[pkgsrc/trunk]: pkgsrc/print/teTeX-bin applied patches pulled from xpdf-3.00p...

[kei <kei%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/82aa6ed3f951
branches:  trunk
changeset: 487519:82aa6ed3f951
user:      kei <kei%pkgsrc.org@localhost>
date:      Sun Jan 16 08:35:08 2005 +0000

description:
applied patches pulled from xpdf-3.00pl2.patch.  this should fix security
problems described in CAN-2004-0888.  pointed out by Thomas Klausner.

diffstat:

 print/teTeX-bin/distinfo         |   4 +++-
 print/teTeX-bin/patches/patch-ah |  15 +++++++++++++++
 print/teTeX-bin/patches/patch-ai |  16 ++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletions(-)

diffs (56 lines):

diff -r c64e4457387b -r 82aa6ed3f951 print/teTeX-bin/distinfo
--- a/print/teTeX-bin/distinfo  Sun Jan 16 08:35:07 2005 +0000
+++ b/print/teTeX-bin/distinfo  Sun Jan 16 08:35:08 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2004/10/22 19:32:35 jmmv Exp $
+$NetBSD: distinfo,v 1.8 2005/01/16 08:35:08 kei Exp $
 
 SHA1 (teTeX/tetex-src-2.0.2.tar.gz) = 6445206b14d659458ee352df78d2c2daf8e88ab3
 Size (teTeX/tetex-src-2.0.2.tar.gz) = 11745933 bytes
@@ -9,5 +9,7 @@
 SHA1 (patch-ae) = 68825699db129b82f476c37ba3b6e20a8831ad6e
 SHA1 (patch-af) = d5fd0e1b30b1ea9fd96fe5983088df5a723f04b7
 SHA1 (patch-ag) = a6fd35e0cfbe4041abebb3e64ae825dcc4ec1dda
+SHA1 (patch-ah) = b028d996fcbf602f94b93b51a04578d893dd972c
+SHA1 (patch-ai) = b8c34c089b1c3730f57915fddd63762dea2f3435
 SHA1 (patch-ap) = 40543e9a2fb87d296557f3a8bd9a7207b2331a8e
 SHA1 (patch-aq) = f90ed07b2de340c55c6d987fdaa59d7ed6d46e0f
diff -r c64e4457387b -r 82aa6ed3f951 print/teTeX-bin/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX-bin/patches/patch-ah  Sun Jan 16 08:35:08 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ah,v 1.3 2005/01/16 08:35:08 kei Exp $
+
+--- libs/xpdf/xpdf/Gfx.cc.orig 2005-01-04 16:23:02.000000000 +0900
++++ libs/xpdf/xpdf/Gfx.cc      2005-01-04 16:27:39.000000000 +0900
+@@ -2381,7 +2381,9 @@
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++         i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++         ++i) {
+       maskObj.arrayGet(i, &obj1);
+       maskColors[i] = obj1.getInt();
+       obj1.free();
diff -r c64e4457387b -r 82aa6ed3f951 print/teTeX-bin/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/teTeX-bin/patches/patch-ai  Sun Jan 16 08:35:08 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ai,v 1.3 2005/01/16 08:35:08 kei Exp $
+
+--- libs/xpdf/xpdf/GfxState.cc.orig    2005-01-04 16:27:49.000000000 +0900
++++ libs/xpdf/xpdf/GfxState.cc 2005-01-04 16:30:39.000000000 +0900
+@@ -708,6 +708,11 @@
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++        nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {