diff options
author | salo <salo@pkgsrc.org> | 2005-08-12 12:27:30 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2005-08-12 12:27:30 +0000 |
commit | ec0630dd505d9531b02ec2637edbfff55b919362 (patch) | |
tree | 42153f5163a7b28926a288c0c89c1bf9c2dcf249 /print/xpdf | |
parent | 512941eabffb0610452c68d96f6e8aab5d4a2f74 (diff) | |
download | pkgsrc-ec0630dd505d9531b02ec2637edbfff55b919362.tar.gz |
Security fix for CAN-2005-2097.
"A vulnerability has been reported in Xpdf, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable system."
http://secunia.com/advisories/16374/
Patches from Ubuntu and RedHat.
Diffstat (limited to 'print/xpdf')
-rw-r--r-- | print/xpdf/Makefile | 3 | ||||
-rw-r--r-- | print/xpdf/distinfo | 4 | ||||
-rw-r--r-- | print/xpdf/patches/patch-ar | 34 | ||||
-rw-r--r-- | print/xpdf/patches/patch-as | 30 |
4 files changed, 69 insertions, 2 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile index 48478c2c780..fad07ae350e 100644 --- a/print/xpdf/Makefile +++ b/print/xpdf/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.37 2005/06/01 18:03:20 jlam Exp $ +# $NetBSD: Makefile,v 1.38 2005/08/12 12:27:30 salo Exp $ DISTNAME= xpdf-3.00 PKGNAME= ${DISTNAME}pl3 +PKGREVISION= 1 CATEGORIES= print MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/} \ diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo index 4cc4e012d0f..ca60534d91e 100644 --- a/print/xpdf/distinfo +++ b/print/xpdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2005/02/24 12:51:45 agc Exp $ +$NetBSD: distinfo,v 1.20 2005/08/12 12:27:30 salo Exp $ SHA1 (xpdf-3.00.tar.gz) = 080317afce0851274fec2865131f59590b54eb99 RMD160 (xpdf-3.00.tar.gz) = d98668ac8cd059461107c4dfbd9b3fd3beff6176 @@ -28,3 +28,5 @@ SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef SHA1 (patch-an) = bf579a07e9b9868ed8d6a6450484c47ce9acaef0 SHA1 (patch-ao) = fd25cab0255d24c4b55907b031f5f4ec68411576 SHA1 (patch-ap) = 51d05bb8978003308e14274fc1ada4f1ace6d766 +SHA1 (patch-ar) = bd66ea42d4ba11bdcefcfef2988d37559f21e629 +SHA1 (patch-as) = e76bc488bc533ef3784ed863c2c5d4b0967afc29 diff --git a/print/xpdf/patches/patch-ar b/print/xpdf/patches/patch-ar new file mode 100644 index 00000000000..f5cdc2ae497 --- /dev/null +++ b/print/xpdf/patches/patch-ar @@ -0,0 +1,34 @@ +$NetBSD: patch-ar,v 1.1 2005/08/12 12:27:30 salo Exp $ + +Fix for CAN-2005-2097, from Ubuntu and RedHat. + +--- fofi/FoFiTrueType.cc.orig 2004-01-22 02:26:44.000000000 +0100 ++++ fofi/FoFiTrueType.cc 2005-08-12 13:49:51.000000000 +0200 +@@ -1343,6 +1343,27 @@ + return; + } + ++ // make sure the loca table is sane (correct length and entries are ++ // in bounds) ++ i = seekTable("loca"); ++ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) { ++ parsedOk = gFalse; ++ return; ++ } ++ for (j = 0; j <= nGlyphs; ++j) { ++ if (locaFmt) { ++ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk); ++ } else { ++ pos = getU16BE(tables[i].offset + j*2, &parsedOk); ++ } ++ if (pos < 0 || pos > len) { ++ parsedOk = gFalse; ++ } ++ } ++ if (!parsedOk) { ++ return; ++ } ++ + // read the post table + readPostTable(); + if (!parsedOk) { diff --git a/print/xpdf/patches/patch-as b/print/xpdf/patches/patch-as new file mode 100644 index 00000000000..49803fadd3c --- /dev/null +++ b/print/xpdf/patches/patch-as @@ -0,0 +1,30 @@ +$NetBSD: patch-as,v 1.1 2005/08/12 12:27:30 salo Exp $ + +Fix for CAN-2005-2097, from Ubuntu and RedHat. + +--- xpdf/SplashOutputDev.cc.orig 2004-01-22 02:26:45.000000000 +0100 ++++ xpdf/SplashOutputDev.cc 2005-08-12 13:54:26.000000000 +0200 +@@ -621,16 +621,19 @@ + } + break; + case fontTrueType: +- if (!(ff = FoFiTrueType::load(fileName->getCString()))) { +- goto err2; +- } ++ if ((ff = FoFiTrueType::load(fileName->getCString()))) { + codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); ++ n = 256; + delete ff; ++ } else { ++ codeToGID = NULL; ++ n = 0; ++ } + if (!(fontFile = fontEngine->loadTrueTypeFont( + id, + fileName->getCString(), + fileName == tmpFileName, +- codeToGID, 256))) { ++ codeToGID, n))) { + error(-1, "Couldn't create a font for '%s'", + gfxFont->getName() ? gfxFont->getName()->getCString() + : "(unnamed)"); |