cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
64,752 Commits 1 Branch 0 Tags 554 MiB
0bc7d2e694
Commit Graph

91 Commits

Author SHA1 Message Date
stsp
1bfd6642b1 Apply a patch to fix a heap overflow (poppler has the same fix, and xpdf 
upstream will release this fix in xpdf-3.03).
Also apply a patch that kili@ lifted from poppler some time ago.
Both patches fix crashes seen with some PDF documents.

ok sthen, "don't wait for me" kili
 2011-03-03 21:22:13 +00:00
miod
0b43f8cc7c Prevent more out-of-bounds aray accesses by ignoring hints referencing point 
numbers out of the correct range; ok kili@, riding on the update.
 2010-12-04 10:45:21 +00:00
miod
81ea9ff787 Update to xpdf 3.02pl5. ok kili@ 2010-12-04 10:44:31 +00:00
espie
811d94d9d6 new depends 2010-11-20 19:56:47 +00:00
espie
203cf6e974 prepare for motif lib-depends -> wantlib 2010-11-06 18:42:35 +00:00
ajacoutot
ff07e285bc Remove USE_X11. 2010-10-24 20:58:58 +00:00
espie
dcaa846fde USE_GROFF=Yes 2010-10-19 07:54:21 +00:00
jasper
88c0ccc707 - add security fix for CVE-2010-3702. 
ok kili@ naddy@
 2010-10-13 17:29:37 +00:00
jasper
bde4fd8027 Security fix for CVE-2010-3704. Patch from upstream poppler git. 2010-10-13 11:37:25 +00:00
jasper
89278da340 - give the urlCommand a slightly bigger chance of working 
- regen patches
 2010-05-27 14:55:40 +00:00
naddy
91db013e33 fix build and WANTLIB after libXp removal 2010-04-24 20:18:39 +00:00
kili
3cc74d2e32 Tell configure to use -lm. 
Fixes the detection of openmotif after the latest update.
 2009-12-16 14:00:23 +00:00
edd
cd256c4e71 update xpdf to 3.02.4. This addresses the following security issues: 
CVE-2009-3603
CVE-2009-3604
CVE-2009-3605
CVE-2009-3606
CVE-2009-3608
CVE-2009-3609

Official patch from xpdf developers integrated into build.

OK kili@
 2009-10-15 12:51:13 +00:00
kili
8fc6287292 WANTLIB changes after xcb addition and bump. 2009-08-10 06:29:51 +00:00
miod
341c29a6c7 Fix possible out of bounds access in xpath code, reported upstream; bump 
package name. ok kili@
 2009-05-30 22:35:56 +00:00
kili
02f903cb18 SECURITY: update to xpdf-3.02pl3 which fixes multiple vulnerabilities. 
See http://rhn.redhat.com/errata/RHSA-2009-0430.html for details.

Also, fix license marker, update plists and simplify the pkgname
(dropping the pl, which seems to confuse bsd.port.mk's update
target).

ok naddy@, who had almost the same diff
 2009-04-17 20:55:46 +00:00
naddy
e71b604a5c don't hardcode /usr/local and don't probe paths that don't exist on OpenBSD 
ok steven@, kili@, landry@, sthen@
 2009-04-04 14:45:48 +00:00
deanna
7d59c0e898 Simplify anti-DRM patches. Catches a new DRM check that slipped in 
from upstream.

Diff from brad@, inspired by Floor on ports@

ok brad@, bernd@, pvalchev@, and a special "Kill the DRM!  DIE DIE
DIE!!!!!!!!" from todd@
 2008-04-25 19:19:05 +00:00
bernd
972e5a3c90 Security fix for CVE-2008-1693. From Debian. 
ok naddy@
 2008-04-19 07:38:24 +00:00
landry
cca632a485 Finally, fix make install (spotted by markus lude at gmx.de) 
fix from sthen@
ok sthen@ steven@
 2008-02-14 08:52:35 +00:00
landry
fda5721896 Finally, make xpdf MULTI_PACKAGES, xpdf -main package provides x-depending 
parts of xpdf, and xpdf -utils provides non-x-depending parts (replacing the
no_x11 flavor). Appropriate @conflict marker makes upgrade flawless.
While here, remove dependency on a specific version of auto* (prompted by naddy@)
(and remember me to never _ever_ touch xpdf again)

Change requested by naddy@ espie@
ok sthen@ naddy@
 2008-02-13 16:18:33 +00:00
landry
4a655e71a5 Add a no_x11 FLAVOR, based on an initial submission by Jeremy Evans 
Discussed with many on ports@

ok brad@
 2008-02-10 20:25:13 +00:00
bernd
aee4790913 Update to xpdf-3.02pl2 which contains security fixes for CVE-2007-4352, 
CVE-2007-5392 and CVE-2007-5393.

More info:
http://secunia.com/secunia_research/2007-88/advisory/

testing & ok simon@, jasper@
 2007-11-09 07:15:12 +00:00
naddy
ad83bdd8a8 fix ASCII85 encoding on LP64 archs 2007-08-25 14:42:37 +00:00
naddy
981e5b9829 SECURITY fix for CVE-2007-3387. 
Also remove former maintainer at his request.
ok kili@
 2007-07-31 21:22:16 +00:00
espie
d4ebcd974d more base64 checksums 2007-04-05 17:26:05 +00:00
ckuethe
454f465537 Forgot to cvs rm this one too. Pointed out by marco 2007-03-30 04:32:13 +00:00
ckuethe
3b5bcac916 Update to xpdf 3.0.2, from Stuart Henderson and Brad Smith 
Includes some security fixes

ok pvalchev, todd
 2007-03-30 04:09:42 +00:00
espie
49a9142c53 new lib specs 2006-08-03 23:55:10 +00:00
bernd
5cef0e1aee Fix heap based buffer overflow. 
From KDE. http://www.kde.org/info/security/advisory-20060202-1.txt

ok brad@
 2006-02-05 09:59:00 +00:00
bernd
73df9cb65e Fix several security bugs in the xpdf code. 
o iDefense advisories from 2005-12-05
o CAN-2005-3191, CAN-2005-3192, CAN-2005-3193

- JPX Stream Reader Heap Overflow Vulnerability
- DCTStream Baseline Heap Overflow Vulnerability
- DCTStream Progressive Heap Overflow
- StreamPredictor Heap Overflow Vulnerability

Patch provided by xpdf developers.
 2005-12-07 09:22:14 +00:00
brad
f78eac374a upgrade to xpdf 3.01 
Most of the update is from Bernd Ahlers <bernd at ba-net dot org>
 2005-09-09 17:34:53 +00:00
sturm
0d88196840 bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8 
suggested by espie@, ok pval@
 2005-08-31 19:55:36 +00:00
naddy
9c8738ab34 Fix denial of service vulnerability. 
Check sanity of the TrueType "loca" table.  Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table.  CAN-2005-2097.

from Ubuntu Linux; ok brad@
 2005-08-11 14:18:47 +00:00
naddy
5fde06cb73 sync patches 2005-08-10 20:27:25 +00:00
naddy
fe99af154b SECURITY: 
Fix a buffer overflow due to insufficient bounds checking while
processing a PDF file that provides malicious values in the /Encrypt
/Length tag.

http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false

ok robert@
 2005-01-19 16:23:16 +00:00
naddy
ae76d3ea1f SIZE 2005-01-05 17:21:50 +00:00
robert
1186293490 SECURITY: 
fix a buffer overflow vulnerability; bump PKGNAME; use autoconf-2.59

ok MAINTAINER (brad@)
 2004-12-22 17:36:24 +00:00
alek
23b926dc64 Add WANTLIB markers 2004-12-07 00:23:20 +00:00
naddy
398c2b8469 Remove workaround for GNU m4 incompatibility, which has been fixed in our m4. 2004-11-08 16:34:52 +00:00
naddy
1a313ddeea freetype fixes, adapted from FreeBSD; ok brad@ 2004-11-06 18:19:53 +00:00
brad
31ca292e2d Chris Evans discovered numerous vulnerabilities in the xpdf package: 
Multiple integer overflow issues affecting xpdf.
These can result in writing an arbitrary byte to an attacker controlled
location which probably could lead to arbitrary code execution.
CAN-2004-0888

Multiple integer overflow issues.
These can result in DoS or possibly arbitrary code execution.
CAN-2004-0889

Chris also discovered issues with infinite loop logic error.
 2004-10-23 02:24:36 +00:00
espie
d1fa125d45 new plists 2004-09-15 18:39:31 +00:00
naddy
51b4d86024 drop obsolete lib requirement 2004-07-30 01:19:28 +00:00
brad
370fbe9082 install sample xpdfrc file and fix lpr usage. From: sturm@ 2004-04-06 02:35:44 +00:00
brad
8127d75ffc FreeType2 authors are brain dead. Workaround really stupid change 
with FreeType2 that comes with XF 4.4.
 2004-02-14 21:06:54 +00:00
brad
d08dcf874d now that there is a separate fonts package for ghostscript 
use that instead.
 2004-01-31 18:06:38 +00:00
brad
722abda26f better 2004-01-25 09:44:20 +00:00
brad
dba7e02584 - remove bogus --with-gzip in CONFIGURE_ARGS 
- add RUN_DEPENDS on GNU ghostscript for the fonts
 2004-01-25 09:37:39 +00:00
brad
54cbe89b39 upgrade to xpdf 3.00 
"shitloads better rendering" - jose@
 2004-01-25 06:02:40 +00:00