From bd1ba7c0856ab65f3f5525393c7719f2260c29ab Mon Sep 17 00:00:00 2001
From: Marcus Alves Grando <mnag@FreeBSD.org>
Date: Mon, 27 Mar 2006 22:16:34 +0000
Subject: - Add patches for security issues - Bump PORTREVISION - portlint(1)
Approved by: maintainer timeout (2 days, security)
Obtained from: gentoo
Security: CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627,
http://secunia.com/advisories/18303/
---
textproc/pdftohtml/Makefile | 13 +-
textproc/pdftohtml/files/patch-SA17897 | 93 ------------
textproc/pdftohtml/files/patch-SA18303 | 253 +++++++++++++++++++++++++++++++++
3 files changed, 259 insertions(+), 100 deletions(-)
delete mode 100644 textproc/pdftohtml/files/patch-SA17897
create mode 100644 textproc/pdftohtml/files/patch-SA18303
(limited to 'textproc')
diff --git a/textproc/pdftohtml/Makefile b/textproc/pdftohtml/Makefile
index 10a33aca1771..00934f00b8df 100644
--- a/textproc/pdftohtml/Makefile
+++ b/textproc/pdftohtml/Makefile
@@ -8,7 +8,7 @@
PORTNAME= pdftohtml
PORTVERSION= 0.36
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= textproc
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -22,11 +22,11 @@ GSPORT?= print/ghostscript-afpl
GSPORT?= print/ghostscript-gnu
.endif
-RUN_DEPENDS= ${LOCALBASE}/bin/gs:${PORTSDIR}/${GSPORT}
+RUN_DEPENDS+= ${LOCALBASE}/bin/gs:${PORTSDIR}/${GSPORT}
PLIST_FILES= bin/pdftohtml
+
WRKSRC= ${WRKDIR}/${DISTNAME}
-USE_REINPLACE= yes
pre-fetch:
.if !defined(WITH_GHOSTSCRIPT_AFPL) || ${WITH_GHOSTSCRIPT_AFPL} != yes
@@ -37,11 +37,10 @@ pre-fetch:
.endif
pre-patch:
-.for file in goo/Makefile xpdf/Makefile
- ${REINPLACE_CMD} -e "s|-O2||; s|-g||" ${WRKSRC}/${file}
-.endfor
+ @${FIND} ${WRKSRC} -name Makefile | ${XARGS} \
+ ${REINPLACE_CMD} -e "s|-O[0-9]||" -e "s|-g||"
do-install:
- @${INSTALL_PROGRAM} ${WRKSRC}/pdftohtml ${PREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/pdftohtml ${PREFIX}/bin
.include <bsd.port.mk>
diff --git a/textproc/pdftohtml/files/patch-SA17897 b/textproc/pdftohtml/files/patch-SA17897
deleted file mode 100644
index 97cf8894bf2d..000000000000
--- a/textproc/pdftohtml/files/patch-SA17897
+++ /dev/null
@@ -1,93 +0,0 @@
---- xpdf/Stream.cc.orig Mon May 17 16:37:57 2004
-+++ xpdf/Stream.cc Tue Dec 6 18:05:14 2005
-@@ -407,18 +407,33 @@
-
- StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
- int widthA, int nCompsA, int nBitsA) {
-+ int totalBits;
-+
- str = strA;
- predictor = predictorA;
- width = widthA;
- nComps = nCompsA;
- nBits = nBitsA;
-+ predLine = NULL;
-+ ok = gFalse;
-
- nVals = width * nComps;
-+ totalBits = nVals * nBits;
-+ if (totalBits == 0 ||
-+ (totalBits / nBits) / nComps != width ||
-+ totalBits + 7 < 0) {
-+ return;
-+ }
- pixBytes = (nComps * nBits + 7) >> 3;
-- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-+ rowBytes = ((totalBits + 7) >> 3) + pixBytes;
-+ if (rowBytes < 0) {
-+ return;
-+ }
- predLine = (Guchar *)gmalloc(rowBytes);
- memset(predLine, 0, rowBytes);
- predIdx = rowBytes;
-+
-+ ok = gTrue;
- }
-
- StreamPredictor::~StreamPredictor() {
-@@ -1012,6 +1027,10 @@
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
-@@ -2897,6 +2916,14 @@
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream", prec);
-+ return gFalse;
-+ }
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream", prec);
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-@@ -3255,6 +3282,10 @@
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
---- xpdf/Stream.h.orig Mon May 17 16:37:57 2004
-+++ xpdf/Stream.h Tue Dec 6 18:05:14 2005
-@@ -233,6 +233,8 @@
-
- ~StreamPredictor();
-
-+ GBool isOk() { return ok; }
-+
- int lookChar();
- int getChar();
-
-@@ -250,6 +252,7 @@
- int rowBytes; // bytes per line
- Guchar *predLine; // line buffer
- int predIdx; // current index in predLine
-+ GBool ok;
- };
-
- //------------------------------------------------------------------------
diff --git a/textproc/pdftohtml/files/patch-SA18303 b/textproc/pdftohtml/files/patch-SA18303
new file mode 100644
index 000000000000..b8010dab5ef5
--- /dev/null
+++ b/textproc/pdftohtml/files/patch-SA18303
@@ -0,0 +1,253 @@
+Index: xpdf/Stream.h
+===================================================================
+--- xpdf/Stream.h
++++ xpdf/Stream.h
+@@ -233,6 +233,8 @@ public:
+
+ ~StreamPredictor();
+
++ GBool isOk() { return ok; }
++
+ int lookChar();
+ int getChar();
+
+@@ -250,6 +252,7 @@ private:
+ int rowBytes; // bytes per line
+ Guchar *predLine; // line buffer
+ int predIdx; // current index in predLine
++ GBool ok;
+ };
+
+ //------------------------------------------------------------------------
+Index: xpdf/Stream.cc
+===================================================================
+--- xpdf/Stream.cc
++++ xpdf/Stream.cc
+@@ -15,6 +15,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stddef.h>
++#include <limits.h>
+ #ifndef WIN32
+ #include <unistd.h>
+ #endif
+@@ -412,13 +413,28 @@ StreamPredictor::StreamPredictor(Stream
+ width = widthA;
+ nComps = nCompsA;
+ nBits = nBitsA;
++ predLine = NULL;
++ ok = gFalse;
+
++ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++ nComps >= INT_MAX/nBits ||
++ width >= INT_MAX/nComps/nBits) {
++ return;
++ }
+ nVals = width * nComps;
++ if (nVals * nBits + 7 <= 0) {
++ return;
++ }
+ pixBytes = (nComps * nBits + 7) >> 3;
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++ if (rowBytes < 0) {
++ return;
++ }
+ predLine = (Guchar *)gmalloc(rowBytes);
+ memset(predLine, 0, rowBytes);
+ predIdx = rowBytes;
++
++ ok = gTrue;
+ }
+
+ StreamPredictor::~StreamPredictor() {
+@@ -1012,6 +1028,10 @@ LZWStream::LZWStream(Stream *strA, int p
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if (!pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+@@ -1260,6 +1280,10 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
+ endOfLine = endOfLineA;
+ byteAlign = byteAlignA;
+ columns = columnsA;
++ if (columns < 1 || columns >= INT_MAX / sizeof(short)) {
++ error(-1, "invalid number of columns: %d", columns);
++ exit(1);
++ }
+ rows = rowsA;
+ endOfBlock = endOfBlockA;
+ black = blackA;
+@@ -2897,6 +2921,11 @@ GBool DCTStream::readBaselineSOF() {
+ height = read16();
+ width = read16();
+ numComps = str->getChar();
++ if (numComps <= 0 || numComps > 4) {
++ numComps = 0;
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ if (prec != 8) {
+ error(getPos(), "Bad DCT precision %d", prec);
+ return gFalse;
+@@ -2923,6 +2952,11 @@ GBool DCTStream::readProgressiveSOF() {
+ height = read16();
+ width = read16();
+ numComps = str->getChar();
++ if (numComps <= 0 || numComps > 4) {
++ numComps = 0;
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ if (prec != 8) {
+ error(getPos(), "Bad DCT precision %d", prec);
+ return gFalse;
+@@ -2945,6 +2979,11 @@ GBool DCTStream::readScanInfo() {
+
+ length = read16() - 2;
+ scanInfo.numComps = str->getChar();
++ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
++ scanInfo.numComps = 0;
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ --length;
+ if (length != 2 * scanInfo.numComps + 3) {
+ error(getPos(), "Bad DCT scan info block");
+@@ -3019,12 +3058,12 @@ GBool DCTStream::readHuffmanTables() {
+ while (length > 0) {
+ index = str->getChar();
+ --length;
+- if ((index & 0x0f) >= 4) {
++ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
+ error(getPos(), "Bad DCT Huffman table");
+ return gFalse;
+ }
+ if (index & 0x10) {
+- index &= 0x0f;
++ index &= 0x03;
+ if (index >= numACHuffTables)
+ numACHuffTables = index+1;
+ tbl = &acHuffTables[index];
+@@ -3142,9 +3181,11 @@ int DCTStream::readMarker() {
+ do {
+ do {
+ c = str->getChar();
++ if(c == EOF) return EOF;
+ } while (c != 0xff);
+ do {
+ c = str->getChar();
++ if(c == EOF) return EOF;
+ } while (c == 0xff);
+ } while (c == 0x00);
+ return c;
+@@ -3255,6 +3296,10 @@ FlateStream::FlateStream(Stream *strA, i
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if (!pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+Index: xpdf/JBIG2Stream.cc
+===================================================================
+--- xpdf/JBIG2Stream.cc
++++ xpdf/JBIG2Stream.cc
+@@ -7,6 +7,7 @@
+ //========================================================================
+
+ #include <aconf.h>
++#include <limits.h>
+
+ #ifdef USE_GCC_PRAGMAS
+ #pragma implementation
+@@ -681,7 +682,16 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
+ w = wA;
+ h = hA;
+ line = (wA + 7) >> 3;
+- data = (Guchar *)gmalloc(h * line);
++
++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
++ error(-1, "invalid width/height");
++ data = NULL;
++ return;
++ }
++
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
++ data[h * line] = 0;
+ }
+
+ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap):
+@@ -690,8 +700,17 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
+ w = bitmap->w;
+ h = bitmap->h;
+ line = bitmap->line;
+- data = (Guchar *)gmalloc(h * line);
++
++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
++ error(-1, "invalid width/height");
++ data = NULL;
++ return;
++ }
++
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
+ memcpy(data, bitmap->data, h * line);
++ data[h * line] = 0;
+ }
+
+ JBIG2Bitmap::~JBIG2Bitmap() {
+@@ -716,10 +735,14 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint
+ }
+
+ void JBIG2Bitmap::expand(int newH, Guint pixel) {
+- if (newH <= h) {
++ if (newH <= h || line <= 0 || newH >= (INT_MAX - 1) / line) {
++ error(-1, "invalid width/height");
++ gfree(data);
++ data = NULL;
+ return;
+ }
+- data = (Guchar *)grealloc(data, newH * line);
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)grealloc(data, newH * line + 1);
+ if (pixel) {
+ memset(data + h * line, 0xff, (newH - h) * line);
+ } else {
+@@ -2256,6 +2279,15 @@ void JBIG2Stream::readHalftoneRegionSeg(
+ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
+ return;
+ }
++ if (gridH == 0 || gridW >= INT_MAX / gridH) {
++ error(getPos(), "Bad size in JBIG2 halftone segment");
++ return;
++ }
++ if (w == 0 || h >= INT_MAX / w) {
++ error(getPos(), "Bad size in JBIG2 bitmap segment");
++ return;
++ }
++
+ patternDict = (JBIG2PatternDict *)seg;
+ bpp = 0;
+ i = 1;
+@@ -2887,6 +2919,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef
+ JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2;
+ int x, y, pix;
+
++ if (w < 0 || h <= 0 || w >= INT_MAX / h) {
++ error(-1, "invalid width/height");
++ return NULL;
++ }
++
+ bitmap = new JBIG2Bitmap(0, w, h);
+ bitmap->clearToZero();
+
+# vim: syntax=diff
--
cgit v1.2.3