diff options
| author | Markus Brueffer <markus@FreeBSD.org> | 2004-12-24 16:23:13 +0000 |
|---|---|---|
| committer | Markus Brueffer <markus@FreeBSD.org> | 2004-12-24 16:23:13 +0000 |
| commit | b85ff85af3f41ccf0375e7250f3894ea5817250b (patch) | |
| tree | 7c14a9d13ffc030f137f232a61fcaaceef91c0b8 /editors | |
| parent | Add missing prototype to fix the build with recent GCC. (diff) | |
Patch vulnerability in imported xpdf code. Bump PORTREVISION.
References:
http://koffice.kde.org/releases/1.3.5-release.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
Notified by: josef
Notes
Notes:
svn path=/head/; revision=125079
Diffstat (limited to 'editors')
| -rw-r--r-- | editors/calligra/Makefile | 1 | ||||
| -rw-r--r-- | editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff | 41 | ||||
| -rw-r--r-- | editors/koffice-kde3/Makefile | 1 | ||||
| -rw-r--r-- | editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff | 41 | ||||
| -rw-r--r-- | editors/koffice-kde4/Makefile | 1 | ||||
| -rw-r--r-- | editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff | 41 |
6 files changed, 126 insertions, 0 deletions
diff --git a/editors/calligra/Makefile b/editors/calligra/Makefile index 73501ed3bf02..3b6102eac61a 100644 --- a/editors/calligra/Makefile +++ b/editors/calligra/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.5 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff b/editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff new file mode 100644 index 000000000000..929a3ba2964c --- /dev/null +++ b/editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff @@ -0,0 +1,41 @@ +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/Gfx.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +- for (i = 0; i < maskObj.arrayGetLength(); ++i) { ++ for (i = 0; ++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++ ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/GfxState.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par + goto err2; + } + nCompsA = obj1.arrayGetLength(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "DeviceN color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + for (i = 0; i < nCompsA; ++i) { + if (!obj1.arrayGet(i, &obj2)->isName()) { + error(-1, "Bad DeviceN color space (names)"); diff --git a/editors/koffice-kde3/Makefile b/editors/koffice-kde3/Makefile index 73501ed3bf02..3b6102eac61a 100644 --- a/editors/koffice-kde3/Makefile +++ b/editors/koffice-kde3/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.5 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff b/editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff new file mode 100644 index 000000000000..929a3ba2964c --- /dev/null +++ b/editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff @@ -0,0 +1,41 @@ +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/Gfx.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +- for (i = 0; i < maskObj.arrayGetLength(); ++i) { ++ for (i = 0; ++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++ ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/GfxState.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par + goto err2; + } + nCompsA = obj1.arrayGetLength(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "DeviceN color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + for (i = 0; i < nCompsA; ++i) { + if (!obj1.arrayGet(i, &obj2)->isName()) { + error(-1, "Bad DeviceN color space (names)"); diff --git a/editors/koffice-kde4/Makefile b/editors/koffice-kde4/Makefile index 73501ed3bf02..3b6102eac61a 100644 --- a/editors/koffice-kde4/Makefile +++ b/editors/koffice-kde4/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.5 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff b/editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff new file mode 100644 index 000000000000..929a3ba2964c --- /dev/null +++ b/editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff @@ -0,0 +1,41 @@ +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/Gfx.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +- for (i = 0; i < maskObj.arrayGetLength(); ++i) { ++ for (i = 0; ++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++ ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/GfxState.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par + goto err2; + } + nCompsA = obj1.arrayGetLength(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "DeviceN color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + for (i = 0; i < nCompsA; ++i) { + if (!obj1.arrayGet(i, &obj2)->isName()) { + error(-1, "Bad DeviceN color space (names)"); |