[xpdf/f13/master] apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704
Tom Callaway
spot at fedoraproject.org
Fri Oct 22 16:02:20 UTC 2010
commit 5740e198692ddbfa8a7d6a8f108688436b2dae58
Author: Tom "spot" Callaway <tcallawa at redhat.com>
Date: Fri Oct 22 12:02:20 2010 -0400
apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704
xpdf-3.02pl5.patch | 41 +++++++++++++++++++++++++++++++++++++++++
xpdf.spec | 8 +++++++-
2 files changed, 48 insertions(+), 1 deletions(-)
---
diff --git a/xpdf-3.02pl5.patch b/xpdf-3.02pl5.patch
new file mode 100644
index 0000000..558eac5
--- /dev/null
+++ b/xpdf-3.02pl5.patch
@@ -0,0 +1,41 @@
+*** xpdf-3.02.orig/xpdf/Gfx.cc Tue Feb 27 14:05:52 2007
+--- xpdf-3.02/xpdf/Gfx.cc Mon Oct 11 15:39:52 2010
+***************
+*** 461,466 ****
+--- 461,467 ----
+ baseMatrix[i] = state->getCTM()[i];
+ }
+ formDepth = 0;
++ parser = NULL;
+ abortCheckCbk = abortCheckCbkA;
+ abortCheckCbkData = abortCheckCbkDataA;
+
+***************
+*** 500,505 ****
+--- 501,507 ----
+ baseMatrix[i] = state->getCTM()[i];
+ }
+ formDepth = 0;
++ parser = NULL;
+ abortCheckCbk = abortCheckCbkA;
+ abortCheckCbkData = abortCheckCbkDataA;
+
+*** xpdf-3.02.orig/fofi/FoFiType1.cc Tue Feb 27 14:05:51 2007
+--- xpdf-3.02/fofi/FoFiType1.cc Mon Oct 11 15:44:13 2010
+***************
+*** 224,230 ****
+ code = code * 8 + (*p2 - '0');
+ }
+ }
+! if (code < 256) {
+ for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ if (*p == '/') {
+ ++p;
+--- 224,230 ----
+ code = code * 8 + (*p2 - '0');
+ }
+ }
+! if (code >= 0 && code < 256) {
+ for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ if (*p == '/') {
+ ++p;
diff --git a/xpdf.spec b/xpdf.spec
index e6eb8d3..5ea7dcf 100644
--- a/xpdf.spec
+++ b/xpdf.spec
@@ -1,7 +1,7 @@
Summary: A PDF file viewer for the X Window System
Name: xpdf
Version: 3.02
-Release: 15%{?dist}
+Release: 16%{?dist}
License: GPLv2
Epoch: 1
Url: http://www.foolabs.com/xpdf/
@@ -53,6 +53,7 @@ Patch100: xpdf-3.02pl1.patch
Patch101: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Patch102: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
Patch103: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
+Patch104: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
# Debian patches
Patch200: 02_permissions.dpatch
@@ -119,6 +120,7 @@ standard X fonts.
%patch101 -p1 -b .security2
%patch102 -p1 -b .security3
%patch103 -p1 -b .security4
+%patch104 -p1 -b .security5
# debian patches
%patch200 -p1 -b .permissions
@@ -273,6 +275,10 @@ update-desktop-database &> /dev/null ||:
%{_datadir}/xpdf/latin2
%changelog
+* Fri Oct 22 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1:3.02-16
+- apply xpdf-3.02pl5 security patch to fix:
+ CVE-2010-3702, CVS-2010-3704
+
* Fri Oct 16 2009 Tom "spot" Callaway <tcallawa at redhat.com> - 1:3.02-15
- apply xpdf-3.02pl4 security patch to fix:
CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606
More information about the scm-commits
mailing list