Security fix for CVE-2008-1693. From Debian.

ok naddy@
2008-04-19 07:38:24 +00:00 · 2008-04-19 07:38:24 +00:00 · 972e5a3c90
commit 972e5a3c90
parent 23100ff230
2 changed files with 141 additions and 3 deletions
--- a/textproc/xpdf/Makefile
+++ b/textproc/xpdf/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.60 2008/02/14 08:52:35 landry Exp $
+# $OpenBSD: Makefile,v 1.61 2008/04/19 07:38:24 bernd Exp $

 COMMENT-main=	PDF viewer for X11
 COMMENT-utils=	PDF conversion tools

 DISTNAME=	xpdf-3.02
-PKGNAME-main=	xpdf-3.02pl2p2
-PKGNAME-utils=	xpdf-utils-3.02pl2
+PKGNAME-main=	xpdf-3.02pl2p3
+PKGNAME-utils=	xpdf-utils-3.02pl2p0
 CATEGORIES=	textproc x11

 MASTER_SITES=	ftp://ftp.foolabs.com/pub/xpdf/ \
--- a/textproc/xpdf/patches/patch-xpdf_Object_h
+++ b/textproc/xpdf/patches/patch-xpdf_Object_h
@ -0,0 +1,138 @@
+$OpenBSD: patch-xpdf_Object_h,v 1.1 2008/04/19 07:38:24 bernd Exp $
+
+* CVE-2008-1693: Arbitrary code execution vulnerability in handling of
+  PDF embedded fonts.
+
+From Debian.
+
+--- xpdf/Object.h.orig	Tue Feb 27 23:05:52 2007
+++ xpdf/Object.h	Fri Apr 18 16:40:14 2008
+@@ -68,17 +68,18 @@ enum ObjType {
+ //------------------------------------------------------------------------
+ 
+ #ifdef DEBUG_MEM
+-#define initObj(t) ++numAlloc[type = t]
+#define initObj(t) zeroUnion(); ++numAlloc[type = t]
+ #else
+-#define initObj(t) type = t
+#define initObj(t) zeroUnion(); type = t
+ #endif
+ 
+ class Object {
+ public:
+-
+  // attempt to clear the anonymous union
+  void zeroUnion() { this->name = NULL; }
+   // Default constructor.
+   Object():
+-    type(objNone) {}
+    type(objNone) { zeroUnion(); }
+ 
+   // Initialize an object.
+   Object *initBool(GBool boolnA)
+@@ -220,16 +221,16 @@ class Object { (private)
+ #include "Array.h"
+ 
+ inline int Object::arrayGetLength()
+-  { return array->getLength(); }
+  { if (type != objArray) return 0; return array->getLength(); }
+ 
+ inline void Object::arrayAdd(Object *elem)
+-  { array->add(elem); }
+  { if (type == objArray) array->add(elem); }
+ 
+ inline Object *Object::arrayGet(int i, Object *obj)
+-  { return array->get(i, obj); }
+  { if (type != objArray) return obj->initNull(); return array->get(i, obj); }
+ 
+ inline Object *Object::arrayGetNF(int i, Object *obj)
+-  { return array->getNF(i, obj); }
+  { if (type != objArray) return obj->initNull(); return array->getNF(i, obj); }
+ 
+ //------------------------------------------------------------------------
+ // Dict accessors.
+@@ -238,31 +239,31 @@ inline Object *Object::arrayGetNF(int i, Object *obj)
+ #include "Dict.h"
+ 
+ inline int Object::dictGetLength()
+-  { return dict->getLength(); }
+  { if (type != objDict) return 0; return dict->getLength(); }
+ 
+ inline void Object::dictAdd(char *key, Object *val)
+-  { dict->add(key, val); }
+  { if (type == objDict) dict->add(key, val); }
+ 
+ inline GBool Object::dictIs(char *dictType)
+-  { return dict->is(dictType); }
+  { return (type == objDict) && dict->is(dictType); }
+ 
+ inline GBool Object::isDict(char *dictType)
+-  { return type == objDict && dictIs(dictType); }
+  { return (type == objDict) && dictIs(dictType); }
+ 
+ inline Object *Object::dictLookup(char *key, Object *obj)
+-  { return dict->lookup(key, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->lookup(key, obj); }
+ 
+ inline Object *Object::dictLookupNF(char *key, Object *obj)
+-  { return dict->lookupNF(key, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->lookupNF(key, obj); }
+ 
+ inline char *Object::dictGetKey(int i)
+-  { return dict->getKey(i); }
+  { if (type != objDict) return NULL; return dict->getKey(i); }
+ 
+ inline Object *Object::dictGetVal(int i, Object *obj)
+-  { return dict->getVal(i, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->getVal(i, obj); }
+ 
+ inline Object *Object::dictGetValNF(int i, Object *obj)
+-  { return dict->getValNF(i, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->getValNF(i, obj); }
+ 
+ //------------------------------------------------------------------------
+ // Stream accessors.
+@@ -271,33 +272,33 @@ inline Object *Object::dictGetValNF(int i, Object *obj
+ #include "Stream.h"
+ 
+ inline GBool Object::streamIs(char *dictType)
+-  { return stream->getDict()->is(dictType); }
+  { return (type == objStream) && stream->getDict()->is(dictType); }
+ 
+ inline GBool Object::isStream(char *dictType)
+-  { return type == objStream && streamIs(dictType); }
+  { return (type == objStream) && streamIs(dictType); }
+ 
+ inline void Object::streamReset()
+-  { stream->reset(); }
+  { if (type == objStream) stream->reset(); }
+ 
+ inline void Object::streamClose()
+-  { stream->close(); }
+  { if (type == objStream) stream->close(); }
+ 
+ inline int Object::streamGetChar()
+-  { return stream->getChar(); }
+  { if (type != objStream) return EOF; return stream->getChar(); }
+ 
+ inline int Object::streamLookChar()
+-  { return stream->lookChar(); }
+  { if (type != objStream) return EOF; return stream->lookChar(); }
+ 
+ inline char *Object::streamGetLine(char *buf, int size)
+-  { return stream->getLine(buf, size); }
+  { if (type != objStream) return NULL; return stream->getLine(buf, size); }
+ 
+ inline Guint Object::streamGetPos()
+-  { return stream->getPos(); }
+  { if (type != objStream) return 0; return stream->getPos(); }
+ 
+ inline void Object::streamSetPos(Guint pos, int dir)
+-  { stream->setPos(pos, dir); }
+  { if (type == objStream) stream->setPos(pos, dir); }
+ 
+ inline Dict *Object::streamGetDict()
+-  { return stream->getDict(); }
+  { if (type != objStream) return NULL; return stream->getDict(); }
+ 
+ #endif