summaryrefslogtreecommitdiff
path: root/print
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2007-08-02 14:54:33 +0000
committerdrochner <drochner@pkgsrc.org>2007-08-02 14:54:33 +0000
commit7f6cde374c5196195a2ec01cbf2d8f3ef78b4b73 (patch)
tree9e6142eb3125a996dd266805496c7fd70f722c84 /print
parent36140be891137a33f94a112b0b9353cfcfa28a3d (diff)
downloadpkgsrc-7f6cde374c5196195a2ec01cbf2d8f3ef78b4b73.tar.gz
add a vendor supplied patch to fix an integer overflow vulnerability
(CVE-2007-3387)
Diffstat (limited to 'print')
-rw-r--r--print/xpdf/Makefile3
-rw-r--r--print/xpdf/distinfo3
-rw-r--r--print/xpdf/patches/patch-ba25
3 files changed, 29 insertions, 2 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile
index 4c396219e05..b92877c6a66 100644
--- a/print/xpdf/Makefile
+++ b/print/xpdf/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.62 2007/04/06 14:29:59 gdt Exp $
+# $NetBSD: Makefile,v 1.63 2007/08/02 14:54:33 drochner Exp $
DISTNAME= xpdf-3.02
+PKGNAME= xpdf-3.02pl1
CATEGORIES= print
MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \
${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo
index 3ec55ac8cc8..e43fc7cdaaf 100644
--- a/print/xpdf/distinfo
+++ b/print/xpdf/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2007/03/13 11:06:04 drochner Exp $
+$NetBSD: distinfo,v 1.30 2007/08/02 14:54:34 drochner Exp $
SHA1 (xpdf-3.02.tar.gz) = f9940698840c8a8045677e8be68ab8580903e20a
RMD160 (xpdf-3.02.tar.gz) = e900cb8670b8c430beaa45895fb474411cb1958d
@@ -18,3 +18,4 @@ SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6
SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef
SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a
SHA1 (patch-ap) = 5961dfe22ac087a7df0311235b4fab27d7554c58
+SHA1 (patch-ba) = 19f20ef58b4caca089302942102e33be307880b2
diff --git a/print/xpdf/patches/patch-ba b/print/xpdf/patches/patch-ba
new file mode 100644
index 00000000000..ae4bf485ca7
--- /dev/null
+++ b/print/xpdf/patches/patch-ba
@@ -0,0 +1,25 @@
+$NetBSD: patch-ba,v 1.1 2007/08/02 14:54:34 drochner Exp $
+
+--- xpdf/Stream.cc.orig 2007-02-27 23:05:52.000000000 +0100
++++ xpdf/Stream.cc
+@@ -410,15 +410,13 @@ StreamPredictor::StreamPredictor(Stream
+ ok = gFalse;
+
+ nVals = width * nComps;
+- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+- nComps >= INT_MAX / nBits ||
+- width >= INT_MAX / nComps / nBits ||
+- nVals * nBits + 7 < 0) {
+- return;
+- }
+ pixBytes = (nComps * nBits + 7) >> 3;
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+- if (rowBytes <= 0) {
++ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++ nComps > gfxColorMaxComps ||
++ nBits > 16 ||
++ width >= INT_MAX / nComps || // check for overflow in nVals
++ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+ return;
+ }
+ predLine = (Guchar *)gmalloc(rowBytes);