Ubuntu
xpdf package

Merge xpdf 3.02-2 from Debian Unstable

Bug #556483 reported by Luke Faraone
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xpdf (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Binary package hint: xpdf

This package qualifies for a FFe since it fixes several security issues and bug fixes.

debian/changelog:
xpdf (3.02-2) unstable; urgency=high

  [Michael Gilbert]
  * Fix multiple security issues (closes: #551287, #575779).
    - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
      SplashBitmap::SplashBitmap function in SplashBitmap.cc.
    - CVE-2009-3603: Additional integer overflows in the
      SplashBitmap::SplashBitmap function.
    - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
      function in Splash.cc.
    - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
      function in PSOutputDev.cc.
    - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
      function in XRef.cc.
    - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
      function in Stream.cc.
  * Bump standards version to 3.8.4 (no changes required).
  * Use ${misc:Depends}.
  * Adopt the package (closes: #535261, #527840).

  [Rogério Brito]
  * debian/copyright:
    + include versioned link to the GPL.
  * debian/*
    + convert to source format "3.0 (quilt)".
  * debian/{control,compat}:
    + bump compat to 5.
  * debian/control:
    + remove dpatch build-dep and calls in debian/rules.
    + include Homepage field.
    + build-depend on unversioned automake.
    + build-depend on versioned lesstif.
    + wrap build-depends line to keep sanity.
    + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
    + remove debian revision from versioned build-deps.
    + update standards-version to 3.8.3, with no extra changes required.
  * debian/rules:
    + remove commented lines.
    + fix the includes for lesstif. (See below).
    + remove deprecated dh_desktop helper.
    + don't ignore errors when calling "make -i distclean".
    + separate configuration from package compilation to keep things tidy.
    + don't remove recursively things that are only files.
  * debian/patches:
    + rename 00list to series.
    + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
    + refresh enabled patches to avoid potential problems with buildds.
    + escape minus signs from manpages.
    + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
    + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
    + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
  * debian/xpdf-common.postint:
    + don't use command with path in maintainer script.
  * debian/watch:
    + create watch file.
  * debian/xpdf.desktop:
    + remove obsolete indication of encoding.
    + remove custom category "PDFViewer".
  * debian/xpdf-reader.menu:
    + update obsolete section Apps -> Applications.
  * debian/xpdf-reader.dirs:
    + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
  * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).

 -- Michael Gilbert <email address hidden> Fri, 02 Apr 2010 17:40:49 -0400

See original description

Related branches

lp:~lfaraone/ubuntu/lucid/xpdf/lp556483
Ubuntu Sponsors: Pending requested
Diff: 78352 lines (+75595/-559)
111 files modified
.pc/.version (+1/-0)
.pc/01_manpage.dpatch/doc/pdffonts.1 (+142/-0)
.pc/01_manpage.dpatch/doc/pdfimages.1 (+102/-0)
.pc/01_manpage.dpatch/doc/pdfinfo.1 (+158/-0)
.pc/01_manpage.dpatch/doc/pdftoppm.1 (+119/-0)
.pc/01_manpage.dpatch/doc/pdftops.1 (+235/-0)
.pc/01_manpage.dpatch/doc/pdftotext.1 (+137/-0)
.pc/01_manpage.dpatch/doc/xpdf.1 (+863/-0)
.pc/01_manpage.dpatch/doc/xpdfrc.5 (+617/-0)
.pc/02_permissions.dpatch/xpdf/PDFCore.cc (+2044/-0)
.pc/02_permissions.dpatch/xpdf/XPDFCore.cc (+1655/-0)
.pc/02_permissions.dpatch/xpdf/XPDFViewer.cc (+3488/-0)
.pc/02_permissions.dpatch/xpdf/pdfimages.cc (+155/-0)
.pc/02_permissions.dpatch/xpdf/pdftops.cc (+344/-0)
.pc/02_permissions.dpatch/xpdf/pdftotext.cc (+333/-0)
.pc/09_xpdfrc_manpage.dpatch/doc/xpdfrc.5 (+620/-0)
.pc/80-fix-hypens-in-manpages.patch/doc/pdfinfo.1 (+157/-0)
.pc/80-fix-hypens-in-manpages.patch/doc/pdftops.1 (+234/-0)
.pc/80-fix-hypens-in-manpages.patch/doc/xpdf.1 (+874/-0)
.pc/80-fix-hypens-in-manpages.patch/doc/xpdfrc.5 (+620/-0)
.pc/applied-patches (+18/-0)
.pc/bug_408502_message_5.mbox/xpdf/XPDFViewer.cc (+3498/-0)
.pc/bug_408502_message_5.mbox/xpdf/XPDFViewer.h (+352/-0)
.pc/fix-437725.dpatch/xpdf/XPDFViewer.cc (+3492/-0)
.pc/fix-444648.dpatch/xpdf/Stream.cc (+4686/-0)
.pc/fix-462544.dpatch/xpdf/SplashOutputDev.cc (+2845/-0)
.pc/fix-479467.dpatch/xpdf/XPDFViewer.cc (+3495/-0)
.pc/fix-CVE-2007-3387_CVE-2007-5049.dpatch/xpdf/Stream.cc (+4627/-0)
.pc/fix-CVE-2007-5393_2007-5392_2007-4352.dpatch/xpdf/Stream.cc (+4625/-0)
.pc/fix-CVE-2007-5393_2007-5392_2007-4352.dpatch/xpdf/Stream.h (+858/-0)
.pc/fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch/goo/gmem.cc (+264/-0)
.pc/fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch/xpdf/JBIG2Stream.cc (+3413/-0)
.pc/fix-CVE-2009-3603+CVE-2009-1188.patch/splash/SplashBitmap.cc (+188/-0)
.pc/fix-CVE-2009-3604.patch/splash/Splash.cc (+3310/-0)
.pc/fix-CVE-2009-3604.patch/splash/SplashErrorCodes.h (+32/-0)
.pc/fix-CVE-2009-3606.patch/xpdf/PSOutputDev.cc (+6222/-0)
.pc/fix-CVE-2009-3608.patch/xpdf/XRef.cc (+896/-0)
.pc/fix-CVE-2009-3609.patch/xpdf/Stream.cc (+4686/-0)
.pc/xpdf-zoom-height.patch/doc/xpdf.1 (+874/-0)
.pc/xpdf-zoom-height.patch/doc/xpdfrc.5 (+620/-0)
.pc/xpdf-zoom-height.patch/xpdf/GlobalParams.cc (+2908/-0)
.pc/xpdf-zoom-height.patch/xpdf/PDFCore.cc (+2048/-0)
.pc/xpdf-zoom-height.patch/xpdf/PDFCore.h (+321/-0)
.pc/xpdf-zoom-height.patch/xpdf/XPDFCore.cc (+1663/-0)
.pc/xpdf-zoom-height.patch/xpdf/XPDFViewer.cc (+3713/-0)
.pc/xpdf-zoom-height.patch/xpdf/XPDFViewer.h (+364/-0)
.pc/xpdf-zoom-height.patch/xpdf/about-text.h (+48/-0)
debian/changelog (+76/-0)
debian/compat (+1/-1)
debian/control (+8/-7)
debian/copyright (+1/-3)
debian/patches/00list (+0/-44)
debian/patches/01_manpage.dpatch (+16/-24)
debian/patches/02_permissions.dpatch (+12/-18)
debian/patches/09_xpdfrc_manpage.dpatch (+3/-4)
debian/patches/80-fix-hypens-in-manpages.patch (+268/-0)
debian/patches/bug_408502_message_5.mbox (+327/-0)
debian/patches/bug_558020_message_5.mbox (+20/-0)
debian/patches/do-not-make-ps-arrays-bigger-than-64k-from-big-images-in-patterns.dpatch (+3/-0)
debian/patches/fix-437725.dpatch (+3/-3)
debian/patches/fix-444648.dpatch (+2/-2)
debian/patches/fix-462544.dpatch (+3/-3)
debian/patches/fix-479467.dpatch (+3/-4)
debian/patches/fix-CVE-2007-3387_CVE-2007-5049.dpatch (+3/-4)
debian/patches/fix-CVE-2007-5393_2007-5392_2007-4352.dpatch (+19/-21)
debian/patches/fix-CVE-2009-0146,0147,0165,0166,0799,0800,1179-1183.dpatch (+4/-6)
debian/patches/fix-CVE-2009-3603+CVE-2009-1188.patch (+68/-0)
debian/patches/fix-CVE-2009-3604.patch (+50/-0)
debian/patches/fix-CVE-2009-3606.patch (+13/-0)
debian/patches/fix-CVE-2009-3608.patch (+67/-0)
debian/patches/fix-CVE-2009-3609.patch (+14/-0)
debian/patches/series (+57/-0)
debian/patches/slideshow.patch.2 (+349/-0)
debian/patches/xpdf-zoom-height.patch (+253/-0)
debian/rules (+18/-23)
debian/source/format (+1/-0)
debian/watch (+2/-0)
debian/xpdf-common.postinst (+1/-1)
debian/xpdf-reader.dirs (+0/-1)
debian/xpdf-reader.files (+0/-2)
debian/xpdf-reader.menu (+1/-1)
debian/xpdf-utils.files (+2/-0)
debian/xpdf.desktop (+1/-2)
doc/pdffonts.1 (+1/-3)
doc/pdfimages.1 (+3/-5)
doc/pdfinfo.1 (+2/-3)
doc/pdftoppm.1 (+1/-3)
doc/pdftops.1 (+9/-10)
doc/pdftotext.1 (+1/-3)
doc/xpdf.1 (+53/-35)
doc/xpdfrc.5 (+12/-9)
goo/gmem.cc (+36/-4)
splash/Splash.cc (+10/-3)
splash/SplashBitmap.cc (+27/-8)
splash/SplashErrorCodes.h (+2/-0)
xpdf/GlobalParams.cc (+2/-0)
xpdf/JBIG2Stream.cc (+157/-35)
xpdf/PDFCore.cc (+28/-0)
xpdf/PDFCore.h (+4/-3)
xpdf/PSOutputDev.cc (+1/-1)
xpdf/SplashOutputDev.cc (+4/-4)
xpdf/Stream.cc (+271/-208)
xpdf/Stream.h (+6/-4)
xpdf/XPDFCore.cc (+12/-2)
xpdf/XPDFViewer.cc (+276/-39)
xpdf/XPDFViewer.h (+14/-1)
xpdf/XRef.cc (+17/-1)
xpdf/about-text.h (+1/-1)
xpdf/pdfimages.cc (+4/-0)
xpdf/pdftops.cc (+4/-0)
xpdf/pdftotext.cc (+4/-0)

CVE References

Luke Faraone (lfaraone)
visibility: private → public
Luke Faraone (lfaraone)
Changed in xpdf (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
James Westby (james-w) wrote :

Hi,

Would you request a freeze exception for this?

Scott said that with the packaging being rewritten they would like to take a look.

Thanks,

James

Luke Faraone (lfaraone)
description: updated
Revision history for this message
Scott Kitterman (kitterman) wrote :

What testing have you done?

Revision history for this message
Luke Faraone (lfaraone) wrote :

I verified that xpdf is able to render and print a few of the PDFs I had on hand, as well as the testcases provided in bug 311982.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. FFe approved.

Changed in xpdf (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Bienia (geser) wrote :

Sponsored. Waiting in queue for approval (due to beta2 freeze).

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package xpdf - 3.02-2ubuntu1

---------------
xpdf (3.02-2ubuntu1) lucid; urgency=low

  * Merge from Debian unstable. (LP: #556483) Remaining changes:
    - do-not-make-ps-arrays-bigger-than-64k-from-big-images-in-patterns.dpatch:
      pdftops produced wrong PostScript when a large image is in a
      pattern in the input file

xpdf (3.02-2) unstable; urgency=high

  [Michael Gilbert]
  * Fix multiple security issues (closes: #551287, #575779).
    - CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the
      SplashBitmap::SplashBitmap function in SplashBitmap.cc.
    - CVE-2009-3603: Additional integer overflows in the
      SplashBitmap::SplashBitmap function.
    - CVE-2009-3604: Null pointer dereference in the Splash::drawImage
      function in Splash.cc.
    - CVE-2009-3606: Integer overflow in the PSOutputDev::doImageL1Sep
      function in PSOutputDev.cc.
    - CVE-2009-3608: Integer overflow in the ObjectStream::ObjectStream
      function in XRef.cc.
    - CVE-2009-3609: Integer overflow in the ImageStream::ImageStream
      function in Stream.cc.
  * Bump standards version to 3.8.4 (no changes required).
  * Use ${misc:Depends}.
  * Adopt the package (closes: #535261, #527840).

  [Rogério Brito]
  * debian/copyright:
    + include versioned link to the GPL.
  * debian/*
    + convert to source format "3.0 (quilt)".
  * debian/{control,compat}:
    + bump compat to 5.
  * debian/control:
    + remove dpatch build-dep and calls in debian/rules.
    + include Homepage field.
    + build-depend on unversioned automake.
    + build-depend on versioned lesstif.
    + wrap build-depends line to keep sanity.
    + change build-dependency on x-dev to x11proto-core-dev. (Closes: #515495).
    + remove debian revision from versioned build-deps.
    + update standards-version to 3.8.3, with no extra changes required.
  * debian/rules:
    + remove commented lines.
    + fix the includes for lesstif. (See below).
    + remove deprecated dh_desktop helper.
    + don't ignore errors when calling "make -i distclean".
    + separate configuration from package compilation to keep things tidy.
    + don't remove recursively things that are only files.
  * debian/patches:
    + rename 00list to series.
    + disable patches 40 and 41, lesstif is fixed. (Closes: #458763, #528807).
    + refresh enabled patches to avoid potential problems with buildds.
    + escape minus signs from manpages.
    + fix path to configuration files. Tks Andrew Price. (Closes: #424747).
    + flexibilize the print dialog. Tks Dmitry Oboukhov. (Closes: #408502).
    + implement "Fit to Height". Tks Josh Triplett. (Closes: #424178).
  * debian/xpdf-common.postint:
    + don't use command with path in maintainer script.
  * debian/watch:
    + create watch file.
  * debian/xpdf.desktop:
    + remove obsolete indication of encoding.
    + remove custom category "PDFViewer".
  * debian/xpdf-reader.menu:
    + update obsolete section Apps -> Applications.
  * debian/xpdf-reader.dirs:
    + remove empty dir usr/lib/menu. Tks Nelson Oliveira. (Closes: #495150).
  * avoid conflict with poppler-utils. Tks Luca Capello. (Closes: #558020).
 -...

Read more...

Changed in xpdf (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.