OpenPorts.se | The OpenBSD package collection

./textproc/xpdf [PDF viewer for X11]

[+] Add this package to your ports tracker

[

CVSweb ] [

Homepage ] [

RSS feed ]

Version: 3.02, Package name: xpdf-3.02

Maintained by: The OpenBSD ports mailing-list

Required to build:
[devel/gmake]

Master sites:

Description-main
Xpdf is an open source viewer for Portable Document Format (PDF) files.
This package also provides a PDF to PostScript converter and an
advanced PDF to PNM converter.

Description-utils
These are various command line tools distributed by the Xpdf project,
including a PDF text extractor, a PDF to JPEG/PNM/PBM converter, and
other utilities such as pdffonts and pdfinfo.

MD5: cLdScWeY3TQaS/iQ319v3A=

RMD160: QoBl6Mljm2eZcFsha+YD9S77iiI=

Filesize: 6.818 KB

Package available on: cdrom(

), ftp(

)
Distfile available on: cdrom(

), ftp(

)

Version History (View Complete History)

(2008-02-11) Updated to version: xpdf-3.02pl2p0
(2007-11-09) Updated to version: xpdf-3.02pl2
(2007-08-26) Updated to version: xpdf-3.02pl1p0
(2007-08-01) Updated to version: xpdf-3.02pl1
(2007-03-30) Updated to version: xpdf-3.02
(2006-07-21) Package added to openports.se, version xpdf-3.01p1 (created)

[show/hide] View available PLISTS (Can be a lot of data)

[show/hide] View known vulnerabilities

CVS Commit History:

2009-12-16 07:00:23 by Matthias Kilian | Files touched by this commit (1)

Log message:
Tell configure to use -lm.
Fixes the detection of openmotif after the latest update.

2009-11-11 18:59:40 by William Yodlowsky | Files touched by this commit (1)

Log message:
MFC:
This addresses the following security issues: CVE-2009-3603
CVE-2009-3604 CVE-2009-3605 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609
Official patch from xpdf developers integrated into build.
from kili@, thanks!
ok jasper@

2009-10-15 06:51:13 by Edd Barrett | Files touched by this commit (2)

Log message:
update xpdf to 3.02.4. This addresses the following security issues:
CVE-2009-3603
CVE-2009-3604
CVE-2009-3605
CVE-2009-3606
CVE-2009-3608
CVE-2009-3609
Official patch from xpdf developers integrated into build.
OK kili@

2009-08-15 07:40:18 by William Yodlowsky | Files touched by this commit (2)

Log message:
MFC:
SECURITY FIX
----------------------------
revision 1.65
date: 2009/05/30 22:35:56;  author: miod;  state: Exp;  lines: +2 -2
Fix possible out of bounds access in xpath code, reported upstream
----------------------------
revision 1.64
date: 2009/04/17 20:55:46;  author: kili;  state: Exp;  lines: +6 -5
SECURITY: update to xpdf-3.02pl3 which fixes multiple vulnerabilities.
See http://rhn.redhat.com/errata/RHSA-2009-0430.html for details.
----------------------------

2009-08-10 00:34:56 by Matthias Kilian | Files touched by this commit (27)

Log message:
WANTLIB changes after xcb addition and bump.

2009-05-30 16:35:57 by Miod Vallat | Files touched by this commit (2)

Log message:
Fix possible out of bounds access in xpath code, reported upstream; bump
package name. ok kili@

2009-04-17 14:55:46 by Matthias Kilian | Files touched by this commit (4)

Log message:
SECURITY: update to xpdf-3.02pl3 which fixes multiple vulnerabilities.
See http://rhn.redhat.com/errata/RHSA-2009-0430.html for details.
Also, fix license marker, update plists and simplify the pkgname
(dropping the pl, which seems to confuse bsd.port.mk's update
target).
ok naddy@, who had almost the same diff

2009-04-04 08:45:48 by Christian Weisgerber | Files touched by this commit (2)

Log message:
don't hardcode /usr/local and don't probe paths that don't exist on OpenBSD
ok steven@, kili@, landry@, sthen@

2008-06-09 22:59:04 by Robert Nagy | Files touched by this commit (2)

Log message:
Security fix for CVE-2008-1693. From Debian. diff from William Yodlowsky

2008-04-19 01:38:24 by Bernd Ahlers | Files touched by this commit (2)

Log message:
Security fix for CVE-2008-1693. From Debian.
ok naddy@

2008-02-14 01:52:35 by Landry Breuil | Files touched by this commit (1)

Log message:
Finally, fix make install (spotted by markus lude at gmx.de)
fix from sthen@
ok sthen@ steven@

2008-02-13 09:18:33 by Landry Breuil | Files touched by this commit (8)

Log message:
Finally, make xpdf MULTI_PACKAGES, xpdf -main package provides x-depending
parts of xpdf, and xpdf -utils provides non-x-depending parts (replacing the
no_x11 flavor). Appropriate @conflict marker makes upgrade flawless.
While here, remove dependency on a specific version of auto* (prompted by naddy@)
(and remember me to never _ever_ touch xpdf again)
Change requested by naddy@ espie@
ok sthen@ naddy@

2008-02-10 13:25:14 by Landry Breuil | Files touched by this commit (4)

Log message:
Add a no_x11 FLAVOR, based on an initial submission by Jeremy Evans
Discussed with many on ports@
ok brad@

2007-11-09 00:15:12 by Bernd Ahlers | Files touched by this commit (3)

Log message:
Update to xpdf-3.02pl2 which contains security fixes for CVE-2007-4352,
CVE-2007-5392 and CVE-2007-5393.
More info:
http://secunia.com/secunia_research/2007-88/advisory/
testing & ok simon@, jasper@

2007-08-25 08:42:38 by Christian Weisgerber | Files touched by this commit (2)

Log message:
fix ASCII85 encoding on LP64 archs

2007-08-09 11:12:36 by Antoine Jacoutot | Files touched by this commit (1)

Log message:
MFC (original commit naddy@):
- SECURITY fix for CVE-2007-3387
ok sturm@

2007-08-02 02:23:50 by Antoine Jacoutot | Files touched by this commit (1)

Log message:
MFC (original commit naddy@):
- SECURITY fix for CVE-2007-3387
ok sturm@

2007-07-31 15:22:16 by Christian Weisgerber | Files touched by this commit (2)

Log message:
SECURITY fix for CVE-2007-3387.
Also remove former maintainer at his request.
ok kili@

2007-05-01 10:28:30 by Nikolay Sturm | Files touched by this commit (3)

Log message:
MFC:
Update to xpdf 3.0.2, from Stuart Henderson and Brad Smith
Includes some security fixes

2007-04-05 11:26:27 by Marc Espie | Files touched by this commit (815)

Log message:
more base64 checksums

2007-04-03 06:16:22 by Nikolay Sturm | Files touched by this commit (3)

Log message:
MFC:
Update to xpdf 3.0.2, from Stuart Henderson and Brad Smith
Includes some security fixes

2007-04-03 06:03:20 by Nikolay Sturm | Files touched by this commit (3)

Log message:
MFC:
Update to xpdf 3.0.2, from Stuart Henderson and Brad Smith
Includes some security fixes

2007-03-29 22:32:13 by Chris Kuethe | Files touched by this commit (1)

Log message:
Forgot to cvs rm this one too. Pointed out by marco

2007-03-29 22:09:42 by Chris Kuethe | Files touched by this commit (9)

Log message:
Update to xpdf 3.0.2, from Stuart Henderson and Brad Smith
Includes some security fixes
ok pvalchev, todd

2006-08-03 17:55:11 by Marc Espie | Files touched by this commit (31)

Log message:
new lib specs

2006-02-06 15:15:58 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix heap based buffer overflow.
>From KDE. http://www.kde.org/info/security/advisory-20060202-1.txt

2006-02-06 15:13:43 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix heap based buffer overflow.
>From KDE. http://www.kde.org/info/security/advisory-20060202-1.txt

2006-02-05 02:59:01 by Bernd Ahlers | Files touched by this commit (2)

Log message:
Fix heap based buffer overflow.
>From KDE. http://www.kde.org/info/security/advisory-20060202-1.txt
ok brad@

2005-12-07 15:10:03 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix several security bugs in the xpdf code.
o iDefense advisories from 2005-12-05
o CAN-2005-3191, CAN-2005-3192, CAN-2005-3193
- JPX Stream Reader Heap Overflow Vulnerability
- DCTStream Baseline Heap Overflow Vulnerability
- DCTStream Progressive Heap Overflow
- StreamPredictor Heap Overflow Vulnerability
Patch provided by xpdf developers.

2005-12-07 15:09:35 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix several security bugs in the xpdf code.
o iDefense advisories from 2005-12-05
o CAN-2005-3191, CAN-2005-3192, CAN-2005-3193
- JPX Stream Reader Heap Overflow Vulnerability
- DCTStream Baseline Heap Overflow Vulnerability
- DCTStream Progressive Heap Overflow
- StreamPredictor Heap Overflow Vulnerability
Patch provided by xpdf developers.

2005-12-07 02:22:15 by Bernd Ahlers | Files touched by this commit (4)

Log message:
Fix several security bugs in the xpdf code.
o iDefense advisories from 2005-12-05
o CAN-2005-3191, CAN-2005-3192, CAN-2005-3193
- JPX Stream Reader Heap Overflow Vulnerability
- DCTStream Baseline Heap Overflow Vulnerability
- DCTStream Progressive Heap Overflow
- StreamPredictor Heap Overflow Vulnerability
Patch provided by xpdf developers.

2005-09-09 11:34:53 by Brad Smith | Files touched by this commit (16)

Log message:
upgrade to xpdf 3.01
Most of the update is from Bernd Ahlers <bernd at ba-net dot org>

2005-08-31 13:55:37 by Nikolay Sturm | Files touched by this commit (8)

Log message:
bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8
suggested by espie@, ok pval@

2005-08-31 13:51:42 by Nikolay Sturm | Files touched by this commit (11)

Log message:
updated packages for these ports where not build in a sane environment
bump PKGNAME for fixed packages

2005-08-31 13:46:33 by Nikolay Sturm | Files touched by this commit (7)

Log message:
updated packages for these ports where not build in a sane environment
bump PKGNAME for fixed packages

2005-08-16 12:03:41 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix denial of service vulnerability.
Check sanity of the TrueType "loca" table.  Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table.  CAN-2005-2097.
from Ubuntu Linux
ok brad@

2005-08-16 12:00:50 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix denial of service vulnerability.
Check sanity of the TrueType "loca" table.  Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table.  CAN-2005-2097.
from Ubuntu Linux
ok brad@

2005-08-11 08:18:47 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Fix denial of service vulnerability.
Check sanity of the TrueType "loca" table.  Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table.  CAN-2005-2097.
from Ubuntu Linux; ok brad@

2005-08-10 14:27:25 by Christian Weisgerber | Files touched by this commit (2)

Log message:
sync patches

2005-01-20 14:18:45 by Robert Nagy | Files touched by this commit (2)

Log message:
SECURITY:
Fix a buffer overflow due to insufficient bounds checking while
processing a PDF file that provides malicious values in the /Encrypt
/Length tag.; bump PKGNAME
http://www.vuxml.org/openbsd/456f1b12-6a38-11d9-bc5d-00065bd5b0b6.html
ok brad@

2005-01-20 14:17:02 by Robert Nagy | Files touched by this commit (2)

Log message:
SECURITY:
Fix a buffer overflow due to insufficient bounds checking while
processing a PDF file that provides malicious values in the /Encrypt
/Length tag.
http://www.vuxml.org/openbsd/456f1b12-6a38-11d9-bc5d-00065bd5b0b6.html
ok brad@

2005-01-19 09:23:16 by Christian Weisgerber | Files touched by this commit (2)

Log message:
SECURITY:
Fix a buffer overflow due to insufficient bounds checking while
processing a PDF file that provides malicious values in the /Encrypt
/Length tag.
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false
ok robert@

2005-01-05 10:34:35 by Christian Weisgerber | Files touched by this commit (166)

Log message:
SIZE

2004-12-27 05:21:44 by Robert Nagy | Files touched by this commit (2)

Log message:
SECURITY:
fixed integer overflows:
http://www.vuxml.org/openbsd/d79a032a-2763-11d9-a0f4-00065bd5b0b6.html
fixed buffer overflow vulnerability:
http://www.vuxml.org/openbsd/9317ac06-5441-11d9-8ad2-00065bd5b0b6.html
ok brad@

2004-12-27 05:19:00 by Robert Nagy | Files touched by this commit (2)

Log message:
SECURITY:
fixed integer overflows:
http://www.vuxml.org/openbsd/d79a032a-2763-11d9-a0f4-00065bd5b0b6.html
fixed buffer overflow vulnerability:
http://www.vuxml.org/openbsd/9317ac06-5441-11d9-8ad2-00065bd5b0b6.html
ok brad@

2004-12-22 10:36:24 by Robert Nagy | Files touched by this commit (3)

Log message:
SECURITY:
fix a buffer overflow vulnerability; bump PKGNAME; use autoconf-2.59
ok MAINTAINER (brad@)

2004-12-06 17:23:24 by Aleksander Piotrowski | Files touched by this commit (46)

Log message:
Add WANTLIB markers

2004-11-08 09:34:52 by Christian Weisgerber | Files touched by this commit (1)

Log message:
Remove workaround for GNU m4 incompatibility, which has been fixed in our m4.

2004-11-06 11:19:53 by Christian Weisgerber | Files touched by this commit (6)

Log message:
freetype fixes, adapted from FreeBSD; ok brad@

2004-10-22 20:24:37 by Brad Smith | Files touched by this commit (3)

Log message:
Chris Evans discovered numerous vulnerabilities in the xpdf package:
Multiple integer overflow issues affecting xpdf.
These can result in writing an arbitrary byte to an attacker controlled
location which probably could lead to arbitrary code execution.
CAN-2004-0888
Multiple integer overflow issues.
These can result in DoS or possibly arbitrary code execution.
CAN-2004-0889
Chris also discovered issues with infinite loop logic error.

2004-09-15 12:44:09 by Marc Espie | Files touched by this commit (107)

Log message:
new plists

2004-07-29 19:19:28 by Christian Weisgerber | Files touched by this commit (1)

Log message:
drop obsolete lib requirement

2004-04-05 20:35:44 by Brad Smith | Files touched by this commit (5)

Log message:
install sample xpdfrc file and fix lpr usage. From: sturm@

2004-02-14 14:06:54 by Brad Smith | Files touched by this commit (1)

Log message:
FreeType2 authors are brain dead. Workaround really stupid change
with FreeType2 that comes with XF 4.4.

2004-01-31 11:06:39 by Brad Smith | Files touched by this commit (1)

Log message:
now that there is a separate fonts package for ghostscript
use that instead.

2004-01-25 02:44:20 by Brad Smith | Files touched by this commit (1)

Log message:
better

2004-01-25 02:37:39 by Brad Smith | Files touched by this commit (1)

Log message:
- remove bogus --with-gzip in CONFIGURE_ARGS
- add RUN_DEPENDS on GNU ghostscript for the fonts

2004-01-24 23:02:40 by Brad Smith | Files touched by this commit (9)

Log message:
upgrade to xpdf 3.00
"shitloads better rendering" - jose@

2003-12-15 14:55:58 by Christian Weisgerber | Files touched by this commit (479)

Log message:
remove WWW lines

2003-10-24 13:31:57 by Brad Smith | Files touched by this commit (6)

Log message:
remove DRM bullshit.
--
From: cloder@

2003-07-17 18:54:02 by Brad Smith | Files touched by this commit (2)

Log message:
The previous patch for the hyperlinks issue was not adequate. This update
fixes the patch.

2003-06-19 19:26:07 by Brad Smith | Files touched by this commit (2)

Log message:
fixes a flaw where an attacker can embed malicious hyperlinks that if
activated can execute arbitrary shell commands.
http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

2003-06-19 18:51:08 by Brad Smith | Files touched by this commit (3)

Log message:
MFC:
upgrade to xpdf 2.02pl1
fixes a flaw where an attacker can embed malicious hyperlinks that if
activated can execute arbitrary shell commands.
http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

2003-06-19 06:00:47 by Brad Smith | Files touched by this commit (2)

Log message:
upgrade to xpdf 2.02pl1
fixes a flaw where an attacker can embed malicious hyperlinks that if
activated can execute arbitrary shell commands.
http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2

2003-05-19 18:37:10 by Brad Smith | Files touched by this commit (4)

Log message:
upgrade to xpdf 2.02
--
From: naddy@

2003-02-12 01:28:20 by Nikolay Sturm | Files touched by this commit (5)

Log message:
update to xpdf 2.01
- switch to motif toolkit
- support for multiple open documents
- lots of minor tweaks, bugfixes and additions, see
http://www.foolabs.com/xpdf/CHANGES for details
MAINTAINER ok

2002-12-29 17:09:30 by Brad Smith | Files touched by this commit (2)

Log message:
MFC:
The pdftops filter in xpdf contains an integer overflow that can
be exploited to gain the privileges of the target user.
http://www.idefense.com/advisory/12.23.02.txt

2002-12-29 16:57:04 by Brad Smith | Files touched by this commit (2)

Log message:
MFC:
The pdftops filter in xpdf contains an integer overflow that can
be exploited to gain the privileges of the target user.
http://www.idefense.com/advisory/12.23.02.txt

2002-12-29 16:45:20 by Brad Smith | Files touched by this commit (2)

Log message:
The pdftops filter in xpdf contains an integer overflow that can
be exploited to gain the privileges of the target user.
http://www.idefense.com/advisory/12.23.02.txt

2002-10-28 15:43:46 by Christian Weisgerber | Files touched by this commit (25)

Log message:
No regression tests available.

2002-09-03 18:55:41 by Peter Valchev | Files touched by this commit (1)

Log message:
no more need to build this static on sparc64, remove workaround
ld.so fix thanks to drahn@