diff options
Diffstat (limited to 'extra/evince')
| -rw-r--r-- | extra/evince/security_issues_in_dvi-backend.patch | 97 | ||||
| -rw-r--r-- | extra/evince/update_to_poppler_api.patch | 58 |
2 files changed, 0 insertions, 155 deletions
diff --git a/extra/evince/security_issues_in_dvi-backend.patch b/extra/evince/security_issues_in_dvi-backend.patch deleted file mode 100644 index 691ee4190..000000000 --- a/extra/evince/security_issues_in_dvi-backend.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 8e473c9796b9a61b811213e7892fd36fd570303a Mon Sep 17 00:00:00 2001 -From: José Aliste <jaliste@src.gnome.org> -Date: Tue, 07 Dec 2010 18:56:47 +0000 -Subject: backends: Fix several security issues in the dvi-backend. - -See CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643. ---- -diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c -index 164366b..361e23d 100644 ---- a/backend/dvi/mdvi-lib/afmparse.c -+++ b/backend/dvi/mdvi-lib/afmparse.c -@@ -160,7 +160,7 @@ static char *token(FILE *stream) - - idx = 0; - while (ch != EOF && ch != ' ' && ch != lineterm -- && ch != '\t' && ch != ':' && ch != ';') -+ && ch != '\t' && ch != ':' && ch != ';' && idx < MAX_NAME) - { - ident[idx++] = ch; - ch = fgetc(stream); -diff --git a/backend/dvi/mdvi-lib/dviread.c b/backend/dvi/mdvi-lib/dviread.c -index 97b7b84..ac98068 100644 ---- a/backend/dvi/mdvi-lib/dviread.c -+++ b/backend/dvi/mdvi-lib/dviread.c -@@ -1537,6 +1537,10 @@ int special(DviContext *dvi, int opcode) - Int32 arg; - - arg = dugetn(dvi, opcode - DVI_XXX1 + 1); -+ if (arg <= 0) { -+ dvierr(dvi, _("malformed special length\n")); -+ return -1; -+ } - s = mdvi_malloc(arg + 1); - dread(dvi, s, arg); - s[arg] = 0; -diff --git a/backend/dvi/mdvi-lib/pk.c b/backend/dvi/mdvi-lib/pk.c -index a579186..08377e6 100644 ---- a/backend/dvi/mdvi-lib/pk.c -+++ b/backend/dvi/mdvi-lib/pk.c -@@ -469,6 +469,15 @@ static int pk_load_font(DviParams *unused, DviFont *font) - } - if(feof(p)) - break; -+ -+ /* Although the PK format support bigger char codes, -+ * XeTeX and other extended TeX engines support charcodes up to -+ * 65536, while normal TeX engine supports only charcode up to 255.*/ -+ if (cc < 0 || cc > 65536) { -+ mdvi_error (_("%s: unexpected charcode (%d)\n"), -+ font->fontname,cc); -+ goto error; -+ } - if(cc < loc) - loc = cc; - if(cc > hic) -@@ -512,7 +521,7 @@ static int pk_load_font(DviParams *unused, DviFont *font) - } - - /* resize font char data */ -- if(loc > 0 || hic < maxch-1) { -+ if(loc > 0 && hic < maxch-1) { - memmove(font->chars, font->chars + loc, - (hic - loc + 1) * sizeof(DviFontChar)); - font->chars = xresize(font->chars, -diff --git a/backend/dvi/mdvi-lib/tfmfile.c b/backend/dvi/mdvi-lib/tfmfile.c -index 73ebf26..8c2a30b 100644 ---- a/backend/dvi/mdvi-lib/tfmfile.c -+++ b/backend/dvi/mdvi-lib/tfmfile.c -@@ -172,7 +172,8 @@ int tfm_load_file(const char *filename, TFMInfo *info) - /* We read the entire TFM file into core */ - if(fstat(fileno(in), &st) < 0) - return -1; -- if(st.st_size == 0) -+ /* according to the spec, TFM files are smaller than 16K */ -+ if(st.st_size == 0 || st.st_size >= 16384) - goto bad_tfm; - - /* allocate a word-aligned buffer to hold the file */ -diff --git a/backend/dvi/mdvi-lib/vf.c b/backend/dvi/mdvi-lib/vf.c -index fb49847..a5ae3bb 100644 ---- a/backend/dvi/mdvi-lib/vf.c -+++ b/backend/dvi/mdvi-lib/vf.c -@@ -165,6 +165,12 @@ static int vf_load_font(DviParams *params, DviFont *font) - cc = fuget1(p); - tfm = fuget3(p); - } -+ if (cc < 0 || cc > 65536) { -+ /* TeX engines do not support char codes bigger than 65535 */ -+ mdvi_error(_("(vf) %s: unexpected character %d\n"), -+ font->fontname, cc); -+ goto error; -+ } - if(loc < 0 || cc < loc) - loc = cc; - if(hic < 0 || cc > hic) --- -cgit v0.8.3.1 diff --git a/extra/evince/update_to_poppler_api.patch b/extra/evince/update_to_poppler_api.patch deleted file mode 100644 index 29bcad6b9..000000000 --- a/extra/evince/update_to_poppler_api.patch +++ /dev/null @@ -1,58 +0,0 @@ -From f77e6cf4fd7fef49ac91d8c62b6a9a993529adb8 Mon Sep 17 00:00:00 2001 -From: Carlos Garcia Campos <carlosgc@gnome.org> -Date: Fri, 17 Sep 2010 11:21:16 +0000 -Subject: [pdf] Update to poppler api changes - -Linearized PopplerDocument property is now boolean rather than string. ---- -diff --git a/backend/pdf/ev-poppler.cc b/backend/pdf/ev-poppler.cc -index aa080e6..ced3ef7 100644 ---- a/backend/pdf/ev-poppler.cc -+++ b/backend/pdf/ev-poppler.cc -@@ -722,6 +722,9 @@ pdf_document_get_info (EvDocument *document) - PopplerPermissions permissions; - EvPage *page; - char *metadata; -+#ifdef HAVE_POPPLER_DOCUMENT_IS_LINEARIZED -+ gboolean linearized; -+#endif - - info = g_new0 (EvDocumentInfo, 1); - -@@ -758,7 +761,11 @@ pdf_document_get_info (EvDocument *document) - "producer", &(info->producer), - "creation-date", &(info->creation_date), - "mod-date", &(info->modified_date), -+#ifdef HAVE_POPPLER_DOCUMENT_IS_LINEARIZED -+ "linearized", &linearized, -+#else - "linearized", &(info->linearized), -+#endif - "metadata", &metadata, - NULL); - -@@ -864,6 +871,10 @@ pdf_document_get_info (EvDocument *document) - info->security = g_strdup (_("No")); - } - -+#ifdef HAVE_POPPLER_DOCUMENT_IS_LINEARIZED -+ info->linearized = linearized ? g_strdup (_("Yes")) : g_strdup (_("No")); -+#endif -+ - return info; - } - -diff --git a/configure.ac b/configure.ac -index 0faa16e..9619349 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -512,6 +512,7 @@ if test "x$enable_pdf" = "xyes"; then - AC_CHECK_FUNCS(poppler_page_get_text_layout) - AC_CHECK_FUNCS(poppler_page_get_selected_text) - AC_CHECK_FUNCS(poppler_page_add_annot) -+ AC_CHECK_FUNCS(poppler_document_is_linearized) - LIBS=$evince_save_LIBS - PKG_CHECK_MODULES(CAIRO_PDF, cairo-pdf, enable_cairo_pdf=yes, enable_cairo_pdf=no) - if test x$enable_cairo_pdf = xyes; then --- -cgit v0.8.3.1 |