Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 4 Oct 2019 22:12:44 +0000 (UTC)
From:      Cy Schubert <cy@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r513786 - in head/graphics/xpdf3: . files
Message-ID:  <201910042212.x94MCiP2081442@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cy
Date: Fri Oct  4 22:12:43 2019
New Revision: 513786
URL: https://svnweb.freebsd.org/changeset/ports/513786

Log:
  Backport fix for CVE-2019-16927 and CVE-2019-9877 from xpdf4.
  
  PR:		241066
  Submitted by:	naddy
  MFH:		2019Q4

Added:
  head/graphics/xpdf3/files/patch-xpdf_TextOutputDev.cc   (contents, props changed)
Modified:
  head/graphics/xpdf3/Makefile   (contents, props changed)

Modified: head/graphics/xpdf3/Makefile
==============================================================================
--- head/graphics/xpdf3/Makefile	Fri Oct  4 22:12:40 2019	(r513785)
+++ head/graphics/xpdf3/Makefile	Fri Oct  4 22:12:43 2019	(r513786)
@@ -2,7 +2,7 @@
 
 PORTNAME=	xpdf
 PORTVERSION=	3.04
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	graphics print
 MASTER_SITES=	https://xpdfreader-dl.s3.amazonaws.com/old/
 .if !defined(MASTERDIR)

Added: head/graphics/xpdf3/files/patch-xpdf_TextOutputDev.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/xpdf3/files/patch-xpdf_TextOutputDev.cc	Fri Oct  4 22:12:43 2019	(r513786)
@@ -0,0 +1,15 @@
+--- xpdf/TextOutputDev.cc.orig	2019-10-04 19:39:06 UTC
++++ xpdf/TextOutputDev.cc
+@@ -2472,6 +2472,12 @@ TextBlock *TextPage::split(GList *charsA, int rot) {
+ 
+   //----- compute the horizontal and vertical profiles
+ 
++  if (xMin / splitPrecision < 0.5 * INT_MIN ||
++      xMax / splitPrecision > 0.5 * INT_MAX ||
++      yMin / splitPrecision < 0.5 * INT_MIN ||
++      xMax / splitPrecision > 0.5 * INT_MAX) {
++    return NULL;
++  }
+   // add some slack to the array bounds to avoid floating point
+   // precision problems
+   xMinI = (int)floor(xMin / splitPrecision) - 1;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910042212.x94MCiP2081442>