[arch-commits] Commit in xpdf/trunk (PKGBUILD sanitize.patch)
Gaetan Bisson
bisson at nymeria.archlinux.org
Sun Sep 8 17:18:11 UTC 2013
Date: Sunday, September 8, 2013 @ 19:18:11
Author: bisson
Revision: 193957
fix FS#36818
Added:
xpdf/trunk/sanitize.patch
Modified:
xpdf/trunk/PKGBUILD
----------------+
PKGBUILD | 5 ++++-
sanitize.patch | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-09-08 00:58:33 UTC (rev 193956)
+++ PKGBUILD 2013-09-08 17:18:11 UTC (rev 193957)
@@ -6,7 +6,7 @@
pkgname=xpdf
#pkgver=3.03_pl1
pkgver=3.03
-pkgrel=3
+pkgrel=4
pkgdesc='Viewer for Portable Document Format (PDF) files'
url='http://www.foolabs.com/xpdf/'
license=('GPL2')
@@ -16,9 +16,11 @@
'desktop-file-utils: for desktop environments')
# "ftp://ftp.foolabs.com/pub/${pkgname}/${pkgname}-${pkgver%_*}pl1.patch"
source=("ftp://ftp.foolabs.com/pub/${pkgname}/${pkgname}-${pkgver%_*}.tar.gz"
+ 'sanitize.patch'
'char.patch'
'desktop')
sha1sums=('499423e8a795e0efd76ca798239eb4d0d52fe248'
+ '2face78a2f550fd15eeceb8a1ce47c566104f457'
'5c471944685a6b24a2b0c0e000562d1a3263aeeb'
'17ebbfe457cb92e97b12b7362e8ce961526012d9')
@@ -29,6 +31,7 @@
cd "${srcdir}/${pkgname}-${pkgver%_*}"
# patch -p1 -i "../${pkgname}-${_srcver}pl1.patch"
+ patch -p1 -i ../sanitize.patch
patch -p1 -i ../char.patch
sed -i 's:/usr/share/fonts/type1/gsfonts:/usr/share/fonts/Type1:' xpdf/GlobalParams.cc
Added: sanitize.patch
===================================================================
--- sanitize.patch (rev 0)
+++ sanitize.patch 2013-09-08 17:18:11 UTC (rev 193957)
@@ -0,0 +1,55 @@
+From 3945969e0072217c143fefa3044512a31ac2afa8 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 at hush.com>
+Date: Sun, 11 Aug 2013
+Subject: CVE-2012-2142
+
+Filter stuff that might end up in the shell to address CVE-2012-2142.
+This code was adapted from the Poppler project.
+---
+ Error.cc | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+--- a/xpdf/Error.cc 2013-08-11
++++ b/xpdf/Error.cc 2013-08-11
+@@ -43,7 +43,7 @@ void setErrorCallback(void (*cbk)(void *
+
+ void CDECL error(ErrorCategory category, int pos, const char *msg, ...) {
+ va_list args;
+- GString *s;
++ GString *s, *sanitized;
+
+ // NB: this can be called before the globalParams object is created
+ if (!errorCbk && globalParams && globalParams->getErrQuiet()) {
+@@ -52,17 +52,28 @@ void CDECL error(ErrorCategory category,
+ va_start(args, msg);
+ s = GString::formatv(msg, args);
+ va_end(args);
++
++ sanitized = new GString ();
++ for (int i = 0; i < s->getLength(); ++i) {
++ const char c = s->getChar(i);
++ if (c < (char)0x20 || c >= (char)0x7f) {
++ sanitized->appendf("<{0:02x}>", c & 0xff);
++ } else {
++ sanitized->append(c);
++ }
++ }
++
+ if (errorCbk) {
+- (*errorCbk)(errorCbkData, category, pos, s->getCString());
++ (*errorCbk)(errorCbkData, category, pos, sanitized->getCString());
+ } else {
+ if (pos >= 0) {
+ fprintf(stderr, "%s (%d): %s\n",
+- errorCategoryNames[category], pos, s->getCString());
++ errorCategoryNames[category], pos, sanitized->getCString());
+ } else {
+ fprintf(stderr, "%s: %s\n",
+- errorCategoryNames[category], s->getCString());
++ errorCategoryNames[category], sanitized->getCString());
+ }
+ fflush(stderr);
+ }
+- delete s;
++ delete sanitized;
+ }
More information about the arch-commits
mailing list