diff options
| author | root <root@rshg054.dnsready.net> | 2013-09-09 01:38:18 -0700 |
|---|---|---|
| committer | root <root@rshg054.dnsready.net> | 2013-09-09 01:38:18 -0700 |
| commit | 25f164e4d715807385e621f21bf1715d64d925a8 (patch) | |
| tree | 700c1c79cb2142522e303bd3ad24b470e1a78e64 /extra/xpdf | |
| parent | de304c3ed7036488819426771b7edd1897e2ba9a (diff) | |
Mon Sep 9 01:37:55 PDT 2013
Diffstat (limited to 'extra/xpdf')
| -rw-r--r-- | extra/xpdf/PKGBUILD | 7 | ||||
| -rw-r--r-- | extra/xpdf/sanitize.patch | 55 |
2 files changed, 60 insertions, 2 deletions
diff --git a/extra/xpdf/PKGBUILD b/extra/xpdf/PKGBUILD index 08574b777..5dbaf8468 100644 --- a/extra/xpdf/PKGBUILD +++ b/extra/xpdf/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 177029 2013-02-04 13:10:00Z bisson $ +# $Id: PKGBUILD 193958 2013-09-08 17:19:05Z bisson $ # Maintainer: Gaetan Bisson <bisson@archlinux.org> # Contributor: tobias <tobias@archlinux.org> # Contributor: Sarah Hay <sarahhay@mb.sympatico.ca> @@ -6,7 +6,7 @@ pkgname=xpdf #pkgver=3.03_pl1 pkgver=3.03 -pkgrel=3 +pkgrel=4 pkgdesc='Viewer for Portable Document Format (PDF) files' url='http://www.foolabs.com/xpdf/' license=('GPL2') @@ -16,9 +16,11 @@ optdepends=('poppler: tools that used to be included in xpdf' 'desktop-file-utils: for desktop environments') # "ftp://ftp.foolabs.com/pub/${pkgname}/${pkgname}-${pkgver%_*}pl1.patch" source=("ftp://ftp.foolabs.com/pub/${pkgname}/${pkgname}-${pkgver%_*}.tar.gz" + 'sanitize.patch' 'char.patch' 'desktop') sha1sums=('499423e8a795e0efd76ca798239eb4d0d52fe248' + '2face78a2f550fd15eeceb8a1ce47c566104f457' '5c471944685a6b24a2b0c0e000562d1a3263aeeb' '17ebbfe457cb92e97b12b7362e8ce961526012d9') @@ -29,6 +31,7 @@ build() { cd "${srcdir}/${pkgname}-${pkgver%_*}" # patch -p1 -i "../${pkgname}-${_srcver}pl1.patch" + patch -p1 -i ../sanitize.patch patch -p1 -i ../char.patch sed -i 's:/usr/share/fonts/type1/gsfonts:/usr/share/fonts/Type1:' xpdf/GlobalParams.cc diff --git a/extra/xpdf/sanitize.patch b/extra/xpdf/sanitize.patch new file mode 100644 index 000000000..891c41fd3 --- /dev/null +++ b/extra/xpdf/sanitize.patch @@ -0,0 +1,55 @@ +From 3945969e0072217c143fefa3044512a31ac2afa8 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Sun, 11 Aug 2013 +Subject: CVE-2012-2142 + +Filter stuff that might end up in the shell to address CVE-2012-2142. +This code was adapted from the Poppler project. +--- + Error.cc | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +--- a/xpdf/Error.cc 2013-08-11 ++++ b/xpdf/Error.cc 2013-08-11 +@@ -43,7 +43,7 @@ void setErrorCallback(void (*cbk)(void * + + void CDECL error(ErrorCategory category, int pos, const char *msg, ...) { + va_list args; +- GString *s; ++ GString *s, *sanitized; + + // NB: this can be called before the globalParams object is created + if (!errorCbk && globalParams && globalParams->getErrQuiet()) { +@@ -52,17 +52,28 @@ void CDECL error(ErrorCategory category, + va_start(args, msg); + s = GString::formatv(msg, args); + va_end(args); ++ ++ sanitized = new GString (); ++ for (int i = 0; i < s->getLength(); ++i) { ++ const char c = s->getChar(i); ++ if (c < (char)0x20 || c >= (char)0x7f) { ++ sanitized->appendf("<{0:02x}>", c & 0xff); ++ } else { ++ sanitized->append(c); ++ } ++ } ++ + if (errorCbk) { +- (*errorCbk)(errorCbkData, category, pos, s->getCString()); ++ (*errorCbk)(errorCbkData, category, pos, sanitized->getCString()); + } else { + if (pos >= 0) { + fprintf(stderr, "%s (%d): %s\n", +- errorCategoryNames[category], pos, s->getCString()); ++ errorCategoryNames[category], pos, sanitized->getCString()); + } else { + fprintf(stderr, "%s: %s\n", +- errorCategoryNames[category], s->getCString()); ++ errorCategoryNames[category], sanitized->getCString()); + } + fflush(stderr); + } +- delete s; ++ delete sanitized; + } |