diff options
| author | Marcus Alves Grando <mnag@FreeBSD.org> | 2006-03-27 22:16:34 +0000 |
|---|---|---|
| committer | Marcus Alves Grando <mnag@FreeBSD.org> | 2006-03-27 22:16:34 +0000 |
| commit | bd1ba7c0856ab65f3f5525393c7719f2260c29ab (patch) | |
| tree | f0e06dad26363d1d1c6fe50be2913d7a91fbb5d0 /textproc/pdftohtml | |
| parent | 9e5bc725e7e7aa00713924579b83ba3eafa48295 (diff) | |
| download | ports-bd1ba7c0856ab65f3f5525393c7719f2260c29ab.tar.gz ports-bd1ba7c0856ab65f3f5525393c7719f2260c29ab.zip | |
- Add patches for security issues
- Bump PORTREVISION
- portlint(1)
Approved by: maintainer timeout (2 days, security)
Obtained from: gentoo
Security: CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627,
http://secunia.com/advisories/18303/
Notes
Notes:
svn path=/head/; revision=158284
Diffstat (limited to 'textproc/pdftohtml')
| -rw-r--r-- | textproc/pdftohtml/Makefile | 13 | ||||
| -rw-r--r-- | textproc/pdftohtml/files/patch-SA17897 | 93 | ||||
| -rw-r--r-- | textproc/pdftohtml/files/patch-SA18303 | 253 |
3 files changed, 259 insertions, 100 deletions
diff --git a/textproc/pdftohtml/Makefile b/textproc/pdftohtml/Makefile index 10a33aca1771..00934f00b8df 100644 --- a/textproc/pdftohtml/Makefile +++ b/textproc/pdftohtml/Makefile @@ -8,7 +8,7 @@ PORTNAME= pdftohtml PORTVERSION= 0.36 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= textproc MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -22,11 +22,11 @@ GSPORT?= print/ghostscript-afpl GSPORT?= print/ghostscript-gnu .endif -RUN_DEPENDS= ${LOCALBASE}/bin/gs:${PORTSDIR}/${GSPORT} +RUN_DEPENDS+= ${LOCALBASE}/bin/gs:${PORTSDIR}/${GSPORT} PLIST_FILES= bin/pdftohtml + WRKSRC= ${WRKDIR}/${DISTNAME} -USE_REINPLACE= yes pre-fetch: .if !defined(WITH_GHOSTSCRIPT_AFPL) || ${WITH_GHOSTSCRIPT_AFPL} != yes @@ -37,11 +37,10 @@ pre-fetch: .endif pre-patch: -.for file in goo/Makefile xpdf/Makefile - ${REINPLACE_CMD} -e "s|-O2||; s|-g||" ${WRKSRC}/${file} -.endfor + @${FIND} ${WRKSRC} -name Makefile | ${XARGS} \ + ${REINPLACE_CMD} -e "s|-O[0-9]||" -e "s|-g||" do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/pdftohtml ${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/pdftohtml ${PREFIX}/bin .include <bsd.port.mk> diff --git a/textproc/pdftohtml/files/patch-SA17897 b/textproc/pdftohtml/files/patch-SA17897 deleted file mode 100644 index 97cf8894bf2d..000000000000 --- a/textproc/pdftohtml/files/patch-SA17897 +++ /dev/null @@ -1,93 +0,0 @@ ---- xpdf/Stream.cc.orig Mon May 17 16:37:57 2004 -+++ xpdf/Stream.cc Tue Dec 6 18:05:14 2005 -@@ -407,18 +407,33 @@ - - StreamPredictor::StreamPredictor(Stream *strA, int predictorA, - int widthA, int nCompsA, int nBitsA) { -+ int totalBits; -+ - str = strA; - predictor = predictorA; - width = widthA; - nComps = nCompsA; - nBits = nBitsA; -+ predLine = NULL; -+ ok = gFalse; - - nVals = width * nComps; -+ totalBits = nVals * nBits; -+ if (totalBits == 0 || -+ (totalBits / nBits) / nComps != width || -+ totalBits + 7 < 0) { -+ return; -+ } - pixBytes = (nComps * nBits + 7) >> 3; -- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; -+ rowBytes = ((totalBits + 7) >> 3) + pixBytes; -+ if (rowBytes < 0) { -+ return; -+ } - predLine = (Guchar *)gmalloc(rowBytes); - memset(predLine, 0, rowBytes); - predIdx = rowBytes; -+ -+ ok = gTrue; - } - - StreamPredictor::~StreamPredictor() { -@@ -1012,6 +1027,10 @@ - FilterStream(strA) { - if (predictor != 1) { - pred = new StreamPredictor(this, predictor, columns, colors, bits); -+ if (!pred->isOk()) { -+ delete pred; -+ pred = NULL; -+ } - } else { - pred = NULL; - } -@@ -2897,6 +2916,14 @@ - height = read16(); - width = read16(); - numComps = str->getChar(); -+ if (numComps <= 0 || numComps > 4) { -+ error(getPos(), "Bad number of components in DCT stream", prec); -+ return gFalse; -+ } -+ if (numComps <= 0 || numComps > 4) { -+ error(getPos(), "Bad number of components in DCT stream", prec); -+ return gFalse; -+ } - if (prec != 8) { - error(getPos(), "Bad DCT precision %d", prec); - return gFalse; -@@ -3255,6 +3282,10 @@ - FilterStream(strA) { - if (predictor != 1) { - pred = new StreamPredictor(this, predictor, columns, colors, bits); -+ if (!pred->isOk()) { -+ delete pred; -+ pred = NULL; -+ } - } else { - pred = NULL; - } ---- xpdf/Stream.h.orig Mon May 17 16:37:57 2004 -+++ xpdf/Stream.h Tue Dec 6 18:05:14 2005 -@@ -233,6 +233,8 @@ - - ~StreamPredictor(); - -+ GBool isOk() { return ok; } -+ - int lookChar(); - int getChar(); - -@@ -250,6 +252,7 @@ - int rowBytes; // bytes per line - Guchar *predLine; // line buffer - int predIdx; // current index in predLine -+ GBool ok; - }; - - //------------------------------------------------------------------------ diff --git a/textproc/pdftohtml/files/patch-SA18303 b/textproc/pdftohtml/files/patch-SA18303 new file mode 100644 index 000000000000..b8010dab5ef5 --- /dev/null +++ b/textproc/pdftohtml/files/patch-SA18303 @@ -0,0 +1,253 @@ +Index: xpdf/Stream.h +=================================================================== +--- xpdf/Stream.h ++++ xpdf/Stream.h +@@ -233,6 +233,8 @@ public: + + ~StreamPredictor(); + ++ GBool isOk() { return ok; } ++ + int lookChar(); + int getChar(); + +@@ -250,6 +252,7 @@ private: + int rowBytes; // bytes per line + Guchar *predLine; // line buffer + int predIdx; // current index in predLine ++ GBool ok; + }; + + //------------------------------------------------------------------------ +Index: xpdf/Stream.cc +=================================================================== +--- xpdf/Stream.cc ++++ xpdf/Stream.cc +@@ -15,6 +15,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <stddef.h> ++#include <limits.h> + #ifndef WIN32 + #include <unistd.h> + #endif +@@ -412,13 +413,28 @@ StreamPredictor::StreamPredictor(Stream + width = widthA; + nComps = nCompsA; + nBits = nBitsA; ++ predLine = NULL; ++ ok = gFalse; + ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps >= INT_MAX/nBits || ++ width >= INT_MAX/nComps/nBits) { ++ return; ++ } + nVals = width * nComps; ++ if (nVals * nBits + 7 <= 0) { ++ return; ++ } + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; ++ if (rowBytes < 0) { ++ return; ++ } + predLine = (Guchar *)gmalloc(rowBytes); + memset(predLine, 0, rowBytes); + predIdx = rowBytes; ++ ++ ok = gTrue; + } + + StreamPredictor::~StreamPredictor() { +@@ -1012,6 +1028,10 @@ LZWStream::LZWStream(Stream *strA, int p + FilterStream(strA) { + if (predictor != 1) { + pred = new StreamPredictor(this, predictor, columns, colors, bits); ++ if (!pred->isOk()) { ++ delete pred; ++ pred = NULL; ++ } + } else { + pred = NULL; + } +@@ -1260,6 +1280,10 @@ CCITTFaxStream::CCITTFaxStream(Stream *s + endOfLine = endOfLineA; + byteAlign = byteAlignA; + columns = columnsA; ++ if (columns < 1 || columns >= INT_MAX / sizeof(short)) { ++ error(-1, "invalid number of columns: %d", columns); ++ exit(1); ++ } + rows = rowsA; + endOfBlock = endOfBlockA; + black = blackA; +@@ -2897,6 +2921,11 @@ GBool DCTStream::readBaselineSOF() { + height = read16(); + width = read16(); + numComps = str->getChar(); ++ if (numComps <= 0 || numComps > 4) { ++ numComps = 0; ++ error(getPos(), "Bad number of components in DCT stream"); ++ return gFalse; ++ } + if (prec != 8) { + error(getPos(), "Bad DCT precision %d", prec); + return gFalse; +@@ -2923,6 +2952,11 @@ GBool DCTStream::readProgressiveSOF() { + height = read16(); + width = read16(); + numComps = str->getChar(); ++ if (numComps <= 0 || numComps > 4) { ++ numComps = 0; ++ error(getPos(), "Bad number of components in DCT stream"); ++ return gFalse; ++ } + if (prec != 8) { + error(getPos(), "Bad DCT precision %d", prec); + return gFalse; +@@ -2945,6 +2979,11 @@ GBool DCTStream::readScanInfo() { + + length = read16() - 2; + scanInfo.numComps = str->getChar(); ++ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) { ++ scanInfo.numComps = 0; ++ error(getPos(), "Bad number of components in DCT stream"); ++ return gFalse; ++ } + --length; + if (length != 2 * scanInfo.numComps + 3) { + error(getPos(), "Bad DCT scan info block"); +@@ -3019,12 +3058,12 @@ GBool DCTStream::readHuffmanTables() { + while (length > 0) { + index = str->getChar(); + --length; +- if ((index & 0x0f) >= 4) { ++ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) { + error(getPos(), "Bad DCT Huffman table"); + return gFalse; + } + if (index & 0x10) { +- index &= 0x0f; ++ index &= 0x03; + if (index >= numACHuffTables) + numACHuffTables = index+1; + tbl = &acHuffTables[index]; +@@ -3142,9 +3181,11 @@ int DCTStream::readMarker() { + do { + do { + c = str->getChar(); ++ if(c == EOF) return EOF; + } while (c != 0xff); + do { + c = str->getChar(); ++ if(c == EOF) return EOF; + } while (c == 0xff); + } while (c == 0x00); + return c; +@@ -3255,6 +3296,10 @@ FlateStream::FlateStream(Stream *strA, i + FilterStream(strA) { + if (predictor != 1) { + pred = new StreamPredictor(this, predictor, columns, colors, bits); ++ if (!pred->isOk()) { ++ delete pred; ++ pred = NULL; ++ } + } else { + pred = NULL; + } +Index: xpdf/JBIG2Stream.cc +=================================================================== +--- xpdf/JBIG2Stream.cc ++++ xpdf/JBIG2Stream.cc +@@ -7,6 +7,7 @@ + //======================================================================== + + #include <aconf.h> ++#include <limits.h> + + #ifdef USE_GCC_PRAGMAS + #pragma implementation +@@ -681,7 +682,16 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, + w = wA; + h = hA; + line = (wA + 7) >> 3; +- data = (Guchar *)gmalloc(h * line); ++ ++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) { ++ error(-1, "invalid width/height"); ++ data = NULL; ++ return; ++ } ++ ++ // need to allocate one extra guard byte for use in combine() ++ data = (Guchar *)gmalloc(h * line + 1); ++ data[h * line] = 0; + } + + JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap): +@@ -690,8 +700,17 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, + w = bitmap->w; + h = bitmap->h; + line = bitmap->line; +- data = (Guchar *)gmalloc(h * line); ++ ++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) { ++ error(-1, "invalid width/height"); ++ data = NULL; ++ return; ++ } ++ ++ // need to allocate one extra guard byte for use in combine() ++ data = (Guchar *)gmalloc(h * line + 1); + memcpy(data, bitmap->data, h * line); ++ data[h * line] = 0; + } + + JBIG2Bitmap::~JBIG2Bitmap() { +@@ -716,10 +735,14 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint + } + + void JBIG2Bitmap::expand(int newH, Guint pixel) { +- if (newH <= h) { ++ if (newH <= h || line <= 0 || newH >= (INT_MAX - 1) / line) { ++ error(-1, "invalid width/height"); ++ gfree(data); ++ data = NULL; + return; + } +- data = (Guchar *)grealloc(data, newH * line); ++ // need to allocate one extra guard byte for use in combine() ++ data = (Guchar *)grealloc(data, newH * line + 1); + if (pixel) { + memset(data + h * line, 0xff, (newH - h) * line); + } else { +@@ -2256,6 +2279,15 @@ void JBIG2Stream::readHalftoneRegionSeg( + error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); + return; + } ++ if (gridH == 0 || gridW >= INT_MAX / gridH) { ++ error(getPos(), "Bad size in JBIG2 halftone segment"); ++ return; ++ } ++ if (w == 0 || h >= INT_MAX / w) { ++ error(getPos(), "Bad size in JBIG2 bitmap segment"); ++ return; ++ } ++ + patternDict = (JBIG2PatternDict *)seg; + bpp = 0; + i = 1; +@@ -2887,6 +2919,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef + JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2; + int x, y, pix; + ++ if (w < 0 || h <= 0 || w >= INT_MAX / h) { ++ error(-1, "invalid width/height"); ++ return NULL; ++ } ++ + bitmap = new JBIG2Bitmap(0, w, h); + bitmap->clearToZero(); + +# vim: syntax=diff |