r648 - crux-2.1/ports/opt/poppler - crux-commits

1 Feb 2006

Author: sten
Date: 2006-02-01 09:52:41 +0100 (Wed, 01 Feb 2006)
New Revision: 648

Removed:
   crux-2.1/ports/opt/poppler/CAN-2005-3193.patch
Modified:
   crux-2.1/ports/opt/poppler/.md5sum
   crux-2.1/ports/opt/poppler/Pkgfile
Log:
[security] poppler: update to 0.4.4.  Fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627

Modified: crux-2.1/ports/opt/poppler/.md5sum
===================================================================

--- crux-2.1/ports/opt/poppler/.md5sum	2006-01-31 23:21:42 UTC (rev 647)
+++ crux-2.1/ports/opt/poppler/.md5sum	2006-02-01 08:52:41 UTC (rev 648)
@@ -1,2 +1 @@
-90a6ec1188e8339eb63da9e5028fd3de  CAN-2005-3193.patch
-beb1eea135a3c5b679a7a22d01a500c0  poppler-0.4.2.tar.gz
+e081bca749a3373b2d95e696b7dddb9b  poppler-0.4.4.tar.gz

Deleted: crux-2.1/ports/opt/poppler/CAN-2005-3193.patch
===================================================================
--- crux-2.1/ports/opt/poppler/CAN-2005-3193.patch	2006-01-31 23:21:42 UTC (rev 647)
+++ crux-2.1/ports/opt/poppler/CAN-2005-3193.patch	2006-02-01 08:52:41 UTC (rev 648)
@@ -1,118 +0,0 @@
-diff -ru poppler-0.4.2/poppler/JPXStream.cc poppler-0.4.2.CAN-2005-3193/poppler/JPXStream.cc
---- poppler-0.4.2/poppler/JPXStream.cc	2005-03-03 20:46:03.000000000 +0100
-+++ poppler-0.4.2.CAN-2005-3193/poppler/JPXStream.cc	2005-12-02 14:44:39.000000000 +0100
-@@ -666,7 +666,7 @@
-   int segType;
-   GBool haveSIZ, haveCOD, haveQCD, haveSOT;
-   Guint precinctSize, style;
--  Guint segLen, capabilities, comp, i, j, r;
-+  Guint segLen, capabilities, nTiles, comp, i, j, r;
- 
-   //----- main header
-   haveSIZ = haveCOD = haveQCD = haveSOT = gFalse;
-@@ -701,8 +701,13 @@
- 	            / img.xTileSize;
-       img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
- 	            / img.yTileSize;
--      img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles *
--				     sizeof(JPXTile));
-+      nTiles = img.nXTiles * img.nYTiles;
-+      // check for overflow before allocating memory
-+      if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) {
-+        error(getPos(), "Bad tile count in JPX SIZ marker segment");
-+        return gFalse;
-+      }
-+      img.tiles = (JPXTile *)gmalloc(nTiles * sizeof(JPXTile));
-       for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
- 	img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps *
- 							sizeof(JPXTileComp));
-diff -ru poppler-0.4.2/poppler/Stream.cc poppler-0.4.2.CAN-2005-3193/poppler/Stream.cc
---- poppler-0.4.2/poppler/Stream.cc	2005-04-27 22:56:18.000000000 +0200
-+++ poppler-0.4.2.CAN-2005-3193/poppler/Stream.cc	2005-12-02 14:55:05.000000000 +0100
-@@ -415,18 +415,32 @@
- 
- StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
- 				 int widthA, int nCompsA, int nBitsA) {
-+  int totalBits;
-   str = strA;
-   predictor = predictorA;
-   width = widthA;
-   nComps = nCompsA;
-   nBits = nBitsA;
-+  predLine = NULL;
-+  ok = gFalse;
- 
-   nVals = width * nComps;
-+  totalBits = nVals * nBits;
-+  if (totalBits == 0 ||
-+      (totalBits / nBits) / nComps != width ||
-+      totalBits + 7 < 0) {
-+    return;
-+  }
-   pixBytes = (nComps * nBits + 7) >> 3;
--  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-+  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
-+  if (rowBytes < 0) {
-+    return;
-+  }
-   predLine = (Guchar *)gmalloc(rowBytes);
-   memset(predLine, 0, rowBytes);
-   predIdx = rowBytes;
-+
-+  ok = gTrue;
- }
- 
- StreamPredictor::~StreamPredictor() {
-@@ -1020,6 +1034,10 @@
-     FilterStream(strA) {
-   if (predictor != 1) {
-     pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+    if (!pred->isOk()) {
-+      delete pred;
-+      pred = NULL;
-+    }
-   } else {
-     pred = NULL;
-   }
-@@ -2907,6 +2925,10 @@
-   height = read16();
-   width = read16();
-   numComps = str->getChar();
-+  if (numComps <= 0 || numComps > 4) {
-+    error(getPos(), "Bad number of components in DCT stream", prec);
-+    return gFalse;
-+  }
-   if (prec != 8) {
-     error(getPos(), "Bad DCT precision %d", prec);
-     return gFalse;
-@@ -3268,6 +3290,10 @@
-     FilterStream(strA) {
-   if (predictor != 1) {
-     pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+    if (!pred->isOk()) {
-+      delete pred;
-+      pred = NULL;
-+    }
-   } else {
-     pred = NULL;
-   }
-diff -ru poppler-0.4.2/poppler/Stream.h poppler-0.4.2.CAN-2005-3193/poppler/Stream.h
---- poppler-0.4.2/poppler/Stream.h	2005-04-27 22:56:18.000000000 +0200
-+++ poppler-0.4.2.CAN-2005-3193/poppler/Stream.h	2005-12-02 14:57:56.000000000 +0100
-@@ -231,6 +231,8 @@
- 
-   ~StreamPredictor();
- 
-+  GBool isOk() { return ok; }
-+
-   int lookChar();
-   int getChar();
- 
-@@ -248,6 +250,7 @@
-   int rowBytes;			// bytes per line
-   Guchar *predLine;		// line buffer
-   int predIdx;			// current index in predLine
-+  GBool ok;
- };
- 
- //------------------------------------------------------------------------

Modified: crux-2.1/ports/opt/poppler/Pkgfile
===================================================================
--- crux-2.1/ports/opt/poppler/Pkgfile	2006-01-31 23:21:42 UTC (rev 647)
+++ crux-2.1/ports/opt/poppler/Pkgfile	2006-02-01 08:52:41 UTC (rev 648)
@@ -5,14 +5,13 @@
 # Depends on: t1lib, gtk, qt3, ghostscript
 
 name=poppler
-version=0.4.2
-release=2
-source=(http://poppler.freedesktop.org/$name-$version.tar.gz CAN-2005-3193.patch)
+version=0.4.4
+release=1
+source=(http://poppler.freedesktop.org/$name-$version.tar.gz)
 
 build()
 {
     cd $name-$version
-    patch -p1 < ../CAN-2005-3193.patch
     ./configure \
         --prefix=/usr \
         --disable-debug

    

r648 - crux-2.1/ports/opt/poppler

crux＠crux.nu

tags

participants (1)