Author: ghibo
Date: Sun Feb 18 11:16:39 2007
New Revision: 122239
Added:
packages/cooker/xpdf/current/SOURCES/koffce-xpdf-CVE-2007-0104.diff
Modified:
packages/cooker/xpdf/current/SPECS/xpdf.spec
Log:
- Added Patch27 from Stew Benedict, security fix for CVE-2007-0104
(close bug #28263).
Added: packages/cooker/xpdf/current/SOURCES/koffce-xpdf-CVE-2007-0104.diff
==============================================================================
--- (empty file)
+++ packages/cooker/xpdf/current/SOURCES/koffce-xpdf-CVE-2007-0104.diff Sun Feb
18 11:16:39 2007
@@ -0,0 +1,74 @@
+------------------------------------------------------------------------
+r622463 | aacid | 2007-01-11 23:05:54 +0100 (Thu, 11 Jan 2007) | 2 lines
+Changed paths:
+ M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc
+ M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.h
+
+Commiting the patch agreed between kpdf and poppler developers to fix
MOAB-06-01-2007 issue.
+
+------------------------------------------------------------------------
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.cc
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622463)
+@@ -24,6 +24,12 @@
+ #include "Link.h"
+ #include "Catalog.h"
+
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -77,7 +83,7 @@ Catalog::Catalog(XRef *xrefA) {
+ pageRefs[i].num = -1;
+ pageRefs[i].gen = -1;
+ }
+- numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+ if (numPages != numPages0) {
+ error(-1, "Page count in top-level pages object is incorrect");
+ }
+@@ -171,7 +177,7 @@ GString *Catalog::readMetadata() {
+ return s;
+ }
+
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int
callDepth) {
+ Object kids;
+ Object kid;
+ Object kidRef;
+@@ -221,9 +227,13 @@ int Catalog::readPageTree(Dict *pagesDic
+ // This should really be isDict("Pages"), but I've seen at least one
+ // PDF file where the /Type entry is missing.
+ } else if (kid.isDict()) {
+- if ((start = readPageTree(kid.getDict(), attrs1, start))
+- < 0)
+- goto err2;
++ if (callDepth > MAX_CALL_DEPTH) {
++ error(-1, "Limit of %d recursive calls reached while reading the page
tree. If your document is correct and not a test to try to force a crash,
please report a bug.", MAX_CALL_DEPTH);
++ } else {
++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth +
1))
++ < 0)
++ goto err2;
++ }
+ } else {
+ error(-1, "Kid object (page %d) is wrong type (%s)",
+ start+1, kid.getTypeName());
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.h
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622463)
+@@ -82,7 +82,7 @@ private:
+ Object outline; // outline dictionary
+ GBool ok; // true if catalog is valid
+
+- int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+ Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+
Modified: packages/cooker/xpdf/current/SPECS/xpdf.spec
==============================================================================
--- packages/cooker/xpdf/current/SPECS/xpdf.spec (original)
+++ packages/cooker/xpdf/current/SPECS/xpdf.spec Sun Feb 18 11:16:39 2007
@@ -11,7 +11,7 @@
Summary: A PDF file viewer for the X Window System
Name: xpdf
Version: %{pkgversion}
-Release: %mkrel 4
+Release: %mkrel 5
License: GPL
Source:
ftp://ftp.foolabs.com/pub/xpdf/%{name}-%{fversion}.tar.bz2
Source1: icons-%{name}.tar.bz2
@@ -49,6 +49,7 @@
# (fc) 3.01pl2-3mdv don't use freetype internal headers
Patch26: xpdf-3.01-noftinternals.patch
#
+Patch27: koffce-xpdf-CVE-2007-0104.diff
URL: http://www.foolabs.com/xpdf/
Group: Office
BuildRequires: XFree86-devel
@@ -106,6 +107,7 @@
%patch21 -p1 -b .xfont
%patch25 -p1 -b .pl2
%patch26 -p1 -b .noftinternal
+%patch27 -p4 -b .cve-2007-0104
%build
CURRENTDIR=`pwd`
@@ -203,8 +205,12 @@
?package(xpdf): command="xpdf" needs="X11" \
icon="xpdf.png" section="Office/Publishing" title="Xpdf" \
mimetypes="text/pdf;text/x-pdf;application/pdf;application/x-pdf" \
-longtitle="Views PDF files" xdg=true
+%if %{mdkversion} >= 200610
+xdg=true \
+%endif
+longtitle="Views PDF files"
EOF
+
install -m 755 -d $RPM_BUILD_ROOT%{_datadir}/applications/
cat > $RPM_BUILD_ROOT%{_datadir}/applications/mandriva-%{name}.desktop << EOF
[Desktop Entry]
@@ -221,7 +227,6 @@
EOF
-
# mdk icons
install -d %{buildroot}%{_iconsdir}
tar xjf %SOURCE1 -C %{buildroot}%{_iconsdir}
