diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2013-11-04 17:08:47 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-05-31 22:57:36 +0200 |
| commit | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch) | |
| tree | 9b98e6e193c7870cb27ac861394c1c4592850922 /source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff | |
| parent | 9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff) | |
| download | current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.xz | |
Slackware 14.1slackware-14.1
Mon Nov 4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!
It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system. Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
Diffstat (limited to 'source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff')
| -rw-r--r-- | source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff b/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff new file mode 100644 index 000000000..891c41fd3 --- /dev/null +++ b/source/xap/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff @@ -0,0 +1,55 @@ +From 3945969e0072217c143fefa3044512a31ac2afa8 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Sun, 11 Aug 2013 +Subject: CVE-2012-2142 + +Filter stuff that might end up in the shell to address CVE-2012-2142. +This code was adapted from the Poppler project. +--- + Error.cc | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +--- a/xpdf/Error.cc 2013-08-11 ++++ b/xpdf/Error.cc 2013-08-11 +@@ -43,7 +43,7 @@ void setErrorCallback(void (*cbk)(void * + + void CDECL error(ErrorCategory category, int pos, const char *msg, ...) { + va_list args; +- GString *s; ++ GString *s, *sanitized; + + // NB: this can be called before the globalParams object is created + if (!errorCbk && globalParams && globalParams->getErrQuiet()) { +@@ -52,17 +52,28 @@ void CDECL error(ErrorCategory category, + va_start(args, msg); + s = GString::formatv(msg, args); + va_end(args); ++ ++ sanitized = new GString (); ++ for (int i = 0; i < s->getLength(); ++i) { ++ const char c = s->getChar(i); ++ if (c < (char)0x20 || c >= (char)0x7f) { ++ sanitized->appendf("<{0:02x}>", c & 0xff); ++ } else { ++ sanitized->append(c); ++ } ++ } ++ + if (errorCbk) { +- (*errorCbk)(errorCbkData, category, pos, s->getCString()); ++ (*errorCbk)(errorCbkData, category, pos, sanitized->getCString()); + } else { + if (pos >= 0) { + fprintf(stderr, "%s (%d): %s\n", +- errorCategoryNames[category], pos, s->getCString()); ++ errorCategoryNames[category], pos, sanitized->getCString()); + } else { + fprintf(stderr, "%s: %s\n", +- errorCategoryNames[category], s->getCString()); ++ errorCategoryNames[category], sanitized->getCString()); + } + fflush(stderr); + } +- delete s; ++ delete sanitized; + } |