rpms/xpdf/devel xpdf-3.00-security.patch, NONE, 1.1 xpdf.spec, 1.55, 1.56
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Aug 9 17:44:55 UTC 2005
Author: than
Update of /cvs/dist/rpms/xpdf/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13806
Modified Files:
xpdf.spec
Added Files:
xpdf-3.00-security.patch
Log Message:
apply patch to fix xpdf DoS, CAN-2005-2097 #163918
xpdf-3.00-security.patch:
0 files changed
--- NEW FILE xpdf-3.00-security.patch ---
--- xpdf-3.00/fofi/FoFiTrueType.cc (revision 439182)
+++ xpdf-3.00/fofi/FoFiTrueType.cc (working copy)
@@ -1343,6 +1343,27 @@
return;
}
+ // make sure the loca table is sane (correct length and entries are
+ // in bounds)
+ i = seekTable("loca");
+ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
+ parsedOk = gFalse;
+ return;
+ }
+ for (j = 0; j <= nGlyphs; ++j) {
+ if (locaFmt) {
+ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
+ } else {
+ pos = getU16BE(tables[i].offset + j*2, &parsedOk);
+ }
+ if (pos < 0 || pos > len) {
+ parsedOk = gFalse;
+ }
+ }
+ if (!parsedOk) {
+ return;
+ }
+
// read the post table
readPostTable();
if (!parsedOk) {
--- xpdf-3.00/xpdf/SplashOutputDev.cc (revision 439182)
+++ xpdf-3.00/xpdf/SplashOutputDev.cc (working copy)
@@ -621,16 +621,19 @@
}
break;
case fontTrueType:
- if (!(ff = FoFiTrueType::load(fileName->getCString()))) {
- goto err2;
+ if ((ff = FoFiTrueType::load(fileName->getCString()))) {
+ codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
+ n = 256;
+ delete ff;
+ } else {
+ codeToGID = NULL;
+ n = 0;
}
- codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff);
- delete ff;
if (!(fontFile = fontEngine->loadTrueTypeFont(
id,
fileName->getCString(),
fileName == tmpFileName,
- codeToGID, 256))) {
+ codeToGID, n))) {
error(-1, "Couldn't create a font for '%s'",
gfxFont->getName() ? gfxFont->getName()->getCString()
: "(unnamed)");
Index: xpdf.spec
===================================================================
RCS file: /cvs/dist/rpms/xpdf/devel/xpdf.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- xpdf.spec 25 Jul 2005 08:56:37 -0000 1.55
+++ xpdf.spec 9 Aug 2005 17:44:52 -0000 1.56
@@ -7,7 +7,7 @@
Summary: A PDF file viewer for the X Window System.
Name: xpdf
Version: 3.00
-Release: 22
+Release: 23
License: GPL
Epoch: 1
Url: http://www.foolabs.com/xpdf/
@@ -42,6 +42,7 @@
Patch100: xpdf-3.00-overflow.patch
Patch101: xpdf-3.00-can-2004-1125.patch
Patch102: xpdf-3.00-CAN-2005-0064.patch
+Patch103: xpdf-3.00-security.patch
Requires: urw-fonts
Requires: htmlview
@@ -50,6 +51,7 @@
BuildPrereq: XFree86-devel
BuildPrereq: freetype-devel >= 2.1.7
BuildPrereq: fileutils
+BuildPrereq: findutils
%if %{desktop_file}
BuildPrereq: desktop-file-utils >= %{desktop_file_utils_version}
@@ -59,7 +61,7 @@
Obsoletes: %{name}-japanese
%endif
-BuildRoot: %{_tmppath}/%{name}-root
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%package chinese-simplified
Summary: Chinese Simplified support
@@ -132,6 +134,7 @@
%patch100 -p1 -b .CAN-2004-0888
%patch101 -p1 -b .can-2004-1125
%patch102 -p1 -b .CAN-2005-0064
+%patch103 -p1 -b .CAN-2005-2097
%build
find -name "*orig" | xargs rm -f
@@ -231,6 +234,9 @@
%lang(ko) %{_datadir}/xpdf/korean
%changelog
+* Tue Aug 09 2005 Than Ngo <than at redhat.com> 3.00-23
+- apply patch to fix xpdf DoS, CAN-2005-2097 #163918
+
* Mon Jul 25 2005 Than Ngo <than at redhat.com> 3.00-22
- fix allocation size 64bit architectures
More information about the fedora-cvs-commits
mailing list