aboutsummaryrefslogtreecommitdiffstats
path: root/editors/calligra
diff options
context:
space:
mode:
authorlofi <lofi@FreeBSD.org>2005-12-08 11:29:36 +0800
committerlofi <lofi@FreeBSD.org>2005-12-08 11:29:36 +0800
commit268ab7288eb8e5f523dd27e41109be1b4f966298 (patch)
tree9aa7998d275b6657c0d92d52e7c5366d2a31df39 /editors/calligra
parent95df06d03fc12dc934e9cb1f16e8f7cd01dcfeab (diff)
downloadfreebsd-ports-gnome-268ab7288eb8e5f523dd27e41109be1b4f966298.tar.gz
freebsd-ports-gnome-268ab7288eb8e5f523dd27e41109be1b4f966298.tar.zst
freebsd-ports-gnome-268ab7288eb8e5f523dd27e41109be1b4f966298.zip
Patch security issues in imported xpdf code.
Security: CAN-2005-3193 Security: http://www.kde.org/info/security/advisory-20051207-1.txt Security: kpdf, the KDE pdf viewer and KOffice' pdf filter share code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code.
Diffstat (limited to 'editors/calligra')
-rw-r--r--editors/calligra/Makefile2
-rw-r--r--editors/calligra/files/patch-post-1.3-koffice-CAN-2005-319392
2 files changed, 93 insertions, 1 deletions
diff --git a/editors/calligra/Makefile b/editors/calligra/Makefile
index 6ac7cfd32256..4e16cc96ab44 100644
--- a/editors/calligra/Makefile
+++ b/editors/calligra/Makefile
@@ -7,7 +7,7 @@
PORTNAME= koffice
PORTVERSION= 1.4.2
-PORTREVISION= 1
+PORTREVISION= 2
PORTEPOCH= 1
CATEGORIES= editors kde
MASTER_SITES= ${MASTER_SITE_KDE}
diff --git a/editors/calligra/files/patch-post-1.3-koffice-CAN-2005-3193 b/editors/calligra/files/patch-post-1.3-koffice-CAN-2005-3193
new file mode 100644
index 000000000000..69cb714d18af
--- /dev/null
+++ b/editors/calligra/files/patch-post-1.3-koffice-CAN-2005-3193
@@ -0,0 +1,92 @@
+Index: filters/kword/pdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc (revision 485850)
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc (revision 486431)
+@@ -404,18 +404,33 @@ void ImageStream::skipLine() {
+
+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
+ int widthA, int nCompsA, int nBitsA) {
++ int totalBits;
++
+ str = strA;
+ predictor = predictorA;
+ width = widthA;
+ nComps = nCompsA;
+ nBits = nBitsA;
++ predLine = NULL;
++ ok = gFalse;
+
+ nVals = width * nComps;
++ totalBits = nVals * nBits;
++ if ( totalBits == 0 ||
++ (totalBits / nBits) / nComps != width ||
++ totalBits + 7 < 0) {
++ return;
++ }
+ pixBytes = (nComps * nBits + 7) >> 3;
+- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++ rowBytes = ((totalBits + 7) >> 3) + pixBytes;
++ if (rowBytes < 0)
++ return;
++
+ predLine = (Guchar *)gmalloc(rowBytes);
+ memset(predLine, 0, rowBytes);
+ predIdx = rowBytes;
++
++ ok = gTrue;
+ }
+
+ StreamPredictor::~StreamPredictor() {
+@@ -982,6 +997,10 @@ LZWStream::LZWStream(Stream *strA, int p
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if ( !pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+@@ -2861,6 +2880,10 @@ GBool DCTStream::readBaselineSOF() {
+ height = read16();
+ width = read16();
+ numComps = str->getChar();
++ if (numComps <= 0 || numComps > 4) {
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ if (prec != 8) {
+ error(getPos(), "Bad DCT precision %d", prec);
+ return gFalse;
+@@ -3179,6 +3202,10 @@ FlateStream::FlateStream(Stream *strA, i
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if ( !pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+Index: filters/kword/pdf/xpdf/xpdf/Stream.h
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Stream.h (revision 485850)
++++ filters/kword/pdf/xpdf/xpdf/Stream.h (revision 486431)
+@@ -227,6 +227,7 @@ public:
+
+ int lookChar();
+ int getChar();
++ GBool isOk() { return ok; }
+
+ private:
+
+@@ -242,6 +243,7 @@ private:
+ int rowBytes; // bytes per line
+ Guchar *predLine; // line buffer
+ int predIdx; // current index in predLine
++ GBool ok;
+ };
+
+ //------------------------------------------------------------------------
generated by cgit (git 2.34.1) at 2024-12-28 13:49:46 +0800