Commit Graph

56 Commits

Author SHA1 Message Date
Thomas Gerbet
6afc4c0c22 xpdf: 4.04 -> 4.05
Fixes a bunch of CVEs (but not all of them apparently).

Changes:
https://forum.xpdfreader.com/viewtopic.php?t=43343

```
4.05 (2024-feb-08)
------------------
Added the '-overwrite' option to pdftohtml.
Added the 'ignoreWrongSizeToUnicode' xpdfrc setting.
Added the loadSession and saveSession commands, and the 'Load last
  session' menu item.
Added code to automatically save and restore the xpdf session under
  control of a session manager.  This has not been thoroughly tested
  yet.
Added the zoomScaleFactor xpdfrc setting.
Added the zoomValues xpdfrc setting.
Added a 'smart case' option for search in xpdf.
Added the '-custom' flag to pdfinfo.
Added a color/gray/mono switch to the 'save image' dialog.
Added the separateRotatedText xpdfrc setting.
Added the '-meta' flag to pdftohtml.
Added the allowLinksToChangeZoom xpdfrc setting.
Added the 'uses JavaScript' output to pdfinfo.
Implemented pattern stroking of text.  Also fixed the various
  combinations of filling/stroking with color/pattern + clipping, some
  of which weren't being handled correctly.
Pdftops now (re)compresses any uncompressed or RLE-compressed images.
On an out-of-memory error, the command line tools now exit with an
  "out of memory" message, rather than an exception message.
Add code to pdfimages to extract images from tiling patterns.
Pdftops can now embed external 8-bit OpenType CFF fonts.
Fixed a corner case in the text extractor related to characters drawn
  at extremely large coordinates.  [Thanks to elvadisas for the bug
  report.]
Fixed an integer overflow in the transparency group code.  [Thanks to
  elvadisas for the bug report.]
Modify Annots::Annots() to skip annotations that have been turned into
  AcroFormFields -- invalid Widget-type annots will now be rendered as
  annots.
Added a missing integer overflow check in the JBIG2 decoder.  [Thanks
  to sangjun for the bug report.]
Added some sanity checks to the JBIG2 decoder.  [Thanks to sangjun and
  ycdxsb for the bug reports.]
Tiling patterns that use non-Normal blend modes can't be cached.
Fixed a bitmap size sanity check in the JBIG2 decoder.  [Thanks to Han
  Zheng (NCNIPC of China, Hexhive), for the bug report.]
Fixed a missing bounds check in FoFiType1C::convertToOpenType (used in
  pdftohtml).  [Thanks to cyth for the bug report.]
Fixed a use-after-free bug in pdftohtml.  [Thanks to FeRDNYC for the
  bug report.]
Merged aconf2.h into aconf.h; corrected the cmake config settings for
  paths; added the BASE14_FONT_DIR config option.  [Thanks to FeRDNYC
  for the suggestions.]
Fixed a missing check for a zero-length index in the CFF (Type1C) font
  parser.  [Thanks to Yuhang Huang (NCNIPC of China), Han Zheng

  (NCNIPC of China, Hexhive), Wanying Cao, Jiayu Zhao (NCNIPC of
  China) for the bug report.]
Add an object loop check to Catalog::countPageTree().
The DCT decoder wasn't checking for an SOF before the first SOS.
  [Thanks to cyth for the bug report.]
The inline image decoder was skipping to end-of-stream in the wrong
  stream object.  [Thanks to cyth for the bug report.]
Fixed a bug in the JPEG 2000 decoder when nLayers > 1 and the
  'termination on each coding pass' flag is set.
Removed the #pragma interface/implementation stuff (which is outdated
  and useless at this point).
Fixed a bug in the ICCBased color space parser that was allowing the
  number of components to be zero.  (CVE-2023-2662)  [Thanks to
  huckleberry for the bug report.]
Added checks for PDF object loops in AcroForm::scanField()
  (CVE-2018-7453, CVE-2018-16369, CVE-2022-36561, CVE-2022-41844),
  Catalog::readPageLabelTree2() (CVE-2023-2663), and
  Catalog::readEmbeddedFileTree() (CVE-2023-2664).
The zero-width character problem can also happen if the page size is
  very large -- that needs to be limited too, the same way as
  character position coordinates.  (CVE-2023-3044) [Thanks to jlinliu
  for the bug report.]
Add some missing bounds check code in DCTStream.  [Thanks to Jiahao
  Liu for the bug report.]
Fix a deadlock when an object stream's length field is contained in
  another object stream.  (CVE-2023-3436) [Thanks to Jiahao Liu for
  the bug report.]
Correctly handle tiling patterns with negative step values.
Ignore overprint in soft masks (to match Adobe's behavior).
```
2024-02-14 22:48:47 +01:00
Thomas Gerbet
19916860db xpdf: add recent CVE IDs to the knownVulnerabilities
The package already has some known vulnerabilities. I'm adding the new
ones mostly to save future me some time so I do not have to ask myself
if this long list on unpatched issues is expected or not.

Upstream expects to to fix all of that in xpdf 5.
2023-05-19 16:42:36 +02:00
Vikram Narayanan
6ab8f2aea5 xpdf: fix build failure on darwin
convert the patch to substituteInPlace.
2023-05-03 17:03:25 -03:00
Armeen Mahdian
0fd723f3b4 xpdf: 4.03 -> 4.04 2022-04-24 21:32:23 -05:00
K900
cb2cfba6f7 treewide: switch all desktop file generators to new API
Notably:
- remove explicit arguments that match the defaults
- convert everything to the right Nix types
2022-02-25 13:40:38 -08:00
Felix Bühler
fbdf78236a
pkgs/applications: rename name to pname&version part 1 (#144949)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-11-07 21:29:51 +01:00
Dmitry Kalinkin
e0532475bc
treewide: remove darwin-only manual wrapQtApp invocations 2021-09-28 10:29:46 -04:00
Nikolay Korotkiy
51f84528e3
xpdf: 4.02 → 4.03 2021-02-09 15:22:02 +03:00
Ben Siraphob
108bdac3d9 pkgs/applications: stdenv.lib -> lib 2021-01-15 14:24:03 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Markus Kowalewski
83f77cfd64
libxpdf: add license 2020-06-27 00:00:04 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Nikolay Korotkiy
747086b484
xpdf: add knownVulnerabilities 2019-11-12 21:44:56 +03:00
Nikolay Korotkiy
fb8eaec873
xpdf: 4.00 -> 4.02 2019-11-12 21:44:56 +03:00
Thomas Tuegel
51d78034a1
wrapQtAppsHook: Remove ad hoc Qt wrappers 2019-07-05 10:42:08 -05:00
Peter Simons
ddac10a47c xpdf: remove myself from list of maintainers 2019-03-05 12:53:04 +01:00
Alex Ameen
2497e71972 Added long description (#56601)
xpdf: added long description
2019-03-02 11:45:18 +00:00
Markus Kowalewski
0c0656bcdc
xpdf: add license, update homepage 2018-09-01 17:02:14 +02:00
Alex Vorobiev
8c7883c027
Update default.nix 2018-03-22 12:21:12 -05:00
Dmitry Kalinkin
a3c57acef4
xpdf: specify paths to Qt plugins
On Darwing this fixes icons and "native" look.

Fixes: #36188
2018-03-01 16:40:10 -05:00
Dmitry Kalinkin
ea66292a16
xpdf: fix a runtime error
'This application failed to start because it could not find or load the Qt platform plugin "cocoa" in "".'
2018-03-01 10:51:00 -05:00
Dmitry Kalinkin
f5892d0718
xpdf: fix build on darwin (still broken in runtime) 2018-03-01 10:49:33 -05:00
Jörg Thalheim
e42c62e05f xpdf: build with qt gui 2017-08-28 22:08:01 +01:00
kiloreux
35612ffb6c
xpdf: 3.04-> 4.00 2017-08-26 00:07:31 +01:00
Silvan Mosberger
f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Tuomas Tynkkynen
2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Franz Pletz
1005f464dd xpdf: disable format hardening 2016-08-02 14:08:01 +00:00
Bjørn Forsman
bd01fad0ed Captialize meta.description of all packages
In line with the Nixpkgs manual.

A mechanical change, done with this command:

  find pkgs -name "*.nix" | \
      while read f; do \
          sed -e 's/description\s*=\s*"\([a-z]\)/description = "\u\1/' -i "$f"; \
      done

I manually skipped some:

* Descriptions starting with an abbreviation, a user name or package name
* Frequently generated expressions (haskell-packages.nix)
2016-06-20 13:55:52 +02:00
Peter Simons
8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Vladimír Čunát
21e3ff658a x11: replace its usage by xlibsWrapper directly
Scilab note: the parameters already had pointed to nonexistent dirs
before this set of refactoring. But that config wasn't even used by
default.
2015-09-15 12:08:24 +02:00
Lluís Batlle i Rossell
8885c992fd Updating xpdf to 3.04
(cherry picked from commit 0420a025e3)
2014-12-23 11:34:56 +01:00
Peter Simons
757161cb81 xpdf: fix configure-time bug that prevented the man pages from being installed 2013-10-22 13:02:21 +02:00
Eelco Dolstra
5553546c21 Remove a bunch of unreferenced files
Plus a small number of obsolete packages (like old versions of qemu).
2012-11-29 13:43:37 +01:00
Eelco Dolstra
f27f8a1177 xpdf: Don't use t1lib
t1lib has multiple unpatched vulnerabilities (see
e.g. http://rhn.redhat.com/errata/RHSA-2012-0062.html).
2012-08-16 16:31:44 -04:00
Eelco Dolstra
c556a6ea46 * "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
function, so obsolete it.

svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Lluís Batlle i Rossell
95c759a536 Fixing xpdf, so it finds the pdf base fonts now.
svn path=/nixpkgs/trunk/; revision=30658
2011-12-01 20:17:42 +00:00
Lluís Batlle i Rossell
4cf25b19de Updating xpdf.
svn path=/nixpkgs/trunk/; revision=30157
2011-10-31 21:38:30 +00:00
Eelco Dolstra
2985218698 * xpdf 3.02pl5.
svn path=/nixpkgs/trunk/; revision=25688
2011-01-25 13:28:23 +00:00
Peter Simons
9c6acea563 pkgs/applications/misc/xpdf: fixed location of "info" and "man" directories
svn path=/nixpkgs/trunk/; revision=24606
2010-11-05 14:41:19 +00:00
Peter Simons
c7b5ea13ea pkgs/applications/misc/xpdf: strip trailing whitespace
svn path=/nixpkgs/trunk/; revision=24143
2010-10-07 13:14:29 +00:00
Peter Simons
948b839e3d pkgs/applications/misc/xpdf: added meta section
svn path=/nixpkgs/trunk/; revision=24139
2010-10-07 13:14:13 +00:00
Rob Vermaas
9fa88c5291 added libxpdf and pdf2xml
svn path=/nixpkgs/trunk/; revision=23427
2010-08-25 14:25:51 +00:00
Eelco Dolstra
1b1e5e7d69 * xpdf updated to 3.02pl4.
svn path=/nixpkgs/trunk/; revision=21803
2010-05-16 18:59:50 +00:00
Eelco Dolstra
dd9f68b1f5 * xpdf updated to 3.02pl3.
svn path=/nixpkgs/trunk/; revision=16749
2009-08-17 13:50:18 +00:00
Eelco Dolstra
ed62007229 * xpdf 3.02pl2.
svn path=/nixpkgs/trunk/; revision=13716
2009-01-06 15:30:55 +00:00
Wouter den Breejen
040966d95d This is a quote from http://www.johannes-bauer.com/xpdf/xpdf.php, any moral issues can be posted on the mailing list ;) "If you are the proud owner of a proprietary PDF-Creator like "Adobe Acrobat" you probably have noticed that it gives you the option to make the resulting PDF protected in a way that you cannot copy any text from it or that you cannot extract the pictures within. What a nice little feature. Now what this technically does is to set a flag in the PDF telling the reader program "Please don't let the mean user copy any content from me! ". However, the whole process relies on the reader progam (like "Adobe Acrobat Reader" or "xpdf", in our case) to obey the request of the PDF creator. Now at this point, xpdf really pissed me off. Because it really does obey the completely non-sensical request of the PDF creator. Probably because of some legal trouble which Adobe might give them if they did not obey it. But logically there is absolutely no reason to restrict the extraction of text of graphical images from a PDF file. Text I could read and type it in again. Pictures I could photograph off my PC screen. It's completely moronic. It's Adobe. Plus some people at my college think it's protecting their documents well. They seem to believe that content which is made for education should under no circumstances leak to the outside - somebody could maybe learn something! It would be a disaster! It is obvious they're morons. This patch just proves my point."
svn path=/nixpkgs/trunk/; revision=9765
2007-11-20 17:27:24 +00:00
Eelco Dolstra
459b386ff9 * xpdf updated to 3.02pl1. Also patch its configuration file so that
it uses the Base-14 fonts from Ghostscript.

svn path=/nixpkgs/trunk/; revision=9396
2007-10-03 12:16:48 +00:00
Eelco Dolstra
d03cc6bcf3 * Latest Xpdf.
svn path=/nixpkgs/trunk/; revision=8543
2007-04-05 09:09:10 +00:00
Armijn Hemel
d511baa7d9 add security patch
svn path=/nixpkgs/trunk/; revision=5591
2006-07-05 14:00:05 +00:00