Commit Graph

74 Commits

Author SHA1 Message Date
deanna
7d59c0e898 Simplify anti-DRM patches. Catches a new DRM check that slipped in
from upstream.

Diff from brad@, inspired by Floor on ports@

ok brad@, bernd@, pvalchev@, and a special "Kill the DRM!  DIE DIE
DIE!!!!!!!!" from todd@
2008-04-25 19:19:05 +00:00
bernd
972e5a3c90 Security fix for CVE-2008-1693. From Debian.
ok naddy@
2008-04-19 07:38:24 +00:00
landry
cca632a485 Finally, fix make install (spotted by markus lude at gmx.de)
fix from sthen@
ok sthen@ steven@
2008-02-14 08:52:35 +00:00
landry
fda5721896 Finally, make xpdf MULTI_PACKAGES, xpdf -main package provides x-depending
parts of xpdf, and xpdf -utils provides non-x-depending parts (replacing the
no_x11 flavor). Appropriate @conflict marker makes upgrade flawless.
While here, remove dependency on a specific version of auto* (prompted by naddy@)
(and remember me to never _ever_ touch xpdf again)

Change requested by naddy@ espie@
ok sthen@ naddy@
2008-02-13 16:18:33 +00:00
landry
4a655e71a5 Add a no_x11 FLAVOR, based on an initial submission by Jeremy Evans
Discussed with many on ports@

ok brad@
2008-02-10 20:25:13 +00:00
bernd
aee4790913 Update to xpdf-3.02pl2 which contains security fixes for CVE-2007-4352,
CVE-2007-5392 and CVE-2007-5393.

More info:
http://secunia.com/secunia_research/2007-88/advisory/

testing & ok simon@, jasper@
2007-11-09 07:15:12 +00:00
naddy
ad83bdd8a8 fix ASCII85 encoding on LP64 archs 2007-08-25 14:42:37 +00:00
naddy
981e5b9829 SECURITY fix for CVE-2007-3387.
Also remove former maintainer at his request.
ok kili@
2007-07-31 21:22:16 +00:00
espie
d4ebcd974d more base64 checksums 2007-04-05 17:26:05 +00:00
ckuethe
454f465537 Forgot to cvs rm this one too. Pointed out by marco 2007-03-30 04:32:13 +00:00
ckuethe
3b5bcac916 Update to xpdf 3.0.2, from Stuart Henderson and Brad Smith
Includes some security fixes

ok pvalchev, todd
2007-03-30 04:09:42 +00:00
espie
49a9142c53 new lib specs 2006-08-03 23:55:10 +00:00
bernd
5cef0e1aee Fix heap based buffer overflow.
From KDE. http://www.kde.org/info/security/advisory-20060202-1.txt

ok brad@
2006-02-05 09:59:00 +00:00
bernd
73df9cb65e Fix several security bugs in the xpdf code.
o iDefense advisories from 2005-12-05
o CAN-2005-3191, CAN-2005-3192, CAN-2005-3193

- JPX Stream Reader Heap Overflow Vulnerability
- DCTStream Baseline Heap Overflow Vulnerability
- DCTStream Progressive Heap Overflow
- StreamPredictor Heap Overflow Vulnerability

Patch provided by xpdf developers.
2005-12-07 09:22:14 +00:00
brad
f78eac374a upgrade to xpdf 3.01
Most of the update is from Bernd Ahlers <bernd at ba-net dot org>
2005-09-09 17:34:53 +00:00
sturm
0d88196840 bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8
suggested by espie@, ok pval@
2005-08-31 19:55:36 +00:00
naddy
9c8738ab34 Fix denial of service vulnerability.
Check sanity of the TrueType "loca" table.  Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table.  CAN-2005-2097.

from Ubuntu Linux; ok brad@
2005-08-11 14:18:47 +00:00
naddy
5fde06cb73 sync patches 2005-08-10 20:27:25 +00:00
naddy
fe99af154b SECURITY:
Fix a buffer overflow due to insufficient bounds checking while
processing a PDF file that provides malicious values in the /Encrypt
/Length tag.

http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false

ok robert@
2005-01-19 16:23:16 +00:00
naddy
ae76d3ea1f SIZE 2005-01-05 17:21:50 +00:00
robert
1186293490 SECURITY:
fix a buffer overflow vulnerability; bump PKGNAME; use autoconf-2.59

ok MAINTAINER (brad@)
2004-12-22 17:36:24 +00:00
alek
23b926dc64 Add WANTLIB markers 2004-12-07 00:23:20 +00:00
naddy
398c2b8469 Remove workaround for GNU m4 incompatibility, which has been fixed in our m4. 2004-11-08 16:34:52 +00:00
naddy
1a313ddeea freetype fixes, adapted from FreeBSD; ok brad@ 2004-11-06 18:19:53 +00:00
brad
31ca292e2d Chris Evans discovered numerous vulnerabilities in the xpdf package:
Multiple integer overflow issues affecting xpdf.
These can result in writing an arbitrary byte to an attacker controlled
location which probably could lead to arbitrary code execution.
CAN-2004-0888

Multiple integer overflow issues.
These can result in DoS or possibly arbitrary code execution.
CAN-2004-0889

Chris also discovered issues with infinite loop logic error.
2004-10-23 02:24:36 +00:00
espie
d1fa125d45 new plists 2004-09-15 18:39:31 +00:00
naddy
51b4d86024 drop obsolete lib requirement 2004-07-30 01:19:28 +00:00
brad
370fbe9082 install sample xpdfrc file and fix lpr usage. From: sturm@ 2004-04-06 02:35:44 +00:00
brad
8127d75ffc FreeType2 authors are brain dead. Workaround really stupid change
with FreeType2 that comes with XF 4.4.
2004-02-14 21:06:54 +00:00
brad
d08dcf874d now that there is a separate fonts package for ghostscript
use that instead.
2004-01-31 18:06:38 +00:00
brad
722abda26f better 2004-01-25 09:44:20 +00:00
brad
dba7e02584 - remove bogus --with-gzip in CONFIGURE_ARGS
- add RUN_DEPENDS on GNU ghostscript for the fonts
2004-01-25 09:37:39 +00:00
brad
54cbe89b39 upgrade to xpdf 3.00
"shitloads better rendering" - jose@
2004-01-25 06:02:40 +00:00
naddy
112339c1d4 remove WWW lines 2003-12-15 21:54:59 +00:00
brad
774e18ab50 remove DRM bullshit.
--
From: cloder@
2003-10-24 19:31:57 +00:00
brad
92fc00317d upgrade to xpdf 2.02pl1
fixes a flaw where an attacker can embed malicious hyperlinks that if
activated can execute arbitrary shell commands.

http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2
2003-06-19 12:00:47 +00:00
brad
2d8ff25d82 upgrade to xpdf 2.02
--
From: naddy@
2003-05-20 00:37:10 +00:00
sturm
93a38c63c4 update to xpdf 2.01
- switch to motif toolkit
- support for multiple open documents
- lots of minor tweaks, bugfixes and additions, see
  http://www.foolabs.com/xpdf/CHANGES for details

MAINTAINER ok
2003-02-12 08:28:20 +00:00
brad
f975f83529 The pdftops filter in xpdf contains an integer overflow that can
be exploited to gain the privileges of the target user.

http://www.idefense.com/advisory/12.23.02.txt
2002-12-29 23:45:20 +00:00
naddy
d79d0fc832 No regression tests available. 2002-10-28 22:43:46 +00:00
pvalchev
6109dd2c35 no more need to build this static on sparc64, remove workaround
ld.so fix thanks to drahn@
2002-09-04 00:55:41 +00:00
brad
e6ed1a0dbf upgrade to xpdf 1.01 2002-05-23 23:44:21 +00:00
pvalchev
6cfb29e647 temporary link xpdf static on sparc64 to workaround ld.so bug; ok brad
with this it works...
2002-05-08 20:33:11 +00:00
brad
8bb1abbd3c upgrade to xpdf 1.00 2002-04-27 04:21:01 +00:00
brad
00c89eea6f distfile does not exist on distsites so use MASTER_SITE_BACKUP for now. 2002-03-30 21:48:27 +00:00
kevlo
7276e66536 support Japanese/Chinese PDF viewing.
--
Submitted by Hidenori Ishikawa <hideishi@magisystem.net>;
Tested by me;
Ok'd by brad@
2001-12-13 03:26:28 +00:00
brad
91858bb23d upgrade to xpdf 0.93 2001-11-29 16:42:41 +00:00
espie
d4a8bd7c69 full lib depends 2001-10-24 12:36:02 +00:00
brad
30c8ec7ea4 bump major for t1lib 2001-08-28 00:54:46 +00:00
brad
14ccfbe8fa dewey dependency on t1lib. 2001-06-27 13:23:22 +00:00