diff options
author | drochner <drochner@pkgsrc.org> | 2007-08-02 14:54:33 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2007-08-02 14:54:33 +0000 |
commit | 7f6cde374c5196195a2ec01cbf2d8f3ef78b4b73 (patch) | |
tree | 9e6142eb3125a996dd266805496c7fd70f722c84 /print | |
parent | 36140be891137a33f94a112b0b9353cfcfa28a3d (diff) | |
download | pkgsrc-7f6cde374c5196195a2ec01cbf2d8f3ef78b4b73.tar.gz |
add a vendor supplied patch to fix an integer overflow vulnerability
(CVE-2007-3387)
Diffstat (limited to 'print')
-rw-r--r-- | print/xpdf/Makefile | 3 | ||||
-rw-r--r-- | print/xpdf/distinfo | 3 | ||||
-rw-r--r-- | print/xpdf/patches/patch-ba | 25 |
3 files changed, 29 insertions, 2 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile index 4c396219e05..b92877c6a66 100644 --- a/print/xpdf/Makefile +++ b/print/xpdf/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.62 2007/04/06 14:29:59 gdt Exp $ +# $NetBSD: Makefile,v 1.63 2007/08/02 14:54:33 drochner Exp $ DISTNAME= xpdf-3.02 +PKGNAME= xpdf-3.02pl1 CATEGORIES= print MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \ diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo index 3ec55ac8cc8..e43fc7cdaaf 100644 --- a/print/xpdf/distinfo +++ b/print/xpdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.29 2007/03/13 11:06:04 drochner Exp $ +$NetBSD: distinfo,v 1.30 2007/08/02 14:54:34 drochner Exp $ SHA1 (xpdf-3.02.tar.gz) = f9940698840c8a8045677e8be68ab8580903e20a RMD160 (xpdf-3.02.tar.gz) = e900cb8670b8c430beaa45895fb474411cb1958d @@ -18,3 +18,4 @@ SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a SHA1 (patch-ap) = 5961dfe22ac087a7df0311235b4fab27d7554c58 +SHA1 (patch-ba) = 19f20ef58b4caca089302942102e33be307880b2 diff --git a/print/xpdf/patches/patch-ba b/print/xpdf/patches/patch-ba new file mode 100644 index 00000000000..ae4bf485ca7 --- /dev/null +++ b/print/xpdf/patches/patch-ba @@ -0,0 +1,25 @@ +$NetBSD: patch-ba,v 1.1 2007/08/02 14:54:34 drochner Exp $ + +--- xpdf/Stream.cc.orig 2007-02-27 23:05:52.000000000 +0100 ++++ xpdf/Stream.cc +@@ -410,15 +410,13 @@ StreamPredictor::StreamPredictor(Stream + ok = gFalse; + + nVals = width * nComps; +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits || +- nVals * nBits + 7 < 0) { +- return; +- } + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; +- if (rowBytes <= 0) { ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps > gfxColorMaxComps || ++ nBits > 16 || ++ width >= INT_MAX / nComps || // check for overflow in nVals ++ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes + return; + } + predLine = (Guchar *)gmalloc(rowBytes); |