[pkgsrc/pkgsrc-2008Q1]: pkgsrc/print/xpdf Pullup ticket 2347 - requested by t...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/print/xpdf Pullup ticket 2347 - requested by t...
From: spz <spz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:56:34 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/a1d37028be10
branches:  pkgsrc-2008Q1
changeset: 540276:a1d37028be10
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun Apr 20 19:00:06 2008 +0000

description:
Pullup ticket 2347 - requested by tonnerre
security update for xpdf

Revisions pulled up:
- pkgsrc/print/xpdf/Makefile          1.65
- pkgsrc/print/xpdf/distinfo          1.33
- pkgsrc/print/xpdf/patches/patch-aq  1.3
- pkgsrc/print/xpdf/patches/patch-ar  1.4

   Module Name: pkgsrc
   Committed By:        tonnerre
   Date:                Sun Apr 20 15:48:12 UTC 2008

   Modified Files:
        pkgsrc/print/xpdf: Makefile distinfo
   Added Files:
        pkgsrc/print/xpdf/patches: patch-aq patch-ar

   Log Message:
   Fix embedded font handling (CVE-2008-1693). While at it, add a patch
   from upstream CVS which fixes display of 16-bit colors. Update from
   print/poppler.
   Approved-by: joerg

diffstat:

 print/xpdf/Makefile         |    3 +-
 print/xpdf/distinfo         |    4 +-
 print/xpdf/patches/patch-aq |  134 ++++++++++++++++++++++++++++++++++++++++++++
 print/xpdf/patches/patch-ar |   17 +++++
 4 files changed, 156 insertions(+), 2 deletions(-)

diffs (188 lines):

diff -r 104b1f785498 -r a1d37028be10 print/xpdf/Makefile
--- a/print/xpdf/Makefile       Sun Apr 20 15:57:22 2008 +0000
+++ b/print/xpdf/Makefile       Sun Apr 20 19:00:06 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.64 2008/03/29 03:00:57 obache Exp $
+# $NetBSD: Makefile,v 1.64.2.1 2008/04/20 19:00:06 spz Exp $
 
 DISTNAME=      xpdf-3.02
 PKGNAME=       xpdf-3.02pl2
+PKGREVISION=   1
 CATEGORIES=    print
 MASTER_SITES=  ftp://ftp.foolabs.com/pub/xpdf/ \
                ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
diff -r 104b1f785498 -r a1d37028be10 print/xpdf/distinfo
--- a/print/xpdf/distinfo       Sun Apr 20 15:57:22 2008 +0000
+++ b/print/xpdf/distinfo       Sun Apr 20 19:00:06 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2008/03/29 03:00:57 obache Exp $
+$NetBSD: distinfo,v 1.32.2.1 2008/04/20 19:00:06 spz Exp $
 
 SHA1 (xpdf-3.02.tar.gz) = f9940698840c8a8045677e8be68ab8580903e20a
 RMD160 (xpdf-3.02.tar.gz) = e900cb8670b8c430beaa45895fb474411cb1958d
@@ -24,4 +24,6 @@
 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef
 SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a
 SHA1 (patch-ap) = 5961dfe22ac087a7df0311235b4fab27d7554c58
+SHA1 (patch-aq) = 1df0efb9fdde90df0597ba2a56c6030e7446e185
+SHA1 (patch-ar) = 5e4719a30a0412d9d731dbef8179c38bba67db94
 SHA1 (patch-bb) = d38757d5e4a331d49149acfff897cfe7bc0a5e3b
diff -r 104b1f785498 -r a1d37028be10 print/xpdf/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/xpdf/patches/patch-aq       Sun Apr 20 19:00:06 2008 +0000
@@ -0,0 +1,134 @@
+$NetBSD: patch-aq,v 1.2.18.1 2008/04/20 19:00:06 spz Exp $
+
+Fix arbitrary code execution with embedded fonts (CVE-2008-1693).
+
+--- xpdf/Object.h.orig 2007-02-27 22:05:52.000000000 +0000
++++ xpdf/Object.h
+@@ -68,17 +68,18 @@ enum ObjType {
+ //------------------------------------------------------------------------
+ 
+ #ifdef DEBUG_MEM
+-#define initObj(t) ++numAlloc[type = t]
++#define initObj(t) zeroUnion(); ++numAlloc[type = t]
+ #else
+-#define initObj(t) type = t
++#define initObj(t) zeroUnion(); type = t
+ #endif
+ 
+ class Object {
+ public:
+-
++  // attempt to clear the anonymous union
++  void zeroUnion() { this->name = NULL; }
+   // Default constructor.
+   Object():
+-    type(objNone) {}
++    type(objNone) { zeroUnion(); }
+ 
+   // Initialize an object.
+   Object *initBool(GBool boolnA)
+@@ -220,16 +221,16 @@ private:
+ #include "Array.h"
+ 
+ inline int Object::arrayGetLength()
+-  { return array->getLength(); }
++  { if (type != objArray) return 0; return array->getLength(); }
+ 
+ inline void Object::arrayAdd(Object *elem)
+-  { array->add(elem); }
++  { if (type == objArray) array->add(elem); }
+ 
+ inline Object *Object::arrayGet(int i, Object *obj)
+-  { return array->get(i, obj); }
++  { if (type != objArray) return obj->initNull(); return array->get(i, obj); }
+ 
+ inline Object *Object::arrayGetNF(int i, Object *obj)
+-  { return array->getNF(i, obj); }
++  { if (type != objArray) return obj->initNull(); return array->getNF(i, obj); }
+ 
+ //------------------------------------------------------------------------
+ // Dict accessors.
+@@ -238,31 +239,31 @@ inline Object *Object::arrayGetNF(int i,
+ #include "Dict.h"
+ 
+ inline int Object::dictGetLength()
+-  { return dict->getLength(); }
++  { if (type != objDict) return 0; return dict->getLength(); }
+ 
+ inline void Object::dictAdd(char *key, Object *val)
+-  { dict->add(key, val); }
++  { if (type == objDict) dict->add(key, val); }
+ 
+ inline GBool Object::dictIs(char *dictType)
+-  { return dict->is(dictType); }
++  { return (type == objDict) && dict->is(dictType); }
+ 
+ inline GBool Object::isDict(char *dictType)
+   { return type == objDict && dictIs(dictType); }
+ 
+ inline Object *Object::dictLookup(char *key, Object *obj)
+-  { return dict->lookup(key, obj); }
++  { if (type != objDict) return obj->initNull(); return dict->lookup(key, obj); }
+ 
+ inline Object *Object::dictLookupNF(char *key, Object *obj)
+-  { return dict->lookupNF(key, obj); }
++  { if (type != objDict) return obj->initNull(); return dict->lookupNF(key, obj); }
+ 
+ inline char *Object::dictGetKey(int i)
+-  { return dict->getKey(i); }
++  { if (type != objDict) return NULL; return dict->getKey(i); }
+ 
+ inline Object *Object::dictGetVal(int i, Object *obj)
+-  { return dict->getVal(i, obj); }
++  { if (type != objDict) return obj->initNull(); return dict->getVal(i, obj); }
+ 
+ inline Object *Object::dictGetValNF(int i, Object *obj)
+-  { return dict->getValNF(i, obj); }
++  { if (type != objDict) return obj->initNull(); return dict->getValNF(i, obj); }
+ 
+ //------------------------------------------------------------------------
+ // Stream accessors.
+@@ -271,33 +272,33 @@ inline Object *Object::dictGetValNF(int 
+ #include "Stream.h"
+ 
+ inline GBool Object::streamIs(char *dictType)
+-  { return stream->getDict()->is(dictType); }
++  { return (type == objStream) && stream->getDict()->is(dictType); }
+ 
+ inline GBool Object::isStream(char *dictType)
+-  { return type == objStream && streamIs(dictType); }
++  { return (type == objStream) && streamIs(dictType); }
+ 
+ inline void Object::streamReset()
+-  { stream->reset(); }
++  { if (type == objStream) stream->reset(); }
+ 
+ inline void Object::streamClose()
+-  { stream->close(); }
++  { if (type == objStream) stream->close(); }
+ 
+ inline int Object::streamGetChar()
+-  { return stream->getChar(); }
++  { if (type != objStream) return EOF; return stream->getChar(); }
+ 
+ inline int Object::streamLookChar()
+-  { return stream->lookChar(); }
++  { if (type != objStream) return EOF; return stream->lookChar(); }
+ 
+ inline char *Object::streamGetLine(char *buf, int size)
+-  { return stream->getLine(buf, size); }
++  { if (type != objStream) return NULL; return stream->getLine(buf, size); }
+ 
+ inline Guint Object::streamGetPos()
+-  { return stream->getPos(); }
++  { if (type != objStream) return 0; return stream->getPos(); }
+ 
+ inline void Object::streamSetPos(Guint pos, int dir)
+-  { stream->setPos(pos, dir); }
++  { if (type == objStream) stream->setPos(pos, dir); }
+ 
+ inline Dict *Object::streamGetDict()
+-  { return stream->getDict(); }
++  { if (type != objStream) return NULL; return stream->getDict(); }
+ 
+ #endif
diff -r 104b1f785498 -r a1d37028be10 print/xpdf/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/xpdf/patches/patch-ar       Sun Apr 20 19:00:06 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ar,v 1.3.10.1 2008/04/20 19:00:06 spz Exp $
+
+--- xpdf/GfxState.cc.orig      2008-02-09 12:46:17.000000000 +0100
++++ xpdf/GfxState.cc
+@@ -3349,6 +3349,12 @@ GfxImageColorMap::GfxImageColorMap(int b
+   maxPixel = (1 << bits) - 1;
+   colorSpace = colorSpaceA;
+ 
++  // this is a hack to support 16 bits images, everywhere
++  // we assume a component fits in 8 bits, with this hack
++  // we treat 16 bit images as 8 bit ones until it's fixed correctly.
++  // The hack has another part on ImageStream::getLine
++  if (maxPixel > 255) maxPixel = 255;
++
+   // initialize
+   for (k = 0; k < gfxColorMaxComps; ++k) {
+     lookup[k] = NULL;
Prev by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/doc ticket #2343
Next by Date: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/devel/cgdb pullup ticket #2349 - requested is,...
Previous by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/doc ticket #2343
Next by Thread: [pkgsrc/pkgsrc-2008Q1]: pkgsrc/devel/cgdb pullup ticket #2349 - requested is,...
Indexes:
Home | Main Index | Thread Index | Old Index