[crux-commits] ports/opt (2.3): [security] xpdf: added a patch for CVE-2007-3387

crux at crux.nu crux at crux.nu
Fri Aug 10 21:09:04 UTC 2007


commit 6a499eb7da2e05a5529e191f7836d55c8604f60e
Author: Antti Nykanen <aon at iki.fi>
Date:   Sat Aug 11 00:09:55 2007 +0300

    [security] xpdf: added a patch for CVE-2007-3387
    
    See http://secunia.com/cve_reference/CVE-2007-3387/ for more information.

diff --git a/xpdf/.md5sum b/xpdf/.md5sum
index eee0931..6c9cfac 100644
--- a/xpdf/.md5sum
+++ b/xpdf/.md5sum
@@ -1 +1,2 @@
+877118786dfe27d1b7aa5a6759cc6e45  xpdf-3.02.patch
 599dc4cc65a07ee868cf92a667a913d2  xpdf-3.02.tar.gz
diff --git a/xpdf/Pkgfile b/xpdf/Pkgfile
index 75a8dfe..a599a4d 100644
--- a/xpdf/Pkgfile
+++ b/xpdf/Pkgfile
@@ -6,11 +6,13 @@
 
 name=xpdf
 version=3.02
-release=1
-source=(ftp://ftp.foolabs.com/pub/xpdf/$name-$version.tar.gz)
+release=2
+source=(ftp://ftp.foolabs.com/pub/xpdf/$name-$version.tar.gz
+	$name-$version.patch)
 
 build() {
     cd $name-$version
+    patch -p1 -i $SRC/$name-$version.patch
     ./configure \
 	--prefix=/usr \
         --with-Xm-library=/usr/lib \
diff --git a/xpdf/xpdf-3.02.patch b/xpdf/xpdf-3.02.patch
new file mode 100644
index 0000000..cd42fb9
--- /dev/null
+++ b/xpdf/xpdf-3.02.patch
@@ -0,0 +1,33 @@
+*** xpdf-3.02.orig/xpdf/Stream.cc	Tue Feb 27 14:05:52 2007
+--- xpdf-3.02/xpdf/Stream.cc	Thu Jul 26 14:44:43 2007
+***************
+*** 410,424 ****
+    ok = gFalse;
+  
+    nVals = width * nComps;
+-   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-       nComps >= INT_MAX / nBits ||
+-       width >= INT_MAX / nComps / nBits ||
+-       nVals * nBits + 7 < 0) {
+-     return;
+-   }
+    pixBytes = (nComps * nBits + 7) >> 3;
+    rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+!   if (rowBytes <= 0) {
+      return;
+    }
+    predLine = (Guchar *)gmalloc(rowBytes);
+--- 410,422 ----
+    ok = gFalse;
+  
+    nVals = width * nComps;
+    pixBytes = (nComps * nBits + 7) >> 3;
+    rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+!   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+!       nComps > gfxColorMaxComps ||
+!       nBits > 16 ||
+!       width >= INT_MAX / nComps ||      // check for overflow in nVals 
+!       nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+      return;
+    }
+    predLine = (Guchar *)gmalloc(rowBytes);



More information about the crux-commits mailing list