From e27b9bf7946d9a0030788e3d49ee6b28eb60834c Mon Sep 17 00:00:00 2001 From: snj Date: Sat, 13 Aug 2005 05:27:41 +0000 Subject: Pullup ticket 676 - requested by Lubomir Sedlacik security fix for xpdf Revisions pulled up: - pkgsrc/print/xpdf/Makefile 1.38 - pkgsrc/print/xpdf/distinfo 1.20 - pkgsrc/print/xpdf/patches/patch-ar 1.1 - pkgsrc/print/xpdf/patches/patch-as 1.1 Module Name: pkgsrc Committed By: salo Date: Fri Aug 12 12:27:30 UTC 2005 Modified Files: pkgsrc/print/xpdf: Makefile distinfo Added Files: pkgsrc/print/xpdf/patches: patch-ar patch-as Log Message: Security fix for CAN-2005-2097. "A vulnerability has been reported in Xpdf, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system." http://secunia.com/advisories/16374/ Patches from Ubuntu and RedHat. --- print/xpdf/Makefile | 3 ++- print/xpdf/distinfo | 4 +++- print/xpdf/patches/patch-ar | 34 ++++++++++++++++++++++++++++++++++ print/xpdf/patches/patch-as | 30 ++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 print/xpdf/patches/patch-ar create mode 100644 print/xpdf/patches/patch-as diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile index 48478c2c780..68c65bc5a2e 100644 --- a/print/xpdf/Makefile +++ b/print/xpdf/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.37 2005/06/01 18:03:20 jlam Exp $ +# $NetBSD: Makefile,v 1.37.2.1 2005/08/13 05:27:41 snj Exp $ DISTNAME= xpdf-3.00 PKGNAME= ${DISTNAME}pl3 +PKGREVISION= 1 CATEGORIES= print MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/} \ diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo index 4cc4e012d0f..ba7f8aa9a27 100644 --- a/print/xpdf/distinfo +++ b/print/xpdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2005/02/24 12:51:45 agc Exp $ +$NetBSD: distinfo,v 1.19.4.1 2005/08/13 05:27:41 snj Exp $ SHA1 (xpdf-3.00.tar.gz) = 080317afce0851274fec2865131f59590b54eb99 RMD160 (xpdf-3.00.tar.gz) = d98668ac8cd059461107c4dfbd9b3fd3beff6176 @@ -28,3 +28,5 @@ SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef SHA1 (patch-an) = bf579a07e9b9868ed8d6a6450484c47ce9acaef0 SHA1 (patch-ao) = fd25cab0255d24c4b55907b031f5f4ec68411576 SHA1 (patch-ap) = 51d05bb8978003308e14274fc1ada4f1ace6d766 +SHA1 (patch-ar) = bd66ea42d4ba11bdcefcfef2988d37559f21e629 +SHA1 (patch-as) = e76bc488bc533ef3784ed863c2c5d4b0967afc29 diff --git a/print/xpdf/patches/patch-ar b/print/xpdf/patches/patch-ar new file mode 100644 index 00000000000..21c40bf83d9 --- /dev/null +++ b/print/xpdf/patches/patch-ar @@ -0,0 +1,34 @@ +$NetBSD: patch-ar,v 1.1.2.2 2005/08/13 05:27:41 snj Exp $ + +Fix for CAN-2005-2097, from Ubuntu and RedHat. + +--- fofi/FoFiTrueType.cc.orig 2004-01-22 02:26:44.000000000 +0100 ++++ fofi/FoFiTrueType.cc 2005-08-12 13:49:51.000000000 +0200 +@@ -1343,6 +1343,27 @@ + return; + } + ++ // make sure the loca table is sane (correct length and entries are ++ // in bounds) ++ i = seekTable("loca"); ++ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) { ++ parsedOk = gFalse; ++ return; ++ } ++ for (j = 0; j <= nGlyphs; ++j) { ++ if (locaFmt) { ++ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk); ++ } else { ++ pos = getU16BE(tables[i].offset + j*2, &parsedOk); ++ } ++ if (pos < 0 || pos > len) { ++ parsedOk = gFalse; ++ } ++ } ++ if (!parsedOk) { ++ return; ++ } ++ + // read the post table + readPostTable(); + if (!parsedOk) { diff --git a/print/xpdf/patches/patch-as b/print/xpdf/patches/patch-as new file mode 100644 index 00000000000..395db4394aa --- /dev/null +++ b/print/xpdf/patches/patch-as @@ -0,0 +1,30 @@ +$NetBSD: patch-as,v 1.1.2.2 2005/08/13 05:27:41 snj Exp $ + +Fix for CAN-2005-2097, from Ubuntu and RedHat. + +--- xpdf/SplashOutputDev.cc.orig 2004-01-22 02:26:45.000000000 +0100 ++++ xpdf/SplashOutputDev.cc 2005-08-12 13:54:26.000000000 +0200 +@@ -621,16 +621,19 @@ + } + break; + case fontTrueType: +- if (!(ff = FoFiTrueType::load(fileName->getCString()))) { +- goto err2; +- } ++ if ((ff = FoFiTrueType::load(fileName->getCString()))) { + codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); ++ n = 256; + delete ff; ++ } else { ++ codeToGID = NULL; ++ n = 0; ++ } + if (!(fontFile = fontEngine->loadTrueTypeFont( + id, + fileName->getCString(), + fileName == tmpFileName, +- codeToGID, 256))) { ++ codeToGID, n))) { + error(-1, "Couldn't create a font for '%s'", + gfxFont->getName() ? gfxFont->getName()->getCString() + : "(unnamed)"); -- cgit v1.2.3