[notify] qpdf: update to 7.0.0
new ABI, rebuild of dependent ports like cups-filters required.
This commit is contained in:
parent
bb945e9c83
commit
adc657bc7a
@ -15,8 +15,10 @@ drwxr-xr-x root/root usr/include/qpdf/
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_Buffer.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_Concatenate.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_Count.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_DCT.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_Discard.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_Flate.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_RunLength.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/Pl_StdioFile.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/PointerHolder.hh
|
||||
-rw-r--r-- root/root usr/include/qpdf/QPDF.hh
|
||||
@ -35,9 +37,9 @@ drwxr-xr-x root/root usr/include/qpdf/
|
||||
drwxr-xr-x root/root usr/lib/
|
||||
-rw-r--r-- root/root usr/lib/libqpdf.a
|
||||
-rwxr-xr-x root/root usr/lib/libqpdf.la
|
||||
lrwxrwxrwx root/root usr/lib/libqpdf.so -> libqpdf.so.17.0.0
|
||||
lrwxrwxrwx root/root usr/lib/libqpdf.so.17 -> libqpdf.so.17.0.0
|
||||
-rwxr-xr-x root/root usr/lib/libqpdf.so.17.0.0
|
||||
lrwxrwxrwx root/root usr/lib/libqpdf.so -> libqpdf.so.18.1.0
|
||||
lrwxrwxrwx root/root usr/lib/libqpdf.so.18 -> libqpdf.so.18.1.0
|
||||
-rwxr-xr-x root/root usr/lib/libqpdf.so.18.1.0
|
||||
drwxr-xr-x root/root usr/lib/pkgconfig/
|
||||
-rw-r--r-- root/root usr/lib/pkgconfig/libqpdf.pc
|
||||
drwxr-xr-x root/root usr/share/
|
||||
|
@ -1,5 +1 @@
|
||||
b3cc65446adae1fe4f164c010c59f64b qpdf-6.0.0-CVE-2017-9208.patch
|
||||
491486ccdfddc450f2c3b1414eb369f9 qpdf-6.0.0-CVE-2017-9209.patch
|
||||
5713ad31faa151c1b7bd9064d820a367 qpdf-6.0.0-CVE-2017-9210.patch
|
||||
c9457b6f4430f43fe7aaad93736bd67a qpdf-6.0.0-detect-recursions.patch
|
||||
e014bd3ecf1c4d1a520bbc14d84ac20e qpdf-6.0.0.tar.gz
|
||||
c3ff408f69b3a6b2b3b4c8b373b2600c qpdf-7.0.0.tar.gz
|
||||
|
@ -1,9 +1,5 @@
|
||||
untrusted comment: verify with /etc/ports/opt.pub
|
||||
RWSE3ohX2g5d/YJAZhWWLZUYLWPRsCYcpW33dackFko68OVeTlSx977CZXMi01uWOhIRVZAponEIRQ+ErUE0c9M3DfH0TTArwwY=
|
||||
SHA256 (Pkgfile) = 48ab28428f3d935db825606f899011eba69f135142a808536958b0a8e6528bad
|
||||
SHA256 (.footprint) = 85e6362fb2da951b8318d1de30c3cb3607fb78de108a8348944a3cb992cd37c3
|
||||
SHA256 (qpdf-6.0.0.tar.gz) = a9fdc7e94d38fcd3831f37b6e0fe36492bf79aa6d54f8f66062cf7f9c4155233
|
||||
SHA256 (qpdf-6.0.0-detect-recursions.patch) = 4c59e1ca6f7a209a07191ffacac0e28f8d70345801e282493e52cbce76c15a8e
|
||||
SHA256 (qpdf-6.0.0-CVE-2017-9208.patch) = 0e2bce8c860aec84dff69739020c7320266f188dd5dfa7eb8e6fc8655d462014
|
||||
SHA256 (qpdf-6.0.0-CVE-2017-9209.patch) = 743aa98868aa887abeeaa3b3f4ec35efd9499bb80b3c1c72410afc064d7cc846
|
||||
SHA256 (qpdf-6.0.0-CVE-2017-9210.patch) = aff1f8ee13e7436d9982e14d5836172ff0236cb14b48e37c000ae7304185efde
|
||||
RWSE3ohX2g5d/dhTWsdq7DUedHp94d5JcFxreY7dhB53gVBvu0Ja0NKXbRGNE3UstEf13Mo/faxXaxjCSG2Oq86QrLMjh01CuAs=
|
||||
SHA256 (Pkgfile) = 9b40ed6dd990a05259c6b9f87261b3bb8534f6622df621d2ba590ad6782302ac
|
||||
SHA256 (.footprint) = f0b4062eff41f36629fff06cbbb36b8c6c4182a849cd54e619cd457c246242a7
|
||||
SHA256 (qpdf-7.0.0.tar.gz) = fed08de14caad0fe5efd148d9eca886d812588b2cbb35d13e61993ee8eb8c65f
|
||||
|
16
qpdf/Pkgfile
16
qpdf/Pkgfile
@ -4,22 +4,12 @@
|
||||
# Depends on: libpcre zlib
|
||||
|
||||
name=qpdf
|
||||
version=6.0.0
|
||||
release=3
|
||||
source=(http://downloads.sourceforge.net/project/$name/$name/$version/$name-$version.tar.gz
|
||||
qpdf-6.0.0-detect-recursions.patch
|
||||
qpdf-6.0.0-CVE-2017-9208.patch
|
||||
qpdf-6.0.0-CVE-2017-9209.patch
|
||||
qpdf-6.0.0-CVE-2017-9210.patch)
|
||||
version=7.0.0
|
||||
release=1
|
||||
source=(http://downloads.sourceforge.net/project/$name/$name/$version/$name-$version.tar.gz)
|
||||
|
||||
build() {
|
||||
cd $name-$version
|
||||
|
||||
patch -p1 -i $SRC/qpdf-6.0.0-detect-recursions.patch
|
||||
patch -p1 -i $SRC/qpdf-6.0.0-CVE-2017-9208.patch
|
||||
patch -p1 -i $SRC/qpdf-6.0.0-CVE-2017-9209.patch
|
||||
patch -p1 -i $SRC/qpdf-6.0.0-CVE-2017-9210.patch
|
||||
|
||||
./configure --prefix=/usr
|
||||
make
|
||||
make DESTDIR=$PKG install
|
||||
|
@ -1,36 +0,0 @@
|
||||
diff -up qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9208 qpdf-6.0.0/libqpdf/QPDF.cc
|
||||
--- qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9208 2017-08-03 08:53:32.806072781 +0200
|
||||
+++ qpdf-6.0.0/libqpdf/QPDF.cc 2017-08-03 08:55:39.529073703 +0200
|
||||
@@ -1340,6 +1340,13 @@ QPDF::readObjectAtOffset(bool try_recove
|
||||
objid = atoi(tobjid.getValue().c_str());
|
||||
generation = atoi(tgen.getValue().c_str());
|
||||
|
||||
+ if (objid == 0)
|
||||
+ {
|
||||
+ throw QPDFExc(qpdf_e_damaged_pdf, this->file->getName(),
|
||||
+ this->last_object_description, offset,
|
||||
+ "object with ID 0");
|
||||
+ }
|
||||
+
|
||||
if ((exp_objid >= 0) &&
|
||||
(! ((objid == exp_objid) && (generation == exp_generation))))
|
||||
{
|
||||
diff -up qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9208 qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc
|
||||
--- qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9208 2015-11-10 18:48:52.000000000 +0100
|
||||
+++ qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc 2017-08-03 08:54:50.264499428 +0200
|
||||
@@ -1090,6 +1090,15 @@ QPDFObjectHandle::parseInternal(PointerH
|
||||
QPDFObjectHandle
|
||||
QPDFObjectHandle::newIndirect(QPDF* qpdf, int objid, int generation)
|
||||
{
|
||||
+ if (objid == 0)
|
||||
+ {
|
||||
+ // Special case: QPDF uses objid 0 as a sentinel for direct
|
||||
+ // objects, and the PDF specification doesn't allow for object
|
||||
+ // 0. Treat indirect references to object 0 as null so that we
|
||||
+ // never create an indirect object with objid 0.
|
||||
+ return newNull();
|
||||
+ }
|
||||
+
|
||||
return QPDFObjectHandle(qpdf, objid, generation);
|
||||
}
|
||||
|
@ -1,37 +0,0 @@
|
||||
diff -up qpdf-6.0.0/include/qpdf/QPDF.hh.CVE-2017-9209 qpdf-6.0.0/include/qpdf/QPDF.hh
|
||||
--- qpdf-6.0.0/include/qpdf/QPDF.hh.CVE-2017-9209 2017-08-03 10:00:17.489291722 +0200
|
||||
+++ qpdf-6.0.0/include/qpdf/QPDF.hh 2017-08-03 10:00:17.494291685 +0200
|
||||
@@ -1095,6 +1095,7 @@ class QPDF
|
||||
// copied_stream_data_provider is owned by copied_streams
|
||||
CopiedStreamDataProvider* copied_stream_data_provider;
|
||||
std::set<QPDFObjGen> attachment_streams;
|
||||
+ bool reconstructed_xref;
|
||||
|
||||
// Linearization data
|
||||
qpdf_offset_t first_xref_item_offset; // actual value from file
|
||||
diff -up qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9209 qpdf-6.0.0/libqpdf/QPDF.cc
|
||||
--- qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9209 2017-08-03 10:00:17.491291707 +0200
|
||||
+++ qpdf-6.0.0/libqpdf/QPDF.cc 2017-08-03 10:01:43.243661883 +0200
|
||||
@@ -93,6 +93,7 @@ QPDF::QPDF() :
|
||||
cached_key_generation(0),
|
||||
pushed_inherited_attributes_to_pages(false),
|
||||
copied_stream_data_provider(0),
|
||||
+ reconstructed_xref(false),
|
||||
first_xref_item_offset(0),
|
||||
uncompressed_after_compressed(false)
|
||||
{
|
||||
@@ -331,6 +332,14 @@ QPDF::setTrailer(QPDFObjectHandle obj)
|
||||
void
|
||||
QPDF::reconstruct_xref(QPDFExc& e)
|
||||
{
|
||||
+ if (this->reconstructed_xref)
|
||||
+ {
|
||||
+ // Avoid xref reconstruction infinite loops
|
||||
+ throw e;
|
||||
+ }
|
||||
+
|
||||
+ this->reconstructed_xref = true;
|
||||
+
|
||||
PCRE obj_re("^\\s*(\\d+)\\s+(\\d+)\\s+obj\\b");
|
||||
PCRE endobj_re("^\\s*endobj\\b");
|
||||
PCRE trailer_re("^\\s*trailer\\b");
|
@ -1,13 +0,0 @@
|
||||
diff -up qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9210 qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc
|
||||
--- qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9210 2017-08-03 10:09:46.670111267 +0200
|
||||
+++ qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc 2017-08-03 10:10:56.430600663 +0200
|
||||
@@ -1076,8 +1076,7 @@ QPDFObjectHandle::parseInternal(PointerH
|
||||
throw QPDFExc(
|
||||
qpdf_e_damaged_pdf,
|
||||
input->getName(), object_description, offset,
|
||||
- std::string("dictionary key not name (") +
|
||||
- key_obj.unparse() + ")");
|
||||
+ std::string("dictionary key is not not a name token"));
|
||||
}
|
||||
dict[key_obj.getName()] = val;
|
||||
}
|
@ -1,61 +0,0 @@
|
||||
diff -up qpdf-6.0.0/include/qpdf/QPDF.hh.detect-recursions qpdf-6.0.0/include/qpdf/QPDF.hh
|
||||
--- qpdf-6.0.0/include/qpdf/QPDF.hh.detect-recursions 2015-11-10 18:48:52.000000000 +0100
|
||||
+++ qpdf-6.0.0/include/qpdf/QPDF.hh 2017-08-02 08:41:17.500831407 +0200
|
||||
@@ -603,6 +603,25 @@ class QPDF
|
||||
int gen;
|
||||
};
|
||||
|
||||
+ class ResolveRecorder
|
||||
+ {
|
||||
+ public:
|
||||
+ ResolveRecorder(QPDF* qpdf, QPDFObjGen const& og) :
|
||||
+ qpdf(qpdf),
|
||||
+ og(og)
|
||||
+ {
|
||||
+ qpdf->resolving.insert(og);
|
||||
+ }
|
||||
+ virtual ~ResolveRecorder()
|
||||
+ {
|
||||
+ this->qpdf->resolving.erase(og);
|
||||
+ }
|
||||
+ private:
|
||||
+ QPDF* qpdf;
|
||||
+ QPDFObjGen og;
|
||||
+ };
|
||||
+ friend class ResolveRecorder;
|
||||
+
|
||||
void parse(char const* password);
|
||||
void warn(QPDFExc const& e);
|
||||
void setTrailer(QPDFObjectHandle obj);
|
||||
@@ -1065,6 +1084,7 @@ class QPDF
|
||||
std::map<QPDFObjGen, QPDFXRefEntry> xref_table;
|
||||
std::set<int> deleted_objects;
|
||||
std::map<QPDFObjGen, ObjCache> obj_cache;
|
||||
+ std::set<QPDFObjGen> resolving;
|
||||
QPDFObjectHandle trailer;
|
||||
std::vector<QPDFObjectHandle> all_pages;
|
||||
std::map<QPDFObjGen, int> pageobj_to_pages_pos;
|
||||
diff -up qpdf-6.0.0/libqpdf/QPDF.cc.detect-recursions qpdf-6.0.0/libqpdf/QPDF.cc
|
||||
--- qpdf-6.0.0/libqpdf/QPDF.cc.detect-recursions 2015-11-10 18:48:52.000000000 +0100
|
||||
+++ qpdf-6.0.0/libqpdf/QPDF.cc 2017-08-02 08:42:19.070393817 +0200
|
||||
@@ -1453,6 +1453,20 @@ QPDF::resolve(int objid, int generation)
|
||||
// to insert things into the object cache that don't actually
|
||||
// exist in the file.
|
||||
QPDFObjGen og(objid, generation);
|
||||
+ if (this->resolving.count(og))
|
||||
+ {
|
||||
+ // This can happen if an object references itself directly or
|
||||
+ // indirectly in some key that has to be resolved during
|
||||
+ // object parsing, such as stream length.
|
||||
+ warn(QPDFExc(qpdf_e_damaged_pdf, this->file->getName(),
|
||||
+ "", this->file->getLastOffset(),
|
||||
+ "loop detected resolving object " +
|
||||
+ QUtil::int_to_string(objid) + " " +
|
||||
+ QUtil::int_to_string(generation)));
|
||||
+ return new QPDF_Null;
|
||||
+ }
|
||||
+ ResolveRecorder rr(this, og);
|
||||
+
|
||||
if (! this->obj_cache.count(og))
|
||||
{
|
||||
if (! this->xref_table.count(og))
|
Loading…
Reference in New Issue
Block a user