diff options
-rw-r--r-- | print/xpdf/Makefile | 3 | ||||
-rw-r--r-- | print/xpdf/distinfo | 4 | ||||
-rw-r--r-- | print/xpdf/patches/patch-aq | 134 | ||||
-rw-r--r-- | print/xpdf/patches/patch-ar | 17 |
4 files changed, 156 insertions, 2 deletions
diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile index 0b58bdeb3d7..f302c3fc8f5 100644 --- a/print/xpdf/Makefile +++ b/print/xpdf/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.64 2008/03/29 03:00:57 obache Exp $ +# $NetBSD: Makefile,v 1.65 2008/04/20 15:48:12 tonnerre Exp $ DISTNAME= xpdf-3.02 PKGNAME= xpdf-3.02pl2 +PKGREVISION= 1 CATEGORIES= print MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \ diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo index 6b95df36ced..9cfd0188af2 100644 --- a/print/xpdf/distinfo +++ b/print/xpdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.32 2008/03/29 03:00:57 obache Exp $ +$NetBSD: distinfo,v 1.33 2008/04/20 15:48:12 tonnerre Exp $ SHA1 (xpdf-3.02.tar.gz) = f9940698840c8a8045677e8be68ab8580903e20a RMD160 (xpdf-3.02.tar.gz) = e900cb8670b8c430beaa45895fb474411cb1958d @@ -24,4 +24,6 @@ SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a SHA1 (patch-ap) = 5961dfe22ac087a7df0311235b4fab27d7554c58 +SHA1 (patch-aq) = 1df0efb9fdde90df0597ba2a56c6030e7446e185 +SHA1 (patch-ar) = 5e4719a30a0412d9d731dbef8179c38bba67db94 SHA1 (patch-bb) = d38757d5e4a331d49149acfff897cfe7bc0a5e3b diff --git a/print/xpdf/patches/patch-aq b/print/xpdf/patches/patch-aq new file mode 100644 index 00000000000..de4d9da1570 --- /dev/null +++ b/print/xpdf/patches/patch-aq @@ -0,0 +1,134 @@ +$NetBSD: patch-aq,v 1.3 2008/04/20 15:48:12 tonnerre Exp $ + +Fix arbitrary code execution with embedded fonts (CVE-2008-1693). + +--- xpdf/Object.h.orig 2007-02-27 22:05:52.000000000 +0000 ++++ xpdf/Object.h +@@ -68,17 +68,18 @@ enum ObjType { + //------------------------------------------------------------------------ + + #ifdef DEBUG_MEM +-#define initObj(t) ++numAlloc[type = t] ++#define initObj(t) zeroUnion(); ++numAlloc[type = t] + #else +-#define initObj(t) type = t ++#define initObj(t) zeroUnion(); type = t + #endif + + class Object { + public: +- ++ // attempt to clear the anonymous union ++ void zeroUnion() { this->name = NULL; } + // Default constructor. + Object(): +- type(objNone) {} ++ type(objNone) { zeroUnion(); } + + // Initialize an object. + Object *initBool(GBool boolnA) +@@ -220,16 +221,16 @@ private: + #include "Array.h" + + inline int Object::arrayGetLength() +- { return array->getLength(); } ++ { if (type != objArray) return 0; return array->getLength(); } + + inline void Object::arrayAdd(Object *elem) +- { array->add(elem); } ++ { if (type == objArray) array->add(elem); } + + inline Object *Object::arrayGet(int i, Object *obj) +- { return array->get(i, obj); } ++ { if (type != objArray) return obj->initNull(); return array->get(i, obj); } + + inline Object *Object::arrayGetNF(int i, Object *obj) +- { return array->getNF(i, obj); } ++ { if (type != objArray) return obj->initNull(); return array->getNF(i, obj); } + + //------------------------------------------------------------------------ + // Dict accessors. +@@ -238,31 +239,31 @@ inline Object *Object::arrayGetNF(int i, + #include "Dict.h" + + inline int Object::dictGetLength() +- { return dict->getLength(); } ++ { if (type != objDict) return 0; return dict->getLength(); } + + inline void Object::dictAdd(char *key, Object *val) +- { dict->add(key, val); } ++ { if (type == objDict) dict->add(key, val); } + + inline GBool Object::dictIs(char *dictType) +- { return dict->is(dictType); } ++ { return (type == objDict) && dict->is(dictType); } + + inline GBool Object::isDict(char *dictType) + { return type == objDict && dictIs(dictType); } + + inline Object *Object::dictLookup(char *key, Object *obj) +- { return dict->lookup(key, obj); } ++ { if (type != objDict) return obj->initNull(); return dict->lookup(key, obj); } + + inline Object *Object::dictLookupNF(char *key, Object *obj) +- { return dict->lookupNF(key, obj); } ++ { if (type != objDict) return obj->initNull(); return dict->lookupNF(key, obj); } + + inline char *Object::dictGetKey(int i) +- { return dict->getKey(i); } ++ { if (type != objDict) return NULL; return dict->getKey(i); } + + inline Object *Object::dictGetVal(int i, Object *obj) +- { return dict->getVal(i, obj); } ++ { if (type != objDict) return obj->initNull(); return dict->getVal(i, obj); } + + inline Object *Object::dictGetValNF(int i, Object *obj) +- { return dict->getValNF(i, obj); } ++ { if (type != objDict) return obj->initNull(); return dict->getValNF(i, obj); } + + //------------------------------------------------------------------------ + // Stream accessors. +@@ -271,33 +272,33 @@ inline Object *Object::dictGetValNF(int + #include "Stream.h" + + inline GBool Object::streamIs(char *dictType) +- { return stream->getDict()->is(dictType); } ++ { return (type == objStream) && stream->getDict()->is(dictType); } + + inline GBool Object::isStream(char *dictType) +- { return type == objStream && streamIs(dictType); } ++ { return (type == objStream) && streamIs(dictType); } + + inline void Object::streamReset() +- { stream->reset(); } ++ { if (type == objStream) stream->reset(); } + + inline void Object::streamClose() +- { stream->close(); } ++ { if (type == objStream) stream->close(); } + + inline int Object::streamGetChar() +- { return stream->getChar(); } ++ { if (type != objStream) return EOF; return stream->getChar(); } + + inline int Object::streamLookChar() +- { return stream->lookChar(); } ++ { if (type != objStream) return EOF; return stream->lookChar(); } + + inline char *Object::streamGetLine(char *buf, int size) +- { return stream->getLine(buf, size); } ++ { if (type != objStream) return NULL; return stream->getLine(buf, size); } + + inline Guint Object::streamGetPos() +- { return stream->getPos(); } ++ { if (type != objStream) return 0; return stream->getPos(); } + + inline void Object::streamSetPos(Guint pos, int dir) +- { stream->setPos(pos, dir); } ++ { if (type == objStream) stream->setPos(pos, dir); } + + inline Dict *Object::streamGetDict() +- { return stream->getDict(); } ++ { if (type != objStream) return NULL; return stream->getDict(); } + + #endif diff --git a/print/xpdf/patches/patch-ar b/print/xpdf/patches/patch-ar new file mode 100644 index 00000000000..48dff81936e --- /dev/null +++ b/print/xpdf/patches/patch-ar @@ -0,0 +1,17 @@ +$NetBSD: patch-ar,v 1.4 2008/04/20 15:48:12 tonnerre Exp $ + +--- xpdf/GfxState.cc.orig 2008-02-09 12:46:17.000000000 +0100 ++++ xpdf/GfxState.cc +@@ -3349,6 +3349,12 @@ GfxImageColorMap::GfxImageColorMap(int b + maxPixel = (1 << bits) - 1; + colorSpace = colorSpaceA; + ++ // this is a hack to support 16 bits images, everywhere ++ // we assume a component fits in 8 bits, with this hack ++ // we treat 16 bit images as 8 bit ones until it's fixed correctly. ++ // The hack has another part on ImageStream::getLine ++ if (maxPixel > 255) maxPixel = 255; ++ + // initialize + for (k = 0; k < gfxColorMaxComps; ++k) { + lookup[k] = NULL; |