Update to xpdf 3.02pl5 (which simply applies fixes for CVE-2010-3702 and CVE-2010-3704), and update the splash/SplashXPath.cc bounds checking fix to survive yet another killer pdf (ATT2100_Microprocessor_Hardware_Specification_Mar91.pdf from bitsavers, if you're curious; xpdf would dump core when trying to display page #14).
While there, remove USE_GROFF, the various manpages seem to be rendered correctly with mandoc(1). Miod Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/xpdf/Makefile,v retrieving revision 1.76 diff -u -p -r1.76 Makefile --- Makefile 20 Nov 2010 19:56:52 -0000 1.76 +++ Makefile 3 Dec 2010 21:02:01 -0000 @@ -4,16 +4,17 @@ COMMENT-main= PDF viewer for X11 COMMENT-utils= PDF conversion tools DISTNAME= xpdf-3.02 -PKGNAME-main= xpdf-3.02.4 -REVISION-main= 3 -PKGNAME-utils= xpdf-utils-3.02.4 +PKGNAME-main= xpdf-3.02.5 +REVISION-main= 0 +PKGNAME-utils= xpdf-utils-3.02.5 CATEGORIES= textproc x11 MASTER_SITES= ftp://ftp.foolabs.com/pub/xpdf/ \ ftp://gd.tuwien.ac.at/publishing/xpdf/ \ ftp://tug.org/xpdf/ PATCHFILES= xpdf-3.02pl1.patch xpdf-3.02pl2.patch \ - xpdf-3.02pl3.patch xpdf-3.02pl4.patch + xpdf-3.02pl3.patch xpdf-3.02pl4.patch \ + xpdf-3.02pl5.patch PATCH_DIST_STRIP=-p1 HOMEPAGE= http://www.foolabs.com/xpdf/ @@ -28,7 +29,6 @@ PERMIT_DISTFILES_FTP= Yes USE_MOTIF= openmotif USE_GMAKE= Yes -USE_GROFF = Yes CONFIGURE_STYLE=gnu CONFIGURE_ARGS+= --enable-multithreaded \ --without-Sgm-library \ Index: distinfo =================================================================== RCS file: /cvs/ports/textproc/xpdf/distinfo,v retrieving revision 1.15 diff -u -p -r1.15 distinfo --- distinfo 15 Oct 2009 12:51:13 -0000 1.15 +++ distinfo 3 Dec 2010 21:02:01 -0000 @@ -3,23 +3,28 @@ MD5 (xpdf-3.02pl1.patch) = h3EYeG3+J9G3q MD5 (xpdf-3.02pl2.patch) = OlyxZa5meB4LIeYhmuBnlQ== MD5 (xpdf-3.02pl3.patch) = WBlj7eD7VxXhpp8BtbjOYw== MD5 (xpdf-3.02pl4.patch) = cLdScWeY3TQaS/iQ319v3A== +MD5 (xpdf-3.02pl5.patch) = UEkCyl6dZsZ+7QNjbsaxYw== RMD160 (xpdf-3.02.tar.gz) = 6QDLhnC4xDC+qkWJX7R0QRyxlY0= RMD160 (xpdf-3.02pl1.patch) = XDEPlnYPcunBBisAxXwu0DWsZ1c= RMD160 (xpdf-3.02pl2.patch) = ACTj0gPWngc6RYVwzsVnniYK0gQ= RMD160 (xpdf-3.02pl3.patch) = hZ7DEx08RSamB17mOcXrcEGUIRs= RMD160 (xpdf-3.02pl4.patch) = QoBl6Mljm2eZcFsha+YD9S77iiI= +RMD160 (xpdf-3.02pl5.patch) = 9QKnxTEek18+Sl/Vt3C0TmjAmno= SHA1 (xpdf-3.02.tar.gz) = +ZQGmIQMioBFZ36L5oq4WAkD4go= SHA1 (xpdf-3.02pl1.patch) = zTyO1uH9NgYJi4XVzIp9GqMFJm0= SHA1 (xpdf-3.02pl2.patch) = 0ILr4NNsrQwEYDlQIW9cUt4cJZM= SHA1 (xpdf-3.02pl3.patch) = I/SWgEgCo9pTDx0Lq4lLrj6Tj8I= SHA1 (xpdf-3.02pl4.patch) = GqMIehx4gohK59OlAiQKVazKZf0= +SHA1 (xpdf-3.02pl5.patch) = Cs1J5zu6R/oex7R5648TmKM+q7w= SHA256 (xpdf-3.02.tar.gz) = szp9VvRUwzGuUJlvmJ6GyRZuV6+Xt03ijN3z1RrBHwA= SHA256 (xpdf-3.02pl1.patch) = WPYTsAtBSoaqd2t2/NiZu0FeTuTtwhhMinxO0QBNu/M= SHA256 (xpdf-3.02pl2.patch) = 0cHYh7C4pSg/BPgl5E8IXy6S2ve1GIiazxvInqB+2dk= SHA256 (xpdf-3.02pl3.patch) = WUzo+9I7/ynqzd+uNTPGPH6GtKJPfUXkTxk309GeU0s= SHA256 (xpdf-3.02pl4.patch) = sIRDlUETGHZu91CYd4f3eCMelLwV8E9/fRb0H9WBiLA= +SHA256 (xpdf-3.02pl5.patch) = kvyzCDoZ43swlpeAQ/rqjHd+eq7KODS4Mtmbwq8xcbo= SIZE (xpdf-3.02.tar.gz) = 674912 SIZE (xpdf-3.02pl1.patch) = 1050 SIZE (xpdf-3.02pl2.patch) = 20843 SIZE (xpdf-3.02pl3.patch) = 30727 SIZE (xpdf-3.02pl4.patch) = 6982 +SIZE (xpdf-3.02pl5.patch) = 1065 Index: patches/patch-fofi_FoFiType1_cc =================================================================== RCS file: patches/patch-fofi_FoFiType1_cc diff -N patches/patch-fofi_FoFiType1_cc --- patches/patch-fofi_FoFiType1_cc 13 Oct 2010 11:37:25 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,31 +0,0 @@ -$OpenBSD: patch-fofi_FoFiType1_cc,v 1.1 2010/10/13 11:37:25 jasper Exp $ - -Security fix for CVE-2010-3704. Patch from upstream poppler git: -http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 - ---- fofi/FoFiType1.cc.orig Wed Oct 13 13:18:58 2010 -+++ fofi/FoFiType1.cc Wed Oct 13 13:21:25 2010 -@@ -18,6 +18,14 @@ - #include "FoFiEncodings.h" - #include "FoFiType1.h" - -+#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__) -+# define likely(x) __builtin_expect((x), 1) -+# define unlikely(x) __builtin_expect((x), 0) -+#else -+# define likely(x) (x) -+# define unlikely(x) (x) -+#endif -+ - //------------------------------------------------------------------------ - // FoFiType1 - //------------------------------------------------------------------------ -@@ -224,7 +232,7 @@ void FoFiType1::parse() { - code = code * 8 + (*p2 - '0'); - } - } -- if (code < 256) { -+ if (likely(code < 256 && code >= 0)) { - for (p = p2; *p == ' ' || *p == '\t'; ++p) ; - if (*p == '/') { - ++p; Index: patches/patch-splash_SplashXPath_cc =================================================================== RCS file: /cvs/ports/textproc/xpdf/patches/patch-splash_SplashXPath_cc,v retrieving revision 1.1 diff -u -p -r1.1 patch-splash_SplashXPath_cc --- patches/patch-splash_SplashXPath_cc 30 May 2009 22:35:57 -0000 1.1 +++ patches/patch-splash_SplashXPath_cc 3 Dec 2010 21:02:01 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-splash_SplashXPath_cc,v 1.1 2009/05/30 22:35:57 miod Exp $ --- splash/SplashXPath.cc.orig Tue Feb 27 22:05:52 2007 -+++ splash/SplashXPath.cc Sat May 30 19:51:56 2009 -@@ -77,9 +77,17 @@ SplashXPath::SplashXPath(SplashPath *path, SplashCoord ++++ splash/SplashXPath.cc Fri Dec 3 20:45:20 2010 +@@ -77,10 +77,19 @@ SplashXPath::SplashXPath(SplashPath *path, SplashCoord for (i = 0; i < path->hintsLength; ++i) { hint = &path->hints[i]; x0 = pts[hint->ctrl0 ].x; y0 = pts[hint->ctrl0 ].y; @@ -13,11 +13,14 @@ $OpenBSD: patch-splash_SplashXPath_cc,v + } x2 = pts[hint->ctrl1 ].x; y2 = pts[hint->ctrl1 ].y; - x3 = pts[hint->ctrl1 + 1].x; y3 = pts[hint->ctrl1 + 1].y; +- if (x0 == x1 && x2 == x3) { + if (hint->ctrl1 + 1 >= path->length) { + x3 = x2; y3 = y2; + } else { + x3 = pts[hint->ctrl1 + 1].x; y3 = pts[hint->ctrl1 + 1].y; + } - if (x0 == x1 && x2 == x3) { ++ if ((x0 == x1 && x2 == x3) || ++ hint->firstPt >= path->length || hint->lastPt >= path->length) { adjusts[i].vert = gTrue; adj0 = x0; + adj1 = x2; Index: patches/patch-xpdf_Gfx_cc =================================================================== RCS file: patches/patch-xpdf_Gfx_cc diff -N patches/patch-xpdf_Gfx_cc --- patches/patch-xpdf_Gfx_cc 13 Oct 2010 17:29:37 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,24 +0,0 @@ -$OpenBSD: patch-xpdf_Gfx_cc,v 1.4 2010/10/13 17:29:37 jasper Exp $ - -Security fix for CVE-2010-3702. -Based on patch from upstream poppler git: -http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf - ---- xpdf/Gfx.cc.orig Wed Oct 13 18:58:01 2010 -+++ xpdf/Gfx.cc Wed Oct 13 18:59:56 2010 -@@ -443,6 +443,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, int pageNum, Di - - xref = xrefA; - subPage = gFalse; -+ parser = NULL; - printCommands = globalParams->getPrintCommands(); - - // start the resource stack -@@ -485,6 +486,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, Dict *resDict, - - xref = xrefA; - subPage = gTrue; -+ parser = NULL; - printCommands = globalParams->getPrintCommands(); - - // start the resource stack
