diff options
author | tron <tron@pkgsrc.org> | 2006-01-24 21:51:36 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2006-01-24 21:51:36 +0000 |
commit | cf14634e3103d9f064d431361a52d57b56b61029 (patch) | |
tree | b77fda1844e34028967994b9af71d99afce04704 /print | |
parent | b633f725fa64df2da60fd08bdd104aeac6315e55 (diff) | |
download | pkgsrc-cf14634e3103d9f064d431361a52d57b56b61029.tar.gz |
Incorporate fixes for vulnerabilities reported in SA17916 and SA18329,
bump package revision.
Diffstat (limited to 'print')
-rw-r--r-- | print/teTeX3-bin/Makefile | 4 | ||||
-rw-r--r-- | print/teTeX3-bin/distinfo | 6 | ||||
-rw-r--r-- | print/teTeX3-bin/patches/patch-ag | 38 | ||||
-rw-r--r-- | print/teTeX3-bin/patches/patch-ah | 21 | ||||
-rw-r--r-- | print/teTeX3-bin/patches/patch-ai | 75 | ||||
-rw-r--r-- | print/teTeX3-bin/patches/patch-al | 121 |
6 files changed, 262 insertions, 3 deletions
diff --git a/print/teTeX3-bin/Makefile b/print/teTeX3-bin/Makefile index b82fa5e38d5..1372786a976 100644 --- a/print/teTeX3-bin/Makefile +++ b/print/teTeX3-bin/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.12 2006/01/09 11:59:55 tron Exp $ +# $NetBSD: Makefile,v 1.13 2006/01/24 21:51:36 tron Exp $ DISTNAME= tetex-src-3.0 PKGNAME= ${DISTNAME:C/tetex/teTeX/:C/src/bin/} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_TEX_CTAN:=systems/unix/teTeX/3.0/distrib/} diff --git a/print/teTeX3-bin/distinfo b/print/teTeX3-bin/distinfo index 18594d13346..0cdc9789dbc 100644 --- a/print/teTeX3-bin/distinfo +++ b/print/teTeX3-bin/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2006/01/09 11:59:55 tron Exp $ +$NetBSD: distinfo,v 1.4 2006/01/24 21:51:36 tron Exp $ SHA1 (teTeX/tetex-src-3.0.tar.gz) = 7637789f7f4929694aed1b89820f5bad4753e8fc RMD160 (teTeX/tetex-src-3.0.tar.gz) = 15a139f5f36993e4ed3583260e175cfb13ce7bcc @@ -9,6 +9,10 @@ SHA1 (patch-ac) = af7d8c65cece55b7f37e7cf3c99c85e75cb911a1 SHA1 (patch-ad) = 23d8e8729bc10748cceba5be3272484ab50f34e6 SHA1 (patch-ae) = 68825699db129b82f476c37ba3b6e20a8831ad6e SHA1 (patch-af) = d5fd0e1b30b1ea9fd96fe5983088df5a723f04b7 +SHA1 (patch-ag) = 7cafd77044dabc5a8ac3094fb8685211d81e3262 +SHA1 (patch-ah) = 5f65fab7570c0971f044b50cb996af89c493b98e +SHA1 (patch-ai) = b3def9f08a8684e5ac78434ddc4863146133b236 SHA1 (patch-aj) = e9e62bdb9f956f0f8a9dc4fe9988309b7c6aa767 SHA1 (patch-ak) = ba06c10c1151173e04f3a6cc44d44a89f1933bb8 +SHA1 (patch-al) = e1fc74bd6ea05176dfac4e99958f0e1281b89b3b SHA1 (patch-ap) = 0ca7341b416842fbc00a935d6cfdb0531c4169ba diff --git a/print/teTeX3-bin/patches/patch-ag b/print/teTeX3-bin/patches/patch-ag new file mode 100644 index 00000000000..0f86bcf9092 --- /dev/null +++ b/print/teTeX3-bin/patches/patch-ag @@ -0,0 +1,38 @@ +$NetBSD: patch-ag,v 1.1 2006/01/24 21:51:36 tron Exp $ + +--- libs/xpdf/xpdf/JPXStream.cc.orig 2004-01-22 01:26:45.000000000 +0000 ++++ libs/xpdf/xpdf/JPXStream.cc 2006-01-24 18:32:17.000000000 +0000 +@@ -7,6 +7,7 @@ + //======================================================================== + + #include <aconf.h> ++#include <limits.h> + + #ifdef USE_GCC_PRAGMAS + #pragma implementation +@@ -666,7 +667,7 @@ + int segType; + GBool haveSIZ, haveCOD, haveQCD, haveSOT; + Guint precinctSize, style; +- Guint segLen, capabilities, comp, i, j, r; ++ Guint segLen, capabilities, nTiles, comp, i, j, r; + + //----- main header + haveSIZ = haveCOD = haveQCD = haveSOT = gFalse; +@@ -701,8 +702,14 @@ + / img.xTileSize; + img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1) + / img.yTileSize; +- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles * +- sizeof(JPXTile)); ++ // check for overflow before allocating memory ++ if (img.nXTiles <= 0 || img.nYTiles <= 0 || ++ img.nXTiles >= INT_MAX/img.nYTiles) { ++ error(getPos(), "Bad tile count in JPX SIZ marker segment"); ++ return gFalse; ++ } ++ nTiles = img.nXTiles * img.nYTiles; ++ img.tiles = (JPXTile *)gmalloc(nTiles * sizeof(JPXTile)); + for (i = 0; i < img.nXTiles * img.nYTiles; ++i) { + img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps * + sizeof(JPXTileComp)); diff --git a/print/teTeX3-bin/patches/patch-ah b/print/teTeX3-bin/patches/patch-ah new file mode 100644 index 00000000000..1dc70c0ff48 --- /dev/null +++ b/print/teTeX3-bin/patches/patch-ah @@ -0,0 +1,21 @@ +$NetBSD: patch-ah,v 1.1 2006/01/24 21:51:36 tron Exp $ + +--- libs/xpdf/xpdf/Stream.h.orig 2004-01-22 01:26:45.000000000 +0000 ++++ libs/xpdf/xpdf/Stream.h 2006-01-24 18:44:04.000000000 +0000 +@@ -233,6 +233,8 @@ + + ~StreamPredictor(); + ++ GBool isOk() { return ok; } ++ + int lookChar(); + int getChar(); + +@@ -250,6 +252,7 @@ + int rowBytes; // bytes per line + Guchar *predLine; // line buffer + int predIdx; // current index in predLine ++ GBool ok; + }; + + //------------------------------------------------------------------------ diff --git a/print/teTeX3-bin/patches/patch-ai b/print/teTeX3-bin/patches/patch-ai new file mode 100644 index 00000000000..a4f4e6fd965 --- /dev/null +++ b/print/teTeX3-bin/patches/patch-ai @@ -0,0 +1,75 @@ +$NetBSD: patch-ai,v 1.1 2006/01/24 21:51:36 tron Exp $ + +--- libs/xpdf/xpdf/JBIG2Stream.cc.orig 2004-01-22 01:26:45.000000000 +0000 ++++ libs/xpdf/xpdf/JBIG2Stream.cc 2006-01-24 18:51:43.000000000 +0000 +@@ -7,6 +7,7 @@ + //======================================================================== + + #include <aconf.h> ++#include <limits.h> + + #ifdef USE_GCC_PRAGMAS + #pragma implementation +@@ -681,7 +682,13 @@ + w = wA; + h = hA; + line = (wA + 7) >> 3; +- data = (Guchar *)gmalloc(h * line); ++ ++ if (h < 0 || line <= 0 || h >= INT_MAX / line) { ++ data = NULL; ++ } ++ else { ++ data = (Guchar *)gmalloc(h * line); ++ } + } + + JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap): +@@ -690,6 +697,12 @@ + w = bitmap->w; + h = bitmap->h; + line = bitmap->line; ++ ++ if (h < 0 || line <= 0 || h >= INT_MAX / line) { ++ data = NULL; ++ return; ++ } ++ + data = (Guchar *)gmalloc(h * line); + memcpy(data, bitmap->data, h * line); + } +@@ -716,7 +729,7 @@ + } + + void JBIG2Bitmap::expand(int newH, Guint pixel) { +- if (newH <= h) { ++ if (newH <= h || line <= 0 || newH >= INT_MAX / line) { + return; + } + data = (Guchar *)grealloc(data, newH * line); +@@ -2256,6 +2269,15 @@ + error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); + return; + } ++ if (gridH == 0 || gridW >= INT_MAX / gridH) { ++ error(getPos(), "Bad size in JBIG2 halftone segment"); ++ return; ++ } ++ if (w == 0 || h >= INT_MAX / w) { ++ error(getPos(), "Bad size in JBIG2 bitmap segment"); ++ return; ++ } ++ + patternDict = (JBIG2PatternDict *)seg; + bpp = 0; + i = 1; +@@ -2887,6 +2909,9 @@ + JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2; + int x, y, pix; + ++ if (w < 0 || h <= 0 || w >= INT_MAX / h) ++ return NULL; ++ + bitmap = new JBIG2Bitmap(0, w, h); + bitmap->clearToZero(); + diff --git a/print/teTeX3-bin/patches/patch-al b/print/teTeX3-bin/patches/patch-al new file mode 100644 index 00000000000..700095b579f --- /dev/null +++ b/print/teTeX3-bin/patches/patch-al @@ -0,0 +1,121 @@ +$NetBSD: patch-al,v 1.1 2006/01/24 21:51:36 tron Exp $ + +--- libs/xpdf/xpdf/Stream.cc.orig 2004-01-22 01:26:45.000000000 +0000 ++++ libs/xpdf/xpdf/Stream.cc 2006-01-24 21:37:45.000000000 +0000 +@@ -15,6 +15,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <stddef.h> ++#include <limits.h> + #ifndef WIN32 + #include <unistd.h> + #endif +@@ -412,13 +413,28 @@ + width = widthA; + nComps = nCompsA; + nBits = nBitsA; ++ predLine = NULL; ++ ok = gFalse; + ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps >= INT_MAX/nBits || ++ width >= INT_MAX/nComps/nBits) { ++ return; ++ } + nVals = width * nComps; ++ if (nVals * nBits + 7 <= 0) { ++ return; ++ } + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; ++ if (rowBytes < 0) { ++ return; ++ } + predLine = (Guchar *)gmalloc(rowBytes); + memset(predLine, 0, rowBytes); + predIdx = rowBytes; ++ ++ ok = gTrue; + } + + StreamPredictor::~StreamPredictor() { +@@ -1012,6 +1028,10 @@ + FilterStream(strA) { + if (predictor != 1) { + pred = new StreamPredictor(this, predictor, columns, colors, bits); ++ if (!pred->isOk()) { ++ delete pred; ++ pred = NULL; ++ } + } else { + pred = NULL; + } +@@ -1260,6 +1280,9 @@ + endOfLine = endOfLineA; + byteAlign = byteAlignA; + columns = columnsA; ++ if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) { ++ columns = 1; ++ } + rows = rowsA; + endOfBlock = endOfBlockA; + black = blackA; +@@ -2897,6 +2920,10 @@ + height = read16(); + width = read16(); + numComps = str->getChar(); ++ if (numComps <= 0 || numComps > 4) { ++ error(getPos(), "Bad number of components in DCT stream", prec); ++ return gFalse; ++ } + if (prec != 8) { + error(getPos(), "Bad DCT precision %d", prec); + return gFalse; +@@ -2923,6 +2950,10 @@ + height = read16(); + width = read16(); + numComps = str->getChar(); ++ if (numComps <= 0 || numComps > 4) { ++ error(getPos(), "Bad number of components in DCT stream", prec); ++ return gFalse; ++ } + if (prec != 8) { + error(getPos(), "Bad DCT precision %d", prec); + return gFalse; +@@ -2945,6 +2976,10 @@ + + length = read16() - 2; + scanInfo.numComps = str->getChar(); ++ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) { ++ error(getPos(), "Bad number of components in DCT stream"); ++ return gFalse; ++ } + --length; + if (length != 2 * scanInfo.numComps + 3) { + error(getPos(), "Bad DCT scan info block"); +@@ -3019,12 +3054,12 @@ + while (length > 0) { + index = str->getChar(); + --length; +- if ((index & 0x0f) >= 4) { ++ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) { + error(getPos(), "Bad DCT Huffman table"); + return gFalse; + } + if (index & 0x10) { +- index &= 0x0f; ++ index &= 0x03; + if (index >= numACHuffTables) + numACHuffTables = index+1; + tbl = &acHuffTables[index]; +@@ -3255,6 +3290,10 @@ + FilterStream(strA) { + if (predictor != 1) { + pred = new StreamPredictor(this, predictor, columns, colors, bits); ++ if (!pred->isOk()) { ++ delete pred; ++ pred = NULL; ++ } + } else { + pred = NULL; + } |