diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2004-11-22 10:49:24 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2004-11-22 10:49:24 +0000 |
commit | f69ccff91d56e7fcbee9493a7b2580a8685bad71 (patch) | |
tree | 35aa5c6930c6427a8f0d6ff315d9604313787381 /app-text/pdftohtml | |
parent | Fixed broken Manifest. (Manifest recommit) (diff) | |
download | gentoo-2-f69ccff91d56e7fcbee9493a7b2580a8685bad71.tar.gz gentoo-2-f69ccff91d56e7fcbee9493a7b2580a8685bad71.tar.bz2 gentoo-2-f69ccff91d56e7fcbee9493a7b2580a8685bad71.zip |
Bug #69019, security advisory for xpdf.
Diffstat (limited to 'app-text/pdftohtml')
-rw-r--r-- | app-text/pdftohtml/ChangeLog | 9 | ||||
-rw-r--r-- | app-text/pdftohtml/Manifest | 7 | ||||
-rw-r--r-- | app-text/pdftohtml/files/digest-pdftohtml-0.36-r1 | 1 | ||||
-rw-r--r-- | app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff | 78 | ||||
-rw-r--r-- | app-text/pdftohtml/files/xpdf-goo-sizet.patch | 57 | ||||
-rw-r--r-- | app-text/pdftohtml/files/xpdf2-underflow.patch | 81 | ||||
-rw-r--r-- | app-text/pdftohtml/pdftohtml-0.36-r1.ebuild | 31 |
7 files changed, 262 insertions, 2 deletions
diff --git a/app-text/pdftohtml/ChangeLog b/app-text/pdftohtml/ChangeLog index 79029c89ccf6..cf305931842e 100644 --- a/app-text/pdftohtml/ChangeLog +++ b/app-text/pdftohtml/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for app-text/pdftohtml # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-text/pdftohtml/ChangeLog,v 1.11 2004/10/19 03:21:32 tgall Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/pdftohtml/ChangeLog,v 1.12 2004/11/22 10:49:24 robbat2 Exp $ + +*pdftohtml-0.36-r1 (22 Nov 2004) + + 22 Nov 2004; Robin H. Johnson <robbat2@gentoo.org> + +files/xpdf-CESA-2004-007-xpdf2-newer.diff, +files/xpdf-goo-sizet.patch, + +files/xpdf2-underflow.patch, +pdftohtml-0.36-r1.ebuild: + Bug #69019, security advisory for xpdf. 18 Oct 2004; Tom Gall <tgall@gentoo.org> pdftohtml-0.36.ebuild: stable on ppc64, bug #64536 diff --git a/app-text/pdftohtml/Manifest b/app-text/pdftohtml/Manifest index 46d853ea3871..d454f7a3319a 100644 --- a/app-text/pdftohtml/Manifest +++ b/app-text/pdftohtml/Manifest @@ -1,3 +1,8 @@ -MD5 092fe4bf1c5eebbd8bea14937e8e2fb8 ChangeLog 1239 +MD5 ea785c89765325438050c1e4ec081d0f pdftohtml-0.36-r1.ebuild 841 MD5 3b3ad24b3f517099ffb7d0b83731a527 pdftohtml-0.36.ebuild 655 +MD5 092fe4bf1c5eebbd8bea14937e8e2fb8 ChangeLog 1239 MD5 89167430147d99e86ca445b23be50f1b files/digest-pdftohtml-0.36 66 +MD5 362296e34a1a04a6e5e2a7d9e97547c6 files/xpdf2-underflow.patch 2363 +MD5 2fce5bedd61300fad1566a41f991a782 files/xpdf-goo-sizet.patch 1424 +MD5 89167430147d99e86ca445b23be50f1b files/digest-pdftohtml-0.36-r1 66 +MD5 87d20c86d1451638e4b7adc2f7ac8067 files/xpdf-CESA-2004-007-xpdf2-newer.diff 2718 diff --git a/app-text/pdftohtml/files/digest-pdftohtml-0.36-r1 b/app-text/pdftohtml/files/digest-pdftohtml-0.36-r1 new file mode 100644 index 000000000000..5ae8348e609f --- /dev/null +++ b/app-text/pdftohtml/files/digest-pdftohtml-0.36-r1 @@ -0,0 +1 @@ +MD5 75ad095bb51e1f66c9f7691e6af12f44 pdftohtml-0.36.tar.gz 300922 diff --git a/app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff b/app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff new file mode 100644 index 000000000000..55a24458c9a4 --- /dev/null +++ b/app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff @@ -0,0 +1,78 @@ +--- XRef.cc.orig 2004-09-17 23:54:38.000000000 -0700 ++++ XRef.cc 2004-09-25 17:59:36.000000000 -0700 +@@ -76,6 +76,12 @@ + + // trailer is ok - read the xref table + } else { ++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ error(-1, "Invalid 'size' inside xref table."); ++ ok = gFalse; ++ errCode = errDamaged; ++ return; ++ } + entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry)); + for (i = 0; i < size; ++i) { + entries[i].offset = 0xffffffff; +@@ -267,6 +273,10 @@ + // table size + if (first + n > size) { + newSize = size + 256; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'newSize'"); ++ goto err2; ++ } + entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { + entries[i].offset = 0xffffffff; +@@ -410,6 +420,10 @@ + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; ++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ error(-1, "Invalid 'obj' parameters."); ++ return gFalse; ++ } + entries = (XRefEntry *) + grealloc(entries, newSize * sizeof(XRefEntry)); + for (i = size; i < newSize; ++i) { +@@ -431,6 +445,11 @@ + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; ++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ error(-1, "Invalid 'endstream' parameter."); ++ return gFalse; ++ } ++ + streamEnds = (Guint *)grealloc(streamEnds, + streamEndsSize * sizeof(int)); + } +--- Catalog.cc.orig 2004-10-18 16:26:39.388666476 +0200 ++++ Catalog.cc 2004-10-18 16:27:28.004749073 +0200 +@@ -62,6 +62,12 @@ + } + pagesSize = numPages0 = obj.getInt(); + obj.free(); ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize'"); ++ ok = gFalse; ++ return; ++ } + pages = (Page **)gmalloc(pagesSize * sizeof(Page *)); + pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref)); + for (i = 0; i < pagesSize; ++i) { +@@ -186,6 +192,11 @@ + } + if (start >= pagesSize) { + pagesSize += 32; ++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ error(-1, "Invalid 'pagesSize' parameter."); ++ goto err3; ++ } + pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *)); + pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref)); + for (j = pagesSize - 32; j < pagesSize; ++j) { + + diff --git a/app-text/pdftohtml/files/xpdf-goo-sizet.patch b/app-text/pdftohtml/files/xpdf-goo-sizet.patch new file mode 100644 index 000000000000..5d90c5120bd4 --- /dev/null +++ b/app-text/pdftohtml/files/xpdf-goo-sizet.patch @@ -0,0 +1,57 @@ +diff -ru xpdf-2.02pl1/goo/gmem.c xpdf-2.02pl1/goo/gmem.c +--- xpdf-2.02pl1/goo/gmem.c 2003-06-16 22:01:26.000000000 +0200 ++++ xpdf-2.02pl1/goo/gmem.c 2004-10-29 15:13:34.866919791 +0200 +@@ -53,9 +53,9 @@ + + #endif /* DEBUG_MEM */ + +-void *gmalloc(int size) { ++void *gmalloc(size_t size) { + #ifdef DEBUG_MEM +- int size1; ++ size_t size1; + char *mem; + GMemHdr *hdr; + void *data; +@@ -94,11 +94,11 @@ + #endif + } + +-void *grealloc(void *p, int size) { ++void *grealloc(void *p, size_t size) { + #ifdef DEBUG_MEM + GMemHdr *hdr; + void *q; +- int oldSize; ++ size_t oldSize; + + if (size == 0) { + if (p) +@@ -137,7 +137,7 @@ + + void gfree(void *p) { + #ifdef DEBUG_MEM +- int size; ++ size_t size; + GMemHdr *hdr; + GMemHdr *prevHdr, *q; + int lst; +diff -ru xpdf-2.02pl1/goo/gmem.h xpdf-2.02pl1/goo/gmem.h +--- xpdf-2.02pl1/goo/gmem.h 2003-06-16 22:01:26.000000000 +0200 ++++ xpdf-2.02pl1/goo/gmem.h 2004-10-29 15:13:50.864027201 +0200 +@@ -19,13 +19,13 @@ + * Same as malloc, but prints error message and exits if malloc() + * returns NULL. + */ +-extern void *gmalloc(int size); ++extern void *gmalloc(size_t size); + + /* + * Same as realloc, but prints error message and exits if realloc() + * returns NULL. If <p> is NULL, calls malloc instead of realloc(). + */ +-extern void *grealloc(void *p, int size); ++extern void *grealloc(void *p, size_t size); + + /* + * Same as free, but checks for and ignores NULL pointers. diff --git a/app-text/pdftohtml/files/xpdf2-underflow.patch b/app-text/pdftohtml/files/xpdf2-underflow.patch new file mode 100644 index 000000000000..9371be84352e --- /dev/null +++ b/app-text/pdftohtml/files/xpdf2-underflow.patch @@ -0,0 +1,81 @@ +diff -ru xpdf-2.02pl1/xpdf/XRef.cc xpdf-2.02pl1/xpdf/XRef.cc +--- xpdf-2.02pl1/xpdf/XRef.cc 2004-10-29 15:16:45.790089001 +0200 ++++ xpdf-2.02pl1/xpdf/XRef.cc 2004-10-29 15:11:54.132168025 +0200 +@@ -66,6 +66,8 @@ + start = str->getStart(); + pos = readTrailer(); + ++ entries = NULL; ++ + // if there was a problem with the trailer, + // try to reconstruct the xref table + if (pos == 0) { +@@ -76,7 +78,7 @@ + + // trailer is ok - read the xref table + } else { +- if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) { + error(-1, "Invalid 'size' inside xref table."); + ok = gFalse; + errCode = errDamaged; +@@ -181,7 +183,7 @@ + n = atoi(p); + while ('0' <= *p && *p <= '9') ++p; + while (isspace(*p)) ++p; +- if (p == buf) ++ if ((p == buf) || (n < 0)) /* must make progress */ + return 0; + pos1 += (p - buf) + n * 20; + } +@@ -255,6 +257,10 @@ + } + s[i] = '\0'; + first = atoi(s); ++ if (first < 0) { ++ error(-1, "Invalid 'first'"); ++ goto err2; ++ } + while ((c = str->lookChar()) != EOF && isspace(c)) { + str->getChar(); + } +@@ -266,6 +272,10 @@ + } + s[i] = '\0'; + n = atoi(s); ++ if (n<=0) { ++ error(-1, "Invalid 'n'"); ++ goto err2; ++ } + while ((c = str->lookChar()) != EOF && isspace(c)) { + str->getChar(); + } +@@ -273,7 +283,7 @@ + // table size + if (first + n > size) { + newSize = size + 256; +- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) { + error(-1, "Invalid 'newSize'"); + goto err2; + } +@@ -406,6 +416,10 @@ + // look for object + } else if (isdigit(*p)) { + num = atoi(p); ++ if (num < 0) { ++ error(-1, "Invalid 'num' parameters."); ++ return gFalse; ++ } + do { + ++p; + } while (*p && isdigit(*p)); +@@ -425,7 +439,7 @@ + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; +- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) { + error(-1, "Invalid 'obj' parameters."); + return gFalse; + } diff --git a/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild b/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild new file mode 100644 index 000000000000..91930073b4c9 --- /dev/null +++ b/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild,v 1.1 2004/11/22 10:49:24 robbat2 Exp $ + +inherit eutils + +DESCRIPTION="pdftohtml is a utility which converts PDF files into HTML and XML formats" +HOMEPAGE="http://${PN}.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="x86 sparc ppc ~amd64 ppc64" +IUSE="" +DEPEND="virtual/libc sys-devel/gcc" +RDEPEND="virtual/libc" + +src_unpack() { + unpack ${A} + EPATCH_OPTS="-d ${S}/xpdf -p0" epatch ${FILESDIR}/xpdf-CESA-2004-007-xpdf2-newer.diff + EPATCH_OPTS="-d ${S} -p1" epatch ${FILESDIR}/xpdf-goo-sizet.patch + EPATCH_OPTS="-d ${S} -p1" epatch ${FILESDIR}/xpdf2-underflow.patch +} + +src_compile() { + emake || die +} + +src_install() { + dobin pdftohtml + dodoc AUTHORS BUGS CHANGES COPYING README pdf2xml.dtd +} |