From 5baad267c9a2a50806766cded38cd4886c089984 Mon Sep 17 00:00:00 2001 From: Daniel Jahre Date: Fri, 24 Dec 2004 02:49:36 +0000 Subject: [PATCH] Daniel Jahre: added second security patch to xpdf (3.00pl2) [2004122300050923290] (https://www.rocklinux.net/submaster) git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@5347 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc --- package/rene/xpdf/xpdf-3.00pl2.patch.xpdf | 54 +++++++++++++++++++++++ package/rene/xpdf/xpdf.desc | 2 +- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 package/rene/xpdf/xpdf-3.00pl2.patch.xpdf diff --git a/package/rene/xpdf/xpdf-3.00pl2.patch.xpdf b/package/rene/xpdf/xpdf-3.00pl2.patch.xpdf new file mode 100644 index 000000000..2f621286d --- /dev/null +++ b/package/rene/xpdf/xpdf-3.00pl2.patch.xpdf @@ -0,0 +1,54 @@ +*** ./xpdf/Gfx.cc Sun Dec 12 16:04:43 2004 +--- ./xpdf/Gfx.cc Sun Dec 12 16:05:16 2004 +*************** +*** 2654,2660 **** + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +! for (i = 0; i < maskObj.arrayGetLength(); ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +--- 2654,2662 ---- + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +! for (i = 0; +! i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; +! ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +*** ./xpdf/GfxState.cc Sun Dec 12 16:04:48 2004 +--- ./xpdf/GfxState.cc Sun Dec 12 16:06:38 2004 +*************** +*** 708,713 **** +--- 708,718 ---- + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +*************** +*** 1054,1060 **** + } + nCompsA = obj1.arrayGetLength(); + if (nCompsA > gfxColorMaxComps) { +! error(-1, "DeviceN color space with more than %d > %d components", + nCompsA, gfxColorMaxComps); + nCompsA = gfxColorMaxComps; + } +--- 1059,1065 ---- + } + nCompsA = obj1.arrayGetLength(); + if (nCompsA > gfxColorMaxComps) { +! error(-1, "DeviceN color space with too many (%d > %d) components", + nCompsA, gfxColorMaxComps); + nCompsA = gfxColorMaxComps; + } diff --git a/package/rene/xpdf/xpdf.desc b/package/rene/xpdf/xpdf.desc index 7fac3554d..0b45e5699 100644 --- a/package/rene/xpdf/xpdf.desc +++ b/package/rene/xpdf/xpdf.desc @@ -35,7 +35,7 @@ [L] GPL [S] Stable -[V] 3.00pl1 +[V] 3.00pl2 [P] X -?---5---9 177.800 [SRC] .