head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.28 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.26 pkgsrc-2012Q4-base:1.5 pkgsrc-2011Q4:1.5.0.24 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q2:1.5.0.22 pkgsrc-2011Q2-base:1.5 pkgsrc-2009Q4:1.5.0.20 pkgsrc-2009Q4-base:1.5 pkgsrc-2008Q4:1.5.0.18 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.16 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.14 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.12 pkgsrc-2008Q2-base:1.5 pkgsrc-2008Q1:1.5.0.10 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.8 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.6 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.4 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.2 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.4.0.8 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.6 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.4 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.2 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.2.0.4 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.2 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.1.0.10 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.8 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.6 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.4 pkgsrc-2004Q3-base:1.1 pkgsrc-2004Q2:1.1.0.2 pkgsrc-2004Q2-base:1.1; locks; strict; comment @# @; 1.5 date 2007.03.13.11.07.23; author drochner; state dead; branches; next 1.4; 1.4 date 2006.03.29.17.20.09; author joerg; state Exp; branches; next 1.3; 1.3 date 2006.01.22.23.13.33; author tron; state Exp; branches; next 1.2; 1.2 date 2005.09.07.15.19.08; author adam; state dead; branches 1.2.4.1; next 1.1; 1.1 date 2004.04.27.19.45.59; author adam; state Exp; branches; next ; 1.2.4.1 date 2006.01.23.10.35.16; author salo; state Exp; branches; next ; desc @@ 1.5 log @oops - remove obsolete patches @ text @$NetBSD: patch-ao,v 1.4 2006/03/29 17:20:09 joerg Exp $ --- xpdf/JBIG2Stream.cc.orig 2005-08-17 06:34:31.000000000 +0100 +++ xpdf/JBIG2Stream.cc 2006-01-22 22:48:31.000000000 +0000 @@@@ -2305,6 +2318,15 @@@@ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); return; } + if (gridH == 0 || gridW >= INT_MAX / gridH) { + error(getPos(), "Bad size in JBIG2 halftone segment"); + return; + } + if (w == 0 || h >= INT_MAX / w) { + error(getPos(), "Bad size in JBIG2 bitmap segment"); + return; + } + patternDict = (JBIG2PatternDict *)seg; bpp = 0; i = 1; @@@@ -2936,6 +2958,9 @@@@ JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2; int x, y, pix; + if (w < 0 || h <= 0 || w >= INT_MAX / h) + return NULL; + bitmap = new JBIG2Bitmap(0, w, h); bitmap->clearToZero(); @ 1.4 log @Update xpdf to 3.01 patch level 2. The patch level addresses a number of vulnerabilities reported and adds at least some constraint checks not done before. @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.3 2006/01/22 23:13:33 tron Exp $ @ 1.3 log @Apply security fix for SA18303 taken from Fedora Core 4. Bump package revision because of this fix. @ text @d1 1 a1 1 $NetBSD$ a4 49 @@@@ -7,6 +7,7 @@@@ //======================================================================== #include +#include #ifdef USE_GCC_PRAGMAS #pragma implementation @@@@ -681,9 +682,15 @@@@ w = wA; h = hA; line = (wA + 7) >> 3; - // need to allocate one extra guard byte for use in combine() - data = (Guchar *)gmalloc(h * line + 1); - data[h * line] = 0; + + if (h < 0 || line <= 0 || h >= INT_MAX / line) { + data = NULL; + } + else { + // need to allocate one extra guard byte for use in combine() + data = (Guchar *)gmalloc(h * line + 1); + data[h * line] = 0; + } } JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap): @@@@ -692,6 +699,12 @@@@ w = bitmap->w; h = bitmap->h; line = bitmap->line; + + if (h < 0 || line <= 0 || h >= INT_MAX / line) { + data = NULL; + return; + } + // need to allocate one extra guard byte for use in combine() data = (Guchar *)gmalloc(h * line + 1); memcpy(data, bitmap->data, h * line); @@@@ -720,7 +733,7 @@@@ } void JBIG2Bitmap::expand(int newH, Guint pixel) { - if (newH <= h) { + if (newH <= h || line <= 0 || newH >= INT_MAX / line) { return; } // need to allocate one extra guard byte for use in combine() @ 1.2 log @Changes 3.01: ------------------ Added the continuous view mode, including the '-cont' switch and the 'continuousView' config file option. At high zoom levels, don't rasterize the entire page - this avoids problems running out of memory. Added "search backward" and "match case" options to the find dialog. Support explicitly masked images and soft masked images. Add support to DCTStream for 16-bit quant tables. Don't segfault if the user clicks on an outline entry with a broken destination. Changed the makefiles and configure script to skip building pdftoppm (in addition to xpdf) if X, Motif, or FreeType is not found; changed the error message in the configure script to match. Move an inline function in JArithmeticDecoder.cc to avoid compiler errors. Fixed a bug in the rasterizer that was sometimes causing infinite loops with round line caps on vertical lines. Various rasterizer optimizations. Look for intermediate resize events - try to avoid lagging when the user is doing an opaque resize. The FormType key in Form XObjects is optional. Handle external 16-bit TrueType fonts correctly, using the Unicode cmap. Add class declarations to TextOutputDev.h to work with stricter C++ compilers. More... @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.1 2004/04/27 19:45:59 adam Exp $ d3 76 a78 9 --- splash/SplashFTFontFile.h.orig Tue Apr 27 21:32:38 2004 +++ splash/SplashFTFontFile.h @@@@ -15,6 +15,7 @@@@ #pragma interface #endif +#include #include #include "SplashFontFile.h" @ 1.2.4.1 log @Pullup ticket 1053 - requested by Matthias Scheler security fix for xpdf Revisions pulled up: - pkgsrc/print/xpdf/Makefile 1.52 - pkgsrc/print/xpdf/distinfo 1.25 - pkgsrc/print/xpdf/patches/patch-ao 1.3 - pkgsrc/print/xpdf/patches/patch-aq 1.1 - pkgsrc/print/xpdf/patches/patch-at 1.2 Module Name: pkgsrc Committed By: tron Date: Sun Jan 22 23:13:33 UTC 2006 Modified Files: pkgsrc/print/xpdf: Makefile distinfo pkgsrc/print/xpdf/patches: patch-at Added Files: pkgsrc/print/xpdf/patches: patch-ao patch-aq Log Message: Apply security fix for SA18303 taken from Fedora Core 4. Bump package revision because of this fix. @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.3 2006/01/22 23:13:33 tron Exp $ d3 9 a11 76 --- xpdf/JBIG2Stream.cc.orig 2005-08-17 06:34:31.000000000 +0100 +++ xpdf/JBIG2Stream.cc 2006-01-22 22:48:31.000000000 +0000 @@@@ -7,6 +7,7 @@@@ //======================================================================== #include +#include #ifdef USE_GCC_PRAGMAS #pragma implementation @@@@ -681,9 +682,15 @@@@ w = wA; h = hA; line = (wA + 7) >> 3; - // need to allocate one extra guard byte for use in combine() - data = (Guchar *)gmalloc(h * line + 1); - data[h * line] = 0; + + if (h < 0 || line <= 0 || h >= INT_MAX / line) { + data = NULL; + } + else { + // need to allocate one extra guard byte for use in combine() + data = (Guchar *)gmalloc(h * line + 1); + data[h * line] = 0; + } } JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap): @@@@ -692,6 +699,12 @@@@ w = bitmap->w; h = bitmap->h; line = bitmap->line; + + if (h < 0 || line <= 0 || h >= INT_MAX / line) { + data = NULL; + return; + } + // need to allocate one extra guard byte for use in combine() data = (Guchar *)gmalloc(h * line + 1); memcpy(data, bitmap->data, h * line); @@@@ -720,7 +733,7 @@@@ } void JBIG2Bitmap::expand(int newH, Guint pixel) { - if (newH <= h) { + if (newH <= h || line <= 0 || newH >= INT_MAX / line) { return; } // need to allocate one extra guard byte for use in combine() @@@@ -2305,6 +2318,15 @@@@ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); return; } + if (gridH == 0 || gridW >= INT_MAX / gridH) { + error(getPos(), "Bad size in JBIG2 halftone segment"); + return; + } + if (w == 0 || h >= INT_MAX / w) { + error(getPos(), "Bad size in JBIG2 bitmap segment"); + return; + } + patternDict = (JBIG2PatternDict *)seg; bpp = 0; i = 1; @@@@ -2936,6 +2958,9 @@@@ JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2; int x, y, pix; + if (w < 0 || h <= 0 || w >= INT_MAX / h) + return NULL; + bitmap = new JBIG2Bitmap(0, w, h); bitmap->clearToZero(); @ 1.1 log @Fixed buildling with the new FreeType2 rules @ text @d1 1 a1 1 $NetBSD$ @