aboutsummaryrefslogtreecommitdiffstats
path: root/editors/koffice-kde3
diff options
context:
space:
mode:
authorlofi <lofi@FreeBSD.org>2007-01-18 18:22:23 +0800
committerlofi <lofi@FreeBSD.org>2007-01-18 18:22:23 +0800
commitb6801e09f7a0b54cbc3b7498ca0fb2a2dc4988c1 (patch)
treee36fe857fc49a59a20a982c9c78246017e753529 /editors/koffice-kde3
parent65fbc4bcd195ff6b7fd854a8f2105572c0766e83 (diff)
downloadfreebsd-ports-gnome-b6801e09f7a0b54cbc3b7498ca0fb2a2dc4988c1.tar.gz
freebsd-ports-gnome-b6801e09f7a0b54cbc3b7498ca0fb2a2dc4988c1.tar.zst
freebsd-ports-gnome-b6801e09f7a0b54cbc3b7498ca0fb2a2dc4988c1.zip
Patch denial of service vulnerability in PDF parser.
Security: CVE-2007-0104
Diffstat (limited to 'editors/koffice-kde3')
-rw-r--r--editors/koffice-kde3/Makefile3
-rw-r--r--editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff74
2 files changed, 76 insertions, 1 deletions
diff --git a/editors/koffice-kde3/Makefile b/editors/koffice-kde3/Makefile
index 9cb07045d1ed..be4d53dee422 100644
--- a/editors/koffice-kde3/Makefile
+++ b/editors/koffice-kde3/Makefile
@@ -7,6 +7,7 @@
PORTNAME= koffice
PORTVERSION= 1.6.1
+PORTREVISION= 1
PORTEPOCH= 2
CATEGORIES= editors kde
MASTER_SITES= ${MASTER_SITE_KDE}
@@ -33,7 +34,7 @@ LIB_DEPENDS= GraphicsMagick++:${PORTSDIR}/graphics/GraphicsMagick \
RUN_DEPENDS= ${LOCALBASE}/lib/libpqxx.a:${PORTSDIR}/databases/postgresql-libpqxx
USE_AUTOTOOLS= libtool:15
-INSTALLS_SHLIB= yes
+USE_LDCONFIG= yes
PREFIX= ${KDE_PREFIX}
USE_BZIP2= yes
USE_GMAKE= yes
diff --git a/editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff b/editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff
new file mode 100644
index 000000000000..f5e51a1c706e
--- /dev/null
+++ b/editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff
@@ -0,0 +1,74 @@
+------------------------------------------------------------------------
+r622463 | aacid | 2007-01-11 23:05:54 +0100 (Thu, 11 Jan 2007) | 2 lines
+Changed paths:
+ M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc
+ M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.h
+
+Commiting the patch agreed between kpdf and poppler developers to fix MOAB-06-01-2007 issue.
+
+------------------------------------------------------------------------
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.cc
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622463)
+@@ -24,6 +24,12 @@
+ #include "Link.h"
+ #include "Catalog.h"
+
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -77,7 +83,7 @@ Catalog::Catalog(XRef *xrefA) {
+ pageRefs[i].num = -1;
+ pageRefs[i].gen = -1;
+ }
+- numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+ if (numPages != numPages0) {
+ error(-1, "Page count in top-level pages object is incorrect");
+ }
+@@ -171,7 +177,7 @@ GString *Catalog::readMetadata() {
+ return s;
+ }
+
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+ Object kids;
+ Object kid;
+ Object kidRef;
+@@ -221,9 +227,13 @@ int Catalog::readPageTree(Dict *pagesDic
+ // This should really be isDict("Pages"), but I've seen at least one
+ // PDF file where the /Type entry is missing.
+ } else if (kid.isDict()) {
+- if ((start = readPageTree(kid.getDict(), attrs1, start))
+- < 0)
+- goto err2;
++ if (callDepth > MAX_CALL_DEPTH) {
++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++ } else {
++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++ < 0)
++ goto err2;
++ }
+ } else {
+ error(-1, "Kid object (page %d) is wrong type (%s)",
+ start+1, kid.getTypeName());
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.h
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622463)
+@@ -82,7 +82,7 @@ private:
+ Object outline; // outline dictionary
+ GBool ok; // true if catalog is valid
+
+- int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+ Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+