Author: draenog Date: Fri Nov 5 23:34:09 2010 GMT Module: packages Tag: HEAD ---- Log message: - up to 3.02pl5 (fixes CVE-2010-3702, CVS-2010-3704)
---- Files affected: packages/xpdf: xpdf.spec (1.122 -> 1.123) , xpdf-3.02pl5.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/xpdf/xpdf.spec diff -u packages/xpdf/xpdf.spec:1.122 packages/xpdf/xpdf.spec:1.123 --- packages/xpdf/xpdf.spec:1.122 Sun Jun 6 23:15:22 2010 +++ packages/xpdf/xpdf.spec Sat Nov 6 00:34:03 2010 @@ -18,7 +18,7 @@ Summary(uk.UTF-8): Програма для перегляду PDF файлів Name: xpdf Version: 3.02 -Release: 8 +Release: 9 License: GPL Group: X11/Applications Source0: ftp://ftp.foolabs.com/pub/xpdf/%{name}-%{version}.tar.gz @@ -32,6 +32,7 @@ Patch3: %{name}-%{version}pl2.patch Patch4: %{name}-%{version}pl3.patch Patch5: %{name}-%{version}pl4.patch +Patch6: %{name}-%{version}pl5.patch URL: http://www.foolabs.com/xpdf/ %{?with_x:BuildRequires: xorg-lib-libX11-devel} BuildRequires: autoconf @@ -114,6 +115,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build %{__autoconf} @@ -177,6 +179,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.123 2010/11/05 23:34:03 draenog +- up to 3.02pl5 (fixes CVE-2010-3702, CVS-2010-3704) + Revision 1.122 2010/06/06 21:15:22 radek - release 8: disable protections by default, use debian's patch (more complete) ================================================================ Index: packages/xpdf/xpdf-3.02pl5.patch diff -u /dev/null packages/xpdf/xpdf-3.02pl5.patch:1.1 --- /dev/null Sat Nov 6 00:34:09 2010 +++ packages/xpdf/xpdf-3.02pl5.patch Sat Nov 6 00:34:03 2010 @@ -0,0 +1,41 @@ +*** xpdf-3.02.orig/xpdf/Gfx.cc Tue Feb 27 14:05:52 2007 +--- xpdf-3.02/xpdf/Gfx.cc Mon Oct 11 15:39:52 2010 +*************** +*** 461,466 **** +--- 461,467 ---- + baseMatrix[i] = state->getCTM()[i]; + } + formDepth = 0; ++ parser = NULL; + abortCheckCbk = abortCheckCbkA; + abortCheckCbkData = abortCheckCbkDataA; + +*************** +*** 500,505 **** +--- 501,507 ---- + baseMatrix[i] = state->getCTM()[i]; + } + formDepth = 0; ++ parser = NULL; + abortCheckCbk = abortCheckCbkA; + abortCheckCbkData = abortCheckCbkDataA; + +*** xpdf-3.02.orig/fofi/FoFiType1.cc Tue Feb 27 14:05:51 2007 +--- xpdf-3.02/fofi/FoFiType1.cc Mon Oct 11 15:44:13 2010 +*************** +*** 224,230 **** + code = code * 8 + (*p2 - '0'); + } + } +! if (code < 256) { + for (p = p2; *p == ' ' || *p == '\t'; ++p) ; + if (*p == '/') { + ++p; +--- 224,230 ---- + code = code * 8 + (*p2 - '0'); + } + } +! if (code >= 0 && code < 256) { + for (p = p2; *p == ' ' || *p == '\t'; ++p) ; + if (*p == '/') { + ++p; ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/xpdf/xpdf.spec?r1=1.122&r2=1.123&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
