Skip to content

Commit

Permalink
Pullup ticket 199 - requested by Mark Davies
Browse files Browse the repository at this point in the history 
security fix for koffice

    Module Name: pkgsrc
    Committed By: markd
    Date:  Thu Dec 30 21:49:14 UTC 2004

    Modified Files:
     pkgsrc/misc/koffice: Makefile distinfo
    Added Files:
     pkgsrc/misc/koffice/patches: patch-ac patch-ad

    Log Message:
    Add patches to address the latest xpdf security issue in the PDF import
    filter. Bump PKGREVISION.
  • Loading branch information
snj committed Dec 30, 2004
1 parent cae7fcb commit 2504b7b
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 2 deletions.
3 changes: 2 additions & 1 deletion misc/koffice/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# $NetBSD: Makefile,v 1.48 2004/11/23 20:24:08 markd Exp $
# $NetBSD: Makefile,v 1.48.2.1 2004/12/30 22:24:47 snj Exp $

DISTNAME= koffice-1.3.5
PKGREVISION= 3
CATEGORIES= misc kde
MASTER_SITES= ftp://ftp.kde.org/pub/kde/stable/koffice-1.3.5/src/ \
ftp://ftp.us.kde.org/pub/kde/stable/koffice-1.3.5/src/ \
Expand Down
4 changes: 3 additions & 1 deletion misc/koffice/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
$NetBSD: distinfo,v 1.18 2004/11/23 20:24:08 markd Exp $
$NetBSD: distinfo,v 1.18.2.1 2004/12/30 22:24:47 snj Exp $

SHA1 (koffice-1.3.5.tar.bz2) = feccb391be8039514f23f0f9cde9b01e22625769
Size (koffice-1.3.5.tar.bz2) = 10778584 bytes
SHA1 (patch-aa) = 64f32eaaa0f6e29f6ec3c9b92ecf4599cd11f178
SHA1 (patch-ab) = 6f253484f6c09877cca6b1d1d7610725c895e13a
SHA1 (patch-ac) = bd83be082e58c09630d97e26f21eacbc0ae028f9
SHA1 (patch-ad) = 83f18c3d073027df62614f7e60035c13100682cf
15 changes: 15 additions & 0 deletions misc/koffice/patches/patch-ac
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
$NetBSD: patch-ac,v 1.7.2.1 2004/12/30 22:24:47 snj Exp $

--- filters/kword/pdf/xpdf/xpdf/Gfx.cc.orig 2003-01-26 12:17:44.000000000 +1300
+++ filters/kword/pdf/xpdf/xpdf/Gfx.cc
@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s
haveMask = gFalse;
dict->lookup("Mask", &maskObj);
if (maskObj.isArray()) {
- for (i = 0; i < maskObj.arrayGetLength(); ++i) {
+ for (i = 0;
+ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
+ ++i) {
maskObj.arrayGet(i, &obj1);
maskColors[i] = obj1.getInt();
obj1.free();
28 changes: 28 additions & 0 deletions misc/koffice/patches/patch-ad
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
$NetBSD: patch-ad,v 1.8.2.1 2004/12/30 22:24:47 snj Exp $

--- filters/kword/pdf/xpdf/xpdf/GfxState.cc.orig 2003-01-26 12:17:44.000000000 +1300
+++ filters/kword/pdf/xpdf/xpdf/GfxState.cc
@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
}
nCompsA = obj2.getInt();
obj2.free();
+ if (nCompsA > gfxColorMaxComps) {
+ error(-1, "ICCBased color space with too many (%d > %d) components",
+ nCompsA, gfxColorMaxComps);
+ nCompsA = gfxColorMaxComps;
+ }
if (dict->lookup("Alternate", &obj2)->isNull() ||
!(altA = GfxColorSpace::parse(&obj2))) {
switch (nCompsA) {
@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par
goto err2;
}
nCompsA = obj1.arrayGetLength();
+ if (nCompsA > gfxColorMaxComps) {
+ error(-1, "DeviceN color space with too many (%d > %d) components",
+ nCompsA, gfxColorMaxComps);
+ nCompsA = gfxColorMaxComps;
+ }
for (i = 0; i < nCompsA; ++i) {
if (!obj1.arrayGet(i, &obj2)->isName()) {
error(-1, "Bad DeviceN color space (names)");

0 comments on commit 2504b7b

Please sign in to comment.