diff options
Diffstat (limited to 'patches/source/xpdf/patches')
| -rw-r--r-- | patches/source/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff | 55 | ||||
| -rw-r--r-- | patches/source/xpdf/patches/xpdf.XPDFViewer.diff | 11 | ||||
| -rw-r--r-- | patches/source/xpdf/patches/xpdfrc.diff | 43 |
3 files changed, 109 insertions, 0 deletions
diff --git a/patches/source/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff b/patches/source/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff new file mode 100644 index 000000000..891c41fd3 --- /dev/null +++ b/patches/source/xpdf/patches/xpdf-3.03-CVE-2012-2142.diff @@ -0,0 +1,55 @@ +From 3945969e0072217c143fefa3044512a31ac2afa8 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Sun, 11 Aug 2013 +Subject: CVE-2012-2142 + +Filter stuff that might end up in the shell to address CVE-2012-2142. +This code was adapted from the Poppler project. +--- + Error.cc | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +--- a/xpdf/Error.cc 2013-08-11 ++++ b/xpdf/Error.cc 2013-08-11 +@@ -43,7 +43,7 @@ void setErrorCallback(void (*cbk)(void * + + void CDECL error(ErrorCategory category, int pos, const char *msg, ...) { + va_list args; +- GString *s; ++ GString *s, *sanitized; + + // NB: this can be called before the globalParams object is created + if (!errorCbk && globalParams && globalParams->getErrQuiet()) { +@@ -52,17 +52,28 @@ void CDECL error(ErrorCategory category, + va_start(args, msg); + s = GString::formatv(msg, args); + va_end(args); ++ ++ sanitized = new GString (); ++ for (int i = 0; i < s->getLength(); ++i) { ++ const char c = s->getChar(i); ++ if (c < (char)0x20 || c >= (char)0x7f) { ++ sanitized->appendf("<{0:02x}>", c & 0xff); ++ } else { ++ sanitized->append(c); ++ } ++ } ++ + if (errorCbk) { +- (*errorCbk)(errorCbkData, category, pos, s->getCString()); ++ (*errorCbk)(errorCbkData, category, pos, sanitized->getCString()); + } else { + if (pos >= 0) { + fprintf(stderr, "%s (%d): %s\n", +- errorCategoryNames[category], pos, s->getCString()); ++ errorCategoryNames[category], pos, sanitized->getCString()); + } else { + fprintf(stderr, "%s: %s\n", +- errorCategoryNames[category], s->getCString()); ++ errorCategoryNames[category], sanitized->getCString()); + } + fflush(stderr); + } +- delete s; ++ delete sanitized; + } diff --git a/patches/source/xpdf/patches/xpdf.XPDFViewer.diff b/patches/source/xpdf/patches/xpdf.XPDFViewer.diff new file mode 100644 index 000000000..0aa4455d5 --- /dev/null +++ b/patches/source/xpdf/patches/xpdf.XPDFViewer.diff @@ -0,0 +1,11 @@ +--- ./xpdf/XPDFViewer.cc.orig 2011-08-15 16:08:53.000000000 -0500 ++++ ./xpdf/XPDFViewer.cc 2013-03-28 15:35:31.589432279 -0500 +@@ -1803,7 +1803,7 @@ + menuPane = XmCreatePulldownMenu(toolBar, "zoomMenuPane", args, n); + for (i = 0; i < nZoomMenuItems; ++i) { + n = 0; +- s = XmStringCreateLocalized(zoomMenuInfo[i].label); ++ s = XmStringCreateLocalized((char *)zoomMenuInfo[i].label); + XtSetArg(args[n], XmNlabelString, s); ++n; + XtSetArg(args[n], XmNuserData, (XtPointer)i); ++n; + sprintf(buf, "zoom%d", i); diff --git a/patches/source/xpdf/patches/xpdfrc.diff b/patches/source/xpdf/patches/xpdfrc.diff new file mode 100644 index 000000000..c136f9970 --- /dev/null +++ b/patches/source/xpdf/patches/xpdfrc.diff @@ -0,0 +1,43 @@ +--- ./doc/sample-xpdfrc.orig 2013-03-28 15:29:16.957444255 -0500 ++++ ./doc/sample-xpdfrc 2013-03-28 15:32:11.413438678 -0500 +@@ -29,20 +29,20 @@ + # installed in a "standard" location, xpdf will find them + # automatically.) + +-#fontFile Times-Roman /usr/local/share/ghostscript/fonts/n021003l.pfb +-#fontFile Times-Italic /usr/local/share/ghostscript/fonts/n021023l.pfb +-#fontFile Times-Bold /usr/local/share/ghostscript/fonts/n021004l.pfb +-#fontFile Times-BoldItalic /usr/local/share/ghostscript/fonts/n021024l.pfb +-#fontFile Helvetica /usr/local/share/ghostscript/fonts/n019003l.pfb +-#fontFile Helvetica-Oblique /usr/local/share/ghostscript/fonts/n019023l.pfb +-#fontFile Helvetica-Bold /usr/local/share/ghostscript/fonts/n019004l.pfb +-#fontFile Helvetica-BoldOblique /usr/local/share/ghostscript/fonts/n019024l.pfb +-#fontFile Courier /usr/local/share/ghostscript/fonts/n022003l.pfb +-#fontFile Courier-Oblique /usr/local/share/ghostscript/fonts/n022023l.pfb +-#fontFile Courier-Bold /usr/local/share/ghostscript/fonts/n022004l.pfb +-#fontFile Courier-BoldOblique /usr/local/share/ghostscript/fonts/n022024l.pfb +-#fontFile Symbol /usr/local/share/ghostscript/fonts/s050000l.pfb +-#fontFile ZapfDingbats /usr/local/share/ghostscript/fonts/d050000l.pfb ++fontFile Times-Roman /usr/share/ghostscript/fonts/n021003l.pfb ++fontFile Times-Italic /usr/share/ghostscript/fonts/n021023l.pfb ++fontFile Times-Bold /usr/share/ghostscript/fonts/n021004l.pfb ++fontFile Times-BoldItalic /usr/share/ghostscript/fonts/n021024l.pfb ++fontFile Helvetica /usr/share/ghostscript/fonts/n019003l.pfb ++fontFile Helvetica-Oblique /usr/share/ghostscript/fonts/n019023l.pfb ++fontFile Helvetica-Bold /usr/share/ghostscript/fonts/n019004l.pfb ++fontFile Helvetica-BoldOblique /usr/share/ghostscript/fonts/n019024l.pfb ++fontFile Courier /usr/share/ghostscript/fonts/n022003l.pfb ++fontFile Courier-Oblique /usr/share/ghostscript/fonts/n022023l.pfb ++fontFile Courier-Bold /usr/share/ghostscript/fonts/n022004l.pfb ++fontFile Courier-BoldOblique /usr/share/ghostscript/fonts/n022024l.pfb ++fontFile Symbol /usr/share/ghostscript/fonts/s050000l.pfb ++fontFile ZapfDingbats /usr/share/ghostscript/fonts/d050000l.pfb + + # If you need to display PDF files that refer to non-embedded fonts, + # you should add one or more fontDir options to point to the +@@ -89,4 +89,4 @@ + # clicked. + + #launchCommand viewer-script +-#urlCommand "netscape -remote 'openURL(%s)'" ++#urlCommand "firefox -remote 'openURL(%s)'" |