"A vulnerability has been reported in Xpdf, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable system."
http://secunia.com/advisories/16374/
Patches from Ubuntu and RedHat.
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Changelog:
2.03 (2003-oct-10)
------------------
Rewrote the text extractor to:
- do a better job with rotated text;
- handle right-to-left scripts;
- be faster.
Changed the zoom setting to use a percentage (relative to 72 dpi)
instead of a zoom "factor".
If the PDF file has an outline, open the outline pane initially.
Added -f and -l options to pdfinfo; print multiple page sizes.
The HAVE_XTAPPSETEXITFLAG test in XPDFApp.cc was backwards.
The BitsPerComponent entry is optional in image mask objects.
Render any annotation with an appearance stream, instead of just
Widget and Stamp annotations.
Fix a bug in the TrueType font checker: the test for an unsorted
'loca' table was wrong.
Modify the TrueType cmap selection algorithm yet again to try to match
Adobe's behavior.
Changed sqrt(2) to sqrt(2.0) in pdfinfo.cc to make various compilers
happy.
Fixed a deadlock problem (when MULTITHREADING is set); cleaned up some
other problems with the locking code.
Fixed a bug in the interpolation code for type 0 (sampled) functions.
Implemented type 1 (function-based) shaded fills.
Fixed some stupid bugs in the JBIG2 decoder (introduced with the
previous optimization work).
Fixed a typo in the code that parses vertical font metrics for CID
fonts that was causing a seg fault.
Fixed a couple of bugs that were causing seg faults with badly damaged
PDF files.
Limit the number of nested Forms to avoid infinite recursion (in buggy
PDF files).
Add a special case for rectangular clip regions - make sure these
don't drop pixels on the right and bottom edges.
Tell FreeType not to use glyph bitmaps when in anti-aliased mode.
Read all of the border style info for links.
All of the shaded fill types now do at least one bisection to avoid
problems when the colors at the endpoints of the domain are the
same.
If the Length2 parameter for an embedded Type 1 font was incorrect
(too small), pdftops was losing font data.
Deal with (broken) DCT streams that use the same component ID number
for different components.
The MediaBox page attribute was not being inherited correctly.
Fixed a bug in the Type 1C font converter related to local
subroutines.
The Type 1C -> Type 1 font converter was allocating the font dictionary
one slot too small.
Added a missing private dictionary entry to Type 1 fonts generated by
the Type 1C converter. [Thanks to Michael Shell.]
Fixed bugs in the tiling pattern fill code.
Try the TrueType 0xf000 char code offset hack for the MacRoman
encoding too (in addition to MS Symbol).
Update the font metrics info for the Base 14 fonts to include the Euro
character.
SECURITY HOLE: Escape various characters in URLs before running a web
browser (or movie viewer). [Fixed in 2.02p11]
SECURITY HOLE: In the dialog used to verify "launch" links, provide a
scrolling view if the command to be run is excessively long. [Fixed
in 2.02p11]
Added an option to disable insertion of page breaks (form feed
characters) in extracted text (pdftotext -nopgbrk; xpdfrc
"textPageBreaks" option).
Check for 8-bit fonts that specify an out-of-range FirstChar or
LastChar.
Correctly handle an obsolete Type 2 charstring op (in the Type
1C-to-Type 1 font converter). [Thanks to Helge Blischke.]
Use the font encoding info to fill in holes in the ToUnicode map.
Added character names for Bulgarian (in the Cyrillic support pacakage)
and Greek.
Handle clipping to text in xpdf and pdftops.
Fix color space detection in DCT decoder. [Thanks to Dwight Kelly.]
Added the "unicodeToUnicode" xpdfrc option, intended (initially) for
Arabic support.
Handle the case in PSOutputDev where two font objects refer to the
same embedded TrueType font, but with different encodings. [Thanks
to Frank Siegert.]
Kill any pre-existing path before drawing a form (or annotation).
Save state before rendering page content; restore state afterward.
Fix Stream::reset/close to work correctly with encoder streams; fix
PSOutputDev to use Stream::close consistently.
Fix a seg fault when hitting the 'back' button after closing a file.
GfxState::getStrokeGray was returning the fill gray value (this only
affected Level 1 PS output).
Change PSOutputDev to reuse dictionaries in Level 1 mode (since Level
1 PS interpreters don't do garbage collection). [Thanks to Frank
Siegert.]
PSOutputDev was generating incorrect translations for landscape-mode
pages.
Implemented shading pattern color spaces.
PSOutputDev wasn't correctly handling Type 3 fonts which used image
resources (as opposed to inline images). [Thanks to Frank Siegert.]
The fix from 1.00 which clipped out-of-bounds points was a bit too
aggressive.
Do proper Floyd-Steinberg dithering in XOutputDev.
Don't automatically check for a null owner password (to match Adobe's
behavior).
Allow the FlateDecode filter in Level 3 PostScript output.
Fixed small bugs in the Type 1C -> Type 1 converter and Type 1C ->
Type 0 converter. [Thanks to Tom Kacvinsky.]
Work around another weird Motif problem with the right button menu
(which was sometimes causing the menu to not be displayed).
Make the code that handles fonts defined directly in the resource dict
more robust.
Add a brief description of the outline pane to the xpdf man page.
Ignore extra operands to content stream operators.
Fixed a bug in the CCITTFax decoder.
Allow the Count entry in a Pages dictionary to be a real number
(because some PDF generators actually do this).
Shading pattern fills weren't being clipped correctly.
Incorrect shallow copies in GfxRadialShading and StitchingFunction.
The StitchingFunction destructor wasn't checking for funcs being
NULL.
Change the TrueType code-to-GID mapping code so it looks at the
TrueType 'post' table.
Set the print command in the print dialog once at startup, don't
change it each time a file is (re)loaded.
Generate the %%BoundingBox comment in regular PostScript files (not
just EPS files).
Fixed a bug in the Unicode CMap parser.
This version includes a small patch that fixes a security hole in
version 2.02. It was possible to construct a malicious URL link in a
PDF file which would cause an arbitrary command to be run. The patch
changes things to that the various characters which can cause trouble
are escaped (%xx) before calling system(). This patch also changes the
"launch" link verification dialog to provde a scrolling view of the
command about to be run when the command string is excessively long.
Changes:
- s/USE_X11BASE/USE_X11/
- fix paths in manual pages
- install shared directory for supplemental packages
2.02:
=====
- Rewrote the text extractor code that assembles words into lines to
better handle vertically overlapping lines.
- Add the "match" option for paper size (in PostScript output).
- Added support for external 16-bit TrueType fonts; added the
displayCIDFontTT and displayNamedCIDFontTT commands to the xpdfrc
file.
- Added an Arabic language support package.
- Added the Windows-1255 encoding to the Hebrew language package.
- A missing NULL check was causing a crash when closing the file in a
single window (which clears out the window, but leaves it open).
- Deal with TrueType fonts whose glyph data is out of order - this
affected both FreeType rasterization and PostScript generation.
- Munge font names in PSOutputDev to avoid names that are problematic
for ghostscript because they start with an out-of-limits number
(e.g., 1e999foo).
- Modify the TrueType font encoding deciphering algorithm in yet another
attempt to match up with Acrobat's behavior.
- Bounds check the indexHigh value in indexed color spaces.
- The text extractor no longer bothers trying to get an average
character width for Type 3 fonts, since it generally doesn't work
very well (because Type 3 metrics are unreliable).
- Don't crash if the user hits ctrl-G ("find again") before doing a
find.
- Set the button pixmap foreground color correctly.
- Handle text drawn backward on 180 degree rotated pages.
- Added a magic call to XtUngrabButton after calling XmCreatePopupMenu
which appears to prevent some very odd problems (idea taken from the
DDD source code).
- Fix the MacOS X fix (needed to include <AvailabilityMacros.h>).
- Fixed a bunch of Motif 1.x / X11R5 incompatibilities. [Thanks to
William Bader and Albert Chin-A-Young.]
- Fixed various bugs in previously untested code in the JBIG2 decoder.
- Modify the XPDFCore destructor to avoid a bogus warning message from
OpenMotif 2.2.
- Modified the Type 1C font parser to do proper bounds checking.
- Fixed the bounds checking in the TrueType font parser.
- Text extractor shouldn't do block merging in physical layout mode.
- Fixed a problem in PSOutputDev in level2sep mode with images in a
Separation color space and with a non-default Decode array.
- Text extraction with "-raw" was concatenating lines from the bottom
of one column and the top of the next.
- Handle Type 1C subroutines in the font converters.
- Correctly handle progressive JPEG images whose scans are slightly
different sizes (e.g., the Y scan rounds up to a multiple of 8
pixels and the Cb/Cr scans round up to 16 pixels).
- Avoid a potential divide-by-zero problem in TextOutputDev.
- Modified the T1Font and FTFont modules to correctly handle glyphs that
are larger than the font's claimed bounding box.
- Tweak dupMaxDeltaX parameter in TextOutputDev to avoid triggering on
double characters.
- Improved detection in pdfinfo for ISO paper sizes. [Thanks to Hartmut
Henkel.]
- Xpdf wasn't responding to the TARGETS atom, which prevented pasting
the selection into various applications. [Thanks to Phillip Ezolt.]
- Handle XObjects with recursive references in their Resources
dictionaries (in PSOutputDev).
- Change PSOutputDev to deal with invalid PDF files that use
non-embedded TrueType fonts with no encoding.
- Check for undersized Widths arrays in fonts.
- Add bounds checking code to Array class.
- Updated VMS build scripts. [Thanks to Martin Zinser.]
- Tweak the TrueType font handling code (again):
- char codes in symbolic fonts may or may not be offset by 0xf000
- discard empty tables because they sometimes confuse FreeType
- Fixed bounds checking in the Flate decoder.
- Removed a bogus error message for exponential functions without
explicit C0/C1 values. [Thanks to Hartmut Henkel.]
- Handle the other Unicode cmap type (platform=0) in TrueType fonts.
- Added support for the SGI Motif horizontal paned window widget.
[Thanks to Felix Ritter.]
- Ignore extra elements in link destination arrays.
- Accept external Type 1 font files with a suffix of ".ps" or no suffix
at all.
- Add a bounds check in the DCT decoder.
- Added instructions for building xpdf.exe under cygwin/XFree86.
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
changes:
Redesigned the text extraction process:
- process the text into "reading order"
- added a "-layout" flag to pdftotext to switch back to the old
style, where physical layout is maintained
- use of the "-raw" flag is no longer recommended
Added the -reload option for xpdf (in remote mode).
Added support for external CID fonts; added the displayCIDFontT1 and
displayNamedCIDFontT1 commands to the xpdfrc file.
Handle the case of moveto/newpath/clip, which defines an empty
clipping region (just like moveto/closepath/clip).
Accept XYZ link destinations with missing array elements.
Accept bogus font names based on "Symbol": Symbol,{Bold,Italic,
BoldItalic}.
Set the busy cursor in the find dialog while searching.
Allow ToUnicode CMaps to use fewer than four hex digits in the Unicode
char indexes.
+bugfixes
Changes since 1.01:
- Switched to the Motif toolkit.
- Support multiple open documents (in separate windows).
- Added document outlines to the viewer.
- Implemented the JBIG2 decoder.
- Added support for movie annotations.
- Switched back to native LZW decompression code.
- Many bug fixes and enhancements.
Honoring ${PKG_SYSCONFDIR} for location of xpdfrc.
Implemented Type 3 fonts.
Implemented PostScript CID font embedding; added a
psEmbedCIDPostScriptFonts option.
Implemented PostScript 16-bit font substitution; added psNamedFont16
and psFont16 options.
Moved the initialZoom setting from X resources to the xpdfrc file.
Implemented the radial shading type in the sh (shaded fill) operator.
[Thanks to Mike Sweet.]
Added an 'include' command to the xpdfrc format.
Added the displayNamedCIDFontX option so different fonts can be used
within one character collection.
Implemented stroked text in XOutputDev (with t1lib and FreeType2).
[Thanks to Leonard Rosenthol.]
Implemented stroked text in PSOutputDev.
Added a built-in Unicode map for UCS-2.
PSOutputDev will now embed external TrueType fonts in addition to
external Type 1 fonts.
Added the Big5ascii Unicode map to the Chinese-traditional support
package (maps 7-bit ASCII straight through). [Thanks to Lawrence
Lai.]
Modified the EUC-CN and EUC-JP encodings to pass 7-bit ASCII straight
through. [Thanks to Lawrence Lai.]
In the code that guesses character names (for font subsets), also
handle names of the form 'ABnnn'. [Thanks to Colin Granville.]
Tweak the Type 1 font bbox code to look at the bboxes in both the PDF
font object and the embedded font file.
Added an optional displayCIDFontX entry for one of the Arphic TrueType
fonts in the traditional Chinese 'add-to-xpdfrc' file.
Added psASCIIHex parameter.
Added the GBK Unicode map to the simplified Chinese language pack.
Pdftotext now opens the text file in binary mode to avoid Microsoft's
annoying automatic end-of-line translation stuff.
Added an executeCommand function in goo/gfile.cc. [Thanks to Mikhail
Kruk.]
The %ALDImagePosition OPI comment was wrong if the page was scaled to
a different paper size.
The OPI code was saving the default transform matrix before calling
setpagedevice, which can change the matrix.
PSOutputDev now handles PostScript XObjects.
Implemented the sh (shaded fill) operator for the axial shading type.
Minor fixes to avoid compiler warnings.
Fix an uninitialized var in XOutputDev that caused crashes on Alphas.
Don't incrementally update the display in full-screen mode.
Added a duplex option to PSOutputDev and a -duplex switch to pdftops.
Completely rewrote the code that handles font encodings:
- everything is Unicode-based
- 16-bit fonts are handled much more cleanly
- text output encoding can be set more flexibly
New .xpdfrc config files.
Added key bindings for forward ('v') and backward ('b').
Added the pdffonts program which lists the fonts used in a PDF file.
Fixed several problems in the TrueType font embedding code
Accept named destination on command line.
Added several new items to pdfinfo: file size, PDF version, tagged
(yes or no), XML metadata (with the -meta option).
Pdftops didn't get the portrait/landscape setting correct for PDF
files with rotated pages.
The TrueTypeFontFile class (including the Type 42 converter) now
understands cmap format 6.
The '0' keyboard shortcut didn't update the zoom popup menu.
Handle the complete list of alternate names for the Base14 fonts.
Fixed substitute font scaling in XOutputDev - scale only the width,
not the height.
Implemented stitching (type 3) functions.
Handle the case of moveto/closepath/clip, which defines an empty
clipping region.
Move dependences into separate Makefile.dep files; get rid of the
distdepend target.
Move all of the configure-script-generated -D options out of the
Makefiles and into a top-level .h file (aconf.h).
Pdfinfo prints dates in a more readable format.
Fixed a bug in the Paeth image predictor.
Handle annotations with multiple states.
The save and restore (q/Q) operators shouldn't save/restore the path.
Performance optimization: disable pattern drawing in TextOutputDev.
- PDF 1.4 (128-bit) decryption.
- FreeType 2 support.
- Embed TrueType fonts in PostScript output.
- Mouse wheel support.
- Text output for Simplified Chinese.
Lots more in the CHANGES file.
redefines about which buildlink.mk files would care is BUILDLINK_X11_DIR,
which points to the location of the X11R6 hierarchy used during building.
If x11.buildlink.mk isn't included, then BUILDLINK_X11_DIR defaults to
${X11BASE} (set in bsd.pkg.mk), so its value is always safe to use. Remove
the ifdefs surrounding the use of BUILDLINK_X11_DIR in tk/buildlink.mk and
revert changes to move x11.buildlink.mk before the other buildlink.mk files.
use X11_BUILDLINK_MK as a test value. Generally just reordering the
inclusions so that x11.buildlink.mk comes before the other buildlink.mk
files will make everthing work.