[pkgsrc/trunk]: pkgsrc/print/xpdf add a vendor supplied patch to fix an integ...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/dfb4a7e333ab
branches:  trunk
changeset: 531582:dfb4a7e333ab
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Aug 02 14:54:33 2007 +0000

description:
add a vendor supplied patch to fix an integer overflow vulnerability
(CVE-2007-3387)

diffstat:

 print/xpdf/Makefile         |   3 ++-
 print/xpdf/distinfo         |   3 ++-
 print/xpdf/patches/patch-ba |  25 +++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)

diffs (55 lines):

diff -r 2752b413d8d4 -r dfb4a7e333ab print/xpdf/Makefile
--- a/print/xpdf/Makefile       Thu Aug 02 14:54:25 2007 +0000
+++ b/print/xpdf/Makefile       Thu Aug 02 14:54:33 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.62 2007/04/06 14:29:59 gdt Exp $
+# $NetBSD: Makefile,v 1.63 2007/08/02 14:54:33 drochner Exp $
 
 DISTNAME=      xpdf-3.02
+PKGNAME=       xpdf-3.02pl1
 CATEGORIES=    print
 MASTER_SITES=  ftp://ftp.foolabs.com/pub/xpdf/ \
                ${MASTER_SITE_SUNSITE:=apps/graphics/viewers/X/xpdf/} \
diff -r 2752b413d8d4 -r dfb4a7e333ab print/xpdf/distinfo
--- a/print/xpdf/distinfo       Thu Aug 02 14:54:25 2007 +0000
+++ b/print/xpdf/distinfo       Thu Aug 02 14:54:33 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2007/03/13 11:06:04 drochner Exp $
+$NetBSD: distinfo,v 1.30 2007/08/02 14:54:34 drochner Exp $
 
 SHA1 (xpdf-3.02.tar.gz) = f9940698840c8a8045677e8be68ab8580903e20a
 RMD160 (xpdf-3.02.tar.gz) = e900cb8670b8c430beaa45895fb474411cb1958d
@@ -18,3 +18,4 @@
 SHA1 (patch-am) = 794ff952c749c8dab6f575d55602cdc7e7157fef
 SHA1 (patch-an) = 94ea208c43f4df1ac3a9bf01cc874d488ae49a9a
 SHA1 (patch-ap) = 5961dfe22ac087a7df0311235b4fab27d7554c58
+SHA1 (patch-ba) = 19f20ef58b4caca089302942102e33be307880b2
diff -r 2752b413d8d4 -r dfb4a7e333ab print/xpdf/patches/patch-ba
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/xpdf/patches/patch-ba       Thu Aug 02 14:54:33 2007 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ba,v 1.1 2007/08/02 14:54:34 drochner Exp $
+
+--- xpdf/Stream.cc.orig        2007-02-27 23:05:52.000000000 +0100
++++ xpdf/Stream.cc
+@@ -410,15 +410,13 @@ StreamPredictor::StreamPredictor(Stream 
+   ok = gFalse;
+ 
+   nVals = width * nComps;
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
+-    return;
+-  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+   rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+-  if (rowBytes <= 0) {
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps > gfxColorMaxComps ||
++      nBits > 16 ||
++      width >= INT_MAX / nComps ||      // check for overflow in nVals 
++      nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+     return;
+   }
+   predLine = (Guchar *)gmalloc(rowBytes);