[pkgsrc/pkgsrc-2004Q4]: pkgsrc/misc/koffice Pullup ticket 199 - requested by ...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4a2050f3a67b
branches:  pkgsrc-2004Q4
changeset: 485791:4a2050f3a67b
user:      snj <snj%pkgsrc.org@localhost>
date:      Thu Dec 30 22:24:47 2004 +0000

description:
Pullup ticket 199 - requested by Mark Davies
security fix for koffice

    Module Name: pkgsrc
    Committed By: markd
    Date:  Thu Dec 30 21:49:14 UTC 2004

    Modified Files:
     pkgsrc/misc/koffice: Makefile distinfo
    Added Files:
     pkgsrc/misc/koffice/patches: patch-ac patch-ad

    Log Message:
    Add patches to address the latest xpdf security issue in the PDF import
    filter. Bump PKGREVISION.

diffstat:

 misc/koffice/Makefile         |   3 ++-
 misc/koffice/distinfo         |   4 +++-
 misc/koffice/patches/patch-ac |  15 +++++++++++++++
 misc/koffice/patches/patch-ad |  28 ++++++++++++++++++++++++++++
 4 files changed, 48 insertions(+), 2 deletions(-)

diffs (76 lines):

diff -r 1fe995bfb8a0 -r 4a2050f3a67b misc/koffice/Makefile
--- a/misc/koffice/Makefile     Thu Dec 30 12:22:59 2004 +0000
+++ b/misc/koffice/Makefile     Thu Dec 30 22:24:47 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2004/11/23 20:24:08 markd Exp $
+# $NetBSD: Makefile,v 1.48.2.1 2004/12/30 22:24:47 snj Exp $
 
 DISTNAME=      koffice-1.3.5
+PKGREVISION=   3
 CATEGORIES=    misc kde
 MASTER_SITES=  ftp://ftp.kde.org/pub/kde/stable/koffice-1.3.5/src/ \
                ftp://ftp.us.kde.org/pub/kde/stable/koffice-1.3.5/src/ \
diff -r 1fe995bfb8a0 -r 4a2050f3a67b misc/koffice/distinfo
--- a/misc/koffice/distinfo     Thu Dec 30 12:22:59 2004 +0000
+++ b/misc/koffice/distinfo     Thu Dec 30 22:24:47 2004 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.18 2004/11/23 20:24:08 markd Exp $
+$NetBSD: distinfo,v 1.18.2.1 2004/12/30 22:24:47 snj Exp $
 
 SHA1 (koffice-1.3.5.tar.bz2) = feccb391be8039514f23f0f9cde9b01e22625769
 Size (koffice-1.3.5.tar.bz2) = 10778584 bytes
 SHA1 (patch-aa) = 64f32eaaa0f6e29f6ec3c9b92ecf4599cd11f178
 SHA1 (patch-ab) = 6f253484f6c09877cca6b1d1d7610725c895e13a
+SHA1 (patch-ac) = bd83be082e58c09630d97e26f21eacbc0ae028f9
+SHA1 (patch-ad) = 83f18c3d073027df62614f7e60035c13100682cf
diff -r 1fe995bfb8a0 -r 4a2050f3a67b misc/koffice/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/koffice/patches/patch-ac     Thu Dec 30 22:24:47 2004 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ac,v 1.7.2.1 2004/12/30 22:24:47 snj Exp $
+
+--- filters/kword/pdf/xpdf/xpdf/Gfx.cc.orig    2003-01-26 12:17:44.000000000 +1300
++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc
+@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++         i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++         ++i) {
+       maskObj.arrayGet(i, &obj1);
+       maskColors[i] = obj1.getInt();
+       obj1.free();
diff -r 1fe995bfb8a0 -r 4a2050f3a67b misc/koffice/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/koffice/patches/patch-ad     Thu Dec 30 22:24:47 2004 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-ad,v 1.8.2.1 2004/12/30 22:24:47 snj Exp $
+
+--- filters/kword/pdf/xpdf/xpdf/GfxState.cc.orig       2003-01-26 12:17:44.000000000 +1300
++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc
+@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++        nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {
+@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par
+     goto err2;
+   }
+   nCompsA = obj1.arrayGetLength();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "DeviceN color space with too many (%d > %d) components",
++        nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   for (i = 0; i < nCompsA; ++i) {
+     if (!obj1.arrayGet(i, &obj2)->isName()) {
+       error(-1, "Bad DeviceN color space (names)");