--- poppler-0.5.4.orig/debian/changelog +++ poppler-0.5.4/debian/changelog @@ -0,0 +1,431 @@ +poppler (0.5.4-0ubuntu4.3) edgy-security; urgency=low + + * SECURITY UPDATE: out of bounds array access causes memory corruption via + a crafted PDF file + * fix for DCTStream::readScanInfo() in Stream.cc to properly check + boundaries + * SECURITY UPDATE: integer overflow resulting in heap-based overflow and + potential arbitrary code execution via crafted PDF file + * fix for DCTStream::reset() in Stream.cc to properly check width and height + * SECURITY UPDATE: boundary error in lookChar() resulting in heap-based + overflow and potential arbitrary code execution via crafted PDF file + * fixes for CCITTFaxStream::CCITTFaxStream and CCITTFaxStream::lookChar() in + Stream.cc to properly check boundary conditions. This also includes + upstream refactoring for easier maintenance. + * References + CVE-2007-4352 + CVE-2007-5392 + CVE-2007-5393 + + -- Jamie Strandboge Tue, 13 Nov 2007 10:18:34 -0500 + +poppler (0.5.4-0ubuntu4.2) edgy-security; urgency=low + + * SECURITY UPDATE: arbitrary code execution via crafted PDFs + * Add debian/patches/100_streampredictor_overflow.patch: upstream fixes. + * References + CVE-2007-3387 + + -- Kees Cook Tue, 07 Aug 2007 09:27:27 -0700 + +poppler (0.5.4-0ubuntu4.1) edgy-security; urgency=low + + * SECURITY UPDATE: Denial of Service. + * Add debian/patches/004_CVE-2007-0104.patch: + - Limit recursion depth of the parsing tree to 100 to avoid infinite loop + with crafted documents. + - Patch taken from koffice security update (which has a copy of xpdf + sources). + + -- Martin Pitt Tue, 16 Jan 2007 18:13:04 +0100 + +poppler (0.5.4-0ubuntu4) edgy; urgency=low + + * Clean sources before upload + + -- Jonathan Riddell Thu, 12 Oct 2006 11:55:54 +0100 + +poppler (0.5.4-0ubuntu3) edgy; urgency=low + + * Include missing header files in libpoppler-qt4-dev.install and libpoppler-qt-dev.install + + -- Jonathan Riddell Wed, 11 Oct 2006 12:05:48 +0100 + +poppler (0.5.4-0ubuntu2) edgy; urgency=low + + * debian/control.in: + - Build-Depends on libglade2-dev to fix the build + + -- Sebastien Bacher Tue, 10 Oct 2006 21:59:29 +0200 + +poppler (0.5.4-0ubuntu1) edgy; urgency=low + + * New upstream version, UVF exception granted by Matt Zimmerman + * debian/patches/003_fontconfig-undefined-symbols.patch: + - fixed with the new version + * debian/patches/003_glib_pkgconfig_fix.patch: + - fix pkg-config call to glib + + -- Sebastien Bacher Tue, 26 Sep 2006 18:30:35 +0200 + +poppler (0.5.3-0ubuntu9) edgy; urgency=low + + * Build with splash for now, the cairo backend is much slower + (Ubuntu: #61161) + * debian/control.in: + - applied the changes made by Jonathan to the correct control file + - don't Build-Depends on libcairo2-dev + - no libpoppler-glib-dev Depends on libcairo2-dev + * debian/libpoppler-dev.install: + - don't list files for cairo + * debian/rules: + - don't build with cairo + + -- Sebastien Bacher Tue, 19 Sep 2006 10:21:10 +0200 + +poppler (0.5.3-0ubuntu8) edgy; urgency=low + + * Add Qt 4 packages + + -- Jonathan Riddell Mon, 18 Sep 2006 15:07:15 +0100 + +poppler (0.5.3-0ubuntu7) edgy; urgency=low + + * Disable zlib support again as this is broken and not recommended by + upstream + + -- Sebastian Dröge Wed, 16 Aug 2006 00:19:52 +0200 + +poppler (0.5.3-0ubuntu6) edgy; urgency=low + + * Enable zlib support + + -- Sebastian Dröge Fri, 28 Jul 2006 10:31:31 +0200 + +poppler (0.5.3-0ubuntu5) edgy; urgency=low + + * Add poppler-splash.pc and the splash header to libpoppler-dev again to + make it really correct now + + -- Sebastian Dröge Wed, 26 Jul 2006 13:10:15 +0200 + +poppler (0.5.3-0ubuntu4) edgy; urgency=low + + * Revert last change + * Enable splash and cairo. splash will be used for the qt/qt4 bindings, + cairo for the glib bindings. This fixes kpdf and everything else using the + qt bindings. + + -- Sebastian Dröge Wed, 26 Jul 2006 12:41:39 +0200 + +poppler (0.5.3-0ubuntu3) edgy; urgency=low + + * Add missing splash/ headers to libpoppler-dev + + -- Jonathan Riddell Wed, 26 Jul 2006 10:04:48 +0000 + +poppler (0.5.3-0ubuntu2) edgy; urgency=low + + * debian/patches/003_fontconfig-undefined-symbols.patch: + + Link libpoppler against libfontconfig. This makes it usuable again in + applications that don't link against libfontconfig themself. + * debian/control.in: + + Add Build-Depends on libfontconfig1-dev (Depends were already there) + + -- Sebastian Dröge Mon, 24 Jul 2006 14:37:38 +0200 + +poppler (0.5.3-0ubuntu1) edgy; urgency=low + + * New upstream version: + - Add poppler as a private requires of poppler-glib. + - Allow CairoFont creation to fail more gracefully (#4030). + - Back out the rest of krh's type3 font work. + - Revert splashModeRGB8 changes. + - Add missing poppler-annotation-helper.h. + * debian/control.in: + - Build-Depends on libcairo2-dev + - libpoppler-glib-dev Depends on libcairo2-dev, libpango1.0-dev + * debian/libpoppler-dev.install: + - list cairo instead of splash + * debian/rules: + - build the cairo variant instead of the splash one + + -- Sebastien Bacher Mon, 24 Jul 2006 10:29:30 +0200 + +poppler (0.5.2-1) experimental; urgency=low + + * New upstream release. + * Remove patches adopted upstream: + debian/patches/000_incorrect_define_fix.patch + debian/patches/000_splash_build_fix.patch + + -- Ondřej Surý Tue, 23 May 2006 20:21:30 +0200 + +poppler (0.5.1-1) experimental; urgency=low + + * Merge back changes from Ubuntu. + * Upload to experimental (Closes: 352522) + + -- Ondřej Surý Tue, 18 Apr 2006 15:08:26 +0200 + +poppler (0.5.1-0ubuntu6) dapper; urgency=low + + * Install poppler-page-transition into libpoppler-qt-dev (not + libpoppler-dev), since it comes from the Qt bindings. Closes: LP#32179 + + -- Martin Pitt Mon, 10 Apr 2006 12:20:46 +0200 + +poppler (0.5.1-0ubuntu5) dapper; urgency=low + + * debian/patches/000_incorrect_define_fix.patch: + - patch from the CVS, fix an incorrect boxes rendering (Ubuntu: #33239) + + -- Sebastien Bacher Thu, 23 Mar 2006 12:33:17 +0100 + +poppler (0.5.1-0ubuntu4) dapper; urgency=low + + * debian/control.in: libpoppler-dev needs to depend on libfontconfig1-dev, + because we directly include in GlobalParams.h + + -- Adam Conrad Thu, 16 Mar 2006 11:23:00 +1100 + +poppler (0.5.1-0ubuntu3) dapper; urgency=low + + * debian/control.in: Have poppler-utils Replace: xpdf-reader, since both + contain pdftoppm.1.gz. + + -- Martin Pitt Mon, 13 Mar 2006 09:10:12 +0100 + +poppler (0.5.1-0ubuntu2) dapper; urgency=low + + * debian/control.in: + - fix the libpoppler1 package description + + -- Sebastien Bacher Thu, 9 Mar 2006 09:43:15 +0000 + +poppler (0.5.1-0ubuntu1) dapper; urgency=low + + * New upstream version: + - Support for embedded files. + - Handle 0-width lines correctly. + - Avoid external file use when opening fonts. + - Only use vector fonts returned from fontconfig (#5758). + - Fix scaled 1x1 pixmaps use for drawing lines (#3387). + - drawSoftMaskedImage support in cairo backend. + - Misc bug fixes: #5922, #5946, #5749, #5952, #4030, #5420. + * debian/control.in, debian/libpoppler0c2.dirs, + debian/libpoppler0c2-glib.dirs, debian/libpoppler0c2-glib.install, + debian/libpoppler0c2.install, debian/libpoppler0c2-qt.dirs, + debian/libpoppler0c2-qt.install, debian/rules: + - updated for the soname change + * debian/patches/000_splash_build_fix.patch: + - fix build when using splash + * debian/patches/001_fixes_for_fonts_selection.patch: + - fix with the new version + + -- Sebastien Bacher Mon, 6 Mar 2006 18:42:44 +0000 + +poppler (0.5.0-0ubuntu5) dapper; urgency=low + + * debian/control.in, debian/rules: + - build without libcairo + + -- Sebastien Bacher Sun, 26 Feb 2006 20:05:10 +0100 + +poppler (0.5.0-0ubuntu4) dapper; urgency=low + + * debian/patches/001_fixes_for_fonts_selection.patch: + - change from the CVS, fix some renderings issues and fonts selection + + -- Sebastien Bacher Tue, 7 Feb 2006 13:38:04 +0100 + +poppler (0.5.0-0ubuntu3) dapper; urgency=low + + * SECURITY UPDATE: Buffer overflow. + * Add debian/patches/002_CVE-2006-0301.patch: + - splash/Splash.cc, Splash::drawPixel(), Splash::drawSpan(), + Splash::xorSpan(): Check coordinates for integer overflow. + * CVE-2006-0301 + + -- Martin Pitt Fri, 3 Feb 2006 18:13:30 +0000 + +poppler (0.5.0-0ubuntu2) dapper; urgency=low + + * debian/rules: Bump shlibs version to 0.5.0. + + -- Martin Pitt Fri, 20 Jan 2006 16:56:40 +0100 + +poppler (0.5.0-0ubuntu1) dapper; urgency=low + + * New upstream release 0.5.0, required for new evince 0.5. + * Merge with Debian. + * Remove patches adopted upstream: + - debian/patches/000_add-poppler-utils.patch + - debian/patches/002-selection-crash-bug.patch + * debian/libpoppler-dev.install: + - Install poppler-page-transition.h. + - Do not install poppler-config.h, it doesn't exist any more. + - Upstream doesn't install legacy xpdf includes any more, fix path to + install them into libpoppler-dev. + * Add debian/patches/001_jpxstream_int_crash.patch: + - poppler/JPXStream.h: Fix declaration of cbW to be signed. + JPXStream.cc, readCodeBlockData() negates the value, which results in an + invalid value on 64 bit platforms if using unsigned types. + - Thanks to Vladimir Nadvornik for pointing at this. + + -- Martin Pitt Thu, 19 Jan 2006 23:49:52 +0100 + +poppler (0.4.4-1) unstable; urgency=high + + * New upstream security release + - fixes CVE-2005-3624, CVE-2005-3625, CVE-2005-3627 + * Remove debian/patches/003-CVE-2005-3624_5_7.patch: + - Merged upstream + * Remove debian/patches/004-fix-CVE-2005-3192.patch: + - Merged upstream + * Remove debian/patches/001-relibtoolize.patch + - Upstream uses recent libtool + + -- Ondřej Surý Thu, 12 Jan 2006 20:40:27 +0100 + +poppler (0.4.3-3) unstable; urgency=low + + * Fix missing libcairo2-dev dependency (Closes: #346277) + + -- Ondřej Surý Fri, 6 Jan 2006 21:37:10 +0100 + +poppler (0.4.3-2) unstable; urgency=high + + [ Martin Pitt ] + * SECURITY UPDATE: Multiple integer/buffer overflows. + * Add debian/patches/003-CVE-2005-3624_5_7.patch: + - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + + Check columns for negative or large values. + + CVE-2005-3624 + - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + + Reset numComps to 0 since it's a global variable that is used later. + + CVE-2005-3627 + - poppler/Stream.cc, DCTStream::readHuffmanTables(): + + Fix out of bounds array access in Huffman tables. + + CVE-2005-3627 + - poppler/Stream.cc, DCTStream::readMarker(): + + Check for EOF in while loop to prevent endless loops. + + CVE-2005-3625 + - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), + JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + + Check user supplied width and height against invalid values. + + Allocate one extra byte to prevent out of bounds access in combine(). + * Add debian/patches/004-fix-CVE-2005-3192.patch: + - Fix nVals int overflow check in StreamPredictor::StreamPredictor(). + - Forwarded upstream to https://bugs.freedesktop.org/show_bug.cgi?id=5514. + + [ Ondřej Surý ] + * Merge changes from Ubuntu (Closes: #346076). + * Enable Cairo output again. + + -- Ondřej Surý Thu, 5 Jan 2006 14:54:44 +0100 + +poppler (0.4.3-1) unstable; urgency=high + + * New upstream release. + * New maintainer (Closes: #344738) + * CVE-2005-3191 and CAN-2005-2097 fixes merged upstream. + * Fixed some rendering bugs and disabled Cairo output + (Closes: #314556, #322964, #328211) + * Acknowledge NMU (Closes: #342288) + * Add 001-selection-crash-bug.patch (Closes: #330544) + * Add poppler-utils (merge patch from Ubuntu) + + -- Ondřej Surý Fri, 30 Dec 2005 11:34:07 +0100 + +poppler (0.4.2-1.1) unstable; urgency=high + + * SECURITY UPDATE: Multiple integer/buffer overflows. + + * NMU to fix RC security bug (closes: #342288) + * Add debian/patches/04_CVE-2005-3191_2_3.patch taken from Ubuntu, + thanks to Martin Pitt: + * poppler/Stream.cc, DCTStream::readBaselineSOF(), + DCTStream::readProgressiveSOF(), DCTStream::readScanInfo(): + - Check numComps for invalid values. + - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities + - CVE-2005-3191 + * poppler/Stream.cc, StreamPredictor::StreamPredictor(): + - Check rowBytes for invalid values. + - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities + - CVE-2005-3192 + * poppler/JPXStream.cc, JPXStream::readCodestream(): + - Check img.nXTiles * img.nYTiles for integer overflow. + - http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities + - CVE-2005-3193 + + -- Frank Küster Fri, 23 Dec 2005 16:36:30 +0100 + +poppler (0.4.2-1) unstable; urgency=low + + * GNOME Team upload. + * New upstream version. + * debian/control.in: + - updated the Build-Depends on libqt (Closes: #326130). + * debian/rules: + - updated the shlibs. + + -- Sebastien Bacher Wed, 7 Sep 2005 12:41:48 +0200 + +poppler (0.4.0-1) unstable; urgency=low + + * GNOME Team Upload. + * Rebuild for the CPP transition. + * New upstream version (Closes: #311133): + - fix some crashers (Closes: #315590, #312261, #309410). + - fix some rendering defaults (Closes: #314441, #315383, #309697, #308785). + * debian/control.in, debian/rules: + - build with the current cairo version (Closes: #321368, #318293). + - update for the renamed the packages. + * debian/patches/01_CAN-2005-2097.patch: + - Patch from Ubuntu, thanks Martin Pitt. + - Check sanity of the TrueType "loca" table. Specially crafted broken + tables caused disk space exhaustion due to very large generated glyph + descriptions when attempting to fix the table. + - Upstream patch scheduled for xpdf 3.01. + - CAN-2005-2097 + * debian/watch: + - fixed, patch by Jerome Warnier (Closes: #310996). + + -- Sebastien Bacher Wed, 17 Aug 2005 21:54:07 +0200 + +poppler (0.3.1-1) unstable; urgency=low + + * New upstream release + * Upstream fixed the Qt build bug, so now I can enable Qt + build. (Closes:#307340) It leads two new binary packages + libpoppler0-qt and libpoppler-qt-dev. + * Excluded DEB_CONFIGURE_SYSCONFDIR setting, which is obsolete by the + upstream removal of xpdfrc config. + + -- Changwoo Ryu Wed, 4 May 2005 00:19:35 +0900 + +poppler (0.3.0-2) unstable; urgency=high + + * Added shlib version info for libpoppler0-glib. + * Corrected dependencies of libpoppler0-glib and libpoppler-glib-dev. + (Closes: #306897) + * Build-Depends on libgtk2.0-dev for -glib packages. (Closes: #306885) + * Corrected descriptions of -glib packages. + + -- Changwoo Ryu Thu, 28 Apr 2005 02:41:25 +0900 + +poppler (0.3.0-1) unstable; urgency=low + + * New upstream release (Closes: #306573) + * Added new binary packages libpoppler0-glib and libpoppler-glib-dev, + which are GLib-based interfaces. Qt interface build is termporarily + disabled, because of an upstream FTBFS. + + -- Changwoo Ryu Thu, 28 Apr 2005 02:07:23 +0900 + +poppler (0.1.2-1) unstable; urgency=low + + * Initial Release (Closes: #299518) + + -- Changwoo Ryu Tue, 15 Mar 2005 02:08:00 +0900 --- poppler-0.5.4.orig/debian/libpoppler1-glib.install +++ poppler-0.5.4/debian/libpoppler1-glib.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler-glib.so.* --- poppler-0.5.4.orig/debian/libpoppler1.install +++ poppler-0.5.4/debian/libpoppler1.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler.so.* --- poppler-0.5.4.orig/debian/poppler-utils.install +++ poppler-0.5.4/debian/poppler-utils.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/* +debian/tmp/usr/share/man/man1/* --- poppler-0.5.4.orig/debian/docs +++ poppler-0.5.4/debian/docs @@ -0,0 +1,5 @@ +AUTHORS +NEWS +README +README-XPDF +TODO --- poppler-0.5.4.orig/debian/libpoppler-glib-dev.dirs +++ poppler-0.5.4/debian/libpoppler-glib-dev.dirs @@ -0,0 +1,3 @@ +usr/include/poppler +usr/lib +usr/lib/pkgconfig --- poppler-0.5.4.orig/debian/rules +++ poppler-0.5.4/debian/rules @@ -0,0 +1,29 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/cdbs/1/class/autotools.mk + +include /usr/share/gnome-pkg-tools/1/rules/uploaders.mk + +# a trick to fix xpdfrc location without modifying autotools stuff +DEB_CONFIGURE_SYSCONFDIR = /etc/xpdf + +# disable gtk stuff to minimize Build-Depends +DEB_CONFIGURE_EXTRA_FLAGS = \ + --enable-libjpeg \ + --enable-splash-output \ + --disable-cairo-output \ + --enable-poppler-glib \ + --enable-poppler-qt \ + --enable-poppler-qt4 \ + --enable-a4-paper \ + --disable-zlib \ + --enable-gtk-test + +SHLIB_VERSION=0.5.1 +DEB_DH_MAKESHLIBS_ARGS_libpoppler1 := -V"libpoppler1 (>= $(SHLIB_VERSION))" +DEB_DH_MAKESHLIBS_ARGS_libpoppler1-glib := -V"libpoppler1-glib (>= $(SHLIB_VERSION))" +DEB_DH_MAKESHLIBS_ARGS_libpoppler1-qt := -V"libpoppler1-qt (>= $(SHLIB_VERSION))" --- poppler-0.5.4.orig/debian/libpoppler1.dirs +++ poppler-0.5.4/debian/libpoppler1.dirs @@ -0,0 +1 @@ +usr/lib --- poppler-0.5.4.orig/debian/libpoppler1-qt.install +++ poppler-0.5.4/debian/libpoppler1-qt.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler-qt.so.* --- poppler-0.5.4.orig/debian/compat +++ poppler-0.5.4/debian/compat @@ -0,0 +1 @@ +4 --- poppler-0.5.4.orig/debian/libpoppler-dev.install +++ poppler-0.5.4/debian/libpoppler-dev.install @@ -0,0 +1,8 @@ +./poppler/*.h usr/include/poppler/ +./goo/*.h usr/include/poppler/goo/ +./splash/*.h usr/include/poppler/splash/ +debian/tmp/usr/lib/libpoppler.la +debian/tmp/usr/lib/libpoppler.a +debian/tmp/usr/lib/libpoppler.so +debian/tmp/usr/lib/pkgconfig/poppler.pc +debian/tmp/usr/lib/pkgconfig/poppler-splash.pc --- poppler-0.5.4.orig/debian/copyright +++ poppler-0.5.4/debian/copyright @@ -0,0 +1,29 @@ +This package was debianized by Changwoo Ryu . + +It was downloaded from http://poppler.freedesktop.org + +Copyright: + + Copyright (C) 1996-2003 Glyph & Cog, LLC + +Upstream Author: + Kristian Høgsberg + +License: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. --- poppler-0.5.4.orig/debian/control.in +++ poppler-0.5.4/debian/control.in @@ -0,0 +1,96 @@ +Source: poppler +Section: devel +Priority: optional +Maintainer: Ondřej Surý +Uploaders: @GNOME_TEAM@ +Build-Depends: cdbs, debhelper, gnome-pkg-tools, libgtk2.0-dev, libqt3-mt-dev (>= 3:3.3.4-4), libfontconfig1-dev, libqt4-dev, libglade2-dev +Standards-Version: 3.6.1.1 + +Package: libpoppler1 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PDF rendering library + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the shared library. + +Package: libpoppler-dev +Architecture: any +Section: libdevel +Depends: libpoppler1 (= ${Source-Version}), libfontconfig1-dev +Description: PDF rendering library -- development files + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the headers and development libraries needed to + build applications using Poppler. + +Package: libpoppler1-glib +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libpoppler1 (= ${Source-Version}), ${misc:Depends} +Description: PDF rendering library (GLib-based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the GLib-based shared library for applications + using the GLib interface to Poppler. + +Package: libpoppler-glib-dev +Architecture: any +Section: libdevel +Depends: libpoppler1-glib (= ${Source-Version}), libpoppler-dev (= ${Source-Version}), libglib2.0-dev, libpango1.0-dev +Description: PDF rendering library -- development files (GLib interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a GLib-style interface to Poppler. + +Package: libpoppler1-qt +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libpoppler1 (= ${Source-Version}), ${misc:Depends} +Description: PDF rendering library (Qt 3 based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the Qt 3 based shared library for applications + using the Qt interface to Poppler. + +Package: libpoppler-qt-dev +Architecture: any +Section: libdevel +Depends: libpoppler1-qt (= ${Source-Version}), libpoppler-dev (=${Source-Version}), libqt3-mt-dev +Description: PDF rendering library -- development files (Qt 3 interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a Qt 3 style interface to Poppler. + +Package: libpoppler1-qt4 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libpoppler1 (= ${Source-Version}), ${misc:Depends} +Description: PDF rendering library (Qt 4 based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the Qt 4 based shared library for applications + using the Qt interface to Poppler. + +Package: libpoppler-qt4-dev +Architecture: any +Section: libdevel +Depends: libpoppler1-qt4 (= ${Source-Version}), libpoppler-dev (=${Source-Version}), libqt4-dev +Description: PDF rendering library -- development files (Qt 4 interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a Qt 4 style interface to Poppler. + +Package: poppler-utils +Architecture: any +Section: utils +Depends: ${shlibs:Depends} +Conflicts: xpdf-utils, pdftohtml +Replaces: xpdf-utils, pdftohtml, xpdf-reader +Provides: xpdf-utils, pdftohtml +Description: PDF utilitites (based on libpoppler) + This package contains pdftops (PDF to PostScript converter), + pdfinfo (PDF document information extractor), pdfimages + (PDF image extractor), pdftotext (PDF to text converter), and + pdffonts (PDF font analyzer). --- poppler-0.5.4.orig/debian/libpoppler1-qt4.install +++ poppler-0.5.4/debian/libpoppler1-qt4.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/libpoppler-qt4.so.* --- poppler-0.5.4.orig/debian/patches/101_CVE-2007-5392.patch +++ poppler-0.5.4/debian/patches/101_CVE-2007-5392.patch @@ -0,0 +1,16 @@ +diff -Nur poppler-0.5.4/poppler/Stream.cc poppler-0.5.4.new/poppler/Stream.cc +--- poppler-0.5.4/poppler/Stream.cc 2007-11-13 10:17:55.000000000 -0500 ++++ poppler-0.5.4.new/poppler/Stream.cc 2007-11-13 10:18:05.000000000 -0500 +@@ -1965,6 +1965,12 @@ + // allocate a buffer for the whole image + bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth; + bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight; ++ if (bufWidth <= 0 || bufHeight <= 0 || ++ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) { ++ error(getPos(), "Invalid image size in DCT stream"); ++ y = height; ++ return; ++ } + for (i = 0; i < numComps; ++i) { + frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int)); + memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int)); --- poppler-0.5.4.orig/debian/patches/001_jpxstream_int_crash.patch +++ poppler-0.5.4/debian/patches/001_jpxstream_int_crash.patch @@ -0,0 +1,12 @@ +diff -Nur poppler-0.5.0/poppler/JPXStream.h poppler-0.5.0.new/poppler/JPXStream.h +--- poppler-0.5.0/poppler/JPXStream.h 2005-09-07 04:34:40.000000000 +0200 ++++ poppler-0.5.0.new/poppler/JPXStream.h 2006-01-19 23:22:00.000000000 +0100 +@@ -211,7 +211,7 @@ + + //----- computed + Guint x0, y0, x1, y1; // bounds of the tile-comp, in ref coords +- Guint cbW; // code-block width ++ int cbW; // code-block width + Guint cbH; // code-block height + + //----- image data --- poppler-0.5.4.orig/debian/patches/100_streampredictor_overflow.patch +++ poppler-0.5.4/debian/patches/100_streampredictor_overflow.patch @@ -0,0 +1,32 @@ +diff -Nur poppler-0.5.4/poppler/Stream.cc poppler-0.5.4.new/poppler/Stream.cc +--- poppler-0.5.4/poppler/Stream.cc 2006-07-28 11:07:41.000000000 -0700 ++++ poppler-0.5.4.new/poppler/Stream.cc 2007-08-07 11:29:59.854631893 -0700 +@@ -422,21 +422,14 @@ + ok = gFalse; + + nVals = width * nComps; +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX/nBits || +- width >= INT_MAX/nComps/nBits || +- nVals * nBits + 7 < 0) { +- return; +- } +- totalBits = nVals * nBits; +- if (totalBits == 0 || +- (totalBits / nBits) / nComps != width || +- totalBits + 7 < 0) { +- return; +- } + pixBytes = (nComps * nBits + 7) >> 3; +- rowBytes = ((totalBits + 7) >> 3) + pixBytes; +- if (rowBytes < 0) { ++ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps > gfxColorMaxComps || ++ nBits > 16 || ++ nVals <= 0 || ++ nVals * nBits + 7 <= 0 || ++ rowBytes <= 0) { + return; + } + predLine = (Guchar *)gmalloc(rowBytes); --- poppler-0.5.4.orig/debian/patches/003_glib_pkgconfig_fix.patch +++ poppler-0.5.4/debian/patches/003_glib_pkgconfig_fix.patch @@ -0,0 +1,62 @@ +diff -Nur poppler-0.5.4/configure poppler-0.5.4.new/configure +--- poppler-0.5.4/configure 2006-09-22 02:54:32.000000000 +0200 ++++ poppler-0.5.4.new/configure 2006-10-01 14:32:48.000000000 +0200 +@@ -24957,12 +24957,12 @@ + pkg_cv_POPPLER_GLIB_CFLAGS="$POPPLER_GLIB_CFLAGS" + else + if test -n "$PKG_CONFIG" && \ +- { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gdk-2.0 >= 2.4.0 glib >= 2.6\"") >&5 +- ($PKG_CONFIG --exists --print-errors "gdk-2.0 >= 2.4.0 glib >= 2.6") 2>&5 ++ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6\"") >&5 ++ ($PKG_CONFIG --exists --print-errors "gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then +- pkg_cv_POPPLER_GLIB_CFLAGS=`$PKG_CONFIG --cflags "gdk-2.0 >= 2.4.0 glib >= 2.6" 2>/dev/null` ++ pkg_cv_POPPLER_GLIB_CFLAGS=`$PKG_CONFIG --cflags "gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6" 2>/dev/null` + else + pkg_failed=yes + fi +@@ -24975,12 +24975,12 @@ + pkg_cv_POPPLER_GLIB_LIBS="$POPPLER_GLIB_LIBS" + else + if test -n "$PKG_CONFIG" && \ +- { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gdk-2.0 >= 2.4.0 glib >= 2.6\"") >&5 +- ($PKG_CONFIG --exists --print-errors "gdk-2.0 >= 2.4.0 glib >= 2.6") 2>&5 ++ { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6\"") >&5 ++ ($PKG_CONFIG --exists --print-errors "gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then +- pkg_cv_POPPLER_GLIB_LIBS=`$PKG_CONFIG --libs "gdk-2.0 >= 2.4.0 glib >= 2.6" 2>/dev/null` ++ pkg_cv_POPPLER_GLIB_LIBS=`$PKG_CONFIG --libs "gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6" 2>/dev/null` + else + pkg_failed=yes + fi +@@ -24999,14 +24999,14 @@ + _pkg_short_errors_supported=no + fi + if test $_pkg_short_errors_supported = yes; then +- POPPLER_GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gdk-2.0 >= 2.4.0 glib >= 2.6"` ++ POPPLER_GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6"` + else +- POPPLER_GLIB_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gdk-2.0 >= 2.4.0 glib >= 2.6"` ++ POPPLER_GLIB_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6"` + fi + # Put the nasty error message in config.log where it belongs + echo "$POPPLER_GLIB_PKG_ERRORS" >&5 + +- { { echo "$as_me:$LINENO: error: Package requirements (gdk-2.0 >= 2.4.0 glib >= 2.6) were not met: ++ { { echo "$as_me:$LINENO: error: Package requirements (gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6) were not met: + + $POPPLER_GLIB_PKG_ERRORS + +@@ -25017,7 +25017,7 @@ + and POPPLER_GLIB_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details. + " >&5 +-echo "$as_me: error: Package requirements (gdk-2.0 >= 2.4.0 glib >= 2.6) were not met: ++echo "$as_me: error: Package requirements (gdk-2.0 >= 2.4.0 glib-2.0 >= 2.6) were not met: + + $POPPLER_GLIB_PKG_ERRORS + --- poppler-0.5.4.orig/debian/patches/002_CVE-2006-0301.patch +++ poppler-0.5.4/debian/patches/002_CVE-2006-0301.patch @@ -0,0 +1,38 @@ +diff -Nur poppler-0.5.0/splash/Splash.cc poppler-0.5.0.new/splash/Splash.cc +--- poppler-0.5.0/splash/Splash.cc 2005-11-20 21:40:28.000000000 +0000 ++++ poppler-0.5.0.new/splash/Splash.cc 2006-02-03 18:13:19.000000000 +0000 +@@ -928,6 +928,10 @@ + int alpha2, ialpha2; + Guchar t; + ++ if ( (unsigned) x >= (unsigned) bitmap->getWidth() || ++ (unsigned) y >= (unsigned) bitmap->getHeight()) ++ return; ++ + if (noClip || state->clip->test(x, y)) { + if (alpha != 1 || softMask || state->blendFunc) { + blendFunc = state->blendFunc ? state->blendFunc : &blendNormal; +@@ -1195,6 +1199,11 @@ + updateModY(y); + } + ++ if ((unsigned) x0 >= (unsigned) bitmap->getWidth() || ++ (unsigned) x1 >= (unsigned) bitmap->getWidth() || ++ (unsigned) y >= (unsigned) bitmap->getHeight()) ++ return; ++ + if (alpha != 1 || softMask || state->blendFunc) { + blendFunc = state->blendFunc ? state->blendFunc : &blendNormal; + if (softMask) { +@@ -1825,6 +1834,11 @@ + updateModY(y); + } + ++ if ((unsigned) x0 >= (unsigned) bitmap->getWidth() || ++ (unsigned) x1 >= (unsigned) bitmap->getWidth() || ++ (unsigned) y >= (unsigned) bitmap->getHeight()) ++ return; ++ + switch (bitmap->mode) { + case splashModeMono1: + p = &bitmap->data[y * bitmap->rowSize + (x0 >> 3)]; --- poppler-0.5.4.orig/debian/patches/004_CVE-2007-0104.patch +++ poppler-0.5.4/debian/patches/004_CVE-2007-0104.patch @@ -0,0 +1,63 @@ +diff -Nur poppler-0.5.4/poppler/Catalog.cc poppler-0.5.4.new/poppler/Catalog.cc +--- poppler-0.5.4/poppler/Catalog.cc 2006-09-13 17:10:52.000000000 +0200 ++++ poppler-0.5.4.new/poppler/Catalog.cc 2007-01-16 17:57:43.000000000 +0100 +@@ -26,6 +26,12 @@ + #include "UGooString.h" + #include "Catalog.h" + ++// This define is used to limit the depth of recursive readPageTree calls ++// This is needed because the page tree nodes can reference their parents ++// leaving us in an infinite loop ++// Most sane pdf documents don't have a call depth higher than 10 ++#define MAX_CALL_DEPTH 1000 ++ + //------------------------------------------------------------------------ + // Catalog + //------------------------------------------------------------------------ +@@ -75,7 +81,7 @@ + pageRefs[i].num = -1; + pageRefs[i].gen = -1; + } +- numPages = readPageTree(pagesDict.getDict(), NULL, 0); ++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); + if (numPages != numPages0) { + error(-1, "Page count in top-level pages object is incorrect"); + } +@@ -217,7 +223,7 @@ + return s; + } + +-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { ++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { + Object kids; + Object kid; + Object kidRef; +@@ -262,9 +268,13 @@ + // This should really be isDict("Pages"), but I've seen at least one + // PDF file where the /Type entry is missing. + } else if (kid.isDict()) { +- if ((start = readPageTree(kid.getDict(), attrs1, start)) +- < 0) +- goto err2; ++ if (callDepth > MAX_CALL_DEPTH) { ++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); ++ } else { ++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) ++ < 0) ++ goto err2; ++ } + } else { + error(-1, "Kid object (page %d) is wrong type (%s)", + start+1, kid.getTypeName()); +diff -Nur poppler-0.5.4/poppler/Catalog.h poppler-0.5.4.new/poppler/Catalog.h +--- poppler-0.5.4/poppler/Catalog.h 2006-01-23 15:43:36.000000000 +0100 ++++ poppler-0.5.4.new/poppler/Catalog.h 2007-01-16 17:58:09.000000000 +0100 +@@ -193,7 +193,7 @@ + PageMode pageMode; // page mode + PageLayout pageLayout; // page layout + +- int readPageTree(Dict *pages, PageAttrs *attrs, int start); ++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); + Object *findDestInTree(Object *tree, GooString *name, Object *obj); + }; + --- poppler-0.5.4.orig/debian/patches/101_CVE-2007-5393.patch +++ poppler-0.5.4/debian/patches/101_CVE-2007-5393.patch @@ -0,0 +1,583 @@ +diff -Nur poppler-0.5.4/poppler/Stream.cc poppler-0.5.4.new/poppler/Stream.cc +--- poppler-0.5.4/poppler/Stream.cc 2007-11-13 10:18:20.000000000 -0500 ++++ poppler-0.5.4.new/poppler/Stream.cc 2007-11-13 10:18:25.000000000 -0500 +@@ -1286,20 +1286,27 @@ + columns = columnsA; + if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) { + columns = 1; ++ } else if (columns > INT_MAX - 2) { ++ columns = INT_MAX - 2; + } + rows = rowsA; + endOfBlock = endOfBlockA; + black = blackA; +- refLine = (short *)gmallocn(columns + 4, sizeof(short)); +- codingLine = (short *)gmallocn(columns + 3, sizeof(short)); ++ ++ // 0 <= codingLine[0] < codingLine[1] < ... < codingLine[n] = columns ++ // ---> max codingLine size = columns + 1 ++ // refLine has one extra guard entry at the end ++ // ---> max refLine size = columns + 2 ++ refLine = (int *)gmallocn(columns + 2, sizeof(int)); ++ codingLine = (int *)gmallocn(columns + 1, sizeof(int)); + + eof = gFalse; + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = refLine[2] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + + buf = EOF; + } +@@ -1318,9 +1325,9 @@ + row = 0; + nextLine2D = encoding < 0; + inputBits = 0; +- codingLine[0] = 0; +- codingLine[1] = refLine[2] = columns; +- a0 = 1; ++ codingLine[0] = columns; ++ a0i = 0; ++ outputBits = 0; + buf = EOF; + + // skip any initial zero bits and end-of-line marker, and get the 2D +@@ -1337,165 +1344,230 @@ + } + } + ++inline void CCITTFaxStream::addPixels(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ ++inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels) { ++ if (a1 > codingLine[a0i]) { ++ if (a1 > columns) { ++ error(getPos(), "CCITTFax row is wrong length (%d)", a1); ++ err = gTrue; ++ a1 = columns; ++ } ++ if ((a0i & 1) ^ blackPixels) { ++ ++a0i; ++ } ++ codingLine[a0i] = a1; ++ } else if (a1 < codingLine[a0i]) { ++ if (a1 < 0) { ++ error(getPos(), "Invalid CCITTFax code"); ++ err = gTrue; ++ a1 = 0; ++ } ++ while (a0i > 0 && a1 <= codingLine[a0i - 1]) { ++ --a0i; ++ } ++ codingLine[a0i] = a1; ++ } ++} ++ + int CCITTFaxStream::lookChar() { + short code1, code2, code3; +- int a0New; +- GBool err, gotEOL; +- int ret; +- int bits, i; +- +- // if at eof just return EOF +- if (eof && codingLine[a0] >= columns) { +- return EOF; ++ int b1i, blackPixels, i, bits; ++ GBool gotEOL; ++ ++ if (buf != EOF) { ++ return buf; + } + + // read the next row +- err = gFalse; +- if (codingLine[a0] >= columns) { ++ if (outputBits == 0) { ++ ++ // if at eof just return EOF ++ if (eof) { ++ return EOF; ++ } ++ ++ err = gFalse; + + // 2-D encoding + if (nextLine2D) { + for (i = 0; codingLine[i] < columns; ++i) + refLine[i] = codingLine[i]; +- refLine[i] = refLine[i + 1] = columns; +- b1 = 1; +- a0New = codingLine[a0 = 0] = 0; +- do { ++ ++ refLine[i++] = columns; ++ refLine[i] = columns; ++ codingLine[0] = 0; ++ a0i = 0; ++ b1i = 0; ++ blackPixels = 0; ++ // invariant: ++ // refLine[b1i-1] <= codingLine[a0i] < refLine[b1i] < refLine[b1i+1] ++ // <= columns ++ // exception at left edge: ++ // codingLine[a0i = 0] = refLine[b1i = 0] = 0 is possible ++ // exception at right edge: ++ // refLine[b1i] = refLine[b1i+1] = columns is possible ++ while (codingLine[a0i] < columns) { + code1 = getTwoDimCode(); + switch (code1) { + case twoDimPass: +- if (refLine[b1] < columns) { +- a0New = refLine[b1 + 1]; +- b1 += 2; ++ addPixels(refLine[b1i + 1], blackPixels); ++ if (refLine[b1i + 1] < columns) { ++ b1i += 2; + } + break; + case twoDimHoriz: +- if ((a0 & 1) == 0) { +- code1 = code2 = 0; ++ code1 = code2 = 0; ++ if (blackPixels) { + do { +- code1 += code3 = getWhiteCode(); ++ code1 += code3 = getBlackCode(); + } while (code3 >= 64); + do { +- code2 += code3 = getBlackCode(); ++ code2 += code3 = getWhiteCode(); + } while (code3 >= 64); + } else { +- code1 = code2 = 0; + do { +- code1 += code3 = getBlackCode(); ++ code1 += code3 = getWhiteCode(); + } while (code3 >= 64); + do { +- code2 += code3 = getWhiteCode(); ++ code2 += code3 = getBlackCode(); + } while (code3 >= 64); + } +- if (code1 > 0 || code2 > 0) { +- codingLine[a0 + 1] = a0New + code1; +- ++a0; +- a0New = codingLine[a0 + 1] = codingLine[a0] + code2; +- ++a0; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ if (codingLine[a0i] < columns) { ++ addPixels(codingLine[a0i] + code2, blackPixels ^ 1); ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; + } + break; +- case twoDimVert0: +- a0New = codingLine[++a0] = refLine[b1]; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVertR3: ++ addPixels(refLine[b1i] + 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; +- case twoDimVertR1: +- a0New = codingLine[++a0] = refLine[b1] + 1; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVertR2: ++ addPixels(refLine[b1i] + 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; +- case twoDimVertL1: +- if (a0 == 0 || refLine[b1] - 1 > a0New) { +- a0New = codingLine[++a0] = refLine[b1] - 1; +- --b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVertR1: ++ addPixels(refLine[b1i] + 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; +- case twoDimVertR2: +- a0New = codingLine[++a0] = refLine[b1] + 2; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVert0: ++ addPixels(refLine[b1i], blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ ++b1i; ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; +- case twoDimVertL2: +- if (a0 == 0 || refLine[b1] - 2 > a0New) { +- a0New = codingLine[++a0] = refLine[b1] - 2; +- --b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVertL3: ++ addPixelsNeg(refLine[b1i] - 3, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; +- case twoDimVertR3: +- a0New = codingLine[++a0] = refLine[b1] + 3; +- if (refLine[b1] < columns) { +- ++b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVertL2: ++ addPixelsNeg(refLine[b1i] - 2, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; +- case twoDimVertL3: +- if (a0 == 0 || refLine[b1] - 3 > a0New) { +- a0New = codingLine[++a0] = refLine[b1] - 3; +- --b1; +- while (refLine[b1] <= codingLine[a0] && refLine[b1] < columns) +- b1 += 2; ++ case twoDimVertL1: ++ addPixelsNeg(refLine[b1i] - 1, blackPixels); ++ blackPixels ^= 1; ++ if (codingLine[a0i] < columns) { ++ if (b1i > 0) { ++ --b1i; ++ } else { ++ ++b1i; ++ } ++ while (refLine[b1i] <= codingLine[a0i] && refLine[b1i] < columns) { ++ b1i += 2; ++ } + } + break; + case EOF: ++ addPixels(columns, 0); + eof = gTrue; +- codingLine[a0 = 0] = columns; +- return EOF; ++ break; + default: + error(getPos(), "Bad 2D code %04x in CCITTFax stream", code1); ++ addPixels(columns, 0); + err = gTrue; + break; + } +- } while (codingLine[a0] < columns); ++ } + + // 1-D encoding + } else { +- codingLine[a0 = 0] = 0; +- while (1) { ++ codingLine[0] = 0; ++ a0i = 0; ++ blackPixels = 0; ++ while (codingLine[a0i] < columns) { + code1 = 0; +- do { +- code1 += code3 = getWhiteCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code1; +- ++a0; +- if (codingLine[a0] >= columns) +- break; +- code2 = 0; +- do { +- code2 += code3 = getBlackCode(); +- } while (code3 >= 64); +- codingLine[a0+1] = codingLine[a0] + code2; +- ++a0; +- if (codingLine[a0] >= columns) +- break; ++ if (blackPixels) { ++ do { ++ code1 += code3 = getBlackCode(); ++ } while (code3 >= 64); ++ } else { ++ do { ++ code1 += code3 = getWhiteCode(); ++ } while (code3 >= 64); ++ } ++ addPixels(codingLine[a0i] + code1, blackPixels); ++ blackPixels ^= 1; + } + } + +- if (codingLine[a0] != columns) { +- error(getPos(), "CCITTFax row is wrong length (%d)", codingLine[a0]); +- // force the row to be the correct length +- while (codingLine[a0] > columns) { +- --a0; +- } +- codingLine[++a0] = columns; +- err = gTrue; +- } +- + // byte-align the row + if (byteAlign) { + inputBits &= ~7; +@@ -1554,14 +1626,17 @@ + // this if we know the stream contains end-of-line markers because + // the "just plow on" technique tends to work better otherwise + } else if (err && endOfLine) { +- do { ++ while (1) { ++ code1 = lookBits(13); + if (code1 == EOF) { + eof = gTrue; + return EOF; + } ++ if ((code1 >> 1) == 0x001) { ++ break; ++ } + eatBits(1); +- code1 = lookBits(13); +- } while ((code1 >> 1) != 0x001); ++ } + eatBits(12); + if (encoding > 0) { + eatBits(1); +@@ -1569,11 +1644,11 @@ + } + } + +- a0 = 0; +- outputBits = codingLine[1] - codingLine[0]; +- if (outputBits == 0) { +- a0 = 1; +- outputBits = codingLine[2] - codingLine[1]; ++ // set up for output ++ if (codingLine[0] > 0) { ++ outputBits = codingLine[a0i = 0]; ++ } else { ++ outputBits = codingLine[a0i = 1]; + } + + ++row; +@@ -1581,39 +1656,43 @@ + + // get a byte + if (outputBits >= 8) { +- ret = ((a0 & 1) == 0) ? 0xff : 0x00; +- if ((outputBits -= 8) == 0) { +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; +- } ++ buf = (a0i & 1) ? 0x00 : 0xff; ++ outputBits -= 8; ++ if (outputBits == 0 && codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; + } + } else { + bits = 8; +- ret = 0; ++ buf = 0; + do { + if (outputBits > bits) { +- i = bits; +- bits = 0; +- if ((a0 & 1) == 0) { +- ret |= 0xff >> (8 - i); ++ buf <<= bits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - bits); + } +- outputBits -= i; ++ outputBits -= bits; ++ bits = 0; + } else { +- i = outputBits; +- bits -= outputBits; +- if ((a0 & 1) == 0) { +- ret |= (0xff >> (8 - i)) << bits; ++ buf <<= outputBits; ++ if (!(a0i & 1)) { ++ buf |= 0xff >> (8 - outputBits); + } ++ bits -= outputBits; + outputBits = 0; +- ++a0; +- if (codingLine[a0] < columns) { +- outputBits = codingLine[a0 + 1] - codingLine[a0]; ++ if (codingLine[a0i] < columns) { ++ ++a0i; ++ outputBits = codingLine[a0i] - codingLine[a0i - 1]; ++ } else if (bits > 0) { ++ buf <<= bits; ++ bits = 0; + } + } +- } while (bits > 0 && codingLine[a0] < columns); ++ } while (bits); ++ } ++ if (black) { ++ buf ^= 0xff; + } +- buf = black ? (ret ^ 0xff) : ret; + return buf; + } + +@@ -1655,6 +1734,9 @@ + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(12); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 5) == 0) { + p = &whiteTab1[code]; + } else { +@@ -1667,6 +1749,9 @@ + } else { + for (n = 1; n <= 9; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 9) { + code <<= 9 - n; + } +@@ -1678,6 +1763,9 @@ + } + for (n = 11; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1703,9 +1791,12 @@ + code = 0; // make gcc happy + if (endOfBlock) { + code = lookBits(13); ++ if (code == EOF) { ++ return 1; ++ } + if ((code >> 7) == 0) { + p = &blackTab1[code]; +- } else if ((code >> 9) == 0) { ++ } else if ((code >> 9) == 0 && (code >> 7) != 0) { + p = &blackTab2[(code >> 1) - 64]; + } else { + p = &blackTab3[code >> 7]; +@@ -1717,6 +1808,9 @@ + } else { + for (n = 2; n <= 6; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 6) { + code <<= 6 - n; + } +@@ -1728,6 +1822,9 @@ + } + for (n = 7; n <= 12; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 12) { + code <<= 12 - n; + } +@@ -1741,6 +1838,9 @@ + } + for (n = 10; n <= 13; ++n) { + code = lookBits(n); ++ if (code == EOF) { ++ return 1; ++ } + if (n < 13) { + code <<= 13 - n; + } +diff -Nur poppler-0.5.4/poppler/Stream.h poppler-0.5.4.new/poppler/Stream.h +--- poppler-0.5.4/poppler/Stream.h 2006-02-28 14:34:46.000000000 -0500 ++++ poppler-0.5.4.new/poppler/Stream.h 2007-11-13 10:18:25.000000000 -0500 +@@ -517,13 +517,15 @@ + int row; // current row + int inputBuf; // input buffer + int inputBits; // number of bits in input buffer +- short *refLine; // reference line changing elements +- int b1; // index into refLine +- short *codingLine; // coding line changing elements +- int a0; // index into codingLine ++ int *codingLine; // coding line changing elements ++ int *refLine; // reference line changing elements ++ int a0i; // index into codingLine ++ GBool err; // error on current line + int outputBits; // remaining ouput bits + int buf; // character buffer + ++ void addPixels(int a1, int black); ++ void addPixelsNeg(int a1, int black); + short getTwoDimCode(); + short getWhiteCode(); + short getBlackCode(); --- poppler-0.5.4.orig/debian/patches/101_CVE-2007-4352.patch +++ poppler-0.5.4/debian/patches/101_CVE-2007-4352.patch @@ -0,0 +1,15 @@ +diff -Nur poppler-0.5.4/poppler/Stream.cc poppler-0.5.4.new/poppler/Stream.cc +--- poppler-0.5.4/poppler/Stream.cc 2007-11-13 10:17:28.000000000 -0500 ++++ poppler-0.5.4.new/poppler/Stream.cc 2007-11-13 10:17:38.000000000 -0500 +@@ -3021,6 +3021,11 @@ + } + scanInfo.firstCoeff = str->getChar(); + scanInfo.lastCoeff = str->getChar(); ++ if (scanInfo.firstCoeff < 0 || scanInfo.lastCoeff > 63 || ++ scanInfo.firstCoeff > scanInfo.lastCoeff) { ++ error(getPos(), "Bad DCT coefficient numbers in scan info block"); ++ return gFalse; ++ } + c = str->getChar(); + scanInfo.ah = (c >> 4) & 0x0f; + scanInfo.al = c & 0x0f; --- poppler-0.5.4.orig/debian/control +++ poppler-0.5.4/debian/control @@ -0,0 +1,96 @@ +Source: poppler +Section: devel +Priority: optional +Maintainer: Ondřej Surý +Uploaders: Debian GNOME Maintainers , Andrew Lau , Clément Stenac , Dafydd Harries , Guilherme de S. Pastore , Gustavo Franco , Gustavo Noronha Silva , J.H.M. Dassen (Ray) , Jordi Mallach , Jose Carlos Garcia Sogo , Josselin Mouette , Loic Minier , Marc 'HE' Brockschmidt , Marco Cabizza , Oystein Gisnas , Ross Burton , Sebastien Bacher , Sjoerd Simons +Build-Depends: cdbs, debhelper, gnome-pkg-tools, libgtk2.0-dev, libqt3-mt-dev (>= 3:3.3.4-4), libfontconfig1-dev, libqt4-dev, libglade2-dev +Standards-Version: 3.6.1.1 + +Package: libpoppler1 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PDF rendering library + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the shared library. + +Package: libpoppler-dev +Architecture: any +Section: libdevel +Depends: libpoppler1 (= ${Source-Version}), libfontconfig1-dev +Description: PDF rendering library -- development files + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package contains the headers and development libraries needed to + build applications using Poppler. + +Package: libpoppler1-glib +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libpoppler1 (= ${Source-Version}), ${misc:Depends} +Description: PDF rendering library (GLib-based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the GLib-based shared library for applications + using the GLib interface to Poppler. + +Package: libpoppler-glib-dev +Architecture: any +Section: libdevel +Depends: libpoppler1-glib (= ${Source-Version}), libpoppler-dev (= ${Source-Version}), libglib2.0-dev, libpango1.0-dev +Description: PDF rendering library -- development files (GLib interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a GLib-style interface to Poppler. + +Package: libpoppler1-qt +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libpoppler1 (= ${Source-Version}), ${misc:Depends} +Description: PDF rendering library (Qt 3 based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the Qt 3 based shared library for applications + using the Qt interface to Poppler. + +Package: libpoppler-qt-dev +Architecture: any +Section: libdevel +Depends: libpoppler1-qt (= ${Source-Version}), libpoppler-dev (=${Source-Version}), libqt3-mt-dev +Description: PDF rendering library -- development files (Qt 3 interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a Qt 3 style interface to Poppler. + +Package: libpoppler1-qt4 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, libpoppler1 (= ${Source-Version}), ${misc:Depends} +Description: PDF rendering library (Qt 4 based shared library) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides the Qt 4 based shared library for applications + using the Qt interface to Poppler. + +Package: libpoppler-qt4-dev +Architecture: any +Section: libdevel +Depends: libpoppler1-qt4 (= ${Source-Version}), libpoppler-dev (=${Source-Version}), libqt4-dev +Description: PDF rendering library -- development files (Qt 4 interface) + Poppler is a PDF rendering library based on xpdf PDF viewer. + . + This package provides a Qt 4 style interface to Poppler. + +Package: poppler-utils +Architecture: any +Section: utils +Depends: ${shlibs:Depends} +Conflicts: xpdf-utils, pdftohtml +Replaces: xpdf-utils, pdftohtml, xpdf-reader +Provides: xpdf-utils, pdftohtml +Description: PDF utilitites (based on libpoppler) + This package contains pdftops (PDF to PostScript converter), + pdfinfo (PDF document information extractor), pdfimages + (PDF image extractor), pdftotext (PDF to text converter), and + pdffonts (PDF font analyzer). --- poppler-0.5.4.orig/debian/libpoppler-qt-dev.dirs +++ poppler-0.5.4/debian/libpoppler-qt-dev.dirs @@ -0,0 +1,3 @@ +usr/include/poppler +usr/lib +usr/lib/pkgconfig --- poppler-0.5.4.orig/debian/libpoppler-glib-dev.install +++ poppler-0.5.4/debian/libpoppler-glib-dev.install @@ -0,0 +1,5 @@ +debian/tmp/usr/include/poppler/glib/ +debian/tmp/usr/lib/libpoppler-glib.la +debian/tmp/usr/lib/libpoppler-glib.a +debian/tmp/usr/lib/libpoppler-glib.so +debian/tmp/usr/lib/pkgconfig/poppler-glib.pc --- poppler-0.5.4.orig/debian/libpoppler-qt-dev.install +++ poppler-0.5.4/debian/libpoppler-qt-dev.install @@ -0,0 +1,7 @@ +debian/tmp/usr/include/poppler/poppler-qt.h +debian/tmp/usr/include/poppler/poppler-page-transition.h +debian/tmp/usr/lib/libpoppler-qt.la +debian/tmp/usr/lib/libpoppler-qt.a +debian/tmp/usr/lib/libpoppler-qt.so +debian/tmp/usr/lib/pkgconfig/poppler-qt.pc +debian/tmp/usr/include/poppler/poppler-link-qt3.h --- poppler-0.5.4.orig/debian/libpoppler1-glib.dirs +++ poppler-0.5.4/debian/libpoppler1-glib.dirs @@ -0,0 +1 @@ +usr/lib --- poppler-0.5.4.orig/debian/libpoppler1-qt.dirs +++ poppler-0.5.4/debian/libpoppler1-qt.dirs @@ -0,0 +1 @@ +usr/lib --- poppler-0.5.4.orig/debian/libpoppler-qt4-dev.install +++ poppler-0.5.4/debian/libpoppler-qt4-dev.install @@ -0,0 +1,7 @@ +debian/tmp/usr/include/poppler/poppler-qt4.h +debian/tmp/usr/lib/libpoppler-qt4.la +debian/tmp/usr/lib/libpoppler-qt4.a +debian/tmp/usr/lib/libpoppler-qt4.so +debian/tmp/usr/lib/pkgconfig/poppler-qt4.pc +debian/tmp/usr/include/poppler/poppler-link.h +debian/tmp/usr/include/poppler/poppler-annotation.h --- poppler-0.5.4.orig/debian/watch +++ poppler-0.5.4/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://poppler.freedesktop.org/ poppler-(.*)\.tar\.gz debian uupdate --- poppler-0.5.4.orig/debian/libpoppler-dev.dirs +++ poppler-0.5.4/debian/libpoppler-dev.dirs @@ -0,0 +1,3 @@ +usr/include/poppler +usr/lib +usr/lib/pkgconfig