head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.32 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.30 pkgsrc-2012Q4-base:1.5 pkgsrc-2011Q4:1.5.0.28 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q2:1.5.0.26 pkgsrc-2011Q2-base:1.5 pkgsrc-2009Q4:1.5.0.24 pkgsrc-2009Q4-base:1.5 pkgsrc-2008Q4:1.5.0.22 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.20 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.18 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.16 pkgsrc-2008Q2-base:1.5 pkgsrc-2008Q1:1.5.0.14 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.12 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.10 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.8 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.6 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.5.0.4 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.2 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.4.0.12 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.10 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.8 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.6 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.4 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.2 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.2.0.8 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.6 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.4 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.2 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.1.0.10 pkgsrc-2003Q4-base:1.1 netbsd-1-6-1:1.1.0.6 netbsd-1-6-1-base:1.1 netbsd-1-6:1.1.0.8 netbsd-1-6-RELEASE-base:1.1 pkgviews:1.1.0.4 pkgviews-base:1.1 buildlink2:1.1.0.2 buildlink2-base:1.1 netbsd-1-5-PATCH003:1.1 netbsd-1-5-PATCH001:1.1 netbsd-1-5-RELEASE:1.1 netbsd-1-4-PATCH003:1.1 netbsd-1-4-PATCH002:1.1 comdex-fall-1999:1.1; locks; strict; comment @# @; 1.5 date 2006.08.10.03.45.32; author minskim; state dead; branches; next 1.4; 1.4 date 2005.01.24.15.22.16; author kei; state Exp; branches; next 1.3; 1.3 date 2005.01.17.12.19.13; author kei; state Exp; branches; next 1.2; 1.2 date 2003.12.24.12.51.31; author jmmv; state dead; branches; next 1.1; 1.1 date 99.10.04.23.21.46; author simonb; state Exp; branches; next ; desc @@ 1.5 log @Remove teTeX2. @ text @$NetBSD: patch-ak,v 1.4 2005/01/24 15:22:16 kei Exp $ --- libs/xpdf/xpdf/XRef.cc.original 2005-01-24 23:15:21.000000000 +0900 +++ libs/xpdf/xpdf/XRef.cc 2005-01-24 23:15:57.000000000 +0900 @@@@ -28,6 +28,7 @@@@ #include "Error.h" #include "ErrorCodes.h" #include "XRef.h" +#include //------------------------------------------------------------------------ @@@@ -76,6 +77,11 @@@@ // trailer is ok - read the xref table } else { + if ( size >= INT_MAX/sizeof(XRefEntry)) { + error(-1, "Invalid 'size' inside xref table."); + ok = gFalse; + return; + } entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); for (i = 0; i < size; ++i) { entries[i].offset = 0xffffffff; @@@@ -267,6 +273,10 @@@@ // table size if (first + n > size) { newSize = size + 256; + if (newSize >= INT_MAX/sizeof(XRefEntry)) { + error(-1, "Invalid 'newSize'"); + goto err2; + } entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); for (i = size; i < newSize; ++i) { entries[i].offset = 0xffffffff; @@@@ -410,6 +420,10 @@@@ if (!strncmp(p, "obj", 3)) { if (num >= size) { newSize = (num + 1 + 255) & ~255; + if (newSize >= INT_MAX / sizeof(XRefEntry)) { + error(-1, "Invalid 'obj' parameters."); + return gFalse; + } entries = (XRefEntry *) grealloc(entries, newSize * sizeof(XRefEntry)); for (i = size; i < newSize; ++i) { @@@@ -431,6 +445,10 @@@@ } else if (!strncmp(p, "endstream", 9)) { if (streamEndsLen == streamEndsSize) { streamEndsSize += 64; + if (streamEndsSize >= INT_MAX/sizeof(int)) { + error(-1, "Invalid 'endstream' parameter."); + return gFalse; + } streamEnds = (Guint *)grealloc(streamEnds, streamEndsSize * sizeof(int)); } @@@@ -481,6 +499,9 @@@@ } else { keyLength = 5; } + if (keyLength > 16) { + keyLength = 16; + } permFlags = permissions.getInt(); if (encVersion >= 1 && encVersion <= 2 && encRevision >= 2 && encRevision <= 3) { @ 1.4 log @Apply xpdf-3.00pl3.patch also to fix a security problem which is discribed in http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities (CAN-2005-0064). Noticed by Hiroki Sato. Thanks! Bump PKGREVISION to 5. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.3 2005/01/17 12:19:13 kei Exp $ @ 1.3 log @fixed CAN-2004-0888. Since xpdf included with teTeX is 2.01, so this back-ported fix is pulled from FreeBSD ports collection. Hiroki Sato noticed and helped me a lot. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 --- libs/xpdf/xpdf/XRef.cc.orig Mon Nov 4 07:15:37 2002 +++ libs/xpdf/xpdf/XRef.cc Fri Oct 29 09:18:17 2004 d58 10 @ 1.2 log @Update teTeX packages to 2.0.2 (really merge teTeX2 into teTeX). The 2.x branch becomes the default teTeX package. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.1 1999/10/04 23:21:46 simonb Exp $ d3 55 a57 47 --- texk/ps2pkm/paths.c.orig Sat Jan 24 23:11:28 1998 +++ texk/ps2pkm/paths.c Thu Sep 30 13:34:23 1999 @@@@ -798,7 +798,7 @@@@ break; default: - abort("Reverse: bad path segment"); + t1_abort("Reverse: bad path segment"); } /* We need to reverse the order of segments too, so we break this segment @@@@ -932,7 +932,7 @@@@ for (p=p0; p->link->link != NULL; p=p->link) { ; } if (!LASTCLOSED(p->link->flag)) - abort("UnClose: no LASTCLOSED"); + t1_abort("UnClose: no LASTCLOSED"); Free(SplitPath(p0, p)); p0->flag &= ~ISCLOSED(ON); @@@@ -1033,7 +1033,7 @@@@ default: IfTrace1(TRUE,"path = %z\n", p); - abort("PathTransform: invalid segment"); + t1_abort("PathTransform: invalid segment"); } oldx += savex; oldy += savey; @@@@ -1185,7 +1185,7 @@@@ break; default: - abort("QueryPath: unknown segment"); + t1_abort("QueryPath: unknown segment"); } if (coerced) KillPath(path); @@@@ -1325,7 +1325,7 @@@@ case HINTTYPE: break; default: - abort("QueryBounds: unknown type"); + t1_abort("QueryBounds: unknown type"); } if (x < min.x) min.x = x; @ 1.1 log @Don't use a function called "abort" that takes one char * as a parameter. Fixes compile problems on at least pmax, arm32. @ text @d1 1 a1 1 $NetBSD$ @