From a31cd3b54da2c3bacdcf60d6b0bf75f3955ba5cd Mon Sep 17 00:00:00 2001 From: dillo Date: Sun, 18 Dec 2005 20:05:32 +0000 Subject: Fix vulnerability CAN-2005-3191. Patch provided by jlam. Bump PKGREVISION to 2. --- print/xpdf/Makefile | 4 ++-- print/xpdf/distinfo | 3 ++- print/xpdf/patches/patch-at | 28 ++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 print/xpdf/patches/patch-at (limited to 'print/xpdf') diff --git a/print/xpdf/Makefile b/print/xpdf/Makefile index 9c5808c3c4f..1ed7f51d13c 100644 --- a/print/xpdf/Makefile +++ b/print/xpdf/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.44 2005/12/12 21:36:55 joerg Exp $ +# $NetBSD: Makefile,v 1.45 2005/12/18 20:05:32 dillo Exp $ DISTNAME= xpdf-3.01 PKGNAME= ${DISTNAME}pl1 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \ diff --git a/print/xpdf/distinfo b/print/xpdf/distinfo index 6f17d35e2f2..0fb5247c871 100644 --- a/print/xpdf/distinfo +++ b/print/xpdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.22 2005/12/07 09:26:58 uebayasi Exp $ +$NetBSD: distinfo,v 1.23 2005/12/18 20:05:32 dillo Exp $ SHA1 (xpdf-3.01.tar.gz) = 472cbf0f3df4e20a3ab7ada2e704b4e10d1d385b RMD160 (xpdf-3.01.tar.gz) = d734065ce12db8d0c37d9d0ac0ca7c287be59442 @@ -21,3 +21,4 @@ SHA1 (patch-al) = b6e958b0592ac285b3ade90079c83da30db8a8b6 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a SHA1 (patch-ar) = f3d320991e189a21244acd31ca5cc6cfdb18bd96 +SHA1 (patch-at) = 8827e22d0f3e341ed45ad92637b02a3a31f3168d diff --git a/print/xpdf/patches/patch-at b/print/xpdf/patches/patch-at new file mode 100644 index 00000000000..1b020dc6867 --- /dev/null +++ b/print/xpdf/patches/patch-at @@ -0,0 +1,28 @@ +$NetBSD: patch-at,v 1.1 2005/12/18 20:05:32 dillo Exp $ + +--- xpdf/Stream.cc.orig 2005-12-15 22:53:25.000000000 -0500 ++++ xpdf/Stream.cc +@@ -2919,11 +2919,7 @@ GBool DCTStream::readBaselineSOF() { + width = read16(); + numComps = str->getChar(); + if (numComps <= 0 || numComps > 4) { +- error(getPos(), "Bad number of components in DCT stream", prec); +- return gFalse; +- } +- if (numComps <= 0 || numComps > 4) { +- error(getPos(), "Bad number of components in DCT stream", prec); ++ error(getPos(), "Bad number of components %d in DCT stream", numComps); + return gFalse; + } + if (prec != 8) { +@@ -2952,6 +2948,10 @@ GBool DCTStream::readProgressiveSOF() { + height = read16(); + width = read16(); + numComps = str->getChar(); ++ if (numComps <= 0 || numComps > 4) { ++ error(getPos(), "Bad number of components %d in DCT stream", numComps); ++ return gFalse; ++ } + if (prec != 8) { + error(getPos(), "Bad DCT precision %d", prec); + return gFalse; -- cgit v1.2.3