diff options
Diffstat (limited to 'patches/source/poppler')
6 files changed, 400 insertions, 0 deletions
diff --git a/patches/source/poppler/poppler-0.10.7.CVE-2009-3603_3604_3605_3606_3608_3609.diff b/patches/source/poppler/poppler-0.10.7.CVE-2009-3603_3604_3605_3606_3608_3609.diff new file mode 100644 index 000000000..ac9eda9c0 --- /dev/null +++ b/patches/source/poppler/poppler-0.10.7.CVE-2009-3603_3604_3605_3606_3608_3609.diff @@ -0,0 +1,213 @@ +--- ./splash/SplashErrorCodes.h.orig 2009-05-02 07:14:56.000000000 -0500 ++++ ./splash/SplashErrorCodes.h 2009-10-28 16:42:00.000000000 -0500 +@@ -41,6 +41,8 @@ + + #define splashErrSingularMatrix 8 // matrix is singular + ++#define splashErrBadArg 9 // bad argument ++ + #define splashErrZeroImage 9 // image of 0x0 + + #endif +--- ./splash/SplashBitmap.cc.orig 2009-05-02 07:14:57.000000000 -0500 ++++ ./splash/SplashBitmap.cc 2009-10-28 16:44:24.000000000 -0500 +@@ -26,6 +26,7 @@ + #endif + + #include <stdio.h> ++#include <limits.h> + #include "goo/gmem.h" + #include "SplashErrorCodes.h" + #include "SplashBitmap.h" +@@ -42,33 +43,55 @@ + mode = modeA; + switch (mode) { + case splashModeMono1: +- rowSize = (width + 7) >> 3; ++ if (width > 0) { ++ rowSize = (width + 7) >> 3; ++ } else { ++ rowSize = -1; ++ } + break; + case splashModeMono8: +- rowSize = width; ++ if (width > 0) { ++ rowSize = width; ++ } else { ++ rowSize = -1; ++ } + break; + case splashModeRGB8: + case splashModeBGR8: +- rowSize = width * 3; ++ if (width > 0 && width <= INT_MAX / 3) { ++ rowSize = width * 3; ++ } else { ++ rowSize = -1; ++ } + break; + case splashModeXBGR8: +- rowSize = width * 4; ++ if (width > 0 && width <= INT_MAX / 4) { ++ rowSize = width * 4; ++ } else { ++ rowSize = -1; ++ } + break; + #if SPLASH_CMYK + case splashModeCMYK8: +- rowSize = width * 4; ++ if (width > 0 && width <= INT_MAX / 4) { ++ rowSize = width * 4; ++ } else { ++ rowSize = -1; ++ } + break; + #endif + } +- rowSize += rowPad - 1; +- rowSize -= rowSize % rowPad; +- data = (SplashColorPtr)gmallocn(rowSize, height); ++ if (rowSize > 0) { ++ rowSize += rowPad - 1; ++ rowSize -= rowSize % rowPad; ++ } ++ data = (SplashColorPtr)gmallocn(height, rowSize); + if (!topDown) { + data += (height - 1) * rowSize; + rowSize = -rowSize; + } + if (alphaA) { +- alpha = (Guchar *)gmalloc(width * height); ++ alpha = (Guchar *)gmallocn(width, height); + } else { + alpha = NULL; + } +--- ./splash/Splash.cc.orig 2009-05-02 07:14:57.000000000 -0500 ++++ ./splash/Splash.cc 2009-10-28 16:42:00.000000000 -0500 +@@ -27,6 +27,7 @@ + + #include <stdlib.h> + #include <string.h> ++#include <limits.h> + #include "goo/gmem.h" + #include "SplashErrorCodes.h" + #include "SplashMath.h" +@@ -2001,7 +2002,10 @@ + xq = w % scaledWidth; + + // allocate pixel buffer +- pixBuf = (SplashColorPtr)gmalloc((yp + 1) * w); ++ if (yp < 0 || yp > INT_MAX - 1) { ++ return splashErrBadArg; ++ } ++ pixBuf = (SplashColorPtr)gmallocn(yp + 1, w); + + // initialize the pixel pipe + pipeInit(&pipe, 0, 0, state->fillPattern, NULL, state->fillAlpha, +@@ -2301,9 +2305,12 @@ + xq = w % scaledWidth; + + // allocate pixel buffers +- colorBuf = (SplashColorPtr)gmalloc((yp + 1) * w * nComps); ++ if (yp < 0 || yp > INT_MAX - 1 || w > INT_MAX / nComps) { ++ return splashErrBadArg; ++ } ++ colorBuf = (SplashColorPtr)gmallocn(yp + 1, w * nComps); + if (srcAlpha) { +- alphaBuf = (Guchar *)gmalloc((yp + 1) * w); ++ alphaBuf = (Guchar *)gmallocn(yp + 1, w); + } else { + alphaBuf = NULL; + } +--- ./poppler/XRef.cc.orig 2009-05-02 07:14:57.000000000 -0500 ++++ ./poppler/XRef.cc 2009-10-28 16:42:00.000000000 -0500 +@@ -76,6 +76,8 @@ + // generation 0. + ObjectStream(XRef *xref, int objStrNumA); + ++ GBool isOk() { return ok; } ++ + ~ObjectStream(); + + // Return the object number of this object stream. +@@ -91,6 +93,7 @@ + int nObjects; // number of objects in the stream + Object *objs; // the objects (length = nObjects) + int *objNums; // the object numbers (length = nObjects) ++ GBool ok; + }; + + ObjectStream::ObjectStream(XRef *xref, int objStrNumA) { +@@ -104,6 +107,7 @@ + nObjects = 0; + objs = NULL; + objNums = NULL; ++ ok = gFalse; + + if (!xref->fetch(objStrNum, 0, &objStr)->isStream()) { + goto err1; +@@ -134,6 +138,13 @@ + goto err1; + } + ++ // this is an arbitrary limit to avoid integer overflow problems ++ // in the 'new Object[nObjects]' call (Acrobat apparently limits ++ // object streams to 100-200 objects) ++ if (nObjects > 1000000) { ++ error(-1, "Too many objects in an object stream"); ++ goto err1; ++ } + objs = new Object[nObjects]; + objNums = (int *)gmallocn(nObjects, sizeof(int)); + offsets = (int *)gmallocn(nObjects, sizeof(int)); +@@ -190,10 +201,10 @@ + } + + gfree(offsets); ++ ok = gTrue; + + err1: + objStr.free(); +- return; + } + + ObjectStream::~ObjectStream() { +@@ -970,6 +981,11 @@ + delete objStr; + } + objStr = new ObjectStream(this, e->offset); ++ if (!objStr->isOk()) { ++ delete objStr; ++ objStr = NULL; ++ goto err; ++ } + } + objStr->getObject(e->gen, num, obj); + break; +--- ./poppler/PSOutputDev.cc.orig 2009-05-02 07:14:57.000000000 -0500 ++++ ./poppler/PSOutputDev.cc 2009-10-28 16:42:00.000000000 -0500 +@@ -4502,7 +4502,8 @@ + width, -height, height); + + // allocate a line buffer +- lineBuf = (Guchar *)gmalloc(4 * width); ++ lineBuf = (Guchar *)gmallocn(width, 4); ++ + + // set up to process the data stream + imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(), +--- ./poppler/Stream.cc.orig 2009-05-16 10:27:41.000000000 -0500 ++++ ./poppler/Stream.cc 2009-10-28 16:42:00.000000000 -0500 +@@ -403,6 +403,10 @@ + } else { + imgLineSize = nVals; + } ++ if (width > INT_MAX / nComps) { ++ // force a call to gmallocn(-1,...), which will throw an exception ++ imgLineSize = -1; ++ } + imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar)); + imgIdx = nVals; + } diff --git a/patches/source/poppler/poppler-0.12.4-CVE-2010-3702.patch b/patches/source/poppler/poppler-0.12.4-CVE-2010-3702.patch new file mode 100644 index 000000000..9875b5a53 --- /dev/null +++ b/patches/source/poppler/poppler-0.12.4-CVE-2010-3702.patch @@ -0,0 +1,18 @@ +--- poppler-0.12.4/poppler/Gfx.cc 2010-01-23 00:54:42.000000000 +0100 ++++ poppler-0.12.4/poppler/Gfx.cc 2010-10-06 13:35:27.000000000 +0200 +@@ -518,6 +518,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, i + drawText = gFalse; + maskHaveCSPattern = gFalse; + mcStack = NULL; ++ parser = NULL; + + // start the resource stack + res = new GfxResources(xref, resDict, NULL); +@@ -570,6 +571,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, D + drawText = gFalse; + maskHaveCSPattern = gFalse; + mcStack = NULL; ++ parser = NULL; + + // start the resource stack + res = new GfxResources(xref, resDict, NULL); diff --git a/patches/source/poppler/poppler-0.12.4-CVE-2010-3703.patch b/patches/source/poppler/poppler-0.12.4-CVE-2010-3703.patch new file mode 100644 index 000000000..565a45ba0 --- /dev/null +++ b/patches/source/poppler/poppler-0.12.4-CVE-2010-3703.patch @@ -0,0 +1,10 @@ +--- poppler-0.12.4/poppler/Function.cc 2010-01-17 01:06:57.000000000 +0100 ++++ poppler-0.12.4/poppler/Function.cc 2010-10-06 13:40:22.000000000 +0200 +@@ -1106,6 +1106,7 @@ PostScriptFunction::PostScriptFunction(O + code = NULL; + codeString = NULL; + codeSize = 0; ++ stack = NULL; + ok = gFalse; + cache = new PopplerCache(5); + diff --git a/patches/source/poppler/poppler-0.12.4-CVE-2010-3704.patch b/patches/source/poppler/poppler-0.12.4-CVE-2010-3704.patch new file mode 100644 index 000000000..bfd5f41b0 --- /dev/null +++ b/patches/source/poppler/poppler-0.12.4-CVE-2010-3704.patch @@ -0,0 +1,20 @@ +--- poppler-0.12.4/fofi/FoFiType1.cc 2010-01-17 01:06:57.000000000 +0100 ++++ poppler-0.12.4/fofi/FoFiType1.cc 2010-10-06 13:37:39.000000000 +0200 +@@ -13,7 +13,7 @@ + // All changes made under the Poppler project to this file are licensed + // under GPL version 2 or later + // +-// Copyright (C) 2005, 2008 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2005, 2008, 2010 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2005 Kristian Høgsberg <krh@redhat.com> + // + // To see a description of the changes please see the Changelog file that +@@ -241,7 +242,7 @@ void FoFiType1::parse() { + code = code * 8 + (*p2 - '0'); + } + } +- if (code < 256) { ++ if (code < 256 && code >= 0) { + for (p = p2; *p == ' ' || *p == '\t'; ++p) ; + if (*p == '/') { + ++p; diff --git a/patches/source/poppler/poppler.SlackBuild b/patches/source/poppler/poppler.SlackBuild new file mode 100755 index 000000000..7fb3791d1 --- /dev/null +++ b/patches/source/poppler/poppler.SlackBuild @@ -0,0 +1,120 @@ +#!/bin/sh + +# Copyright 2006, 2007, 2008, 2009 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +PKGNAM=poppler +VERSION=${VERSION:-0.10.7} +BUILD=${BUILD:-3_slack13.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i486 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-${PKGNAM} +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP || exit 1 +rm -rf ${PKGNAM}-${VERSION} +tar xvf $CWD/${PKGNAM}-$VERSION.tar.?z* || exit 1 +cd ${PKGNAM}-$VERSION || exit 1 + +zcat $CWD/poppler-0.10.7.CVE-2009-3603_3604_3605_3606_3608_3609.diff.gz | patch -p1 --verbose || exit 1 + +zcat $CWD/poppler-0.12.4-CVE-2010-3702.patch.gz | patch -p1 --verbose || exit 1 +# minor crash fix that does not apply to this poppler version: +#zcat $CWD/poppler-0.12.4-CVE-2010-3703.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/poppler-0.12.4-CVE-2010-3704.patch.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --enable-xpdf-headers \ + --enable-poppler-qt4 \ + --enable-cairo-output \ + --mandir=/usr/man \ + --disable-static \ + --enable-zlib \ + --build=$ARCH-slackware-linux + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.* + ) + done + ) +fi + +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a AUTHORS COPYING* INSTALL NEWS README README-XPDF TODO \ + $PKG/usr/doc/${PKGNAM}-$VERSION +( cd $PKG/usr/doc/${PKGNAM}-$VERSION + ln -s /usr/share/gtk-doc/html/poppler html ) + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/poppler/slack-desc b/patches/source/poppler/slack-desc new file mode 100644 index 000000000..9d5891d8a --- /dev/null +++ b/patches/source/poppler/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +poppler: poppler (a library for rendering PDF documents) +poppler: +poppler: Poppler is a library based on the xpdf PDF viewer developed by Derek +poppler: Noonburg of Glyph and Cog, LLC. Since xpdf does not provide a shared +poppler: library, whenever a flaw was found potentially dozens of applications +poppler: incorporating code from xpdf would have to be patched. By providing +poppler: a centralized PDF library this duplicated effort will be eliminated. +poppler: +poppler: +poppler: +poppler: |