SECURITY:

Catch up with xpdf 3.00 pl2 and pl3 for various vulnerabilities, and a fix for CAN-2005-2097 from Kristian Hoegsberg. ok mbalmer@, pvalchev@
2005-08-22 22:37:12 +00:00 · 2005-08-22 22:37:12 +00:00 · b5ba305851
commit b5ba305851
parent f10e13f8c4
5 changed files with 109 additions and 1 deletions
--- a/textproc/gpdf/Makefile
+++ b/textproc/gpdf/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.9 2005/02/21 16:54:19 alek Exp $
+# $OpenBSD: Makefile,v 1.10 2005/08/22 22:37:12 naddy Exp $

 COMMENT=		"PDF viewer for GNOME"

 DISTNAME=		gpdf-2.8.1
+PKGNAME=		${DISTNAME}p0
 CATEGORIES=		textproc x11/gnome

 HOMEPAGE=		http://www.inf.tu-dresden.de/~mk793652/gpdf/
--- a/textproc/gpdf/patches/patch-xpdf_GPOutputDev_cc
+++ b/textproc/gpdf/patches/patch-xpdf_GPOutputDev_cc
@ -0,0 +1,56 @@
+$OpenBSD: patch-xpdf_GPOutputDev_cc,v 1.1 2005/08/22 22:37:12 naddy Exp $
+--- xpdf/GPOutputDev.cc.orig	Sat Aug 20 22:36:27 2005
+++ xpdf/GPOutputDev.cc	Sat Aug 20 22:38:32 2005
+@@ -257,26 +257,14 @@ GnomeFontFace *GPOFontMap::getFontFaceEm
+   }
+   case fontTrueType: {
+     FoFiTrueType *ff;
+-    gint fd;
+-    gchar *temp_name;
+-    FILE *f;
+     gushort *code_to_gid;
+ 
+     ff = FoFiTrueType::make((char *)contents, length); // FIXME error handling
+ 
+     code_to_gid = ((Gfx8BitFont *)font)->getCodeToGIDMap(ff); // this is g(oo)malloc'd
+ 
+-    fd = g_file_open_tmp("gpdf-ttf-XXXXXX", &temp_name, NULL);
+-    f = fdopen(fd, "wb");
+-    ff->writeTTF(&fileWrite, f);
+     delete ff;
+-    g_free(contents);
+-    fclose(f);
+ 
+-    g_file_get_contents(temp_name, (gchar **)&contents, &length, NULL);
+-    unlink(temp_name);
+-    g_free(temp_name);
+-
+     gff = gpdf_font_face_download((const guchar *)font_name,
+ 				  (const guchar *)"",
+ 				  GNOME_FONT_REGULAR, FALSE,
+@@ -318,25 +306,8 @@ GnomeFontFace *GPOFontMap::getFontFaceEm
+     break;
+   }
+   case fontCIDType2: {
+-    FoFiTrueType *ff;
+-    gint fd;
+-    gchar *temp_name;
+-    FILE *f;
+     gint n_cids;    
+     gushort *code_to_gid;
+-
+-    ff = FoFiTrueType::make((char *)contents, length); // FIXME error handling
+-
+-    fd = g_file_open_tmp("gpdf-ttf-XXXXXX", &temp_name, NULL);
+-    f = fdopen(fd, "wb");
+-    ff->writeTTF(&fileWrite, f);
+-    delete ff;
+-    g_free(contents);
+-    fclose(f);
+-
+-    g_file_get_contents(temp_name, (gchar **)&contents, &length, NULL);
+-    unlink(temp_name);
+-    g_free(temp_name);
+ 
+     gff = gpdf_font_face_download((const guchar *)font_name,
+ 				  (const guchar *)"",
--- a/textproc/gpdf/patches/patch-xpdf_GfxState_cc
+++ b/textproc/gpdf/patches/patch-xpdf_GfxState_cc
@ -0,0 +1,24 @@
+$OpenBSD: patch-xpdf_GfxState_cc,v 1.1 2005/08/22 22:37:12 naddy Exp $
+--- xpdf/GfxState.cc.orig	Sat Aug 20 22:10:30 2005
+++ xpdf/GfxState.cc	Sat Aug 20 22:12:38 2005
+@@ -714,6 +714,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
+  if (nCompsA > gfxColorMaxComps) {
+    error(-1, "ICCBased color space with too many (%d > %d) components",
+	  nCompsA, gfxColorMaxComps);
+    nCompsA = gfxColorMaxComps;
+  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {
+@@ -1060,7 +1065,7 @@ GfxColorSpace *GfxDeviceNColorSpace::par
+   }
+   nCompsA = obj1.arrayGetLength();
+   if (nCompsA > gfxColorMaxComps) {
+-    error(-1, "DeviceN color space with more than %d > %d components",
+    error(-1, "DeviceN color space with too many (%d > %d) components",
+ 	  nCompsA, gfxColorMaxComps);
+     nCompsA = gfxColorMaxComps;
+   }
--- a/textproc/gpdf/patches/patch-xpdf_Gfx_cc
+++ b/textproc/gpdf/patches/patch-xpdf_Gfx_cc
@ -0,0 +1,14 @@
+$OpenBSD: patch-xpdf_Gfx_cc,v 1.1 2005/08/22 22:37:12 naddy Exp $
+--- xpdf/Gfx.cc.orig	Sat Aug 20 22:09:21 2005
+++ xpdf/Gfx.cc	Sat Aug 20 22:10:22 2005
+@@ -2654,7 +2654,9 @@ void Gfx::doImage(Object *ref, Stream *s
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
+      for (i = 0;
+	  i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
+	  ++i) {
+ 	maskObj.arrayGet(i, &obj1);
+ 	maskColors[i] = obj1.getInt();
+ 	obj1.free();
--- a/textproc/gpdf/patches/patch-xpdf_XRef_cc
+++ b/textproc/gpdf/patches/patch-xpdf_XRef_cc
@ -0,0 +1,13 @@
+$OpenBSD: patch-xpdf_XRef_cc,v 1.1 2005/08/22 22:37:12 naddy Exp $
+--- xpdf/XRef.cc.orig	Sat Aug 20 22:14:19 2005
+++ xpdf/XRef.cc	Sat Aug 20 22:16:10 2005
+@@ -819,6 +819,9 @@ GBool XRef::checkEncrypted(GString *owne
+ 	} else {
+ 	  keyLength = 5;
+ 	}
+	if (keyLength > 16) {
+	  keyLength = 16;
+	}
+ 	permFlags = permissions.getInt();
+ 	if (encVersion >= 1 && encVersion <= 2 &&
+ 	    encRevision >= 2 && encRevision <= 3) {