--- pdftohtml-0.36.orig/Makefile
+++ pdftohtml-0.36/Makefile
@@ -3,6 +3,7 @@
prefix = /usr/local
exec_prefix = ${prefix}
srcdir = .
+installer = /usr/bin/install
EXE =
@@ -23,3 +24,7 @@
rm -f pdftohtml
cd goo; $(MAKE) distdepend
cd xpdf; $(MAKE) distdepend
+
+install:
+ ${installer} -g root -o root pdftohtml ${DESTDIR}/usr/bin/pdftohtml
+
--- pdftohtml-0.36.orig/aconf.h
+++ pdftohtml-0.36/aconf.h
@@ -36,7 +36,7 @@
/*
* Full path for the system-wide xpdfrc file.
*/
-#define SYSTEM_XPDFRC "/usr/local/etc/xpdfrc"
+#define SYSTEM_XPDFRC "/etc/xpdfrc"
/*
* Various include files and functions.
--- pdftohtml-0.36.orig/goo/gfile.cc
+++ pdftohtml-0.36/goo/gfile.cc
@@ -496,12 +496,15 @@
(*name)->append("/XXXXXX")->append(ext);
fd = mkstemps((*name)->getCString(), strlen(ext));
#else
+ /*
if (!(s = tmpnam(NULL))) {
return gFalse;
}
*name = new GString(s);
(*name)->append(ext);
fd = open((*name)->getCString(), O_WRONLY | O_CREAT | O_EXCL, 0600);
+ */
+ fd = mkstemp("pdftoh");
#endif
} else {
#if HAVE_MKSTEMP
--- pdftohtml-0.36.orig/src/flaf.out
+++ pdftohtml-0.36/src/flaf.out
@@ -0,0 +1,6 @@
+g++ -DHAVE_DIRENT_H=1 -I.. -DHAVE_REWINDDIR=1 -DHAVE_POPEN=1 -I../goo -I. -I../xpdf -c HtmlOutputDev.cc
+g++ -DHAVE_DIRENT_H=1 -I.. -DHAVE_REWINDDIR=1 -DHAVE_POPEN=1 -I../goo -I. -I../xpdf -c HtmlFonts.cc
+g++ -DHAVE_DIRENT_H=1 -I.. -DHAVE_REWINDDIR=1 -DHAVE_POPEN=1 -I../goo -I. -I../xpdf -c HtmlLinks.cc
+g++ -DHAVE_DIRENT_H=1 -I.. -DHAVE_REWINDDIR=1 -DHAVE_POPEN=1 -I../goo -I. -I../xpdf -c pdftohtml.cc
+g++ -DHAVE_DIRENT_H=1 -I.. -DHAVE_REWINDDIR=1 -DHAVE_POPEN=1 -I../goo -I. -I../xpdf -o pdftohtml HtmlOutputDev.o HtmlFonts.o HtmlLinks.o pdftohtml.o \
+ -L../goo -L../xpdf -lXpdf -lGoo -lm
--- pdftohtml-0.36.orig/xpdf/Decrypt.cc
+++ pdftohtml-0.36/xpdf/Decrypt.cc
@@ -73,6 +73,11 @@
Guchar fx, fy;
int len, i, j;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+ return gFalse;
+ }
+
// try using the supplied owner password to generate the user password
if (ownerPassword) {
len = ownerPassword->getLength();
@@ -137,6 +142,11 @@
int len, i, j;
GBool ok;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+ return gFalse;
+ }
+
// generate file key
buf = (Guchar *)gmalloc(68 + fileID->getLength());
if (userPassword) {
--- pdftohtml-0.36.orig/debian/control
+++ pdftohtml-0.36/debian/control
@@ -0,0 +1,13 @@
+Source: pdftohtml
+Section: text
+Priority: optional
+Maintainer: Søren Boll Overgaard
+Build-Depends: debhelper (>> 3.0.0), dpatch (>= 1.11)
+Standards-Version: 3.6.1
+
+Package: pdftohtml
+Architecture: any
+Depends: ${shlibs:Depends}, gs
+Description: Translates pdf documents into html format
+ Translates pdf files into HTML or XML formats, combined with png images.
+ Supports encrypted pdf files.
--- pdftohtml-0.36.orig/debian/changelog
+++ pdftohtml-0.36/debian/changelog
@@ -0,0 +1,130 @@
+pdftohtml (0.36-7.3) unstable; urgency=low
+
+ * NMU to address security issue
+ * Bug fix: "CAN-2005-0064: Arbitrary code execution in pdftohtml",
+ thanks to Martin Schulze (Closes: #291250).
+
+ -- Frank Küster Thu, 20 Jan 2005 12:08:11 +0100
+
+pdftohtml (0.36-7.2) unstable; urgency=low
+
+ * NMU based on Frank Küster's work, ok'd by maintainer
+ * Security: Fix some more bufferoverflows in the xpdf code used by
+ pdftohtml, again partially CAN-2004-0888, and CAN-2004-1125 too. See
+ http://lists.debian.org/debian-tetex-maint/2004/11/msg00006.html and
+ http://www.idefense.com/application/poi/display?id=172 (Closes: #287551)
+
+ -- Jeroen van Wolffelaar Fri, 7 Jan 2005 19:25:33 +0100
+
+pdftohtml (0.36-7.1) unstable; urgency=high
+
+ * NMU on maintainers request to address a security issue in the xpdf
+ code that is used
+ * Add patch for CAN-2004-0888
+
+ -- Frank Küster Thu, 28 Oct 2004 21:06:27 +0200
+
+pdftohtml (0.36-7) unstable; urgency=low
+
+ * Bump standards version to 3.6.1, no changes.
+ * Fix encoding of debian/control
+
+ -- Søren Boll Overgaard Sun, 5 Sep 2004 17:26:10 +0000
+
+pdftohtml (0.36-6) unstable; urgency=low
+
+ * Update man-page to include -dev and -nomerge options (closes: Bug#230906).
+
+ -- Søren Boll Overgaard Wed, 10 Mar 2004 16:12:21 +0000
+
+pdftohtml (0.36-5) unstable; urgency=low
+
+ * Fix maintainer name.
+
+ -- Søren Boll Overgaard Sun, 21 Dec 2003 20:03:29 +0000
+
+pdftohtml (0.36-4) unstable; urgency=low
+
+ * Fix segfault when specifying absolute path to input file
+ (Closes: Bug#212824)
+
+ -- Søren Boll Overgaard Tue, 7 Oct 2003 11:42:35 +0000
+
+pdftohtml (0.36-3) unstable; urgency=low
+
+ * Fix "off by one"-error in my own patch to generate output in CWD.
+ (Closes: #208447)
+
+ -- Søren Boll Overgaard Sun, 14 Sep 2003 11:24:07 +0000
+
+pdftohtml (0.36-2) unstable; urgency=low
+ * Introduce dpatch
+ - Patch src/HtmlOutputDev.{cc|h} to output HTML in CWD instead of source
+ dir (closes: Bug#188815)
+ * debian/control:
+ - build-depend on dpatch
+ - fix spelling mistake in long description
+
+ -- Søren Boll Overgaard Sat, 26 Jul 2003 11:40:16 +0000
+
+pdftohtml (0.36-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Søren Boll Overgaard Mon, 21 Jul 2003 23:12:34 +0000
+
+pdftohtml (0.35-1) unstable; urgency=low
+
+ * New upstream release
+ + Fixes a security issue related to xpdf.
+ * Fix pdftohtml source to compile with gcc-3.2. Patch sent to upstream.
+
+ -- Søren Boll Overgaard Mon, 13 Jan 2003 08:23:50 +0000
+
+pdftohtml (0.34-3) unstable; urgency=low
+
+ * Fix path to xpdf global configuration (Thanks OHURA Makoto)
+ (closes: Bug#175638)
+
+ -- Søren Boll Overgaard Tue, 7 Jan 2003 08:41:41 +0000
+
+pdftohtml (0.34-2) unstable; urgency=low
+
+ * Standards version 3.5.7.
+
+ -- Søren Boll Overgaard Sun, 20 Oct 2002 13:58:57 +0200
+
+pdftohtml (0.34-1) unstable; urgency=low
+
+ * New upstream release
+ * Updated manpage to include new commandline options.
+
+ -- Søren Boll Overgaard Tue, 18 Jun 2002 10:37:06 +0200
+
+pdftohtml (0.33a-4) unstable; urgency=low
+
+ * Remove various useless calls to dh_*
+ * Include more upstream docs in package
+
+ -- Søren Boll Overgaard Sat, 1 Jun 2002 11:04:09 +0200
+
+pdftohtml (0.33a-3) unstable; urgency=low
+
+ * Fix spelling errors in pdftohtml.1
+
+ -- Søren Boll Overgaard Tue, 14 May 2002 23:38:49 +0200
+
+pdftohtml (0.33a-2) unstable; urgency=low
+
+ * Add gs as a requirement, since pdftohtml in complex mode uses it.
+
+ -- Søren Boll Overgaard Wed, 1 May 2002 01:25:28 +0200
+
+pdftohtml (0.33a-1) unstable; urgency=low
+
+ * Modified Makefile to use $(DESTDIR)
+ * Modified Makefile to support the install target
+ * Initial Release (closes: Bug#143525).
+
+ -- Søren Boll Overgaard Sat, 27 Apr 2002 11:07:46 +0200
+
--- pdftohtml-0.36.orig/debian/pdftohtml.1
+++ pdftohtml-0.36/debian/pdftohtml.1
@@ -0,0 +1,82 @@
+.TH PDFTOHTML 1
+.\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
+.\" other parms are allowed: see man(7), man(1)
+.SH NAME
+pdftohtml \- program to convert pdf files into html, xml and png images
+.SH SYNOPSIS
+.B pdftohtml
+.I "[options] [ ]"
+.SH "DESCRIPTION"
+This manual page documents briefly the
+.BR pdftohtml
+command.
+This manual page was written for the Debian GNU/Linux distribution
+because the original program does not have a manual page.
+.PP
+.B pdftohtml
+is a program that converts pdf documents into html. It generates its output in
+the current working directory.
+.SH OPTIONS
+A summary of options are included below.
+.TP
+.B \-h, \-help
+Show summary of options.
+.TP
+.B \-f
+first page to print
+.TP
+.B \-l
+last page to print
+.TP
+.B \-q
+dont print any messages or errors
+.TP
+.B \-v
+print copyright and version info
+.TP
+.B \-p
+exchange .pdf links with .html
+.TP
+.B \-c
+generate complex output
+.TP
+.B \-i
+ignore images
+.TP
+.B \-noframes
+generate no frames. Not supported in complex output mode.
+.TP
+.B \-stdout
+use standard output
+.TP
+.B \-zoom
+zoom the pdf document (default 1.5)
+.TP
+.B \-xml
+output for XML post-processing
+.TP
+.B \-enc
+output text encoding name
+.TP
+.B \-opw
+owner password (for encrypted files)
+.TP
+.B \-upw
+user password (for encrypted files)
+.TP
+.B \-hidden
+force hidden text extraction
+.TP
+.B \-dev
+output device name for Ghostscript (png16m, jpeg etc)
+.TP
+.B \-nomerge
+do not merge paragraphs
+
+.SH AUTHOR
+
+Pdftohtml was developed by Gueorgui Ovtcharov and Rainer Dorsch. It is
+based and benefits a lot from Derek Noonburg's xpdf package.
+
+This manual page was written by Søren Boll Overgaard ,
+for the Debian GNU/Linux system (but may be used by others).
--- pdftohtml-0.36.orig/debian/patches/00list
+++ pdftohtml-0.36/debian/patches/00list
@@ -0,0 +1,6 @@
+01_output_in_cwd_cc
+02_output_in_cwd_h
+03_CAN-2004-0888
+04_more_CAN-2004-0888
+05_CAN-2004-1125
+06_CAN-2005-0064
--- pdftohtml-0.36.orig/debian/patches/06_CAN-2005-0064.dpatch
+++ pdftohtml-0.36/debian/patches/06_CAN-2005-0064.dpatch
@@ -0,0 +1,73 @@
+#!/bin/sh -e
+## 06_CAN-2005-0064.dpatch -- by Frank Küster ,
+## using dpatch boilerplates and the patch against xpdf-3.0, see
+## bug #291250
+##
+## DP: Patch to fix an integer overflows in xpdf code.
+## DP: This patch handles xpdf/Decrypt.cc
+
+
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+--- pdftohtml-0.36/xpdf/Decrypt.cc.orig Wed Jun 25 00:41:27 2003
++++ pdftohtml-0.36/xpdf/Decrypt.cc Thu Jan 20 12:01:56 2005
+@@ -73,6 +73,11 @@
+ Guchar fx, fy;
+ int len, i, j;
+
++ // check whether we have non-zero keyLength
++ if ( !keyLength ) {
++ return gFalse;
++ }
++
+ // try using the supplied owner password to generate the user password
+ if (ownerPassword) {
+ len = ownerPassword->getLength();
+@@ -100,7 +105,7 @@
+ } else {
+ memcpy(test2, ownerKey->getCString(), 32);
+ for (i = 19; i >= 0; --i) {
+- for (j = 0; j < keyLength; ++j) {
++ for (j = 0; j < keyLength && j < 16; ++j) {
+ tmpKey[j] = test[j] ^ i;
+ }
+ rc4InitKey(tmpKey, keyLength, fState);
+@@ -137,6 +142,11 @@
+ int len, i, j;
+ GBool ok;
+
++ // check whether we have non-zero keyLength
++ if ( !keyLength ) {
++ return gFalse;
++ }
++
+ // generate file key
+ buf = (Guchar *)gmalloc(68 + fileID->getLength());
+ if (userPassword) {
+@@ -174,7 +184,7 @@
+ } else if (encRevision == 3) {
+ memcpy(test, userKey->getCString(), 32);
+ for (i = 19; i >= 0; --i) {
+- for (j = 0; j < keyLength; ++j) {
++ for (j = 0; j < keyLength && j < 16; ++j) {
+ tmpKey[j] = fileKey[j] ^ i;
+ }
+ rc4InitKey(tmpKey, keyLength, fState);
--- pdftohtml-0.36.orig/debian/patches/04_more_CAN-2004-0888.dpatch
+++ pdftohtml-0.36/debian/patches/04_more_CAN-2004-0888.dpatch
@@ -0,0 +1,109 @@
+#!/bin/sh -e
+## 04_more_CAN-2004-0888.dpatch -- by Frank Küster ,
+## using dpatch boilerplates and the ubuntu patch against tetex-bin, see
+## http://lists.debian.org/debian-tetex-maint/2004/11/msg00006.html
+##
+## DP: Patch to fix several integer overflows in xpdf code.
+## DP: This patch handles xpdf/XRef.cc (xpdf/goo/gmem.{c,h} don't exist)
+
+
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+--- pdftohtml-0.36/xpdf/XRef.cc.orig Tue Dec 28 18:38:48 2004
++++ pdftohtml-0.36/xpdf/XRef.cc Tue Dec 28 18:49:05 2004
+@@ -67,6 +67,8 @@
+ start = str->getStart();
+ pos = readTrailer();
+
++ entries = NULL;
++
+ // if there was a problem with the trailer,
+ // try to reconstruct the xref table
+ if (pos == 0) {
+@@ -77,7 +79,7 @@
+
+ // trailer is ok - read the xref table
+ } else {
+- if ( size >= INT_MAX/sizeof(XRefEntry)) {
++ if (size < 0 || size >= INT_MAX/sizeof(XRefEntry)) {
+ error(-1, "Invalid 'size' inside xref table.");
+ ok = gFalse;
+ return;
+@@ -181,7 +183,7 @@
+ n = atoi(p);
+ while ('0' <= *p && *p <= '9') ++p;
+ while (isspace(*p)) ++p;
+- if (p == buf)
++ if ((p == buf) || (n < 0)) /* must make progress */
+ return 0;
+ pos1 += (p - buf) + n * 20;
+ }
+@@ -255,6 +257,10 @@
+ }
+ s[i] = '\0';
+ first = atoi(s);
++ if (first < 0) {
++ error(-1, "Invalid 'first'");
++ goto err2;
++ }
+ while ((c = str->lookChar()) != EOF && isspace(c)) {
+ str->getChar();
+ }
+@@ -266,6 +272,10 @@
+ }
+ s[i] = '\0';
+ n = atoi(s);
++ if (n<=0) {
++ error(-1, "Invalid 'n'");
++ goto err2;
++ }
+ while ((c = str->lookChar()) != EOF && isspace(c)) {
+ str->getChar();
+ }
+@@ -273,7 +283,7 @@
+ // table size
+ if (first + n > size) {
+ newSize = size + 256;
+- if (newSize >= INT_MAX/sizeof(XRefEntry)) {
++ if (newSize < 0 || newSize >= INT_MAX/sizeof(XRefEntry)) {
+ error(-1, "Invalid 'newSize'");
+ goto err2;
+ }
+@@ -406,6 +416,10 @@
+ // look for object
+ } else if (isdigit(*p)) {
+ num = atoi(p);
++ if (num < 0) {
++ error(-1, "Invalid 'num' parameters.");
++ return gFalse;
++ }
+ do {
+ ++p;
+ } while (*p && isdigit(*p));
+@@ -425,7 +439,7 @@
+ if (!strncmp(p, "obj", 3)) {
+ if (num >= size) {
+ newSize = (num + 1 + 255) & ~255;
+- if (newSize >= INT_MAX / sizeof(XRefEntry)) {
++ if (newSize < 0 || newSize >= INT_MAX/sizeof(XRefEntry)) {
+ error(-1, "Invalid 'obj' parameters.");
+ return gFalse;
+ }
--- pdftohtml-0.36.orig/debian/patches/05_CAN-2004-1125
+++ pdftohtml-0.36/debian/patches/05_CAN-2004-1125
@@ -0,0 +1,54 @@
+#!/bin/sh -e
+## 05_CAN-2004-1125.dpatch -- by Frank Küster ,
+## using dpatch boilerplates and the ubuntu patch against tetex-bin, see
+## ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
+##
+## DP: Patch to fix several integer overflows in xpdf code.
+## DP: This patch handles xpdf/XRef.cc, xpdf/goo/gmem.{c,h}
+
+
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+--- pdftohtml-0.36/xpdf/Gfx.cc 2002-12-06 00:44:32.000000000 +0100
++++ pdftohtml-0.36.new/xpdf/Gfx.cc 2004-12-22 16:25:20.343244344 +0100
+@@ -2381,7 +2381,7 @@
+ haveMask = gFalse;
+ dict->lookup("Mask", &maskObj);
+ if (maskObj.isArray()) {
+- for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++ for (i = 0; i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++i) {
+ maskObj.arrayGet(i, &obj1);
+ maskColors[i] = obj1.getInt();
+ obj1.free();
+--- pdftohtml-0.36/xpdf/GfxState.cc 2003-01-07 17:33:35.000000000 +0100
++++ pdftohtml-0.36.new/xpdf/GfxState.cc 2004-12-22 16:26:39.536205184 +0100
+@@ -708,6 +708,11 @@
+ }
+ nCompsA = obj2.getInt();
+ obj2.free();
++ if (nCompsA > gfxColorMaxComps) {
++ error(-1, "ICCBased color space with too many (%d > %d) components",
++ nCompsA, gfxColorMaxComps);
++ nCompsA = gfxColorMaxComps;
++ }
+ if (dict->lookup("Alternate", &obj2)->isNull() ||
+ !(altA = GfxColorSpace::parse(&obj2))) {
+ switch (nCompsA) { 05_CAN-2004-1125.dpatch -- by Frank Küster ,
--- pdftohtml-0.36.orig/debian/patches/01_output_in_cwd_cc.dpatch
+++ pdftohtml-0.36/debian/patches/01_output_in_cwd_cc.dpatch
@@ -0,0 +1,131 @@
+#!/bin/sh -e
+## 01_output_in_cwd_cc.dpatch by Søren Boll Overgaard
+## DP: Patch to make pdftothtml generate output in the current working
+## DP: directory, instead of in whatever directory contains the pdf-file
+## DP: being converted.
+## DP: This patch handles HtmlOutputDev.cc
+
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+--- HtmlOutputDev.cc 2003-10-07 14:30:28.000000000 +0200
++++ pdftohtml-0.36/src/HtmlOutputDev.cc 2003-10-07 14:48:43.000000000 +0200
+@@ -609,7 +609,7 @@
+ tmp->append('-')->append(pgNum)->append(".html");
+ delete pgNum;
+
+- if (!(pageFile = fopen(tmp->getCString(), "w"))) {
++ if (!(pageFile = fopen(getFileNameFromPath(tmp->getCString(),tmp->getLength()), "w"))) {
+ error(-1, "Couldn't open html file '%s'", tmp->getCString());
+ delete tmp;
+ return;
+@@ -811,7 +811,7 @@
+ char* htmlEncoding;
+ fName->append(".html");
+
+- if (!(fContentsFrame = fopen(fName->getCString(), "w"))){
++ if (!(fContentsFrame = fopen(getFileNameFromPath(fName->getCString(),fName->getLength()), "w"))){
+ delete fName;
+ error(-1, "Couldn't open html file '%s'", fName->getCString());
+ return;
+@@ -885,7 +885,7 @@
+
+ doFrame(firstPage);
+
+- if (!(fContentsFrame = fopen(left->getCString(), "w")))
++ if (!(fContentsFrame = fopen(getFileNameFromPath(left->getCString(),left->getLength()), "w")))
+ {
+ error(-1, "Couldn't open html file '%s'", left->getCString());
+ delete left;
+@@ -908,7 +908,7 @@
+ GString* right=new GString(fileName);
+ right->append("s.html");
+
+- if (!(page=fopen(right->getCString(),"w"))){
++ if (!(page=fopen(getFileNameFromPath(right->getCString(),right->getLength()),"w"))){
+ error(-1, "Couldn't open html file '%s'", right->getCString());
+ delete right;
+ return;
+@@ -925,7 +925,7 @@
+ GString* right=new GString(fileName);
+ if (!xml) right->append(".html");
+ if (xml) right->append(".xml");
+- if (!(page=fopen(right->getCString(),"w"))){
++ if (!(page=fopen(getFileNameFromPath(right->getCString(),right->getLength()),"w"))){
+ delete right;
+ error(-1, "Couldn't open html file '%s'", right->getCString());
+ return;
+@@ -996,7 +996,7 @@
+ write=gFalse;
+ GString* fname=Dirname(Docname);
+ fname->append("image.log");
+- if((tin=fopen(fname->getCString(),"w"))==NULL){
++ if((tin=fopen(getFileNameFromPath(fname->getCString(),fname->getLength()),"w"))==NULL){
+ printf("Error : can not open %s",fname);
+ exit(1);
+ }
+@@ -1135,7 +1135,7 @@
+ // open the image file
+ fName->append(pgNum)->append("_")->append(imgnum)->append(".jpg");
+ ++imgNum;
+- if (!(f1 = fopen(fName->getCString(), "wb"))) {
++ if (!(f1 = fopen(getFileNameFromPath(fName->getCString(),fName->getLength()), "wb"))) {
+ error(-1, "Couldn't open image file '%s'", fName->getCString());
+ return;
+ }
+@@ -1235,7 +1235,7 @@
+ fName->append(pgNum)->append("_")->append(imgnum)->append(".jpg");
+ ++imgNum;
+
+- if (!(f1 = fopen(fName->getCString(), "wb"))) {
++ if (!(f1 = fopen(getFileNameFromPath(fName->getCString(),fName->getLength()), "wb"))) {
+ error(-1, "Couldn't open image file '%s'", fName->getCString());
+ return;
+ }
+@@ -1434,7 +1434,7 @@
+ {
+ GString *str = basename(Docname);
+ str->append("-outline.html");
+- output = fopen(str->getCString(), "w");
++ output = fopen(getFileNameFromPath(str->getCString(),str->getLength()), "w");
+ if (output == NULL)
+ return gFalse;
+ delete str;
+@@ -1546,3 +1546,20 @@
+
+ return atLeastOne;
+ }
++
++char* getFileNameFromPath(char* c, int strlen) {
++ int last_slash_index = 0;
++ int i = 0;
++ char* res;
++
++ for (i=0;i,
+## using dpatch boilerplates and the patch against tetex-bin.
+## DP: Patch to fix several integer overflows in xpdf code.
+## DP: This patch handles xpdf/XRef.cc and xpdf/Catalog.cc
+
+
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+--- pdftohtml-0.36/xpdf/Catalog.cc 2002-11-03 23:15:36.000000000 +0100
++++ pdftohtml-0.36/libs/xpdf/xpdf/Catalog.cc 2004-10-27 14:42:01.525726160 +0200
+@@ -22,6 +22,7 @@
+ #include "Error.h"
+ #include "Link.h"
+ #include "Catalog.h"
++#include
+
+ //------------------------------------------------------------------------
+ // Catalog
+@@ -63,6 +64,12 @@
+ }
+ pagesSize = numPages0 = obj.getInt();
+ obj.free();
++ if ((pagesSize >= INT_MAX / sizeof(Page *)) ||
++ (pagesSize >= INT_MAX / sizeof(Ref))) {
++ error(-1, "Invalid 'pagesSize'");
++ ok = gFalse;
++ return;
++ }
+ pages = (Page **)gmalloc(pagesSize * sizeof(Page *));
+ pageRefs = (Ref *)gmalloc(pagesSize * sizeof(Ref));
+ for (i = 0; i < pagesSize; ++i) {
+@@ -190,6 +197,11 @@
+ }
+ if (start >= pagesSize) {
+ pagesSize += 32;
++ if ((pagesSize >= INT_MAX/sizeof(Page *)) ||
++ (pagesSize >= INT_MAX/sizeof(Ref))) {
++ error(-1, "Invalid 'pagesSize' parameter.");
++ goto err3;
++ }
+ pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *));
+ pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref));
+ for (j = pagesSize - 32; j < pagesSize; ++j) {
+--- pdftohtml-0.36/xpdf/XRef.cc 2002-11-03 23:15:37.000000000 +0100
++++ pdftohtml-0.36/libs/xpdf/xpdf/XRef.cc 2004-10-27 14:43:42.819327192 +0200
+@@ -28,6 +28,7 @@
+ #include "Error.h"
+ #include "ErrorCodes.h"
+ #include "XRef.h"
++#include
+
+ //------------------------------------------------------------------------
+
+@@ -76,6 +77,11 @@
+
+ // trailer is ok - read the xref table
+ } else {
++ if ( size >= INT_MAX/sizeof(XRefEntry)) {
++ error(-1, "Invalid 'size' inside xref table.");
++ ok = gFalse;
++ return;
++ }
+ entries = (XRefEntry *)gmalloc(size * sizeof(XRefEntry));
+ for (i = 0; i < size; ++i) {
+ entries[i].offset = 0xffffffff;
+@@ -267,6 +273,10 @@
+ // table size
+ if (first + n > size) {
+ newSize = size + 256;
++ if (newSize >= INT_MAX/sizeof(XRefEntry)) {
++ error(-1, "Invalid 'newSize'");
++ goto err2;
++ }
+ entries = (XRefEntry *)grealloc(entries, newSize * sizeof(XRefEntry));
+ for (i = size; i < newSize; ++i) {
+ entries[i].offset = 0xffffffff;
+@@ -410,6 +420,10 @@
+ if (!strncmp(p, "obj", 3)) {
+ if (num >= size) {
+ newSize = (num + 1 + 255) & ~255;
++ if (newSize >= INT_MAX / sizeof(XRefEntry)) {
++ error(-1, "Invalid 'obj' parameters.");
++ return gFalse;
++ }
+ entries = (XRefEntry *)
+ grealloc(entries, newSize * sizeof(XRefEntry));
+ for (i = size; i < newSize; ++i) {
+@@ -431,6 +445,10 @@
+ } else if (!strncmp(p, "endstream", 9)) {
+ if (streamEndsLen == streamEndsSize) {
+ streamEndsSize += 64;
++ if (streamEndsSize >= INT_MAX/sizeof(int)) {
++ error(-1, "Invalid 'endstream' parameter.");
++ return gFalse;
++ }
+ streamEnds = (Guint *)grealloc(streamEnds,
+ streamEndsSize * sizeof(int));
+ }
--- pdftohtml-0.36.orig/debian/patches/02_output_in_cwd_h.dpatch
+++ pdftohtml-0.36/debian/patches/02_output_in_cwd_h.dpatch
@@ -0,0 +1,70 @@
+#!/bin/sh -e
+## 01_output_in_cwd_h.dpatch by Søren Boll Overgaard
+## DP: Patch to make pdftothtml generate output in the current working
+## DP: directory, instead of in whatever directory contains the pdf-file
+## DP: being converted.
+## DP: This patch handles HtmlOutputDev.h
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+put_in_cwd.dpatch by Søren Boll Overgaard
+## DP: Patch to make pdftothtml generate output in the current working
+## DP: directory, instead of in whatever directory contains the pdf-file
+## DP: being converted.
+
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+ patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+
+case "$1" in
+ -patch) patch $patch_opts -p1 < $0;;
+ -unpatch) patch $patch_opts -p1 -R < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+@DPATCH@
+
+
+--- /home/boll/tmp/pdftohtml-0.36/src/HtmlOutputDev.h 2003-06-24 22:41:27.000000000 +0000
++++ pdftohtml-0.36/src/HtmlOutputDev.h 2003-07-26 11:46:04.000000000 +0000
+@@ -260,6 +260,8 @@
+
+ GBool dumpDocOutline(Catalog* catalog);
+
++ /* char* getFileNameFromPath(char* c, int strlen); */
++
+ private:
+ // convert encoding into a HTML standard, or encoding->getCString if not
+ // recognized
+@@ -289,4 +291,6 @@
+ friend class HtmlPage;
+ };
+
++char* getFileNameFromPath(char* c, int strlen);
++
+ #endif
--- pdftohtml-0.36.orig/debian/dirs
+++ pdftohtml-0.36/debian/dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/sbin
--- pdftohtml-0.36.orig/debian/rules
+++ pdftohtml-0.36/debian/rules
@@ -0,0 +1,96 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+include /usr/share/dpatch/dpatch.make
+
+# This is the debhelper compatibility version to use.
+export DH_COMPAT=3
+
+
+
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -g
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+ INSTALL_PROGRAM += -s
+endif
+
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+ # Add here commands to configure the package.
+
+ touch configure-stamp
+
+
+build: patch-stamp build-stamp
+
+build-stamp: configure-stamp
+ dh_testdir
+
+ # Add here commands to compile the package.
+ $(MAKE)
+ #/usr/bin/docbook-to-man debian/pdftohtml.sgml > pdftohtml.1
+
+ touch build-stamp
+
+clean: unpatch
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp configure-stamp
+
+ # Add here commands to clean up after the build process.
+ -$(MAKE) clean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/pdftohtml.
+ $(MAKE) install DESTDIR=$(CURDIR)/debian/pdftohtml
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+# dh_installdebconf
+ dh_installdocs README AUTHORS BUGS
+# dh_installexamples
+# dh_installmenu
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installpam
+# dh_installmime
+# dh_installinit
+# dh_installcron
+ dh_installman debian/pdftohtml.1
+# dh_installinfo
+# dh_undocumented
+ dh_installchangelogs CHANGES
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+# dh_makeshlibs
+ dh_installdeb
+# dh_perl
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
--- pdftohtml-0.36.orig/debian/copyright
+++ pdftohtml-0.36/debian/copyright
@@ -0,0 +1,13 @@
+This package was debianized by Søren Boll Overgaard boll@debian.org on
+Mon, 8 Apr 2002 00:23:31 +0200.
+
+It was downloaded from
+http://prdownloads.sourceforge.net/pdftohtml/
+
+Original author: Mikhail Kruk
+
+Copyright:
+
+This program is free software, relased under the Gnu General Public License.
+The license is available as /usr/share/common-licenses/GPL on your Debian
+system.
--- pdftohtml-0.36.orig/debian/docs
+++ pdftohtml-0.36/debian/docs
@@ -0,0 +1,2 @@
+BUGS
+README