Fix security hole.

Pointed out by:	hrs
Submitted by:	KOMATSU Shinichiro <koma2@ms.u-tokyo.ac.jp>
References:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

2 files changed, 13 insertions, 4 deletions

diff --git a/graphics/xpdf/Makefile b/graphics/xpdf/Makefile
index bcec51ab4b4f..9ed2f32ebaaf 100644
--- a/graphics/xpdf/Makefile
+++ b/graphics/xpdf/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	xpdf
 PORTVERSION=	3.00
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	graphics print
 MASTER_SITES=	ftp://ftp.foolabs.com/pub/xpdf/ \
 		${MASTER_SITE_TEX_CTAN}
diff --git a/graphics/xpdf/files/patch-security b/graphics/xpdf/files/patch-security
index 2483d8197e31..c87c0e650ed6 100644
--- a/graphics/xpdf/files/patch-security
+++ b/graphics/xpdf/files/patch-security
@@ -28,8 +28,8 @@
  	pages = (Page **)grealloc(pages, pagesSize * sizeof(Page *));
  	pageRefs = (Ref *)grealloc(pageRefs, pagesSize * sizeof(Ref));
  	for (j = pagesSize - 32; j < pagesSize; ++j) {
---- xpdf/XRef.cc.orig	2004-10-11 15:51:14.000000000 +0200
-+++ xpdf/XRef.cc	2004-10-11 15:56:48.000000000 +0200
+--- xpdf/XRef.cc.orig	Thu Jan 22 10:26:45 2004
++++ xpdf/XRef.cc	Mon Jan 24 08:49:49 2005
 @@ -96,7 +96,7 @@
    }
    nObjects = obj1.getInt();
@@ -294,7 +294,16 @@
  	streamEnds = (Guint *)grealloc(streamEnds,
  				       streamEndsSize * sizeof(int));
        }
-
+@@ -756,6 +818,9 @@
+ 	  keyLength = lengthObj.getInt() / 8;
+ 	} else {
+ 	  keyLength = 5;
++	}
++	if (keyLength > 16) {
++	  keyLength = 16;
+ 	}
+ 	permFlags = permissions.getInt();
+ 	if (encVersion >= 1 && encVersion <= 2 &&
 --- xpdf/Gfx.cc.orig	Thu Jan 22 10:26:45 2004
 +++ xpdf/Gfx.cc	Thu Dec 23 09:48:17 2004
 @@ -2654,7 +2654,9 @@