summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2004-11-22 10:49:24 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2004-11-22 10:49:24 +0000
commitded0b6c372885d3e9ff1a90cb43e5e2b6e291ab4 (patch)
tree15f5a9ecac640526ad4b521f7f8fe0562a29b469
parentFixed broken Manifest. (diff)
downloadhistorical-ded0b6c372885d3e9ff1a90cb43e5e2b6e291ab4.tar.gz
historical-ded0b6c372885d3e9ff1a90cb43e5e2b6e291ab4.tar.bz2
historical-ded0b6c372885d3e9ff1a90cb43e5e2b6e291ab4.zip
Bug #69019, security advisory for xpdf.
-rw-r--r--app-text/pdftohtml/ChangeLog9
-rw-r--r--app-text/pdftohtml/Manifest18
-rw-r--r--app-text/pdftohtml/files/digest-pdftohtml-0.36-r11
-rw-r--r--app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff78
-rw-r--r--app-text/pdftohtml/files/xpdf-goo-sizet.patch57
-rw-r--r--app-text/pdftohtml/files/xpdf2-underflow.patch81
-rw-r--r--app-text/pdftohtml/pdftohtml-0.36-r1.ebuild31
7 files changed, 273 insertions, 2 deletions
diff --git a/app-text/pdftohtml/ChangeLog b/app-text/pdftohtml/ChangeLog
index 79029c89ccf6..cf305931842e 100644
--- a/app-text/pdftohtml/ChangeLog
+++ b/app-text/pdftohtml/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for app-text/pdftohtml
# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/pdftohtml/ChangeLog,v 1.11 2004/10/19 03:21:32 tgall Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/pdftohtml/ChangeLog,v 1.12 2004/11/22 10:49:24 robbat2 Exp $
+
+*pdftohtml-0.36-r1 (22 Nov 2004)
+
+ 22 Nov 2004; Robin H. Johnson <robbat2@gentoo.org>
+ +files/xpdf-CESA-2004-007-xpdf2-newer.diff, +files/xpdf-goo-sizet.patch,
+ +files/xpdf2-underflow.patch, +pdftohtml-0.36-r1.ebuild:
+ Bug #69019, security advisory for xpdf.
18 Oct 2004; Tom Gall <tgall@gentoo.org> pdftohtml-0.36.ebuild:
stable on ppc64, bug #64536
diff --git a/app-text/pdftohtml/Manifest b/app-text/pdftohtml/Manifest
index 46d853ea3871..9c79fb67c289 100644
--- a/app-text/pdftohtml/Manifest
+++ b/app-text/pdftohtml/Manifest
@@ -1,3 +1,19 @@
-MD5 092fe4bf1c5eebbd8bea14937e8e2fb8 ChangeLog 1239
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 65aa16186aead14209525c10aff741f5 pdftohtml-0.36-r1.ebuild 928
MD5 3b3ad24b3f517099ffb7d0b83731a527 pdftohtml-0.36.ebuild 655
+MD5 d4cd08030015fe92a7f665459e3cce75 ChangeLog 1505
MD5 89167430147d99e86ca445b23be50f1b files/digest-pdftohtml-0.36 66
+MD5 362296e34a1a04a6e5e2a7d9e97547c6 files/xpdf2-underflow.patch 2363
+MD5 2fce5bedd61300fad1566a41f991a782 files/xpdf-goo-sizet.patch 1424
+MD5 89167430147d99e86ca445b23be50f1b files/digest-pdftohtml-0.36-r1 66
+MD5 87d20c86d1451638e4b7adc2f7ac8067 files/xpdf-CESA-2004-007-xpdf2-newer.diff 2718
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (GNU/Linux)
+Comment: Robbat2 @ Orbis-Terrarum Networks
+
+iD8DBQFBocQ4PpIsIjIzwiwRAsHVAKCHreEvLpCFMjqcLH6ko7Qf+pQMkACbBzpf
+mpANUkPGM+qYzC41dp2XBoY=
+=cnWu
+-----END PGP SIGNATURE-----
diff --git a/app-text/pdftohtml/files/digest-pdftohtml-0.36-r1 b/app-text/pdftohtml/files/digest-pdftohtml-0.36-r1
new file mode 100644
index 000000000000..5ae8348e609f
--- /dev/null
+++ b/app-text/pdftohtml/files/digest-pdftohtml-0.36-r1
@@ -0,0 +1 @@
+MD5 75ad095bb51e1f66c9f7691e6af12f44 pdftohtml-0.36.tar.gz 300922
diff --git a/app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff b/app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff
new file mode 100644
index 000000000000..55a24458c9a4
--- /dev/null
+++ b/app-text/pdftohtml/files/xpdf-CESA-2004-007-xpdf2-newer.diff
@@ -0,0 +1,78 @@
+--- XRef.cc.orig 2004-09-17 23:54:38.000000000 -0700
++++ XRef.cc 2004-09-25 17:59:36.000000000 -0700
+@@ -76,6 +76,12 @@
+
+ // trailer is ok - read the xref table
+ } else {
++ if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++ error(-1, "Invalid 'size' inside xref table.");
++ ok = gFalse;
++ errCode = errDamaged;
++ return;
++ }
+ entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry));
+ for (i = 0; i < size; ++i) {
+ entries[i].offset = 0xffffffff;
+@@ -267,6 +273,10 @@
+ // table size
+ if (first + n > size) {
+ newSize = size + 256;
++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++ error(-1, "Invalid 'newSize'");
++ goto err2;
++ }
+ entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry));
+ for (i = size; i < newSize; ++i) {
+ entries[i].offset = 0xffffffff;
+@@ -410,6 +420,10 @@
+ if (!strncmp(p, "obj", 3)) {
+ if (num >= size) {
+ newSize = (num + 1 + 255) & ~255;
++ if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++ error(-1, "Invalid 'obj' parameters.");
++ return gFalse;
++ }
+ entries = (XRefEntry *)
+ grealloc(entries, newSize * sizeof(XRefEntry));
+ for (i = size; i < newSize; ++i) {
+@@ -431,6 +445,11 @@
+ } else if (!strncmp(p, "endstream", 9)) {
+ if (streamEndsLen == streamEndsSize) {
+ streamEndsSize += 64;
++ if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) {
++ error(-1, "Invalid 'endstream' parameter.");
++ return gFalse;
++ }
++
+ streamEnds = (Guint *)grealloc(streamEnds,
+ streamEndsSize * sizeof(int));
+ }
+--- Catalog.cc.orig 2004-10-18 16:26:39.388666476 +0200
++++ Catalog.cc 2004-10-18 16:27:28.004749073 +0200
+@@ -62,6 +62,12 @@
+ }
+ pagesSize = numPages0 = obj.getInt();
+ obj.free();
++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++ error(-1, "Invalid 'pagesSize'");
++ ok = gFalse;
++ return;
++ }
+ pages = (Page **)gmalloc(pagesSize * sizeof(Page *));
+ pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref));
+ for (i = 0; i < pagesSize; ++i) {
+@@ -186,6 +192,11 @@
+ }
+ if (start >= pagesSize) {
+ pagesSize += 32;
++ if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
++ pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++ error(-1, "Invalid 'pagesSize' parameter.");
++ goto err3;
++ }
+ pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *));
+ pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref));
+ for (j = pagesSize - 32; j < pagesSize; ++j) {
+
+
diff --git a/app-text/pdftohtml/files/xpdf-goo-sizet.patch b/app-text/pdftohtml/files/xpdf-goo-sizet.patch
new file mode 100644
index 000000000000..5d90c5120bd4
--- /dev/null
+++ b/app-text/pdftohtml/files/xpdf-goo-sizet.patch
@@ -0,0 +1,57 @@
+diff -ru xpdf-2.02pl1/goo/gmem.c xpdf-2.02pl1/goo/gmem.c
+--- xpdf-2.02pl1/goo/gmem.c 2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.c 2004-10-29 15:13:34.866919791 +0200
+@@ -53,9 +53,9 @@
+
+ #endif /* DEBUG_MEM */
+
+-void *gmalloc(int size) {
++void *gmalloc(size_t size) {
+ #ifdef DEBUG_MEM
+- int size1;
++ size_t size1;
+ char *mem;
+ GMemHdr *hdr;
+ void *data;
+@@ -94,11 +94,11 @@
+ #endif
+ }
+
+-void *grealloc(void *p, int size) {
++void *grealloc(void *p, size_t size) {
+ #ifdef DEBUG_MEM
+ GMemHdr *hdr;
+ void *q;
+- int oldSize;
++ size_t oldSize;
+
+ if (size == 0) {
+ if (p)
+@@ -137,7 +137,7 @@
+
+ void gfree(void *p) {
+ #ifdef DEBUG_MEM
+- int size;
++ size_t size;
+ GMemHdr *hdr;
+ GMemHdr *prevHdr, *q;
+ int lst;
+diff -ru xpdf-2.02pl1/goo/gmem.h xpdf-2.02pl1/goo/gmem.h
+--- xpdf-2.02pl1/goo/gmem.h 2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.h 2004-10-29 15:13:50.864027201 +0200
+@@ -19,13 +19,13 @@
+ * Same as malloc, but prints error message and exits if malloc()
+ * returns NULL.
+ */
+-extern void *gmalloc(int size);
++extern void *gmalloc(size_t size);
+
+ /*
+ * Same as realloc, but prints error message and exits if realloc()
+ * returns NULL. If <p> is NULL, calls malloc instead of realloc().
+ */
+-extern void *grealloc(void *p, int size);
++extern void *grealloc(void *p, size_t size);
+
+ /*
+ * Same as free, but checks for and ignores NULL pointers.
diff --git a/app-text/pdftohtml/files/xpdf2-underflow.patch b/app-text/pdftohtml/files/xpdf2-underflow.patch
new file mode 100644
index 000000000000..9371be84352e
--- /dev/null
+++ b/app-text/pdftohtml/files/xpdf2-underflow.patch
@@ -0,0 +1,81 @@
+diff -ru xpdf-2.02pl1/xpdf/XRef.cc xpdf-2.02pl1/xpdf/XRef.cc
+--- xpdf-2.02pl1/xpdf/XRef.cc 2004-10-29 15:16:45.790089001 +0200
++++ xpdf-2.02pl1/xpdf/XRef.cc 2004-10-29 15:11:54.132168025 +0200
+@@ -66,6 +66,8 @@
+ start = str->getStart();
+ pos = readTrailer();
+
++ entries = NULL;
++
+ // if there was a problem with the trailer,
+ // try to reconstruct the xref table
+ if (pos == 0) {
+@@ -76,7 +78,7 @@
+
+ // trailer is ok - read the xref table
+ } else {
+- if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++ if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {
+ error(-1, "Invalid 'size' inside xref table.");
+ ok = gFalse;
+ errCode = errDamaged;
+@@ -181,7 +183,7 @@
+ n = atoi(p);
+ while ('0' <= *p && *p <= '9') ++p;
+ while (isspace(*p)) ++p;
+- if (p == buf)
++ if ((p == buf) || (n < 0)) /* must make progress */
+ return 0;
+ pos1 += (p - buf) + n * 20;
+ }
+@@ -255,6 +257,10 @@
+ }
+ s[i] = '\0';
+ first = atoi(s);
++ if (first < 0) {
++ error(-1, "Invalid 'first'");
++ goto err2;
++ }
+ while ((c = str->lookChar()) != EOF && isspace(c)) {
+ str->getChar();
+ }
+@@ -266,6 +272,10 @@
+ }
+ s[i] = '\0';
+ n = atoi(s);
++ if (n<=0) {
++ error(-1, "Invalid 'n'");
++ goto err2;
++ }
+ while ((c = str->lookChar()) != EOF && isspace(c)) {
+ str->getChar();
+ }
+@@ -273,7 +283,7 @@
+ // table size
+ if (first + n > size) {
+ newSize = size + 256;
+- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++ if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+ error(-1, "Invalid 'newSize'");
+ goto err2;
+ }
+@@ -406,6 +416,10 @@
+ // look for object
+ } else if (isdigit(*p)) {
+ num = atoi(p);
++ if (num < 0) {
++ error(-1, "Invalid 'num' parameters.");
++ return gFalse;
++ }
+ do {
+ ++p;
+ } while (*p && isdigit(*p));
+@@ -425,7 +439,7 @@
+ if (!strncmp(p, "obj", 3)) {
+ if (num >= size) {
+ newSize = (num + 1 + 255) & ~255;
+- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++ if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+ error(-1, "Invalid 'obj' parameters.");
+ return gFalse;
+ }
diff --git a/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild b/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild
new file mode 100644
index 000000000000..91930073b4c9
--- /dev/null
+++ b/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/pdftohtml/pdftohtml-0.36-r1.ebuild,v 1.1 2004/11/22 10:49:24 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="pdftohtml is a utility which converts PDF files into HTML and XML formats"
+HOMEPAGE="http://${PN}.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86 sparc ppc ~amd64 ppc64"
+IUSE=""
+DEPEND="virtual/libc sys-devel/gcc"
+RDEPEND="virtual/libc"
+
+src_unpack() {
+ unpack ${A}
+ EPATCH_OPTS="-d ${S}/xpdf -p0" epatch ${FILESDIR}/xpdf-CESA-2004-007-xpdf2-newer.diff
+ EPATCH_OPTS="-d ${S} -p1" epatch ${FILESDIR}/xpdf-goo-sizet.patch
+ EPATCH_OPTS="-d ${S} -p1" epatch ${FILESDIR}/xpdf2-underflow.patch
+}
+
+src_compile() {
+ emake || die
+}
+
+src_install() {
+ dobin pdftohtml
+ dodoc AUTHORS BUGS CHANGES COPYING README pdf2xml.dtd
+}