--- poppler-0.8.7.orig/debian/copyright +++ poppler-0.8.7/debian/copyright @@ -0,0 +1,27 @@ +This package was debianized by Changwoo Ryu . + +It was downloaded from http://poppler.freedesktop.org + +Copyright: + Copyright (C) 1996-2003 Glyph & Cog, LLC + +Upstream Author: + Kristian Høgsberg + +License: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. --- poppler-0.8.7.orig/debian/libpoppler3.install +++ poppler-0.8.7/debian/libpoppler3.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler.so.* --- poppler-0.8.7.orig/debian/libpoppler-glib-dev.install +++ poppler-0.8.7/debian/libpoppler-glib-dev.install @@ -0,0 +1,6 @@ +debian/tmp/usr/share/gtk-doc/html/poppler/ usr/share/doc/libpoppler-glib-dev/html/ +debian/tmp/usr/include/poppler/glib/ +debian/tmp/usr/lib/libpoppler-glib.a +debian/tmp/usr/lib/libpoppler-glib.so +debian/tmp/usr/lib/pkgconfig/poppler-glib.pc +glib/.libs/test-poppler-glib usr/lib/poppler --- poppler-0.8.7.orig/debian/libpoppler-qt-dev.install +++ poppler-0.8.7/debian/libpoppler-qt-dev.install @@ -0,0 +1,4 @@ +debian/tmp/usr/include/poppler/qt3 +debian/tmp/usr/lib/libpoppler-qt.a +debian/tmp/usr/lib/libpoppler-qt.so +debian/tmp/usr/lib/pkgconfig/poppler-qt.pc --- poppler-0.8.7.orig/debian/libpoppler-glib-dev.links +++ poppler-0.8.7/debian/libpoppler-glib-dev.links @@ -0,0 +1 @@ +usr/share/doc/libpoppler-glib-dev/html/poppler usr/share/gtk-doc/html/poppler --- poppler-0.8.7.orig/debian/libpoppler-qt4-3.install +++ poppler-0.8.7/debian/libpoppler-qt4-3.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler-qt4.so.* --- poppler-0.8.7.orig/debian/control +++ poppler-0.8.7/debian/control @@ -0,0 +1,150 @@ +Source: poppler +Section: devel +Priority: optional +Maintainer: Loic Minier +Uploaders: Josselin Mouette , + Dave Beckett , + Ross Burton +Build-Depends: cdbs (>= 0.4.52), + debhelper (>= 5), + autotools-dev, + gnome-pkg-tools, + libglib2.0-dev (>= 2.6), + libgtk2.0-dev (>= 2.4.0), + libfontconfig1-dev, + libqt3-mt-dev (>= 3:3.3.4-4), + libqt4-dev, + libglade2-dev, + libcairo2-dev (>= 1.4), + gtk-doc-tools (>= 1.0), + pkg-config (>= 0.18) +Standards-Version: 3.8.0 + +Package: libpoppler3 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the shared library. + +Package: libpoppler-dev +Architecture: any +Section: libdevel +Depends: libpoppler3 (= ${binary:Version}), + libfontconfig1-dev, + ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library -- development files + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the headers and development libraries needed to + build applications using Poppler. + +Package: libpoppler-glib3 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library (GLib-based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the GLib-based shared library for applications + using the GLib interface to Poppler. + +Package: libpoppler-glib-dev +Architecture: any +Section: libdevel +Depends: libpoppler-glib3 (= ${binary:Version}), + libpoppler-dev (= ${binary:Version}), + libglib2.0-dev (>= 2.6), + libpango1.0-dev, + libcairo2-dev (>= 1.4), + ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library -- development files (GLib interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a GLib-style interface to Poppler. + +Package: libpoppler-qt2 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library (Qt 3 based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the Qt 3 based shared library for applications + using the Qt 3 interface to Poppler. + +Package: libpoppler-qt-dev +Architecture: any +Section: libdevel +Depends: libpoppler-qt2 (= ${binary:Version}), + libpoppler-dev (= ${binary:Version}), + libqt3-mt-dev, + ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library -- development files (Qt 3 interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a Qt 3 style interface to Poppler. + +Package: libpoppler-qt4-3 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library (Qt 4 based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the Qt 4 based shared library for applications + using the Qt 4 interface to Poppler. + +Package: libpoppler-qt4-dev +Architecture: any +Section: libdevel +Depends: libpoppler-qt4-3 (= ${binary:Version}), + libpoppler-dev (= ${binary:Version}), + libqt4-dev, + ${shlibs:Depends}, + ${misc:Depends} +Description: PDF rendering library -- development files (Qt 4 interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a Qt 4 style interface to Poppler. + +Package: poppler-utils +Architecture: any +Section: utils +Depends: ${shlibs:Depends}, + ${misc:Depends} +Recommends: ghostscript +Conflicts: xpdf-utils, + pdftohtml (<< 0.36-14) +Replaces: xpdf-utils, + pdftohtml, + xpdf-reader +Provides: xpdf-utils, + pdftohtml +Description: PDF utilitites (based on libpoppler) + This package contains pdftops (PDF to PostScript converter), pdfinfo + (PDF document information extractor), pdfimages (PDF image extractor), + pdftohtml (PDF to HTML converter), pdftotext (PDF to text converter), + and pdffonts (PDF font analyzer). + +Package: poppler-dbg +Architecture: any +Section: libs +Priority: extra +Depends: ${misc:Depends}, + libpoppler3 (= ${binary:Version}), + ${shlibs:Depends} +Description: PDF rendering library - detached debugging symbols + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the detached debugging symbols. + --- poppler-0.8.7.orig/debian/libpoppler-dev.install +++ poppler-0.8.7/debian/libpoppler-dev.install @@ -0,0 +1,8 @@ +poppler/*.h usr/include/poppler/ +goo/*.h usr/include/poppler/goo/ +splash/*.h usr/include/poppler/splash/ +debian/tmp/usr/lib/libpoppler.a +debian/tmp/usr/lib/libpoppler.so +debian/tmp/usr/lib/pkgconfig/poppler.pc +debian/tmp/usr/lib/pkgconfig/poppler-splash.pc +debian/tmp/usr/lib/pkgconfig/poppler-cairo.pc --- poppler-0.8.7.orig/debian/docs +++ poppler-0.8.7/debian/docs @@ -0,0 +1,5 @@ +AUTHORS +NEWS +README +README-XPDF +TODO --- poppler-0.8.7.orig/debian/changelog +++ poppler-0.8.7/debian/changelog @@ -0,0 +1,588 @@ +poppler (0.8.7-4) stable-security; urgency=high + + * CVE-2010-3702 CVE-2010-3704 + + -- Moritz Muehlenhoff Wed, 06 Oct 2010 21:31:29 +0000 + +poppler (0.8.7-3.1) stable-proposed-updates; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix integer overflow in SplashBitmap::SplashBitmap leading to a + heap-based buffer overflow resulting in arbitrary code execution via + crafted pdf files (CVE-2009-1188; Closes: #524806). + + -- Luciano Bello Mon, 22 Mar 2010 11:21:14 -0300 + +poppler (0.8.7-3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2009-3603 to CVE-2009-3609, CVE-2009-0755. Based on patches + by Marc Deslauriers + * Fix CVE-2009-3938 + + -- Moritz Muehlenhoff Tue, 24 Nov 2009 21:54:26 +0100 + +poppler (0.8.7-2) stable; urgency=high + + * 11_JBIG2_CVEs.patch: backport several fixes related to parsing of + broken JBIG2 files. + CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, + CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, + CVE-2009-1188. + + -- Josselin Mouette Fri, 17 Apr 2009 11:07:07 +0200 + +poppler (0.8.7-1) unstable; urgency=low + + * Bump up Standards-Version to 3.8.0. + * New patch, 61_manpages-hyphens, fixes escaping of hyphens in man pages; + FreeDesktop #17225. + * New patch, 62_pdftops-mandatory-arg, fixes synopsis of pdftops in man page + to clarify that a PDF file is required in all cases; FreeDesktop #17226; + closes: #491816. + * Build-dep on cdbs (>= 0.4.52) and add a lintian override with rationale + for the following lintian warning: + W: poppler-dbg: dbg-package-missing-depends poppler + * Add xrefs and CVE for #489756 in 0.8.5-1 as I didn't merge the 0.8.4-1.1 + NMU. + * New upstream release; no API change, bug fixes. + + -- Loic Minier Wed, 20 Aug 2008 17:36:12 +0200 + +poppler (0.8.6-1) unstable; urgency=low + + * Fix /usr/share/gtk-doc/html/poppler symlink to point at + /usr/share/doc/libpoppler-glib-dev/html/poppler instead of + /usr/share/doc/libpoppler-glib-dev/html; LP: #226677. + * New upstream stable release; bug fixes, no API change. + * New patch, 60_manpages-cfg-flag, drop unimplemented -cfg flag from man + pages; FreeDesktop #17222; closes: #461961. + * Rename patch 001_jpxstream_int_crash to 10_jpxstream_int_crash as we don't + have that many patches; also add upstream bug id (FreeDesktop #5667) and + refresh to apply cleanly. + * Build-dep on pkg-config >= 0.18 to make sure -lpoppler is only in + poppler-qt's Libs.private (it already is though); closes: #360595. + + -- Loic Minier Fri, 01 Aug 2008 15:04:05 +0200 + +poppler (0.8.5-1) unstable; urgency=low + + * New upstream release; no API changes, misc fixes. + - Initializes pageWidgets in Page.cc, otherwise it can be a rubbish + pointer as Annots is not a valid object; upstream commit + fd0bf8b05cb155e2f29df31fa01964b12e710b89; CVE-2008-2950; + closes: #489756. + + -- Loic Minier Wed, 30 Jul 2008 14:52:42 +0200 + +poppler (0.8.4-1) unstable; urgency=low + + * New upstream release; no API change. + - Fixes crash when reloading PDFs; GNOME #536482; closes: 484160. + + -- Loic Minier Mon, 30 Jun 2008 10:44:16 +0200 + +poppler (0.8.3-1) unstable; urgency=low + + * New upstream release. Closes: #487214. + + Fix crasher with some PDF files. Closes: #484224. + + -- Josselin Mouette Wed, 25 Jun 2008 16:40:39 +0200 + +poppler (0.8.2-2) unstable; urgency=low + + * Upload to unstable. + * Set myself as Maintainer instead of Uploader, taking over from Ondřej Surý + but I wish we move to an official team; closes: #481323. + + -- Loic Minier Thu, 15 May 2008 12:33:18 +0200 + +poppler (0.8.2-1) experimental; urgency=low + + * New upstream releases. + - Drop patch 006_pthreads_ldflags, upstream now calls ACX_PTHREAD() in + configure.ac which does the right thing. + - Drop patch 102_embedded-font-fixes, merged upstream. + + -- Loic Minier Sun, 11 May 2008 01:02:22 +0200 + +poppler (0.8.0-1) experimental; urgency=low + + * Bump libcairo2-dev build-dep and dep to >= 1.4; thanks + Marc 'HE' Brockschmidt. + * New upstream stable release, with ABI and API changes; closes: #476323. + - Rename libpoppler2 to libpoppler3, libpoppler-glib2 to libpoppler-glib3, + and libpoppler-qt4-2 to libpoppler-qt4-3; NB: libpoppler-qt2 not + renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, rename + install files. + - Drop shlib version except for libpoppler-qt2. + - Update patch 006_pthreads_ldflags for the version-info changes in + poppler/Makefile.am. + - Force usage of qt4's moc via a PATH setting; export PATH. + * Let libpoppler-glib-dev depend on libglib2.0-dev >= 2.6 for consistency + with build-deps. + * New patch, 102_embedded-font-fixes; protects the methods of the Object + class to be more robust and prevent things like CVE-2008-1693; see also + FreeDesktop/Poppler #11392; taken from the Ubuntu package; + closes: #476842. + * Add a poppler-dbg package; closes: #408403. + - Bump up cdbs build-dep to >= 0.4.51 for -dbg handling fixes. + - Add poppler-dbg to control. + + -- Loic Minier Mon, 17 Mar 2008 21:00:13 +0100 + +poppler (0.6.4-1) unstable; urgency=medium + + * Add ${shlibs:Depends} to libpoppler-glib-dev, libpoppler-dev, + libpoppler-qt-dev, libpoppler-qt4-dev. + * Add ${misc:Depends}. + * Cleanups. + * New upstream releases; no API change; bug fixes; closes: #459342. + * Fix copyright information to use version 2 of the GPL (instead of version 2 + or later); thanks Timo Jyrinki for the patch; closes: #453865. + * Urgency medium for RC bug fix. + * List pdftohtml in poppler-utils' description; closes: #464439. + * Drop libpoppler-qt-dev dependency from libpoppler-qt4-dev; thanks + Pino Toscano; closes: #459922. + * Bump up Standards-Version to 3.7.3. + + -- Loic Minier Fri, 18 Jan 2008 13:35:06 +0100 + +poppler (0.6.2-1) unstable; urgency=low + + * New upstream version. (Closes: #447992) + * Dependency on xpdfrc was removed on 2007-02-25 (Closes: #347789, #440936) + * Changes since 0.6.1: + - Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (Closes: #450628) + - Fix a crash on documents with wrong CCITTFaxStream + - Fix a crash in the Cairo renderer with invalid embedded fonts + - Fix a crash with invalid TrueType fonts + - Check if font is inside the clip area before rendering + it to a temporary bitmap in the Splash renderer. Fixes crashes on + incorrect documents + - Do not use exit(1) on DCTStream errors + - Detect form fields at any depth level + - Do not generate appearance stream for radio buttons that are not active + + -- Ondřej Surý Wed, 14 Nov 2007 11:20:07 +0100 + +poppler (0.6.1-2) unstable; urgency=low + + * Upload to unstable. + + -- Ondřej Surý Tue, 06 Nov 2007 09:07:10 +0100 + +poppler (0.6.1-1) experimental; urgency=low + + * New upstream version. + * Changes since 0.6.0: + - poppler core: + + Fix printing with different x and y scale + + Fix crash when Form Fields array contains references to non + existent objects + + Fix crash in CairoOutputDev::drawMaskedImage() + + Fix embedded file description not working on some cases + - Qt4 frontend: + + Fix printing issue + + Avoid double free + + Fix memory leak when dealing with embedded files + - glib frontend: + + Fix build with --disable-cairo-output + + Do not return unknown field type for signature form fields + - build system: + + Support automake-1.10 + + More compatible sh code in qt.m4 + - utils: + + Fix build on Sun Studio compiler + + -- Ondřej Surý Thu, 25 Oct 2007 11:33:04 +0200 + +poppler (0.6-1) experimental; urgency=low + + * New upstream release. (Closes: #429700) + - merged changes from Ubuntu, courtesy of Sebastien Bacher + - Fix security issue MOAB-06-01-2007 + - Fix security issue CVE-2007-3387 + - Fix security issue CVE-2007-5049 (Closes: #443903) + * debian/watch: + - update (Closes: #441012) + * debian/control, debian/libpoppler2.install, debian/libpoppler-glib2.install, + debian/libpoppler-qt2.install, debian/libpoppler-qt4-2.install, + debian/rules: + - updated for soname change + * debian/libpoppler-glib-dev.install: + - install new test-poppler-glib + * debian/patches/002_CVE-2006-0301.patch: + - dropped, deprecated by the upstream changes + * debian/patches/003_glib-2.0-configure.patch: + * debian/patches/004_CVE-2007-0104.patch: + * debian/patches/005_fix_inverted_text_from_bug_8944.patch: + - dropped, fixed with the new version + * debian/patches/006_pthreads_ldflags.patch: + - updated + + -- Ondřej Surý Thu, 27 Sep 2007 09:03:33 +0200 + +poppler (0.5.4-6) unstable; urgency=low + + * Conflict with old library names from experimental. (Closes: #426023) + + -- Ondřej Surý Wed, 30 May 2007 08:42:32 +0200 + +poppler (0.5.4-5) unstable; urgency=low + + * Add missing poppler/poppler-link-qt3.h header to libpoppler-qt-dev; thanks + Sune Vuorela; closes: #425486. + * Let libpoppler-qt4-dev depend on libpoppler-qt-dev since some of its + headers require poppler-page-transition.h which is clearly from the Qt + bindings; thanks Sune Vuorela; closes: #425540. + * Wrap build-deps and deps. + * Drop useless debian/*.dirs. + * Misc cleanups. + * Build-dep on autotools-dev and drop bogus lintian overrides. + + -- Loic Minier Thu, 24 May 2007 23:09:23 +0200 + +poppler (0.5.4-4) unstable; urgency=low + + * The "Augean Stables" release. + * 0.5.x branch fixes all kind of displaying errors + Closes: #372169, #235360, #331380, #332426, #336616 + Closes: #402647, #369164, #413953, #343654 + * Add versioned conflict to pdftohtml (Closes: #393169) + * We dropped .la files some time ago, libjpeg62-dev dependency not + needed now (Closes: #413112) + * Crash fixed in 0.5.4 (Closes: #418638) + * [control.in]: dropped some time ago (Closes: #407818) + * NMU 0.5.4-5.1 merged as 004_CVE-2007-0104.patch (Closes: #407810) + * 0.5.x uploaded to unstable (Closes: #352522) + * qt4 libraries are now part of build (Closes: #414643) + * No longer depends on poppler-data (Closes: #389753) + * [debian/patches/006_pthreads_ldflags.patch]: + + Add -lpthread to poppler/Makefile.am (Closes: #399275) + + -- Ondřej Surý Wed, 16 May 2007 10:45:39 +0200 + +poppler (0.5.4-3) unstable; urgency=low + + * Upload to unstable. + * Enable Cairo output again. + * Enable gtk-doc build. + * Add lintian override for outdated-autotools-helper-files (we use CDBS). + * Change shared library packages names according to Library Packaging Guide. + * Change ${Source-Version} to ${binary:Version} to allow binNMU + * Drop (= ${Source-Version}) dependency in glib, qt3, qt4 libraries; we are + adding that from debian/rules + * Merge changes from Ubuntu: + + Enable Qt4 library build (but change name to libpoppler-qt4-1). + + [debian/patches/004_CVE-2007-0104.patch]: + - Limit recursion depth of the parsing tree to 100 to avoid infinite loop + with crafted documents. + - Patch taken from koffice security update (which has a copy of xpdf + sources). + + [debian/patches/005_fix_inverted_text_from_bug_8944.patch]: + - fixes "text is inverted in some PDFs" + + -- Ondřej Surý Wed, 16 May 2007 08:26:47 +0200 + +poppler (0.5.4-2) experimental; urgency=low + + * [debian/control]: poppler-data is non-free, do not depend on it (Closes: #389753) + + -- Ondřej Surý Mon, 2 Oct 2006 14:41:58 +0200 + +poppler (0.5.4-1) experimental; urgency=low + + * New upstrem release. + * [debian/control.in]: remove file and add all pkg-freedesktop people + to Uploaders: field + * [debian/control]: Add dependency on poppler-data package. + * [debian/patches/03_glib-2.0-configure.patch]: fix broken configure.ac + + -- Ondřej Surý Fri, 22 Sep 2006 16:49:17 +0200 + +poppler (0.5.3-1) experimental; urgency=low + + * New upstream release. + * debian/lib{poppler,poppler-glib,poppler-qt}-dev.install: + Stop shipping /usr/lib/*.la in libpoppler*-dev. + + -- Ondřej Surý Wed, 31 May 2006 17:19:34 +0200 + +poppler (0.5.2-1) experimental; urgency=low + + * New upstream release. + * Remove patches adopted upstream: + debian/patches/000_incorrect_define_fix.patch + debian/patches/000_splash_build_fix.patch + + -- Ondřej Surý Tue, 23 May 2006 20:21:30 +0200 + +poppler (0.5.1-1) experimental; urgency=low + + * Merge back changes from Ubuntu. + * Upload to experimental (Closes: 352522) + + -- Ondřej Surý Tue, 18 Apr 2006 15:08:26 +0200 + +poppler (0.5.1-0ubuntu6) dapper; urgency=low + + * Install poppler-page-transition into libpoppler-qt-dev (not + libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179 + + -- Martin Pitt Mon, 10 Apr 2006 12:20:46 +0200 + +poppler (0.5.1-0ubuntu5) dapper; urgency=low + + * debian/patches/000_incorrect_define_fix.patch: + - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239) + + -- Sebastien Bacher Thu, 23 Mar 2006 12:33:17 +0100 + +poppler (0.5.1-0ubuntu4) dapper; urgency=low + + * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev, + because we directly include in GlobalParams.h + + -- Adam Conrad Thu, 16 Mar 2006 11:23:00 +1100 + +poppler (0.5.1-0ubuntu3) dapper; urgency=low + + * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both + contain pdftoppm.1.gz. + + -- Martin Pitt Mon, 13 Mar 2006 09:10:12 +0100 + +poppler (0.5.1-0ubuntu2) dapper; urgency=low + + * debian/control.in: + - fix the libpoppler1 package description + + -- Sebastien Bacher Thu, 9 Mar 2006 09:43:15 +0000 + +poppler (0.5.1-0ubuntu1) dapper; urgency=low + + * New upstream version: + - Support for embedded files. + - Handle 0-width lines correctly. + - Avoid external file use when opening fonts. + - Only use vector fonts returned from fontconfig (#5758). + - Fix scaled 1x1 pixmaps use for drawing lines (#3387). + - drawSoftMaskedImage support in cairo backend. + - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420. + * debian/control.in, debian/libpoppler0c2.dirs, + debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install, + debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs, + debian/libpoppler0c2-qt.install, debian/rules: + - updated for the soname change + * debian/patches/000_splash_build_fix.patch: + - fix build when using splash + * debian/patches/001_fixes_for_fonts_selection.patch: + - fix with the new version + + -- Sebastien Bacher Mon, 6 Mar 2006 18:42:44 +0000 + +poppler (0.5.0-0ubuntu5) dapper; urgency=low + + * debian/control.in, debian/rules: + - build without libcairo + + -- Sebastien Bacher Sun, 26 Feb 2006 20:05:10 +0100 + +poppler (0.5.0-0ubuntu4) dapper; urgency=low + + * debian/patches/001_fixes_for_fonts_selection.patch: + - change from the CVS, fix some renderings issues and fonts selection + + -- Sebastien Bacher Tue, 7 Feb 2006 13:38:04 +0100 + +poppler (0.5.0-0ubuntu3) dapper; urgency=low + + * SECURITY UPDATE: Buffer overflow. + * Add debian/patches/002_CVE-2006-0301.patch: + - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(), + Splash::xorSpan(): Check coordinates for integer overflow. + * CVE-2006-0301 + + -- Martin Pitt Fri, 3 Feb 2006 18:13:30 +0000 + +poppler (0.5.0-0ubuntu2) dapper; urgency=low + + * debian/rules: Bump shlibs version to 0.5.0. + + -- Martin Pitt Fri, 20 Jan 2006 16:56:40 +0100 + +poppler (0.5.0-0ubuntu1) dapper; urgency=low + + * New upstream release 0.5.0, required for new evince 0.5. + * Merge with Debian. + * Remove patches adopted upstream: + - debian/patches/000_add-poppler-utils.patch + - debian/patches/002-selection-crash-bug.patch + * debian/libpoppler-dev.install: + - Install poppler-page-transition.h. + - Do not install poppler-config.h, it doesn't exist any more. + - Upstream doesn't install legacy xpdf includes any more, fix path to + install them into libpoppler-dev. + * Add debian/patches/001_jpxstream_int_crash.patch: + - poppler/JPXStream.h: Fix declaration of cbW to be signed. + JPXStream.cc, readCodeBlockData() negates the value, which results in an + invalid value on 64 bit platforms if using unsigned types. + - Thanks to Vladimir Nadvornik for pointing at this. + + -- Martin Pitt Thu, 19 Jan 2006 23:49:52 +0100 + +poppler (0.4.4-1) unstable; urgency=high + + * New upstream security release + - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627 + * Remove debian/patches/003-CVE-2005-3624_5_7.patch: + - Merged upstream + * Remove debian/patches/004-fix-CVE-2005-3192.patch: + - Merged upstream + * Remove debian/patches/001-relibtoolize.patch + - Upstream uses recent libtool + + -- Ondřej Surý Thu, 12 Jan 2006 20:40:27 +0100 + +poppler (0.4.3-3) unstable; urgency=low + + * Fix missing libcairo2-dev dependency (Closes: #346277) + + -- Ondřej Surý Fri, 6 Jan 2006 21:37:10 +0100 + +poppler (0.4.3-2) unstable; urgency=high + + [ Martin Pitt ] + * SECURITY UPDATE: Multiple integer/buffer overflows. + * Add debian/patches/003-CVE-2005-3624_5_7.patch: + - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + + Check columns for negative or large values. + + CVE-2005-3624 + - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + + Reset numComps to 0 since it's a global variable that is used later. + + CVE-2005-3627 + - poppler/Stream.cc, DCTStream::readHuffmanTables(): + + Fix out of bounds array access in Huffman tables. + + CVE-2005-3627 + - poppler/Stream.cc, DCTStream::readMarker(): + + Check for EOF in while loop to prevent endless loops. + + CVE-2005-3625 + - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), + JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + + Check user supplied width and height against invalid values. + + Allocate one extra byte to prevent out of bounds access in combine(). + * Add debian/patches/004-fix-CVE-2005-3192.patch: + - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). + - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. + + [ Ondřej Surý ] + * Merge changes from Ubuntu (Closes: #346076). + * Enable Cairo output again. + + -- Ondřej Surý Thu, 5 Jan 2006 14:54:44 +0100 + +poppler (0.4.3-1) unstable; urgency=high + + * New upstream release. + * New maintainer (Closes: #344738) + * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. + * Fixed some rendering bugs and disabled Cairo output + (Closes: #314556, #322964, #328211) + * Acknowledge NMU (Closes: #342288) + * Add 001-selection-crash-bug.patch (Closes: #330544) + * Add poppler-utils (merge patch from Ubuntu) + + -- Ondřej Surý Fri, 30 Dec 2005 11:34:07 +0100 + +poppler (0.4.2-1.1) unstable; urgency=high + + * SECURITY UPDATE: Multiple integer/buffer overflows. + + * NMU to fix RC security bug (closes: #342288) + * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, + thanks to Martin Pitt: + * poppler/Stream.cc, DCTStream::readBaselineSOF(), + DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): + - Check numComps for invalid values. + - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities + - CVE-2005-3191 + * poppler/Stream.cc, StreamPredictor::StreamPredictor(): + - Check rowBytes for invalid values. + - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities + - CVE-2005-3192 + * poppler/JPXStream.cc, JPXStream::readCodestream(): + - Check img.nXTiles * img.nYTiles for integer overflow. + - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities + - CVE-2005-3193 + + -- Frank Küster Fri, 23 Dec 2005 16:36:30 +0100 + +poppler (0.4.2-1) unstable; urgency=low + + * GNOME Team upload. + * New upstream version. + * debian/control.in: + - updated the Build-Depends on libqt (Closes: #326130). + * debian/rules: + - updated the shlibs. + + -- Sebastien Bacher Wed, 7 Sep 2005 12:41:48 +0200 + +poppler (0.4.0-1) unstable; urgency=low + + * GNOME Team Upload. + * Rebuild for the CPP transition. + * New upstream version (Closes: #311133): + - fix some crashers (Closes: #315590, #312261, #309410). + - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). + * debian/control.in, debian/rules: + - build with the current cairo version (Closes: #321368, #318293). + - update for the renamed the packages. + * debian/patches/01_CAN-2005-2097.patch: + - Patch from Ubuntu, thanks Martin Pitt. + - Check sanity of the TrueType "loca" table. Specially crafted broken + tables caused disk space exhaustion due to very large generated glyph + descriptions when attempting to fix the table. + - Upstream patch scheduled for xpdf 3.01. + - CAN-2005-2097 + * debian/watch: + - fixed, patch by Jerome Warnier (Closes: #310996). + + -- Sebastien Bacher Wed, 17 Aug 2005 21:54:07 +0200 + +poppler (0.3.1-1) unstable; urgency=low + + * New upstream release + * Upstream fixed the Qt build bug, so now I can enable Qt + build. (Closes:#307340) It leads two new binary packages + libpoppler0-qt and libpoppler-qt-dev. + * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the + upstream removal of xpdfrc config. + + -- Changwoo Ryu Wed, 4 May 2005 00:19:35 +0900 + +poppler (0.3.0-2) unstable; urgency=high + + * Added shlib version info for libpoppler0-glib. + * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev. + (Closes: #306897) + * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885) + * Corrected descriptions of -glib packages. + + -- Changwoo Ryu Thu, 28 Apr 2005 02:41:25 +0900 + +poppler (0.3.0-1) unstable; urgency=low + + * New upstream release (Closes: #306573) + * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, + which are GLib-based interfaces. Qt interface build is termporarily + disabled, because of an upstream FTBFS. + + -- Changwoo Ryu Thu, 28 Apr 2005 02:07:23 +0900 + +poppler (0.1.2-1) unstable; urgency=low + + * Initial Release (Closes: #299518) + + -- Changwoo Ryu Tue, 15 Mar 2005 02:08:00 +0900 --- poppler-0.8.7.orig/debian/poppler-dbg.lintian-overrides +++ poppler-0.8.7/debian/poppler-dbg.lintian-overrides @@ -0,0 +1,4 @@ +# there's no "poppler" package; poppler-dbg stores detached debug symbols for +# all binary packages in the poppler source package, and there's a strict +# libpoppler dep +W: poppler-dbg: dbg-package-missing-depends poppler --- poppler-0.8.7.orig/debian/rules +++ poppler-0.8.7/debian/rules @@ -0,0 +1,30 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/cdbs/1/class/autotools.mk + +# use qt4's moc as the default moc is qt3's when both are installed +PATH := /usr/share/qt4/bin:$(PATH) +export PATH + +# a trick to fix xpdfrc location without modifying autotools stuff +DEB_CONFIGURE_SYSCONFDIR := /etc/xpdf + +# disable gtk stuff to minimize Build-Depends +DEB_CONFIGURE_EXTRA_FLAGS += \ + --enable-libjpeg \ + --enable-splash-output \ + --enable-cairo-output \ + --enable-poppler-glib \ + --enable-poppler-qt \ + --enable-poppler-qt4 \ + --enable-a4-paper \ + --enable-gtk-doc \ + --disable-gtk-test + +DEB_DH_MAKESHLIBS_ARGS_libpoppler3 += -V"libpoppler3" +DEB_DH_MAKESHLIBS_ARGS_libpoppler-glib3 += -V"libpoppler-glib3" +DEB_DH_MAKESHLIBS_ARGS_libpoppler-qt2 += -V"libpoppler-qt2 (>= 0.6)" +DEB_DH_MAKESHLIBS_ARGS_libpoppler-qt4-3 += -V"libpoppler-qt4-3" + --- poppler-0.8.7.orig/debian/libpoppler-qt2.install +++ poppler-0.8.7/debian/libpoppler-qt2.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler-qt.so.* --- poppler-0.8.7.orig/debian/compat +++ poppler-0.8.7/debian/compat @@ -0,0 +1 @@ +5 --- poppler-0.8.7.orig/debian/watch +++ poppler-0.8.7/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://poppler.freedesktop.org/ poppler-([0-9.]*)\.tar\.gz debian uupdate --- poppler-0.8.7.orig/debian/libpoppler-glib3.install +++ poppler-0.8.7/debian/libpoppler-glib3.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler-glib.so.* --- poppler-0.8.7.orig/debian/libpoppler-qt4-dev.install +++ poppler-0.8.7/debian/libpoppler-qt4-dev.install @@ -0,0 +1,4 @@ +debian/tmp/usr/include/poppler/qt4 +debian/tmp/usr/lib/libpoppler-qt4.a +debian/tmp/usr/lib/libpoppler-qt4.so +debian/tmp/usr/lib/pkgconfig/poppler-qt4.pc --- poppler-0.8.7.orig/debian/poppler-utils.install +++ poppler-0.8.7/debian/poppler-utils.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/ +debian/tmp/usr/share/man/man1/ --- poppler-0.8.7.orig/debian/patches/11_JBIG2_CVEs.patch +++ poppler-0.8.7/debian/patches/11_JBIG2_CVEs.patch @@ -0,0 +1,951 @@ +Upstream commits: + d3f04f537fb3e963c149a7e2d8d83c7cb19da8c0 + 305af8cdb6822858e152e1f930bba2ce3904bf1b + 9f1312f3d7dfa7e536606a7c7296b7c876b11c00 + +CVE-2009-0799 xpdf OOB Read +CVE-2009-0800 xpdf Multiple Input Validation Flaws +CVE-2009-1179 xpdf Integer Overflow +CVE-2009-1180 xpdf Invalid free() +CVE-2009-1181 xpdf NULL dereference DoS +CVE-2009-1182 xpdf MMR Decoder Buffer Overflows +CVE-2009-1183 xpdf MMR Infinite Loop DoS + +diff -pruN poppler-0.8.7.orig/poppler/JBIG2Stream.cc poppler-0.8.7/poppler/JBIG2Stream.cc +--- poppler-0.8.7.orig/poppler/JBIG2Stream.cc 2008-05-04 15:12:14.000000000 +0200 ++++ poppler-0.8.7/poppler/JBIG2Stream.cc 2009-04-17 11:03:50.044855563 +0200 +@@ -422,12 +422,14 @@ void JBIG2HuffmanDecoder::buildTable(JBI + table[i] = table[len]; + + // assign prefixes +- i = 0; +- prefix = 0; +- table[i++].prefix = prefix++; +- for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) { +- prefix <<= table[i].prefixLen - table[i-1].prefixLen; +- table[i].prefix = prefix++; ++ if (table[0].rangeLen != jbig2HuffmanEOT) { ++ i = 0; ++ prefix = 0; ++ table[i++].prefix = prefix++; ++ for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) { ++ prefix <<= table[i].prefixLen - table[i-1].prefixLen; ++ table[i].prefix = prefix++; ++ } + } + } + +@@ -491,7 +493,7 @@ int JBIG2MMRDecoder::get2DCode() { + } + if (p->bits < 0) { + error(str->getPos(), "Bad two dim code in JBIG2 MMR stream"); +- return 0; ++ return EOF; + } + bufLen -= p->bits; + return p->n; +@@ -668,6 +670,7 @@ public: + void combine(JBIG2Bitmap *bitmap, int x, int y, Guint combOp); + Guchar *getDataPtr() { return data; } + int getDataSize() { return h * line; } ++ GBool isOk() { return data != NULL; } + + private: + +@@ -762,6 +765,8 @@ void JBIG2Bitmap::clearToOne() { + inline void JBIG2Bitmap::getPixelPtr(int x, int y, JBIG2BitmapPtr *ptr) { + if (y < 0 || y >= h || x >= w) { + ptr->p = NULL; ++ ptr->shift = 0; // make gcc happy ++ ptr->x = 0; // make gcc happy + } else if (x < 0) { + ptr->p = &data[y * line]; + ptr->shift = 7; +@@ -806,6 +811,10 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b + Guint src0, src1, src, dest, s1, s2, m1, m2, m3; + GBool oneByte; + ++ // check for the pathological case where y = -2^31 ++ if (y < -0x7fffffff) { ++ return; ++ } + if (y < 0) { + y0 = -y; + } else { +@@ -1308,6 +1317,13 @@ void JBIG2Stream::readSegments() { + // keep track of the start of the segment data + segDataPos = getPos(); + ++ // check for missing page information segment ++ if (!pageBitmap && ((segType >= 4 && segType <= 7) || ++ (segType >= 20 && segType <= 43))) { ++ error(getPos(), "First JBIG2 segment associated with a page must be a page information segment"); ++ goto syntaxError; ++ } ++ + // read the segment data + switch (segType) { + case 0: +@@ -1462,6 +1478,8 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + Guint i, j, k; + Guchar *p; + ++ symWidths = NULL; ++ + // symbol dictionary flags + if (!readUWord(&flags)) { + goto eofError; +@@ -1522,7 +1540,13 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + // part of it + if ((seg = findSegment(refSegs[i]))) { + if (seg->getType() == jbig2SegSymbolDict) { +- numInputSyms += ((JBIG2SymbolDict *)seg)->getSize(); ++ j = ((JBIG2SymbolDict *)seg)->getSize(); ++ if (numInputSyms > UINT_MAX - j) { ++ error(getPos(), "Too many input symbols in JBIG2 symbol dictionary"); ++ delete codeTables; ++ goto eofError; ++ } ++ numInputSyms += j; + } else if (seg->getType() == jbig2SegCodeTable) { + codeTables->append(seg); + } +@@ -1531,13 +1555,18 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + return gFalse; + } + } ++ if (numInputSyms > UINT_MAX - numNewSyms) { ++ error(getPos(), "Too many input symbols in JBIG2 symbol dictionary"); ++ delete codeTables; ++ goto eofError; ++ } + + // compute symbol code length +- symCodeLen = 0; +- i = 1; +- while (i < numInputSyms + numNewSyms) { ++ symCodeLen = 1; ++ i = (numInputSyms + numNewSyms) >> 1; ++ while (i) { + ++symCodeLen; +- i <<= 1; ++ i >>= 1; + } + + // get the input symbol bitmaps +@@ -1568,6 +1597,9 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + } else if (huffDH == 1) { + huffDHTable = huffTableE; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffDW == 0) { +@@ -1575,17 +1607,26 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + } else if (huffDW == 1) { + huffDWTable = huffTableC; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffBMSize == 0) { + huffBMSizeTable = huffTableA; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffBMSizeTable = + ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffAggInst == 0) { + huffAggInstTable = huffTableA; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffAggInstTable = + ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } +@@ -1618,7 +1659,6 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + } + + // allocate symbol widths storage +- symWidths = NULL; + if (huff && !refAgg) { + symWidths = (Guint *)gmallocn(numNewSyms, sizeof(Guint)); + } +@@ -1660,6 +1700,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + goto syntaxError; + } + symWidth += dw; ++ if (i >= numNewSyms) { ++ error(getPos(), "Too many symbols in JBIG2 symbol dictionary"); ++ goto syntaxError; ++ } + + // using a collective bitmap, so don't read a bitmap here + if (huff && !refAgg) { +@@ -1696,6 +1740,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + arithDecoder->decodeInt(&refDX, iardxStats); + arithDecoder->decodeInt(&refDY, iardyStats); + } ++ if (symID >= numInputSyms + i) { ++ error(getPos(), "Invalid symbol ID in JBIG2 symbol dictionary"); ++ goto syntaxError; ++ } + refBitmap = bitmaps[symID]; + bitmaps[numInputSyms + i] = + readGenericRefinementRegion(symWidth, symHeight, +@@ -1762,6 +1810,13 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + } else { + arithDecoder->decodeInt(&run, iaexStats); + } ++ if (i + run > numInputSyms + numNewSyms || ++ (ex && j + run > numExSyms)) { ++ error(getPos(), "Too many exported symbols in JBIG2 symbol dictionary"); ++ for ( ; j < numExSyms; ++j) symbolDict->setBitmap(j, NULL); ++ delete symbolDict; ++ goto syntaxError; ++ } + if (ex) { + for (cnt = 0; cnt < run; ++cnt) { + symbolDict->setBitmap(j++, bitmaps[i++]->copy()); +@@ -1771,6 +1826,12 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + } + ex = !ex; + } ++ if (j != numExSyms) { ++ error(getPos(), "Too few symbols in JBIG2 symbol dictionary"); ++ for ( ; j < numExSyms; ++j) symbolDict->setBitmap(j, NULL); ++ delete symbolDict; ++ goto syntaxError; ++ } + + for (i = 0; i < numNewSyms; ++i) { + delete bitmaps[numInputSyms + i]; +@@ -1793,6 +1854,10 @@ GBool JBIG2Stream::readSymbolDictSeg(Gui + + return gTrue; + ++ codeTableError: ++ error(getPos(), "Missing code table in JBIG2 symbol dictionary"); ++ delete codeTables; ++ + syntaxError: + for (i = 0; i < numNewSyms; ++i) { + if (bitmaps[numInputSyms + i]) { +@@ -1895,6 +1960,8 @@ void JBIG2Stream::readTextRegionSeg(Guin + } + } else { + error(getPos(), "Invalid segment reference in JBIG2 text region"); ++ delete codeTables; ++ return; + } + } + symCodeLen = 0; +@@ -1929,6 +1996,9 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffFS == 1) { + huffFSTable = huffTableG; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffFSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffDS == 0) { +@@ -1938,6 +2008,9 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffDS == 2) { + huffDSTable = huffTableJ; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDSTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffDT == 0) { +@@ -1947,6 +2020,9 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffDT == 2) { + huffDTTable = huffTableM; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffDTTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDW == 0) { +@@ -1954,6 +2030,9 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffRDW == 1) { + huffRDWTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDWTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDH == 0) { +@@ -1961,6 +2040,9 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffRDH == 1) { + huffRDHTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDHTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDX == 0) { +@@ -1968,6 +2050,9 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffRDX == 1) { + huffRDXTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDXTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRDY == 0) { +@@ -1975,11 +2060,17 @@ void JBIG2Stream::readTextRegionSeg(Guin + } else if (huffRDY == 1) { + huffRDYTable = huffTableO; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRDYTable = ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } + if (huffRSize == 0) { + huffRSizeTable = huffTableA; + } else { ++ if (i >= (Guint)codeTables->getLength()) { ++ goto codeTableError; ++ } + huffRSizeTable = + ((JBIG2CodeTable *)codeTables->get(i++))->getHuffTable(); + } +@@ -2053,18 +2144,20 @@ void JBIG2Stream::readTextRegionSeg(Guin + + gfree(syms); + +- // combine the region bitmap into the page bitmap +- if (imm) { +- if (pageH == 0xffffffff && y + h > curPageH) { +- pageBitmap->expand(y + h, pageDefPixel); +- } +- pageBitmap->combine(bitmap, x, y, extCombOp); +- delete bitmap; ++ if (bitmap) { ++ // combine the region bitmap into the page bitmap ++ if (imm) { ++ if (pageH == 0xffffffff && y + h > curPageH) { ++ pageBitmap->expand(y + h, pageDefPixel); ++ } ++ pageBitmap->combine(bitmap, x, y, extCombOp); ++ delete bitmap; + +- // store the region bitmap +- } else { +- bitmap->setSegNum(segNum); +- segments->append(bitmap); ++ // store the region bitmap ++ } else { ++ bitmap->setSegNum(segNum); ++ segments->append(bitmap); ++ } + } + + // clean up the Huffman decoder +@@ -2074,8 +2167,15 @@ void JBIG2Stream::readTextRegionSeg(Guin + + return; + ++ codeTableError: ++ error(getPos(), "Missing code table in JBIG2 text region"); ++ gfree(codeTables); ++ delete syms; ++ return; ++ + eofError: + error(getPos(), "Unexpected EOF in JBIG2 stream"); ++ return; + } + + JBIG2Bitmap *JBIG2Stream::readTextRegion(GBool huff, GBool refine, +@@ -2110,6 +2210,10 @@ JBIG2Bitmap *JBIG2Stream::readTextRegion + + // allocate the bitmap + bitmap = new JBIG2Bitmap(0, w, h); ++ if (!bitmap->isOk()) { ++ delete bitmap; ++ return NULL; ++ } + if (defPixel) { + bitmap->clearToOne(); + } else { +@@ -2186,73 +2290,84 @@ JBIG2Bitmap *JBIG2Stream::readTextRegion + ri = 0; + } + if (ri) { ++ GBool decodeSuccess; + if (huff) { +- huffDecoder->decodeInt(&rdw, huffRDWTable); +- huffDecoder->decodeInt(&rdh, huffRDHTable); +- huffDecoder->decodeInt(&rdx, huffRDXTable); +- huffDecoder->decodeInt(&rdy, huffRDYTable); +- huffDecoder->decodeInt(&bmSize, huffRSizeTable); ++ decodeSuccess = huffDecoder->decodeInt(&rdw, huffRDWTable); ++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&rdh, huffRDHTable); ++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&rdx, huffRDXTable); ++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&rdy, huffRDYTable); ++ decodeSuccess = decodeSuccess && huffDecoder->decodeInt(&bmSize, huffRSizeTable); + huffDecoder->reset(); + arithDecoder->start(); + } else { +- arithDecoder->decodeInt(&rdw, iardwStats); +- arithDecoder->decodeInt(&rdh, iardhStats); +- arithDecoder->decodeInt(&rdx, iardxStats); +- arithDecoder->decodeInt(&rdy, iardyStats); ++ decodeSuccess = arithDecoder->decodeInt(&rdw, iardwStats); ++ decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdh, iardhStats); ++ decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdx, iardxStats); ++ decodeSuccess = decodeSuccess && arithDecoder->decodeInt(&rdy, iardyStats); ++ } ++ ++ if (decodeSuccess && syms[symID]) ++ { ++ refDX = ((rdw >= 0) ? rdw : rdw - 1) / 2 + rdx; ++ refDY = ((rdh >= 0) ? rdh : rdh - 1) / 2 + rdy; ++ ++ symbolBitmap = ++ readGenericRefinementRegion(rdw + syms[symID]->getWidth(), ++ rdh + syms[symID]->getHeight(), ++ templ, gFalse, syms[symID], ++ refDX, refDY, atx, aty); + } +- refDX = ((rdw >= 0) ? rdw : rdw - 1) / 2 + rdx; +- refDY = ((rdh >= 0) ? rdh : rdh - 1) / 2 + rdy; +- +- symbolBitmap = +- readGenericRefinementRegion(rdw + syms[symID]->getWidth(), +- rdh + syms[symID]->getHeight(), +- templ, gFalse, syms[symID], +- refDX, refDY, atx, aty); + //~ do we need to use the bmSize value here (in Huffman mode)? + } else { + symbolBitmap = syms[symID]; + } + +- // combine the symbol bitmap into the region bitmap +- //~ something is wrong here - refCorner shouldn't degenerate into +- //~ two cases +- bw = symbolBitmap->getWidth() - 1; +- bh = symbolBitmap->getHeight() - 1; +- if (transposed) { +- switch (refCorner) { +- case 0: // bottom left +- bitmap->combine(symbolBitmap, tt, s, combOp); +- break; +- case 1: // top left +- bitmap->combine(symbolBitmap, tt, s, combOp); +- break; +- case 2: // bottom right +- bitmap->combine(symbolBitmap, tt - bw, s, combOp); +- break; +- case 3: // top right +- bitmap->combine(symbolBitmap, tt - bw, s, combOp); +- break; ++ if (symbolBitmap) { ++ // combine the symbol bitmap into the region bitmap ++ //~ something is wrong here - refCorner shouldn't degenerate into ++ //~ two cases ++ bw = symbolBitmap->getWidth() - 1; ++ bh = symbolBitmap->getHeight() - 1; ++ if (transposed) { ++ switch (refCorner) { ++ case 0: // bottom left ++ bitmap->combine(symbolBitmap, tt, s, combOp); ++ break; ++ case 1: // top left ++ bitmap->combine(symbolBitmap, tt, s, combOp); ++ break; ++ case 2: // bottom right ++ bitmap->combine(symbolBitmap, tt - bw, s, combOp); ++ break; ++ case 3: // top right ++ bitmap->combine(symbolBitmap, tt - bw, s, combOp); ++ break; ++ } ++ s += bh; ++ } else { ++ switch (refCorner) { ++ case 0: // bottom left ++ bitmap->combine(symbolBitmap, s, tt - bh, combOp); ++ break; ++ case 1: // top left ++ bitmap->combine(symbolBitmap, s, tt, combOp); ++ break; ++ case 2: // bottom right ++ bitmap->combine(symbolBitmap, s, tt - bh, combOp); ++ break; ++ case 3: // top right ++ bitmap->combine(symbolBitmap, s, tt, combOp); ++ break; ++ } ++ s += bw; + } +- s += bh; +- } else { +- switch (refCorner) { +- case 0: // bottom left +- bitmap->combine(symbolBitmap, s, tt - bh, combOp); +- break; +- case 1: // top left +- bitmap->combine(symbolBitmap, s, tt, combOp); +- break; +- case 2: // bottom right +- bitmap->combine(symbolBitmap, s, tt - bh, combOp); +- break; +- case 3: // top right +- bitmap->combine(symbolBitmap, s, tt, combOp); +- break; ++ if (ri) { ++ delete symbolBitmap; + } +- s += bw; +- } +- if (ri) { +- delete symbolBitmap; ++ } else { ++ // NULL symbolBitmap only happens on error ++ delete bitmap; ++ return NULL; + } + } + +@@ -2542,7 +2657,9 @@ void JBIG2Stream::readGenericRegionSeg(G + + // read the bitmap + bitmap = readGenericBitmap(mmr, w, h, templ, tpgdOn, gFalse, +- NULL, atx, aty, mmr ? 0 : length - 18); ++ NULL, atx, aty, mmr ? length - 18 : 0); ++ if (!bitmap) ++ return; + + // combine the region bitmap into the page bitmap + if (imm) { +@@ -2564,6 +2681,43 @@ void JBIG2Stream::readGenericRegionSeg(G + error(getPos(), "Unexpected EOF in JBIG2 stream"); + } + ++inline void JBIG2Stream::mmrAddPixels(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w) { ++ if (a1 > codingLine[*a0i]) { ++ if (a1 > w) { ++ error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1); ++ a1 = w; ++ } ++ if ((*a0i & 1) ^ blackPixels) { ++ ++*a0i; ++ } ++ codingLine[*a0i] = a1; ++ } ++} ++ ++inline void JBIG2Stream::mmrAddPixelsNeg(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w) { ++ if (a1 > codingLine[*a0i]) { ++ if (a1 > w) { ++ error(getPos(), "JBIG2 MMR row is wrong length ({0:d})", a1); ++ a1 = w; ++ } ++ if ((*a0i & 1) ^ blackPixels) { ++ ++*a0i; ++ } ++ codingLine[*a0i] = a1; ++ } else if (a1 < codingLine[*a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid JBIG2 MMR code"); ++ a1 = 0; ++ } ++ while (*a0i > 0 && a1 <= codingLine[*a0i - 1]) { ++ --*a0i; ++ } ++ codingLine[*a0i] = a1; ++ } ++} ++ + JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, + int templ, GBool tpgdOn, + GBool useSkip, JBIG2Bitmap *skip, +@@ -2576,9 +2730,13 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit + JBIG2BitmapPtr atPtr0 = {0}, atPtr1 = {0}, atPtr2 = {0}, atPtr3 = {0}; + int *refLine, *codingLine; + int code1, code2, code3; +- int x, y, a0, pix, i, refI, codingI; ++ int x, y, a0i, b1i, blackPixels, pix, i; + + bitmap = new JBIG2Bitmap(0, w, h); ++ if (!bitmap->isOk()) { ++ delete bitmap; ++ return NULL; ++ } + bitmap->clearToZero(); + + //----- MMR decode +@@ -2586,9 +2744,18 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit + if (mmr) { + + mmrDecoder->reset(); ++ if (w > INT_MAX - 2) { ++ error(getPos(), "Bad width in JBIG2 generic bitmap"); ++ // force a call to gmalloc(-1), which will throw an exception ++ w = -3; ++ } ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = w ++ // ---> max codingLine size = w + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = w + 2 ++ codingLine = (int *)gmallocn(w + 1, sizeof(int)); + refLine = (int *)gmallocn(w + 2, sizeof(int)); +- codingLine = (int *)gmallocn(w + 2, sizeof(int)); +- codingLine[0] = codingLine[1] = w; ++ codingLine[0] = w; + + for (y = 0; y < h; ++y) { + +@@ -2596,128 +2763,157 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit + for (i = 0; codingLine[i] < w; ++i) { + refLine[i] = codingLine[i]; + } +- refLine[i] = refLine[i + 1] = w; ++ refLine[i++] = w; ++ refLine[i] = w; + + // decode a line +- refI = 0; // b1 = refLine[refI] +- codingI = 0; // a1 = codingLine[codingI] +- a0 = 0; +- do { ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] <= w ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = w is possible ++ while (codingLine[a0i] < w) { + code1 = mmrDecoder->get2DCode(); + switch (code1) { + case twoDimPass: +- if (refLine[refI] < w) { +- a0 = refLine[refI + 1]; +- refI += 2; +- } +- break; ++ mmrAddPixels(refLine[b1i + 1], blackPixels, codingLine, &a0i, w); ++ if (refLine[b1i + 1] < w) { ++ b1i += 2; ++ } ++ break; + case twoDimHoriz: +- if (codingI & 1) { +- code1 = 0; +- do { +- code1 += code3 = mmrDecoder->getBlackCode(); +- } while (code3 >= 64); +- code2 = 0; +- do { +- code2 += code3 = mmrDecoder->getWhiteCode(); +- } while (code3 >= 64); +- } else { +- code1 = 0; +- do { +- code1 += code3 = mmrDecoder->getWhiteCode(); +- } while (code3 >= 64); +- code2 = 0; +- do { +- code2 += code3 = mmrDecoder->getBlackCode(); +- } while (code3 >= 64); +- } +- if (code1 > 0 || code2 > 0) { +- a0 = codingLine[codingI++] = a0 + code1; +- a0 = codingLine[codingI++] = a0 + code2; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; +- case twoDimVert0: +- a0 = codingLine[codingI++] = refLine[refI]; +- if (refLine[refI] < w) { +- ++refI; +- } +- break; +- case twoDimVertR1: +- a0 = codingLine[codingI++] = refLine[refI] + 1; +- if (refLine[refI] < w) { +- ++refI; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; +- case twoDimVertR2: +- a0 = codingLine[codingI++] = refLine[refI] + 2; +- if (refLine[refI] < w) { +- ++refI; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; ++ code1 = code2 = 0; ++ if (blackPixels) { ++ do { ++ code1 += code3 = mmrDecoder->getBlackCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = mmrDecoder->getWhiteCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = mmrDecoder->getWhiteCode(); ++ } while (code3 >= 64); ++ do { ++ code2 += code3 = mmrDecoder->getBlackCode(); ++ } while (code3 >= 64); ++ } ++ mmrAddPixels(codingLine[a0i] + code1, blackPixels, ++ codingLine, &a0i, w); ++ if (codingLine[a0i] < w) { ++ mmrAddPixels(codingLine[a0i] + code2, blackPixels ^ 1, ++ codingLine, &a0i, w); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ break; + case twoDimVertR3: +- a0 = codingLine[codingI++] = refLine[refI] + 3; +- if (refLine[refI] < w) { +- ++refI; +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- } +- break; +- case twoDimVertL1: +- a0 = codingLine[codingI++] = refLine[refI] - 1; +- if (refI > 0) { +- --refI; +- } else { +- ++refI; +- } +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- break; +- case twoDimVertL2: +- a0 = codingLine[codingI++] = refLine[refI] - 2; +- if (refI > 0) { +- --refI; +- } else { +- ++refI; +- } +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- break; ++ mmrAddPixels(refLine[b1i] + 3, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR2: ++ mmrAddPixels(refLine[b1i] + 2, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertR1: ++ mmrAddPixels(refLine[b1i] + 1, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVert0: ++ mmrAddPixels(refLine[b1i], blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; + case twoDimVertL3: +- a0 = codingLine[codingI++] = refLine[refI] - 3; +- if (refI > 0) { +- --refI; +- } else { +- ++refI; +- } +- while (refLine[refI] <= a0 && refLine[refI] < w) { +- refI += 2; +- } +- break; ++ mmrAddPixelsNeg(refLine[b1i] - 3, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL2: ++ mmrAddPixelsNeg(refLine[b1i] - 2, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case twoDimVertL1: ++ mmrAddPixelsNeg(refLine[b1i] - 1, blackPixels, codingLine, &a0i, w); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < w) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < w) { ++ b1i += 2; ++ } ++ } ++ break; ++ case EOF: ++ mmrAddPixels(w, 0, codingLine, &a0i, w); ++ break; + default: + error(getPos(), "Illegal code in JBIG2 MMR bitmap data"); ++ mmrAddPixels(w, 0, codingLine, &a0i, w); + break; + } +- } while (a0 < w); +- codingLine[codingI++] = w; ++ } + + // convert the run lengths to a bitmap line + i = 0; +- while (codingLine[i] < w) { ++ while (1) { + for (x = codingLine[i]; x < codingLine[i+1]; ++x) { + bitmap->setPixel(x, y); + } ++ if (codingLine[i+1] >= w || codingLine[i+2] >= w) { ++ break; ++ } + i += 2; + } + } +@@ -2765,7 +2961,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBit + ltp = !ltp; + } + if (ltp) { +- bitmap->duplicateRow(y, y-1); ++ if (y > 0) { ++ bitmap->duplicateRow(y, y-1); ++ } + continue; + } + } +@@ -3031,6 +3229,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef + int x, y, pix; + + bitmap = new JBIG2Bitmap(0, w, h); ++ if (!bitmap->isOk()) ++ { ++ delete bitmap; ++ return NULL; ++ } + bitmap->clearToZero(); + + // set up the typical row context +@@ -3071,6 +3274,10 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef + tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); ++ } else { ++ tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy ++ tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0; ++ tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0; + } + + for (x = 0; x < w; ++x) { +@@ -3142,6 +3349,10 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef + tpgrCX2 = refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); + tpgrCX2 = (tpgrCX2 << 1) | refBitmap->nextPixel(&tpgrCXPtr2); ++ } else { ++ tpgrCXPtr0.p = tpgrCXPtr1.p = tpgrCXPtr2.p = NULL; // make gcc happy ++ tpgrCXPtr0.shift = tpgrCXPtr1.shift = tpgrCXPtr2.shift = 0; ++ tpgrCXPtr0.x = tpgrCXPtr1.x = tpgrCXPtr2.x = 0; + } + + for (x = 0; x < w; ++x) { +@@ -3207,6 +3418,12 @@ void JBIG2Stream::readPageInfoSeg(Guint + } + pageBitmap = new JBIG2Bitmap(0, pageW, curPageH); + ++ if (!pageBitmap->isOk()) { ++ delete pageBitmap; ++ pageBitmap = NULL; ++ return; ++ } ++ + // default pixel value + if (pageDefPixel) { + pageBitmap->clearToOne(); +diff -pruN poppler-0.8.7.orig/poppler/JBIG2Stream.h poppler-0.8.7/poppler/JBIG2Stream.h +--- poppler-0.8.7.orig/poppler/JBIG2Stream.h 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.7/poppler/JBIG2Stream.h 2009-04-17 11:03:50.044855563 +0200 +@@ -76,6 +76,10 @@ private: + Guint *refSegs, Guint nRefSegs); + void readGenericRegionSeg(Guint segNum, GBool imm, + GBool lossless, Guint length); ++ void mmrAddPixels(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w); ++ void mmrAddPixelsNeg(int a1, int blackPixels, ++ int *codingLine, int *a0i, int w); + JBIG2Bitmap *readGenericBitmap(GBool mmr, int w, int h, + int templ, GBool tpgdOn, + GBool useSkip, JBIG2Bitmap *skip, --- poppler-0.8.7.orig/debian/patches/61_manpages-hyphens.patch +++ poppler-0.8.7/debian/patches/61_manpages-hyphens.patch @@ -0,0 +1,61 @@ +FreeDesktop #17225; fixes escaping of hyphens in man pages + +--- poppler-0.8.6/utils/pdfinfo.1 2008-08-20 17:37:28.000000000 +0200 ++++ poppler-0.8.6.new/utils/pdfinfo.1 2008-08-20 17:37:58.000000000 +0200 +@@ -81,7 +81,7 @@ + .TP + .BI \-f " number" + Specifies the first page to examine. If multiple pages are requested +-using the "-f" and "-l" options, the size of each requested page (and, ++using the "\-f" and "\-l" options, the size of each requested page (and, + optionally, the bounding boxes for each requested page) are printed. + Otherwise, only page one is examined. + .TP +--- poppler-0.8.6/utils/pdftops.1 2008-08-20 17:37:28.000000000 +0200 ++++ poppler-0.8.6.new/utils/pdftops.1 2008-08-20 17:39:43.000000000 +0200 +@@ -25,7 +25,7 @@ + .I file.ps + (or + .I file.eps +-with the -eps option). If ++with the \-eps option). If + .I PS-file + is \'-', the PostScript is sent to stdout. + .SH CONFIGURATION FILE +@@ -49,8 +49,8 @@ + Generate Level 1 PostScript. The resulting PostScript files will be + significantly larger (if they contain images), but will print on Level + 1 printers. This also converts all images to black and white. No +-more than one of the PostScript level options (-level1, -level1sep, +--level2, -level2sep, -level3, -level3Sep) may be given. ++more than one of the PostScript level options (\-level1, \-level1sep, ++\-level2, \-level2sep, \-level3, \-level3Sep) may be given. + .RB "[config file: " psLevel ] + .TP + .B \-level1sep +@@ -77,20 +77,20 @@ + .TP + .B \-level3Sep + Generate Level 3 separable PostScript. The separation handling is the +-same as for -level2Sep. ++same as for \-level2Sep. + .RB "[config file: " psLevel ] + .TP + .B \-eps + Generate an Encapsulated PostScript (EPS) file. An EPS file contains + a single image, so if you use this option with a multi-page PDF file, +-you must use -f and -l to specify a single page. No more than one of +-the mode options (-eps, -form) may be given. ++you must use \-f and \-l to specify a single page. No more than one of ++the mode options (\-eps, \-form) may be given. + .TP + .B \-form + Generate a PostScript form which can be imported by software that + understands forms. A form contains a single page, so if you use this +-option with a multi-page PDF file, you must use -f and -l to specify a +-single page. The -level1 option cannot be used with -form. ++option with a multi-page PDF file, you must use \-f and \-l to specify a ++single page. The \-level1 option cannot be used with \-form. + .TP + .B \-opi + Generate OPI comments for all images and forms which have OPI --- poppler-0.8.7.orig/debian/patches/68_security_CVE-2009-3938.patch +++ poppler-0.8.7/debian/patches/68_security_CVE-2009-3938.patch @@ -0,0 +1,135 @@ +Index: poppler-0.12.0/poppler/ABWOutputDev.cc +=================================================================== +--- poppler-0.12.0.orig/poppler/ABWOutputDev.cc ++++ poppler-0.8.7/poppler/ABWOutputDev.cc +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include "goo/GooString.h" + #include "goo/GooList.h" +@@ -36,6 +37,23 @@ + #include + #include + ++#define MAX(a, b) (((a) > (b)) ? (a) : (b)) ++ ++// 1: potential - ++// DBL_MAX_10_EXP: 10^x ++// 1: last digit before '.' ++// 1: '.' ++// 6: digits after '.' ++// 1: '\0' at the end ++#define BUFLEN_FOR_DOUBLE (1 + DBL_MAX_10_EXP + 1 + 1 + 6 + 1) ++ ++// potential -, INT_MAX is 2147483647, and the trailing '\0' ++#define BUFLEN_FOR_INT (1 + 10 + 1) ++ ++//I wouldn't know what size this should safely be. I guess 64 bytes should be ++//enough for any unicode character ++#define BUFLEN_FOR_UNICODE_CHAR 64 ++ + + // Inter-character space width which will cause addChar to start a new + // word. +@@ -157,7 +175,7 @@ void ABWOutputDev::splitNodes(float spli + xmlNodePtr N_move, N_cur, N_newH, N_newL; + char * propName; + const char *nodeName; +- char buf[20]; ++ char buf[BUFLEN_FOR_DOUBLE]; + if (direction == HORIZONTAL) { + propName = "Y1"; + nodeName = "horizontal"; +@@ -261,7 +279,7 @@ float ABWOutputDev::getBiggestSeperator( + } + + void ABWOutputDev::updateFont(GfxState *state) { +- char buf[160]; ++ char buf[BUFLEN_FOR_INT]; + xmlNodePtr N_cur; + GfxFont *font; + bool found = false; +@@ -341,9 +359,7 @@ void ABWOutputDev::drawChar(GfxState *st + double originX, double originY, + CharCode code, int nBytes, Unicode *u, int uLen) + { +- //I wouldn't know what size this should safely be. I guess 64 bytes should be +- //enough for any unicode character +- char buf[64]; ++ char buf[BUFLEN_FOR_UNICODE_CHAR]; + int charLen; + x = dx; + y = dy; +@@ -401,7 +417,7 @@ void ABWOutputDev::endString(GfxState *s + } + + void ABWOutputDev::beginWord(GfxState *state, double x, double y){ +- char buf[20]; ++ char buf[MAX(BUFLEN_FOR_INT, BUFLEN_FOR_DOUBLE)]; + // printf("***BREAK!***\n"); + endWord(); + X1 = x; +@@ -421,7 +437,7 @@ void ABWOutputDev::beginWord(GfxState *s + } + + void ABWOutputDev::endWord(){ +- char buf[20]; ++ char buf[BUFLEN_FOR_DOUBLE]; + if (N_word) { + sprintf(buf, "%f", X2); xmlNewProp(N_word, BAD_CAST "X2", BAD_CAST buf); + sprintf(buf, "%f", Y2); xmlNewProp(N_word, BAD_CAST "Y2", BAD_CAST buf); +@@ -618,7 +634,7 @@ void ABWOutputDev::cleanUpNode(xmlNodePt + double tX1=-1, tX2=-1, tY1=-1, tY2=-1; + xmlNodePtr N_cur, N_next; + N_cur = N_parent->children; +- char buf[20]; ++ char buf[MAX(BUFLEN_FOR_INT, BUFLEN_FOR_DOUBLE)]; + int prevStyle = -1; + xmlChar *val; + int styleLength = xmlLsCountNode(N_styleset)+1; +@@ -995,16 +1011,22 @@ void ABWOutputDev::createABW() { + //change styles to abiword format + xmlNodePtr N_cur, N_next; + xmlAttrPtr N_prop; +- char buf[500]; + for (N_cur = N_styleset->children; N_cur; N_cur = N_cur->next){ ++ char *font = (char *)xmlGetProp(N_cur,BAD_CAST "font"); ++ char *bold = (char *)xmlGetProp(N_cur,BAD_CAST "bold"); ++ char *italic = (char *)xmlGetProp(N_cur,BAD_CAST "italic"); ++ char buf[278 + BUFLEN_FOR_INT + 12 + strlen(font) + 1 + 12 + strlen(bold) + 1 + 12 + strlen(italic) + 1]; ++ + sprintf(buf,"margin-top:0pt; color:000000; margin-left:0pt; text-position:normal; widows:2; text-indent:0in; font-variant:normal; margin-right:0pt; lang:nl-NL; line-height:1.0; font-size:%dpt; text-decoration:none; margin-bottom:0pt; bgcolor:transparent; text-align:left; font-stretch:normal;",int(xmlXPathCastStringToNumber(xmlGetProp(N_cur,BAD_CAST "size")))); + strncat(buf,"font-family:",12); +- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "font"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "font"))); ++ strncat(buf,font,strlen(font)); + strncat(buf,";",1); + strncat(buf,"font-weight:",12); +- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "bold"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "bold"))); ++ strncat(buf,bold,strlen(bold)); ++ strncat(buf,";",1); + strncat(buf,"font-style:",12); +- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "italic"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "italic"))); ++ strncat(buf,italic,strlen(italic)); ++ strncat(buf,";",1); + xmlSetProp(N_cur, BAD_CAST "props", BAD_CAST buf); + N_prop = xmlHasProp(N_cur, BAD_CAST "id"); + if (N_prop != NULL) xmlRemoveProp(N_prop); +@@ -1036,7 +1058,6 @@ void ABWOutputDev::createABW() { + } + + void ABWOutputDev::transformPage(xmlNodePtr N_parent){ +- char buf[60]; + xmlNodePtr N_cur, N_curLine, N_curText, N_curWord, text, space; + //translate the nodes into abiword nodes + if (xmlStrcasecmp(N_parent->name,BAD_CAST "page") == 0){ +@@ -1085,6 +1106,7 @@ void ABWOutputDev::transformPage(xmlNode + xmlNewChild(N_text, NULL, BAD_CAST "cbr", NULL); + } + if (xmlStrcasecmp(N_parent->name,BAD_CAST "colset") == 0){ ++ char buf[strlen("columns:") + BUFLEN_FOR_INT]; + //fprintf(stderr,"Found a colset\n"); + //create new section columns: count childNodes of N_cur + //recurse through chunks and create textNodes --- poppler-0.8.7.orig/debian/patches/65_security_CVE-2009-3605.patch +++ poppler-0.8.7/debian/patches/65_security_CVE-2009-3605.patch @@ -0,0 +1,368 @@ +# +# Description: fix unsafe malloc usage +# Patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8 +# Patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=0131f0a01cba8691d10a18de1137a4744988b346 +# Patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a +# Patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5 +# Patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=5d328282da4713356fbe4283bd992ac2fc9010a2 +# +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/glib/poppler-page.cc poppler-0.8.7.new/glib/poppler-page.cc +--- poppler-0.8.7/glib/poppler-page.cc 2008-07-20 07:44:45.000000000 -0400 ++++ poppler-0.8.7.new/glib/poppler-page.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -291,7 +291,7 @@ + + output_dev = page->document->output_dev; + cairo_rowstride = cairo_width * 4; +- cairo_data = (guchar *) gmalloc (cairo_height * cairo_rowstride); ++ cairo_data = (guchar *) gmallocn (cairo_height, cairo_rowstride); + if (transparent) + memset (cairo_data, 0x00, cairo_height * cairo_rowstride); + else +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/goo/gmem.cc poppler-0.8.7.new/goo/gmem.cc +--- poppler-0.8.7/goo/gmem.cc 2008-03-26 15:38:52.000000000 -0400 ++++ poppler-0.8.7.new/goo/gmem.cc 2009-10-19 09:02:17.000000000 -0400 +@@ -190,6 +190,32 @@ + return gmalloc(n); + } + ++void *gmallocn3(int a, int b, int c) GMEM_EXCEP { ++ int n = a * b; ++ if (b <= 0 || a < 0 || a >= INT_MAX / b) { ++#if USE_EXCEPTIONS ++ throw GMemException(); ++#else ++ fprintf(stderr, "Bogus memory allocation size\n"); ++ exit(1); ++#endif ++ } ++ return gmallocn(n, c); ++} ++ ++void *gmallocn3_checkoverflow(int a, int b, int c) GMEM_EXCEP { ++ int n = a * b; ++ if (b <= 0 || a < 0 || a >= INT_MAX / b) { ++#if USE_EXCEPTIONS ++ throw GMemException(); ++#else ++ fprintf(stderr, "Bogus memory allocation size\n"); ++ return NULL; ++#endif ++ } ++ return gmallocn_checkoverflow(n, c); ++} ++ + void *greallocn(void *p, int nObjs, int objSize) GMEM_EXCEP { + int n; + +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/goo/gmem.h poppler-0.8.7.new/goo/gmem.h +--- poppler-0.8.7/goo/gmem.h 2008-03-26 15:38:52.000000000 -0400 ++++ poppler-0.8.7.new/goo/gmem.h 2009-10-19 08:59:26.000000000 -0400 +@@ -54,6 +54,8 @@ + */ + extern void *gmallocn(int nObjs, int objSize) GMEM_EXCEP; + extern void *gmallocn_checkoverflow(int nObjs, int objSize) GMEM_EXCEP; ++extern void *gmallocn3(int a, int b, int c) GMEM_EXCEP; ++extern void *gmallocn3_checkoverflow(int a, int b, int c) GMEM_EXCEP; + extern void *greallocn(void *p, int nObjs, int objSize) GMEM_EXCEP; + + /* +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/ArthurOutputDev.cc poppler-0.8.7.new/poppler/ArthurOutputDev.cc +--- poppler-0.8.7/poppler/ArthurOutputDev.cc 2008-05-04 09:07:46.000000000 -0400 ++++ poppler-0.8.7.new/poppler/ArthurOutputDev.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -688,7 +688,7 @@ + QMatrix matrix; + int is_identity_transform; + +- buffer = (unsigned char *)gmalloc (width * height * 4); ++ buffer = (unsigned char *)gmallocn3(width, height, 4); + + /* TODO: Do we want to cache these? */ + imgStr = new ImageStream(str, width, +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/CairoOutputDev.cc poppler-0.8.7.new/poppler/CairoOutputDev.cc +--- poppler-0.8.7/poppler/CairoOutputDev.cc 2009-10-19 08:59:01.000000000 -0400 ++++ poppler-0.8.7.new/poppler/CairoOutputDev.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -515,7 +515,7 @@ + if (!currentFont) + return; + +- glyphs = (cairo_glyph_t *) gmalloc (len * sizeof (cairo_glyph_t)); ++ glyphs = (cairo_glyph_t *) gmallocn (len, sizeof (cairo_glyph_t)); + glyphCount = 0; + } + +@@ -969,7 +969,7 @@ + int row_stride; + + row_stride = (width + 3) & ~3; +- buffer = (unsigned char *) malloc (height * row_stride); ++ buffer = (unsigned char *) gmallocn (height, row_stride); + if (buffer == NULL) { + error(-1, "Unable to allocate memory for image."); + return; +@@ -1133,7 +1133,7 @@ + invert_bit = invert ? 1 : 0; + + row_stride = (scaledWidth + 3) & ~3; +- buffer = (unsigned char *) malloc (scaledHeight * row_stride); ++ buffer = (unsigned char *) gmallocn (scaledHeight, row_stride); + if (buffer == NULL) { + error(-1, "Unable to allocate memory for image."); + return; +@@ -1323,7 +1323,7 @@ + + int row_stride = (maskWidth + 3) & ~3; + unsigned char *maskBuffer; +- maskBuffer = (unsigned char *)gmalloc (row_stride * maskHeight); ++ maskBuffer = (unsigned char *)gmallocn (row_stride, maskHeight); + unsigned char *maskDest; + cairo_surface_t *maskImage; + cairo_pattern_t *maskPattern; +@@ -1359,7 +1359,7 @@ + cairo_matrix_t matrix; + int is_identity_transform; + +- buffer = (unsigned char *)gmalloc (width * height * 4); ++ buffer = (unsigned char *)gmallocn3 (width, height, 4); + + /* TODO: Do we want to cache these? */ + imgStr = new ImageStream(str, width, +@@ -1448,7 +1448,7 @@ + + int row_stride = (maskWidth + 3) & ~3; + unsigned char *maskBuffer; +- maskBuffer = (unsigned char *)gmalloc (row_stride * maskHeight); ++ maskBuffer = (unsigned char *)gmallocn (row_stride, maskHeight); + unsigned char *maskDest; + cairo_surface_t *maskImage; + cairo_pattern_t *maskPattern; +@@ -1475,7 +1475,7 @@ + cairo_matrix_t maskMatrix; + int is_identity_transform; + +- buffer = (unsigned char *)gmalloc (width * height * 4); ++ buffer = (unsigned char *)gmallocn3 (width, height, 4); + + /* TODO: Do we want to cache these? */ + imgStr = new ImageStream(str, width, +@@ -1567,7 +1567,7 @@ + cairo_matrix_t matrix; + int is_identity_transform; + +- buffer = (unsigned char *)gmalloc (width * height * 4); ++ buffer = (unsigned char *)gmallocn3 (width, height, 4); + + /* TODO: Do we want to cache these? */ + imgStr = new ImageStream(str, width, +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/GfxState.cc poppler-0.8.7.new/poppler/GfxState.cc +--- poppler-0.8.7/poppler/GfxState.cc 2008-04-15 16:00:15.000000000 -0400 ++++ poppler-0.8.7.new/poppler/GfxState.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -1183,7 +1183,7 @@ + int i, j, n; + + n = base->getNComps(); +- line = (Guchar *) gmalloc (length * n); ++ line = (Guchar *) gmallocn (length, n); + for (i = 0; i < length; i++) + for (j = 0; j < n; j++) + line[i * n + j] = lookup[in[i] * n + j]; +@@ -3406,7 +3406,7 @@ + nComps2 = colorSpace2->getNComps(); + lookup2 = indexedCS->getLookup(); + colorSpace2->getDefaultRanges(x, y, indexHigh); +- byte_lookup = (Guchar *)gmalloc ((maxPixel + 1) * nComps2); ++ byte_lookup = (Guchar *)gmallocn ((maxPixel + 1), nComps2); + for (k = 0; k < nComps2; ++k) { + lookup[k] = (GfxColorComp *)gmallocn(maxPixel + 1, + sizeof(GfxColorComp)); +@@ -3554,7 +3554,7 @@ + switch (colorSpace->getMode()) { + case csIndexed: + case csSeparation: +- tmp_line = (Guchar *) gmalloc (length * nComps2); ++ tmp_line = (Guchar *) gmallocn (length, nComps2); + for (i = 0; i < length; i++) { + for (j = 0; j < nComps2; j++) { + tmp_line[i * nComps2 + j] = byte_lookup[in[i] * nComps2 + j]; +@@ -3584,7 +3584,7 @@ + switch (colorSpace->getMode()) { + case csIndexed: + case csSeparation: +- tmp_line = (Guchar *) gmalloc (length * nComps2); ++ tmp_line = (Guchar *) gmallocn (length, nComps2); + for (i = 0; i < length; i++) { + for (j = 0; j < nComps2; j++) { + tmp_line[i * nComps2 + j] = byte_lookup[in[i] * nComps2 + j]; +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/JBIG2Stream.cc poppler-0.8.7.new/poppler/JBIG2Stream.cc +--- poppler-0.8.7/poppler/JBIG2Stream.cc 2009-10-19 08:59:01.000000000 -0400 ++++ poppler-0.8.7.new/poppler/JBIG2Stream.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -693,7 +693,7 @@ + return; + } + // need to allocate one extra guard byte for use in combine() +- data = (Guchar *)gmalloc(h * line + 1); ++ data = (Guchar *)gmallocn(h, line + 1); + data[h * line] = 0; + } + +@@ -710,7 +710,7 @@ + return; + } + // need to allocate one extra guard byte for use in combine() +- data = (Guchar *)gmalloc(h * line + 1); ++ data = (Guchar *)gmallocn(h, line + 1); + memcpy(data, bitmap->data, h * line); + data[h * line] = 0; + } +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/PSOutputDev.cc poppler-0.8.7.new/poppler/PSOutputDev.cc +--- poppler-0.8.7/poppler/PSOutputDev.cc 2009-10-19 08:59:01.000000000 -0400 ++++ poppler-0.8.7.new/poppler/PSOutputDev.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -2287,7 +2287,7 @@ + if ((ffTT = FoFiTrueType::load(fileName->getCString(), faceIndex))) { + int n = ((GfxCIDFont *)font)->getCIDToGIDLen(); + if (n) { +- codeToGID = (Gushort *)gmalloc(n * sizeof(Gushort)); ++ codeToGID = (Gushort *)gmallocn(n, sizeof(Gushort)); + memcpy(codeToGID, ((GfxCIDFont *)font)->getCIDToGID(), n * sizeof(Gushort)); + } else { + codeToGID = ((GfxCIDFont *)font)->getCodeToGIDMap(ffTT, &n); +@@ -4464,7 +4464,7 @@ + width, -height, height); + + // allocate a line buffer +- lineBuf = (Guchar *)gmalloc(4 * width); ++ lineBuf = (Guchar *)gmallocn(width, 4); + + // set up to process the data stream + imgStr = new ImageStream(str, width, colorMap->getNumPixelComps(), +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/SplashOutputDev.cc poppler-0.8.7.new/poppler/SplashOutputDev.cc +--- poppler-0.8.7/poppler/SplashOutputDev.cc 2008-08-04 14:36:52.000000000 -0400 ++++ poppler-0.8.7.new/poppler/SplashOutputDev.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -1974,7 +1974,7 @@ + break; + case splashModeRGB8: + case splashModeBGR8: +- imgData.lookup = (SplashColorPtr)gmalloc(3 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 3); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getRGB(&pix, &rgb); +@@ -1984,7 +1984,7 @@ + } + break; + case splashModeXBGR8: +- imgData.lookup = (SplashColorPtr)gmalloc(4 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 4); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getRGB(&pix, &rgb); +@@ -1996,7 +1996,7 @@ + break; + #if SPLASH_CMYK + case splashModeCMYK8: +- imgData.lookup = (SplashColorPtr)gmalloc(4 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 4); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getCMYK(&pix, &cmyk); +@@ -2239,7 +2239,7 @@ + break; + case splashModeRGB8: + case splashModeBGR8: +- imgData.lookup = (SplashColorPtr)gmalloc(3 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 3); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getRGB(&pix, &rgb); +@@ -2249,7 +2249,7 @@ + } + break; + case splashModeXBGR8: +- imgData.lookup = (SplashColorPtr)gmalloc(4 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 4); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getRGB(&pix, &rgb); +@@ -2261,7 +2261,7 @@ + break; + #if SPLASH_CMYK + case splashModeCMYK8: +- imgData.lookup = (SplashColorPtr)gmalloc(4 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 4); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getCMYK(&pix, &cmyk); +@@ -2382,7 +2382,7 @@ + break; + case splashModeRGB8: + case splashModeBGR8: +- imgData.lookup = (SplashColorPtr)gmalloc(3 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 3); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getRGB(&pix, &rgb); +@@ -2392,7 +2392,7 @@ + } + break; + case splashModeXBGR8: +- imgData.lookup = (SplashColorPtr)gmalloc(4 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 4); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getRGB(&pix, &rgb); +@@ -2404,7 +2404,7 @@ + break; + #if SPLASH_CMYK + case splashModeCMYK8: +- imgData.lookup = (SplashColorPtr)gmalloc(4 * n); ++ imgData.lookup = (SplashColorPtr)gmallocn(n, 4); + for (i = 0; i < n; ++i) { + pix = (Guchar)i; + colorMap->getCMYK(&pix, &cmyk); +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/splash/SplashBitmap.cc poppler-0.8.7.new/splash/SplashBitmap.cc +--- poppler-0.8.7/splash/SplashBitmap.cc 2009-10-19 08:59:01.000000000 -0400 ++++ poppler-0.8.7.new/splash/SplashBitmap.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -53,7 +53,7 @@ + rowSize = -rowSize; + } + if (alphaA) { +- alpha = (Guchar *)gmalloc(width * height); ++ alpha = (Guchar *)gmallocn(width, height); + } else { + alpha = NULL; + } +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/splash/Splash.cc poppler-0.8.7.new/splash/Splash.cc +--- poppler-0.8.7/splash/Splash.cc 2008-05-08 17:16:47.000000000 -0400 ++++ poppler-0.8.7.new/splash/Splash.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -1986,7 +1986,7 @@ + xq = w % scaledWidth; + + // allocate pixel buffer +- pixBuf = (SplashColorPtr)gmalloc((yp + 1) * w); ++ pixBuf = (SplashColorPtr)gmallocn((yp + 1), w); + + // initialize the pixel pipe + pipeInit(&pipe, 0, 0, state->fillPattern, NULL, state->fillAlpha, +@@ -2286,9 +2286,9 @@ + xq = w % scaledWidth; + + // allocate pixel buffers +- colorBuf = (SplashColorPtr)gmalloc((yp + 1) * w * nComps); ++ colorBuf = (SplashColorPtr)gmallocn3((yp + 1), w, nComps); + if (srcAlpha) { +- alphaBuf = (Guchar *)gmalloc((yp + 1) * w); ++ alphaBuf = (Guchar *)gmallocn((yp + 1), w); + } else { + alphaBuf = NULL; + } +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/splash/SplashFTFont.cc poppler-0.8.7.new/splash/SplashFTFont.cc +--- poppler-0.8.7/splash/SplashFTFont.cc 2008-03-26 15:38:52.000000000 -0400 ++++ poppler-0.8.7.new/splash/SplashFTFont.cc 2009-10-19 08:59:26.000000000 -0400 +@@ -228,7 +228,7 @@ + } else { + rowSize = (bitmap->w + 7) >> 3; + } +- bitmap->data = (Guchar *)gmalloc(rowSize * bitmap->h); ++ bitmap->data = (Guchar *)gmallocn_checkoverflow(rowSize, bitmap->h); + bitmap->freeData = gTrue; + for (i = 0, p = bitmap->data, q = slot->bitmap.buffer; + i < bitmap->h; --- poppler-0.8.7.orig/debian/patches/66_security_CVE-2009-0755.patch +++ poppler-0.8.7/debian/patches/66_security_CVE-2009-0755.patch @@ -0,0 +1,21 @@ +# +# Description: fix denial of service via invalid Form Opt entry +# Patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=1fc342eadcbbb41302f190b215c5daf23c9ec9b1 +# Ubuntu: https://bugs.edge.launchpad.net/poppler/+bug/321764 +# Upstream: http://bugs.freedesktop.org/show_bug.cgi?id=19790 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518478 +# +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/poppler/Form.cc poppler-0.8.7.new/poppler/Form.cc +--- poppler-0.8.7/poppler/Form.cc 2008-07-25 18:23:10.000000000 -0400 ++++ poppler-0.8.7.new/poppler/Form.cc 2009-10-19 07:52:40.000000000 -0400 +@@ -446,7 +446,9 @@ + obj3.free(); + obj4.free(); + } else { +- error(-1, "FormWidgetChoice:: invalid Opt entry\n"); ++ error(-1, "FormWidgetChoice:: invalid %d Opt entry\n", i); ++ parent->_setChoiceExportVal(i, new GooString("")); ++ parent->_setChoiceOptionName(i, new GooString("")); + } + obj2.free(); + } --- poppler-0.8.7.orig/debian/patches/62_pdftops-mandatory-arg.patch +++ poppler-0.8.7/debian/patches/62_pdftops-mandatory-arg.patch @@ -0,0 +1,16 @@ +FreeDesktop #17226; Debian #491816; fixes synopsis of pdftops in man page to +clarify that a PDF file is required in all cases + +--- poppler-0.8.6/utils/pdftops.1 2008-08-20 17:40:48.000000000 +0200 ++++ poppler-0.8.6.new/utils/pdftops.1 2008-08-20 17:41:22.000000000 +0200 +@@ -6,8 +6,8 @@ + .SH SYNOPSIS + .B pdftops + [options] +-.RI [ PDF-file +-.RI [ PS-file ]] ++.RI ++.RI [] + .SH DESCRIPTION + .B Pdftops + converts Portable Document Format (PDF) files to PostScript so they --- poppler-0.8.7.orig/debian/patches/67_security_CVE-2009-360x.patch +++ poppler-0.8.7/debian/patches/67_security_CVE-2009-360x.patch @@ -0,0 +1,191 @@ +diff -Naur poppler-0.8.7.orig/poppler/Stream.cc poppler-0.8.7/poppler/Stream.cc +--- poppler-0.8.7.orig/poppler/Stream.cc 2008-06-07 01:05:52.000000000 +0000 ++++ poppler-0.8.7/poppler/Stream.cc 2009-11-24 21:27:45.000000000 +0000 +@@ -381,6 +381,10 @@ + } else { + imgLineSize = nVals; + } ++ if (width > INT_MAX / nComps) { ++ // force a call to gmallocn(-1,...), which will throw an exception ++ imgLineSize = -1; ++ } + imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar)); + imgIdx = nVals; + } +diff -Naur poppler-0.8.7.orig/poppler/XRef.cc poppler-0.8.7/poppler/XRef.cc +--- poppler-0.8.7.orig/poppler/XRef.cc 2008-07-25 21:08:11.000000000 +0000 ++++ poppler-0.8.7/poppler/XRef.cc 2009-11-24 21:27:45.000000000 +0000 +@@ -57,6 +57,8 @@ + // generation 0. + ObjectStream(XRef *xref, int objStrNumA); + ++ GBool isOk() { return ok; } ++ + ~ObjectStream(); + + // Return the object number of this object stream. +@@ -72,6 +74,7 @@ + int nObjects; // number of objects in the stream + Object *objs; // the objects (length = nObjects) + int *objNums; // the object numbers (length = nObjects) ++ GBool ok; + }; + + ObjectStream::ObjectStream(XRef *xref, int objStrNumA) { +@@ -85,6 +88,7 @@ + nObjects = 0; + objs = NULL; + objNums = NULL; ++ ok = gFalse; + + if (!xref->fetch(objStrNum, 0, &objStr)->isStream()) { + goto err1; +@@ -110,8 +114,11 @@ + goto err1; + } + +- if (nObjects*(int)sizeof(int)/sizeof(int) != nObjects) { +- error(-1, "Invalid 'nObjects'"); ++ // this is an arbitrary limit to avoid integer overflow problems ++ // in the 'new Object[nObjects]' call (Acrobat apparently limits ++ // object streams to 100-200 objects) ++ if (nObjects > 1000000) { ++ error(-1, "Too many objects in an object stream"); + goto err1; + } + +@@ -171,10 +178,10 @@ + } + + gfree(offsets); ++ ok = gTrue; + + err1: + objStr.free(); +- return; + } + + ObjectStream::~ObjectStream() { +@@ -927,6 +934,11 @@ + delete objStr; + } + objStr = new ObjectStream(this, e->offset); ++ if (!objStr->isOk()) { ++ delete objStr; ++ objStr = NULL; ++ goto err; ++ } + } + objStr->getObject(e->gen, num, obj); + break; +diff -Naur poppler-0.8.7.orig/splash/Splash.cc poppler-0.8.7/splash/Splash.cc +--- poppler-0.8.7.orig/splash/Splash.cc 2009-11-24 21:27:24.000000000 +0000 ++++ poppler-0.8.7/splash/Splash.cc 2009-11-24 21:27:45.000000000 +0000 +@@ -12,6 +12,7 @@ + + #include + #include ++#include + #include "goo/gmem.h" + #include "SplashErrorCodes.h" + #include "SplashMath.h" +@@ -1986,6 +1987,9 @@ + xq = w % scaledWidth; + + // allocate pixel buffer ++ if (yp < 0 || yp > INT_MAX - 1) { ++ return splashErrBadArg; ++ } + pixBuf = (SplashColorPtr)gmallocn((yp + 1), w); + + // initialize the pixel pipe +@@ -2286,6 +2290,9 @@ + xq = w % scaledWidth; + + // allocate pixel buffers ++ if (yp < 0 || yp > INT_MAX - 1) { ++ return splashErrBadArg; ++ } + colorBuf = (SplashColorPtr)gmallocn3((yp + 1), w, nComps); + if (srcAlpha) { + alphaBuf = (Guchar *)gmallocn((yp + 1), w); +diff -Naur poppler-0.8.7.orig/splash/SplashBitmap.cc poppler-0.8.7/splash/SplashBitmap.cc +--- poppler-0.8.7.orig/splash/SplashBitmap.cc 2009-11-24 21:27:24.000000000 +0000 ++++ poppler-0.8.7/splash/SplashBitmap.cc 2009-11-24 21:29:51.000000000 +0000 +@@ -11,6 +11,7 @@ + #endif + + #include ++#include + #include "goo/gmem.h" + #include "SplashErrorCodes.h" + #include "SplashBitmap.h" +@@ -27,26 +28,48 @@ + mode = modeA; + switch (mode) { + case splashModeMono1: +- rowSize = (width + 7) >> 3; ++ if (width > 0) { ++ rowSize = (width + 7) >> 3; ++ } else { ++ rowSize = -1; ++ } + break; + case splashModeMono8: +- rowSize = width; ++ if (width > 0) { ++ rowSize = width; ++ } else { ++ rowSize = -1; ++ } + break; + case splashModeRGB8: + case splashModeBGR8: +- rowSize = width * 3; ++ if (width > 0 && width <= INT_MAX / 3) { ++ rowSize = width * 3; ++ } else { ++ rowSize = -1; ++ } + break; + case splashModeXBGR8: +- rowSize = width * 4; ++ if (width > 0 && width <= INT_MAX / 4) { ++ rowSize = width * 4; ++ } else { ++ rowSize = -1; ++ } + break; + #if SPLASH_CMYK + case splashModeCMYK8: +- rowSize = width * 4; ++ if (width > 0 && width <= INT_MAX / 4) { ++ rowSize = width * 4; ++ } else { ++ rowSize = -1; ++ } + break; + #endif + } +- rowSize += rowPad - 1; +- rowSize -= rowSize % rowPad; ++ if (rowSize > 0) { ++ rowSize += rowPad - 1; ++ rowSize -= rowSize % rowPad; ++ } + data = (SplashColorPtr)gmalloc(rowSize * height); + if (!topDown) { + data += (height - 1) * rowSize; +diff -Naur poppler-0.8.7.orig/splash/SplashErrorCodes.h poppler-0.8.7/splash/SplashErrorCodes.h +--- poppler-0.8.7.orig/splash/SplashErrorCodes.h 2008-03-26 19:38:52.000000000 +0000 ++++ poppler-0.8.7/splash/SplashErrorCodes.h 2009-11-24 21:27:45.000000000 +0000 +@@ -27,6 +27,8 @@ + + #define splashErrSingularMatrix 8 // matrix is singular + +-#define splashErrZeroImage 9 // image of 0x0 ++#define splashErrBadArg 9 // bad argument ++ ++#define splashErrZeroImage 254 // image of 0x0 + + #endif --- poppler-0.8.7.orig/debian/patches/69_security_CVE-2009-1188.patch +++ poppler-0.8.7/debian/patches/69_security_CVE-2009-1188.patch @@ -0,0 +1,12 @@ +diff -Nur -x '*.orig' -x '*~' poppler-0.8.7/splash/SplashBitmap.cc poppler-0.8.7.new/splash/SplashBitmap.cc +--- poppler-0.8.7/splash/SplashBitmap.cc 2010-03-17 14:06:27.000000000 -0300 ++++ poppler-0.8.7.new/splash/SplashBitmap.cc 2010-03-17 14:06:28.000000000 -0300 +@@ -70,7 +70,7 @@ + rowSize += rowPad - 1; + rowSize -= rowSize % rowPad; + } +- data = (SplashColorPtr)gmalloc(rowSize * height); ++ data = (SplashColorPtr)gmallocn(rowSize, height); + if (!topDown) { + data += (height - 1) * rowSize; + rowSize = -rowSize; --- poppler-0.8.7.orig/debian/patches/60_manpages-cfg-flag.patch +++ poppler-0.8.7/debian/patches/60_manpages-cfg-flag.patch @@ -0,0 +1,59 @@ +Debian #461961; FreeDesktop #17222; drop unimplemented -cfg flag from man +pages. + +--- poppler-0.8.6/utils/pdffonts.1 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.6.new/utils/pdffonts.1 2008-08-20 13:27:50.000000000 +0200 +@@ -82,11 +82,6 @@ + .BI \-upw " password" + Specify the user password for the PDF file. + .TP +-.BI \-cfg " config-file" +-Read +-.I config-file +-in place of ~/.xpdfrc or the system-wide config file. +-.TP + .B \-v + Print copyright and version information. + .TP +--- poppler-0.8.6/utils/pdfinfo.1 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.6.new/utils/pdfinfo.1 2008-08-20 13:27:58.000000000 +0200 +@@ -111,11 +111,6 @@ + .BI \-upw " password" + Specify the user password for the PDF file. + .TP +-.BI \-cfg " config-file" +-Read +-.I config-file +-in place of ~/.xpdfrc or the system-wide config file. +-.TP + .B \-v + Print copyright and version information. + .TP +--- poppler-0.8.6/utils/pdftops.1 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.6.new/utils/pdftops.1 2008-08-20 13:28:07.000000000 +0200 +@@ -178,11 +178,6 @@ + Don't print any messages or errors. + .RB "[config file: " errQuiet ] + .TP +-.BI \-cfg " config-file" +-Read +-.I config-file +-in place of ~/.xpdfrc or the system-wide config file. +-.TP + .B \-v + Print copyright and version information. + .TP +--- poppler-0.8.6/utils/pdftotext.1 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.6.new/utils/pdftotext.1 2008-08-20 13:28:12.000000000 +0200 +@@ -85,11 +85,6 @@ + Don't print any messages or errors. + .RB "[config file: " errQuiet ] + .TP +-.BI \-cfg " config-file" +-Read +-.I config-file +-in place of ~/.xpdfrc or the system-wide config file. +-.TP + .B \-v + Print copyright and version information. + .TP --- poppler-0.8.7.orig/debian/patches/10_jpxstream_int_crash.patch +++ poppler-0.8.7/debian/patches/10_jpxstream_int_crash.patch @@ -0,0 +1,13 @@ +FreeDesktop #5667; fixes crash on 64-bits arches + +--- poppler-0.8.6/poppler/JPXStream.h 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.6.new/poppler/JPXStream.h 2008-08-20 14:21:34.000000000 +0200 +@@ -212,7 +212,7 @@ + + //----- computed + Guint x0, y0, x1, y1; // bounds of the tile-comp, in ref coords +- Guint cbW; // code-block width ++ int cbW; // code-block width + Guint cbH; // code-block height + + //----- image data --- poppler-0.8.7.orig/debian/patches/70_security_CVE-2010-3702_CVE-2010-3704.patch +++ poppler-0.8.7/debian/patches/70_security_CVE-2010-3702_CVE-2010-3704.patch @@ -0,0 +1,34 @@ +diff -aur poppler-0.8.7.orig/fofi/FoFiType1.cc poppler-0.8.7/fofi/FoFiType1.cc +--- poppler-0.8.7.orig/fofi/FoFiType1.cc 2008-03-26 20:38:52.000000000 +0100 ++++ poppler-0.8.7/fofi/FoFiType1.cc 2010-10-05 16:58:49.631035326 +0200 +@@ -224,7 +225,7 @@ + code = code * 8 + (*p2 - '0'); + } + } +- if (code < 256) { ++ if (code < 256 && code >= 0) { + for (p = p2; *p == ' ' || *p == '\t'; ++p) ; + if (*p == '/') { + ++p; +diff -aur poppler-0.8.7.orig/poppler/Gfx.cc poppler-0.8.7/poppler/Gfx.cc +--- poppler-0.8.7.orig/poppler/Gfx.cc 2008-08-01 23:51:45.000000000 +0200 ++++ poppler-0.8.7/poppler/Gfx.cc 2010-10-05 17:02:15.803038027 +0200 +@@ -471,6 +471,8 @@ + printCommands = globalParams->getPrintCommands(); + profileCommands = globalParams->getProfileCommands(); + ++ parser = NULL; ++ + // start the resource stack + res = new GfxResources(xref, resDict, NULL); + +@@ -514,6 +516,8 @@ + subPage = gTrue; + printCommands = globalParams->getPrintCommands(); + ++ parser = NULL; ++ + // start the resource stack + res = new GfxResources(xref, resDict, NULL); + +