summaryrefslogtreecommitdiffstats
path: root/graphics/kdegraphics4
diff options
context:
space:
mode:
authorlofi <lofi@FreeBSD.org>2004-12-23 11:01:35 +0000
committerlofi <lofi@FreeBSD.org>2004-12-23 11:01:35 +0000
commitc0d1690766a60bfa4545f68f52adfeac19c28c80 (patch)
treeb08e7ec39b0597d3e1e55ea39b75fb311ac5601c /graphics/kdegraphics4
parenta8a1c62e359bf94ee311c4d61061c93ecd17c59e (diff)
downloadFreeBSD-ports-c0d1690766a60bfa4545f68f52adfeac19c28c80.zip
FreeBSD-ports-c0d1690766a60bfa4545f68f52adfeac19c28c80.tar.gz
Patch vulnerability in imported xpdf code. Bump PORTREVISION.
References: http://www.kde.org/info/security/advisory-20041223-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
Diffstat (limited to 'graphics/kdegraphics4')
-rw-r--r--graphics/kdegraphics4/Makefile1
-rw-r--r--graphics/kdegraphics4/files/patch-post-3.3.2-kdegraphics.diff38
2 files changed, 39 insertions, 0 deletions
diff --git a/graphics/kdegraphics4/Makefile b/graphics/kdegraphics4/Makefile
index b1fdb66..3c749b6 100644
--- a/graphics/kdegraphics4/Makefile
+++ b/graphics/kdegraphics4/Makefile
@@ -8,6 +8,7 @@
PORTNAME= kdegraphics
PORTVERSION= ${KDE_VERSION}
+PORTREVISION= 1
CATEGORIES= graphics kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
diff --git a/graphics/kdegraphics4/files/patch-post-3.3.2-kdegraphics.diff b/graphics/kdegraphics4/files/patch-post-3.3.2-kdegraphics.diff
new file mode 100644
index 0000000..417710a
--- /dev/null
+++ b/graphics/kdegraphics4/files/patch-post-3.3.2-kdegraphics.diff
@@ -0,0 +1,38 @@
+diff -b -p -u -r1.4.4.1 -r1.4.4.2
+--- kpdf/xpdf/Gfx.cc 2 Sep 2004 21:30:18 -0000 1.4.4.1
++++ kpdf/xpdf/Gfx.cc 22 Dec 2004 12:05:50 -0000 1.4.4.2
+@@ -2654,7 +2654,9 @@ void Gfx::doImage(Object *ref, Stream *s
+ haveMask = gFalse;
+ dict->lookup("Mask", &maskObj);
+ if (maskObj.isArray()) {
+- for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++ for (i = 0;
++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++ ++i) {
+ maskObj.arrayGet(i, &obj1);
+ maskColors[i] = obj1.getInt();
+ obj1.free();
+diff -b -p -u -r1.3.4.1 -r1.3.4.2
+--- kpdf/xpdf/GfxState.cc 2 Sep 2004 21:30:18 -0000 1.3.4.1
++++ kpdf/xpdf/GfxState.cc 22 Dec 2004 12:05:50 -0000 1.3.4.2
+@@ -708,6 +708,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
+ }
+ nCompsA = obj2.getInt();
+ obj2.free();
++ if (nCompsA > gfxColorMaxComps) {
++ error(-1, "ICCBased color space with too many (%d > %d) components",
++ nCompsA, gfxColorMaxComps);
++ nCompsA = gfxColorMaxComps;
++ }
+ if (dict->lookup("Alternate", &obj2)->isNull() ||
+ !(altA = GfxColorSpace::parse(&obj2))) {
+ switch (nCompsA) {
+@@ -1054,7 +1059,7 @@ GfxColorSpace *GfxDeviceNColorSpace::par
+ }
+ nCompsA = obj1.arrayGetLength();
+ if (nCompsA > gfxColorMaxComps) {
+- error(-1, "DeviceN color space with more than %d > %d components",
++ error(-1, "DeviceN color space with too many (%d > %d) components",
+ nCompsA, gfxColorMaxComps);
+ nCompsA = gfxColorMaxComps;
+ }
OpenPOWER on IntegriCloud