[xpdf/f13/master] apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704

Tom Callaway spot at fedoraproject.org
Fri Oct 22 16:02:20 UTC 2010


commit 5740e198692ddbfa8a7d6a8f108688436b2dae58
Author: Tom "spot" Callaway <tcallawa at redhat.com>
Date:   Fri Oct 22 12:02:20 2010 -0400

    apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704

 xpdf-3.02pl5.patch |   41 +++++++++++++++++++++++++++++++++++++++++
 xpdf.spec          |    8 +++++++-
 2 files changed, 48 insertions(+), 1 deletions(-)
---
diff --git a/xpdf-3.02pl5.patch b/xpdf-3.02pl5.patch
new file mode 100644
index 0000000..558eac5
--- /dev/null
+++ b/xpdf-3.02pl5.patch
@@ -0,0 +1,41 @@
+*** xpdf-3.02.orig/xpdf/Gfx.cc	Tue Feb 27 14:05:52 2007
+--- xpdf-3.02/xpdf/Gfx.cc	Mon Oct 11 15:39:52 2010
+***************
+*** 461,466 ****
+--- 461,467 ----
+      baseMatrix[i] = state->getCTM()[i];
+    }
+    formDepth = 0;
++   parser = NULL;
+    abortCheckCbk = abortCheckCbkA;
+    abortCheckCbkData = abortCheckCbkDataA;
+  
+***************
+*** 500,505 ****
+--- 501,507 ----
+      baseMatrix[i] = state->getCTM()[i];
+    }
+    formDepth = 0;
++   parser = NULL;
+    abortCheckCbk = abortCheckCbkA;
+    abortCheckCbkData = abortCheckCbkDataA;
+  
+*** xpdf-3.02.orig/fofi/FoFiType1.cc	Tue Feb 27 14:05:51 2007
+--- xpdf-3.02/fofi/FoFiType1.cc	Mon Oct 11 15:44:13 2010
+***************
+*** 224,230 ****
+  		code = code * 8 + (*p2 - '0');
+  	      }
+  	    }
+! 	    if (code < 256) {
+  	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+  	      if (*p == '/') {
+  		++p;
+--- 224,230 ----
+  		code = code * 8 + (*p2 - '0');
+  	      }
+  	    }
+! 	    if (code >= 0 && code < 256) {
+  	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+  	      if (*p == '/') {
+  		++p;
diff --git a/xpdf.spec b/xpdf.spec
index e6eb8d3..5ea7dcf 100644
--- a/xpdf.spec
+++ b/xpdf.spec
@@ -1,7 +1,7 @@
 Summary: A PDF file viewer for the X Window System
 Name: xpdf
 Version: 3.02
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2
 Epoch: 1
 Url: http://www.foolabs.com/xpdf/
@@ -53,6 +53,7 @@ Patch100: xpdf-3.02pl1.patch
 Patch101: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
 Patch102: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
 Patch103: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
+Patch104: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
 
 # Debian patches
 Patch200: 02_permissions.dpatch
@@ -119,6 +120,7 @@ standard X fonts.
 %patch101 -p1 -b .security2
 %patch102 -p1 -b .security3
 %patch103 -p1 -b .security4
+%patch104 -p1 -b .security5
 
 # debian patches
 %patch200 -p1 -b .permissions
@@ -273,6 +275,10 @@ update-desktop-database &> /dev/null ||:
 %{_datadir}/xpdf/latin2
 
 %changelog
+* Fri Oct 22 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1:3.02-16
+- apply xpdf-3.02pl5 security patch to fix:
+  CVE-2010-3702, CVS-2010-3704
+
 * Fri Oct 16 2009 Tom "spot" Callaway <tcallawa at redhat.com> - 1:3.02-15
 - apply xpdf-3.02pl4 security patch to fix:
   CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606


More information about the scm-commits mailing list