makefile.common b/print/poppler/Makefile.common
index bc631a3928c..f6a10e79732 100644
--- a/print/poppler/Makefile.common
+++ b/print/poppler/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.38 2010/08/15 11:19:18 drochner Exp $
+# $NetBSD: Makefile.common,v 1.39 2010/10/01 21:32:33 spz Exp $
 #
 # used by print/poppler/Makefile
 # used by print/poppler-glib/Makefile
@@ -9,6 +9,7 @@
 
 POPPLER_VERS=		0.14.2
 DISTNAME=		poppler-${POPPLER_VERS}
+PKGREVISION=            1
 CATEGORIES=		print
 MASTER_SITES=		http://poppler.freedesktop.org/
 
diff --git a/print/poppler/distinfo b/print/poppler/distinfo
index cfdf0039539..d695215510e 100644
--- a/print/poppler/distinfo
+++ b/print/poppler/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.60 2010/08/15 11:19:18 drochner Exp $
+$NetBSD: distinfo,v 1.61 2010/10/01 21:32:34 spz Exp $
 
 SHA1 (poppler-0.14.2.tar.gz) = a93e85c322ce36da4e9b4e9e52c9fd12ea5f4d6f
 RMD160 (poppler-0.14.2.tar.gz) = bdbb901f85edd33ecd3ca1805a0f46c806bdb853
@@ -9,5 +9,12 @@ SHA1 (patch-ac) = c343775da48a1d86dea1451b74355d117e30f6c5
 SHA1 (patch-ag) = 4b914e85bb08ce83305d20de9c0a3e74d3cabdd2
 SHA1 (patch-ai) = a51dba3fb0e7131873ef82ae5e256fb1d17cee53
 SHA1 (patch-ao) = cf7e0f086522147a91f59b1b26ca510d1971ac74
-SHA1 (patch-ap) = fc985510d4ebabe097e55bc4cbb0477267e95a7d
+SHA1 (patch-ap) = db1c9765135865251a7958c3a4b86718b3313fae
 SHA1 (patch-aq) = 01e115ca868e0bbd398bade92485d83edbe98d66
+SHA1 (patch-ba) = 3a6bf7bd31c7e0238edd4d6505943c71d75221e4
+SHA1 (patch-bb) = c57c3b4bcf7a900e57bbf09d0fed28e2ef2dc737
+SHA1 (patch-bc) = 456af841d297ce365878c9756d2c6327f9d7658e
+SHA1 (patch-bd) = 8fd34a0f8c916a2ddd28654a6a6e0fedc35d5359
+SHA1 (patch-be) = e4e9b351c902255f2437c37e1925def750401aa9
+SHA1 (patch-bf) = aedde989871fe452c5538dade6bfa9b4e343da6c
+SHA1 (patch-bg) = b0353bf4bbee7a85f2a81e346119747897c7289f
diff --git a/print/poppler/patches/patch-ap b/print/poppler/patches/patch-ap
index 05b3e5f7a59..d4ad1c89d32 100644
--- a/print/poppler/patches/patch-ap
+++ b/print/poppler/patches/patch-ap
@@ -1,10 +1,69 @@
-$NetBSD: patch-ap,v 1.2 2009/11/20 15:59:59 drochner Exp $
+$NetBSD: patch-ap,v 1.3 2010/10/01 21:32:34 spz Exp $
 
 https://bugs.freedesktop.org/show_bug.cgi?id=25189
+plus security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler/
 
---- poppler/Gfx.cc.orig	2009-10-23 21:44:04.000000000 +0200
+- Make sure obj1 is a num before reading it
+- Fix crash in broken pdf (parser->getStream() is 0)
+- Properly initialize parser
+- Give a value to color.c[i]
+
+--- poppler/Gfx.cc.orig	2010-08-11 19:20:32.000000000 +0000
 +++ poppler/Gfx.cc
-@@ -2367,7 +2367,7 @@ static void bubbleSort(double array[])
+@@ -536,6 +536,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, i
+   drawText = gFalse;
+   maskHaveCSPattern = gFalse;
+   mcStack = NULL;
++  parser = NULL;
+ 
+   // start the resource stack
+   res = new GfxResources(xref, resDict, NULL);
+@@ -590,6 +591,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, D
+   drawText = gFalse;
+   maskHaveCSPattern = gFalse;
+   mcStack = NULL;
++  parser = NULL;
+ 
+   // start the resource stack
+   res = new GfxResources(xref, resDict, NULL);
+@@ -1531,6 +1533,8 @@ void Gfx::opSetFillColorN(Object args[],
+       for (i = 0; i < numArgs - 1 && i < gfxColorMaxComps; ++i) {
+ 	if (args[i].isNum()) {
+ 	  color.c[i] = dblToCol(args[i].getNum());
++        } else {
++          color.c[i] = 0; // TODO Investigate if this is what Adobe does
+ 	}
+       }
+       state->setFillColor(&color);
+@@ -1550,6 +1554,8 @@ void Gfx::opSetFillColorN(Object args[],
+     for (i = 0; i < numArgs && i < gfxColorMaxComps; ++i) {
+       if (args[i].isNum()) {
+ 	color.c[i] = dblToCol(args[i].getNum());
++      } else {
++        color.c[i] = 0; // TODO Investigate if this is what Adobe does
+       }
+     }
+     state->setFillColor(&color);
+@@ -1574,6 +1580,8 @@ void Gfx::opSetStrokeColorN(Object args[
+       for (i = 0; i < numArgs - 1 && i < gfxColorMaxComps; ++i) {
+ 	if (args[i].isNum()) {
+ 	  color.c[i] = dblToCol(args[i].getNum());
++        } else {
++          color.c[i] = 0; // TODO Investigate if this is what Adobe does
+ 	}
+       }
+       state->setStrokeColor(&color);
+@@ -1593,6 +1601,8 @@ void Gfx::opSetStrokeColorN(Object args[
+     for (i = 0; i < numArgs && i < gfxColorMaxComps; ++i) {
+       if (args[i].isNum()) {
+ 	color.c[i] = dblToCol(args[i].getNum());
++      } else {
++        color.c[i] = 0; // TODO Investigate if this is what Adobe does
+       }
+     }
+     state->setStrokeColor(&color);
+@@ -2421,7 +2431,7 @@ static void bubbleSort(double array[])
  void Gfx::doAxialShFill(GfxAxialShading *shading) {
    double xMin, yMin, xMax, yMax;
    double x0, y0, x1, y1;
@@ -13,7 +72,7 @@ https://bugs.freedesktop.org/show_bug.cgi?id=25189
    GBool dxZero, dyZero;
    double bboxIntersections[4];
    double tMin, tMax, tx, ty;
-@@ -2389,16 +2389,18 @@ void Gfx::doAxialShFill(GfxAxialShading 
+@@ -2443,16 +2453,18 @@ void Gfx::doAxialShFill(GfxAxialShading 
    shading->getCoords(&x0, &y0, &x1, &y1);
    dx = x1 - x0;
    dy = y1 - y0;
@@ -41,3 +100,53 @@ https://bugs.freedesktop.org/show_bug.cgi?id=25189
      bubbleSort(bboxIntersections);
      tMin = bboxIntersections[0];
      tMax = bboxIntersections[3];
+@@ -4225,8 +4237,14 @@ void Gfx::doForm(Object *str) {
+   }
+   for (i = 0; i < 4; ++i) {
+     bboxObj.arrayGet(i, &obj1);
+-    bbox[i] = obj1.getNum();
+-    obj1.free();
++    if (likely(obj1.isNum())) {
++      bbox[i] = obj1.getNum();
++      obj1.free();
++    } else {
++      obj1.free();
++      error(getPos(), "Bad form bounding box value");
++      return;
++    }
+   }
+   bboxObj.free();
+ 
+@@ -4449,8 +4467,13 @@ Stream *Gfx::buildImageStream() {
+   obj.free();
+ 
+   // make stream
+-  str = new EmbedStream(parser->getStream(), &dict, gFalse, 0);
+-  str = str->addFilters(&dict);
++  if (parser->getStream()) {
++    str = new EmbedStream(parser->getStream(), &dict, gFalse, 0);
++    str = str->addFilters(&dict);
++  } else {
++    str = NULL;
++    dict.free();
++  }
+ 
+   return str;
+ }
+@@ -4651,8 +4674,14 @@ void Gfx::drawAnnot(Object *str, AnnotBo
+     }
+     for (i = 0; i < 4; ++i) {
+       bboxObj.arrayGet(i, &obj1);
+-      bbox[i] = obj1.getNum();
+-      obj1.free();
++      if (likely(obj1.isNum())) {
++        bbox[i] = obj1.getNum();
++        obj1.free();
++      } else {
++        obj1.free();
++        error(getPos(), "Bad form bounding box value");
++        return;
++      }
+     }
+     bboxObj.free();
+ 
diff --git a/print/poppler/patches/patch-ba b/print/poppler/patches/patch-ba
new file mode 100644
index 00000000000..a3ecb10b00a
--- /dev/null
+++ b/print/poppler/patches/patch-ba
@@ -0,0 +1,82 @@
+$NetBSD: patch-ba,v 1.5 2010/10/01 21:32:34 spz Exp $
+
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+- Fix memory leak if obj2 is not a dict
+- Avoid loops in Form::fieldLookup
+
+--- poppler/Form.cc.orig	2010-06-08 20:06:31.000000000 +0000
++++ poppler/Form.cc
+@@ -22,6 +22,7 @@
+ #pragma implementation
+ #endif
+ 
++#include <set>
+ #include <stddef.h>
+ #include <string.h>
+ #include "goo/gmem.h"
+@@ -715,13 +716,14 @@ FormField::FormField(XRef* xrefA, Object
+     // Load children
+     for(int i=0; i<length; i++) { 
+       Object obj2,obj3;
+-      Object childRef;
+       array->get(i, &obj2);
+-      array->getNF(i, &childRef);
+       if (!obj2.isDict ()) {
+ 	      error (-1, "Reference to an invalid or non existant object");
++	      obj2.free();
+ 	      continue;
+       }
++      Object childRef;
++      array->getNF(i, &childRef);
+       //field child
+       if (dict->lookup ("FT", &obj3)->isName()) {
+         // If I'm not a generic container field and my children
+@@ -1180,7 +1182,7 @@ Form::~Form() {
+ }
+ 
+ // Look up an inheritable field dictionary entry.
+-Object *Form::fieldLookup(Dict *field, char *key, Object *obj) {
++static Object *fieldLookup(Dict *field, char *key, Object *obj, std::set<int> *usedParents) {
+   Dict *dict;
+   Object parent;
+ 
+@@ -1189,8 +1191,23 @@ Object *Form::fieldLookup(Dict *field, c
+     return obj;
+   }
+   obj->free();
+-  if (dict->lookup("Parent", &parent)->isDict()) {
+-    fieldLookup(parent.getDict(), key, obj);
++  dict->lookupNF("Parent", &parent);
++  if (parent.isRef()) {
++    const Ref ref = parent.getRef();
++    if (usedParents->find(ref.num) == usedParents->end()) {
++      usedParents->insert(ref.num);
++
++      Object obj2;
++      parent.fetch(dict->getXRef(), &obj2);
++      if (obj2.isDict()) {
++        fieldLookup(obj2.getDict(), key, obj, usedParents);
++      } else {
++        obj->initNull();
++      }
++      obj2.free();
++   }
++ } else if (parent.isDict()) {
++    fieldLookup(parent.getDict(), key, obj, usedParents);
+   } else {
+     obj->initNull();
+   }
+@@ -1198,6 +1215,11 @@ Object *Form::fieldLookup(Dict *field, c
+   return obj;
+ }
+ 
++Object *Form::fieldLookup(Dict *field, char *key, Object *obj) {
++  std::set<int> usedParents;
++  return ::fieldLookup(field, key, obj, &usedParents);
++}
++
+ FormField *Form::createFieldFromDict (Object* obj, XRef *xrefA, const Ref& pref)
+ {
+     Object obj2;
diff --git a/print/poppler/patches/patch-bb b/print/poppler/patches/patch-bb
new file mode 100644
index 00000000000..6460c238ec7
--- /dev/null
+++ b/print/poppler/patches/patch-bb
@@ -0,0 +1,26 @@
+$NetBSD: patch-bb,v 1.5 2010/10/01 21:32:34 spz Exp $
+
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+- Avoid loops in Form::fieldLookup
+
+--- poppler/Dict.h.orig	2010-10-01 05:53:53.000000000 +0000
++++ poppler/Dict.h
+@@ -16,6 +16,7 @@
+ // Copyright (C) 2005 Kristian Høgsberg <krh@redhat.com>
+ // Copyright (C) 2006 Krzysztof Kowalczyk <kkowalczyk@gmail.com>
+ // Copyright (C) 2007-2008 Julien Rebetez <julienr@svn.gnome.org>
++// Copyright (C) 2010 Albert Astals Cid <aacid@kde.org>
+ //
+ // To see a description of the changes please see the Changelog file that
+ // came with your tarball or type make ChangeLog if you are building from git
+@@ -84,6 +85,8 @@ public:
+   // parsed.
+   void setXRef(XRef *xrefA) { xref = xrefA; }
+ 
++  XRef *getXRef() { return xref; }
++
+ private:
+ 
+   XRef *xref;			// the xref table for this PDF file
diff --git a/print/poppler/patches/patch-bc b/print/poppler/patches/patch-bc
new file mode 100644
index 00000000000..c886ee2d1dc
--- /dev/null
+++ b/print/poppler/patches/patch-bc
@@ -0,0 +1,92 @@
+$NetBSD: patch-bc,v 1.3 2010/10/01 21:32:34 spz Exp $
+
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+- Fix memory leak
+
+--- poppler/Stream.cc.orig	2010-06-08 20:06:31.000000000 +0000
++++ poppler/Stream.cc
+@@ -99,6 +99,10 @@ int Stream::getRawChar() {
+   return EOF;
+ }
+ 
++void Stream::getRawChars(int nChars, int *buffer) {
++  error(-1, "Internal: called getRawChars() on non-predictor stream");
++}
++
+ char *Stream::getLine(char *buf, int size) {
+   int i;
+   int c;
+@@ -571,19 +575,22 @@ GBool StreamPredictor::getNextLine() {
+   }
+ 
+   // read the raw line, apply PNG (byte) predictor
++  int *rawCharLine = new int[rowBytes - pixBytes];
++  str->getRawChars(rowBytes - pixBytes, rawCharLine);
+   memset(upLeftBuf, 0, pixBytes + 1);
+   for (i = pixBytes; i < rowBytes; ++i) {
+     for (j = pixBytes; j > 0; --j) {
+       upLeftBuf[j] = upLeftBuf[j-1];
+     }
+     upLeftBuf[0] = predLine[i];
+-    if ((c = str->getRawChar()) == EOF) {
++    if ((c = rawCharLine[i - pixBytes]) == EOF) {
+       if (i > pixBytes) {
+ 	// this ought to return false, but some (broken) PDF files
+ 	// contain truncated image data, and Adobe apparently reads the
+ 	// last partial line
+ 	break;
+       }
++      delete[] rawCharLine;
+       return gFalse;
+     }
+     switch (curPred) {
+@@ -1237,16 +1244,13 @@ int LZWStream::lookChar() {
+   return seqBuf[seqIndex];
+ }
+ 
++void LZWStream::getRawChars(int nChars, int *buffer) {
++  for (int i = 0; i < nChars; ++i)
++    buffer[i] = doGetRawChar();
++}
++
+ int LZWStream::getRawChar() {
+-  if (eof) {
+-    return EOF;
+-  }
+-  if (seqIndex >= seqLength) {
+-    if (!processNextCode()) {
+-      return EOF;
+-    }
+-  }
+-  return seqBuf[seqIndex++];
++  return doGetRawChar();
+ }
+ 
+ void LZWStream::reset() {
+@@ -4262,18 +4266,13 @@ int FlateStream::lookChar() {
+   return c;
+ }
+ 
+-int FlateStream::getRawChar() {
+-  int c;
++void FlateStream::getRawChars(int nChars, int *buffer) {
++  for (int i = 0; i < nChars; ++i)
++    buffer[i] = doGetRawChar();
++}
+ 
+-  while (remain == 0) {
+-    if (endOfBlock && eof)
+-      return EOF;
+-    readSome();
+-  }
+-  c = buf[index];
+-  index = (index + 1) & flateMask;
+-  --remain;
+-  return c;
++int FlateStream::getRawChar() {
++  return doGetRawChar();
+ }
+ 
+ GooString *FlateStream::getPSFilter(int psLevel, char *indent) {
diff --git a/print/poppler/patches/patch-bd b/print/poppler/patches/patch-bd
new file mode 100644
index 00000000000..996a49ac9b2
--- /dev/null
+++ b/print/poppler/patches/patch-bd
@@ -0,0 +1,48 @@
+$NetBSD: patch-bd,v 1.1 2010/10/01 21:32:34 spz Exp $
+
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+- Fix crash in broken pdf (code < 0)
+
+--- fofi/FoFiType1.cc.orig	2010-06-08 20:06:31.000000000 +0000
++++ fofi/FoFiType1.cc
+@@ -13,7 +13,7 @@
+ // All changes made under the Poppler project to this file are licensed
+ // under GPL version 2 or later
+ //
+-// Copyright (C) 2005, 2008 Albert Astals Cid <aacid@kde.org>
++// Copyright (C) 2005, 2008, 2010 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2005 Kristian Høgsberg <krh@redhat.com>
+ // Copyright (C) 2010 Jakub Wilk <ubanus@users.sf.net>
+ //
+@@ -30,11 +30,20 @@
+ 
+ #include <stdlib.h>
+ #include <string.h>
++
+ #include "goo/gmem.h"
+ #include "FoFiEncodings.h"
+ #include "FoFiType1.h"
+ #include "poppler/Error.h"
+ 
++#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
++# define likely(x)      __builtin_expect((x), 1)
++# define unlikely(x)    __builtin_expect((x), 0)
++#else
++# define likely(x)      (x)
++# define unlikely(x)    (x)
++#endif
++
+ //------------------------------------------------------------------------
+ // FoFiType1
+ //------------------------------------------------------------------------
+@@ -243,7 +252,7 @@ void FoFiType1::parse() {
+ 		code = code * 8 + (*p2 - '0');
+ 	      }
+ 	    }
+-	    if (code < 256) {
++	    if (likely(code < 256 && code >= 0)) {
+ 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ 	      if (*p == '/') {
+ 		++p;
diff --git a/print/poppler/patches/patch-be b/print/poppler/patches/patch-be
new file mode 100644
index 00000000000..e653a99d183
--- /dev/null
+++ b/print/poppler/patches/patch-be
@@ -0,0 +1,18 @@
+$NetBSD: patch-be,v 1.1 2010/10/01 21:32:34 spz Exp $
+
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+- Initialize properly charactersRead
+
+--- poppler/Decrypt.cc.orig	2010-06-08 20:06:31.000000000 +0000
++++ poppler/Decrypt.cc
+@@ -229,6 +229,8 @@ DecryptStream::DecryptStream(Stream *str
+   if ((objKeyLength = keyLength + 5) > 16) {
+     objKeyLength = 16;
+   }
++
++  charactersRead = 0;
+ }
+ 
+ DecryptStream::~DecryptStream() {
diff --git a/print/poppler/patches/patch-bf b/print/poppler/patches/patch-bf
new file mode 100644
index 00000000000..1fb6376d937
--- /dev/null
+++ b/print/poppler/patches/patch-bf
@@ -0,0 +1,31 @@
+$NetBSD: patch-bf,v 1.1 2010/10/01 21:32:34 spz Exp $
+
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+- Properly initialize stack
+- Fix crash when idx is out of range
+
+--- poppler/Function.cc.orig	2010-07-24 12:01:53.000000000 +0000
++++ poppler/Function.cc
+@@ -422,7 +422,11 @@ void SampledFunction::transform(double *
+       for (k = 0, t = j; k < m; ++k, t >>= 1) {
+ 	idx += idxMul[k] * (e[k][t & 1]);
+       }
+-      sBuf[j] = samples[idx];
++      if (likely(idx >= 0 && idx < nSamples)) {
++        sBuf[j] = samples[idx];
++      } else {
++        sBuf[j] = 0;
++      }
+     }
+ 
+     // do m sets of interpolations
+@@ -1108,6 +1112,7 @@ PostScriptFunction::PostScriptFunction(O
+   code = NULL;
+   codeString = NULL;
+   codeSize = 0;
++  stack = NULL;
+   ok = gFalse;
+   cache = new PopplerCache(5);
+ 
diff --git a/print/poppler/patches/patch-bg b/print/poppler/patches/patch-bg
new file mode 100644
index 00000000000..89c991ab464
--- /dev/null
+++ b/print/poppler/patches/patch-bg
@@ -0,0 +1,67 @@
+$NetBSD: patch-bg,v 1.1 2010/10/01 21:32:34 spz Exp $
+
+backport of changes necessary to apply the
+security fixes for http://secunia.com/advisories/41596/
+taken from http://cgit.freedesktop.org/poppler
+
+--- poppler/Stream.h.orig	2010-06-08 20:06:31.000000000 +0000
++++ poppler/Stream.h
+@@ -115,6 +115,7 @@ public:
+   // Get next char from stream without using the predictor.
+   // This is only used by StreamPredictor.
+   virtual int getRawChar();
++  virtual void getRawChars(int nChars, int *buffer);
+ 
+   // Get next char directly from stream source, without filtering it
+   virtual int getUnfilteredChar () = 0;
+@@ -596,11 +597,24 @@ public:
+   virtual int getChar();
+   virtual int lookChar();
+   virtual int getRawChar();
++  virtual void getRawChars(int nChars, int *buffer);
+   virtual GooString *getPSFilter(int psLevel, char *indent);
+   virtual GBool isBinary(GBool last = gTrue);
+ 
+ private:
+ 
++  inline int doGetRawChar() {
++    if (eof) {
++      return EOF;
++    }
++    if (seqIndex >= seqLength) {
++      if (!processNextCode()) {
++        return EOF;
++      }
++    }
++    return seqBuf[seqIndex++];
++  }
++
+   StreamPredictor *pred;	// predictor
+   int early;			// early parameter
+   GBool eof;			// true if at eof
+@@ -855,11 +869,25 @@ public:
+   virtual int getChar();
+   virtual int lookChar();
+   virtual int getRawChar();
++  virtual void getRawChars(int nChars, int *buffer);
+   virtual GooString *getPSFilter(int psLevel, char *indent);
+   virtual GBool isBinary(GBool last = gTrue);
+   virtual void unfilteredReset ();
+ 
+ private:
++  inline int doGetRawChar() {
++    int c;
++
++    while (remain == 0) {
++      if (endOfBlock && eof)
++        return EOF;
++      readSome();
++    }
++    c = buf[index];
++    index = (index + 1) & flateMask;
++    --remain;
++    return c;
++  }
+ 
+   StreamPredictor *pred;	// predictor
+   Guchar buf[flateWindow];	// output data buffer
author	spz <spz>	2010-10-01 21:32:33 +0000
committer	spz <spz>	2010-10-01 21:32:33 +0000
commit	180466e4e8e4ccc820ae288c762174012546099b (patch)
tree	0bdd4383f9a6a8d469a84710704e5445e0ba46f1 /print/poppler
parent	95f4829d2346d5bb0999d6393c65499d1f328cd3 (diff)
download	pkgsrc-180466e4e8e4ccc820ae288c762174012546099b.tar.gz