aboutsummaryrefslogtreecommitdiffstats
path: root/graphics
diff options
context:
space:
mode:
authormnag <mnag@FreeBSD.org>2006-03-28 06:15:26 +0800
committermnag <mnag@FreeBSD.org>2006-03-28 06:15:26 +0800
commit8330bd6e57fcc36242ef2a48b4dce3c3cb7c65b3 (patch)
treeee1f27ffa6c22803ba300aa1ab919bfe76a4fd6e /graphics
parentef242900c6532009f3a0aa7cb20a5e444a24a5b9 (diff)
downloadfreebsd-ports-gnome-8330bd6e57fcc36242ef2a48b4dce3c3cb7c65b3.tar.gz
freebsd-ports-gnome-8330bd6e57fcc36242ef2a48b4dce3c3cb7c65b3.tar.zst
freebsd-ports-gnome-8330bd6e57fcc36242ef2a48b4dce3c3cb7c65b3.zip
- Add patch for security issues
- Bump PORTREVISION - portlint(1) Approved by: gnome (marcus) Obtained from: gentoo Security: CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2006-0301, http://secunia.com/advisories/18303/, http://secunia.com/advisories/18677/
Diffstat (limited to 'graphics')
-rw-r--r--graphics/gpdf/Makefile3
-rw-r--r--graphics/gpdf/files/patch-SA17897120
-rw-r--r--graphics/gpdf/files/patch-SA18303296
-rw-r--r--graphics/gpdf/files/patch-SA1867752
4 files changed, 350 insertions, 121 deletions
diff --git a/graphics/gpdf/Makefile b/graphics/gpdf/Makefile
index ac7e8b94c78e..48c6702ecfd0 100644
--- a/graphics/gpdf/Makefile
+++ b/graphics/gpdf/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gpdf
PORTVERSION= 2.10.0
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= graphics print gnome
MASTER_SITES= ${MASTER_SITE_GNOME}
MASTER_SITE_SUBDIR= sources/${PORTNAME}/2.10
@@ -20,6 +20,7 @@ USE_BZIP2= yes
USE_GMAKE= yes
USE_GNOME= gnomeprefix gnomehack intlhack libgnomeui libgnomeprintui \
desktopfileutils
+USE_GETTEXT= yes
USE_X_PREFIX= yes
INSTALLS_OMF= yes
GNU_CONFIGURE= yes
diff --git a/graphics/gpdf/files/patch-SA17897 b/graphics/gpdf/files/patch-SA17897
deleted file mode 100644
index f27f1a139be4..000000000000
--- a/graphics/gpdf/files/patch-SA17897
+++ /dev/null
@@ -1,120 +0,0 @@
---- xpdf/JPXStream.cc.orig Mon May 17 15:11:49 2004
-+++ xpdf/JPXStream.cc Tue Dec 6 18:07:18 2005
-@@ -666,7 +666,7 @@
- int segType;
- GBool haveSIZ, haveCOD, haveQCD, haveSOT;
- Guint precinctSize, style;
-- Guint segLen, capabilities, comp, i, j, r;
-+ Guint segLen, capabilities, nTiles, comp, i, j, r;
-
- //----- main header
- haveSIZ = haveCOD = haveQCD = haveSOT = gFalse;
-@@ -701,8 +701,13 @@
- / img.xTileSize;
- img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
- / img.yTileSize;
-- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles *
-- sizeof(JPXTile));
-+ nTiles = img.nXTiles * img.nYTiles;
-+ // check for overflow before allocating memory
-+ if (nTiles == 0 || nTiles / img.nXTiles != img.nYTiles) {
-+ error(getPos(), "Bad tile count in JPX SIZ marker segment");
-+ return gFalse;
-+ }
-+ img.tiles = (JPXTile *)gmalloc(nTiles * sizeof(JPXTile));
- for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
- img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps *
- sizeof(JPXTileComp));
---- xpdf/Stream.cc.orig Mon May 17 16:37:57 2004
-+++ xpdf/Stream.cc Tue Dec 6 18:05:14 2005
-@@ -407,18 +407,33 @@
-
- StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
- int widthA, int nCompsA, int nBitsA) {
-+ int totalBits;
-+
- str = strA;
- predictor = predictorA;
- width = widthA;
- nComps = nCompsA;
- nBits = nBitsA;
-+ predLine = NULL;
-+ ok = gFalse;
-
- nVals = width * nComps;
-+ totalBits = nVals * nBits;
-+ if (totalBits == 0 ||
-+ (totalBits / nBits) / nComps != width ||
-+ totalBits + 7 < 0) {
-+ return;
-+ }
- pixBytes = (nComps * nBits + 7) >> 3;
-- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-+ rowBytes = ((totalBits + 7) >> 3) + pixBytes;
-+ if (rowBytes < 0) {
-+ return;
-+ }
- predLine = (Guchar *)gmalloc(rowBytes);
- memset(predLine, 0, rowBytes);
- predIdx = rowBytes;
-+
-+ ok = gTrue;
- }
-
- StreamPredictor::~StreamPredictor() {
-@@ -1012,6 +1027,10 @@
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
-@@ -2897,6 +2916,14 @@
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream", prec);
-+ return gFalse;
-+ }
-+ if (numComps <= 0 || numComps > 4) {
-+ error(getPos(), "Bad number of components in DCT stream", prec);
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-@@ -3255,6 +3282,10 @@
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
---- xpdf/Stream.h.orig Mon May 17 16:37:57 2004
-+++ xpdf/Stream.h Tue Dec 6 18:05:14 2005
-@@ -233,6 +233,8 @@
-
- ~StreamPredictor();
-
-+ GBool isOk() { return ok; }
-+
- int lookChar();
- int getChar();
-
-@@ -250,6 +252,7 @@
- int rowBytes; // bytes per line
- Guchar *predLine; // line buffer
- int predIdx; // current index in predLine
-+ GBool ok;
- };
-
- //------------------------------------------------------------------------
diff --git a/graphics/gpdf/files/patch-SA18303 b/graphics/gpdf/files/patch-SA18303
new file mode 100644
index 000000000000..567ce2622153
--- /dev/null
+++ b/graphics/gpdf/files/patch-SA18303
@@ -0,0 +1,296 @@
+Index: xpdf/JPXStream.cc
+===================================================================
+--- xpdf/JPXStream.cc
++++ xpdf/JPXStream.cc
+@@ -7,6 +7,7 @@
+ //========================================================================
+
+ #include <aconf.h>
++#include <limits.h>
+
+ #ifdef USE_GCC_PRAGMAS
+ #pragma implementation
+@@ -666,7 +667,7 @@ GBool JPXStream::readCodestream(Guint le
+ int segType;
+ GBool haveSIZ, haveCOD, haveQCD, haveSOT;
+ Guint precinctSize, style;
+- Guint segLen, capabilities, comp, i, j, r;
++ Guint segLen, capabilities, nTiles, comp, i, j, r;
+
+ //----- main header
+ haveSIZ = haveCOD = haveQCD = haveSOT = gFalse;
+@@ -701,8 +702,19 @@ GBool JPXStream::readCodestream(Guint le
+ / img.xTileSize;
+ img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
+ / img.yTileSize;
+- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles *
+- sizeof(JPXTile));
++ // check for overflow before allocating memory
++ if (img.nXTiles <= 0 || img.nYTiles <= 0 ||
++ img.nXTiles >= INT_MAX/img.nYTiles) {
++ error(getPos(), "Bad tile count in JPX SIZ marker segment");
++ return gFalse;
++ }
++ nTiles = img.nXTiles * img.nYTiles;
++ if (nTiles >= INT_MAX/sizeof(JPXTile)) {
++ error(getPos(), "Bad tile count in JPX SIZ marker segment");
++ return gFalse;
++ }
++ img.tiles = (JPXTile *)gmalloc(nTiles * sizeof(JPXTile));
++
+ for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
+ img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps *
+ sizeof(JPXTileComp));
+Index: xpdf/Stream.h
+===================================================================
+--- xpdf/Stream.h
++++ xpdf/Stream.h
+@@ -233,6 +233,8 @@ public:
+
+ ~StreamPredictor();
+
++ GBool isOk() { return ok; }
++
+ int lookChar();
+ int getChar();
+
+@@ -250,6 +252,7 @@ private:
+ int rowBytes; // bytes per line
+ Guchar *predLine; // line buffer
+ int predIdx; // current index in predLine
++ GBool ok;
+ };
+
+ //------------------------------------------------------------------------
+Index: xpdf/Stream.cc
+===================================================================
+--- xpdf/Stream.cc
++++ xpdf/Stream.cc
+@@ -15,6 +15,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stddef.h>
++#include <limits.h>
+ #ifndef WIN32
+ #include <unistd.h>
+ #endif
+@@ -412,13 +413,28 @@ StreamPredictor::StreamPredictor(Stream
+ width = widthA;
+ nComps = nCompsA;
+ nBits = nBitsA;
++ predLine = NULL;
++ ok = gFalse;
+
++ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++ nComps >= INT_MAX/nBits ||
++ width >= INT_MAX/nComps/nBits) {
++ return;
++ }
+ nVals = width * nComps;
++ if (nVals * nBits + 7 <= 0) {
++ return;
++ }
+ pixBytes = (nComps * nBits + 7) >> 3;
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++ if (rowBytes < 0) {
++ return;
++ }
+ predLine = (Guchar *)gmalloc(rowBytes);
+ memset(predLine, 0, rowBytes);
+ predIdx = rowBytes;
++
++ ok = gTrue;
+ }
+
+ StreamPredictor::~StreamPredictor() {
+@@ -1012,6 +1028,10 @@ LZWStream::LZWStream(Stream *strA, int p
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if (!pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+@@ -1260,6 +1280,10 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
+ endOfLine = endOfLineA;
+ byteAlign = byteAlignA;
+ columns = columnsA;
++ if (columns < 1 || columns >= INT_MAX / sizeof(short)) {
++ error(-1, "invalid number of columns: %d", columns);
++ exit(1);
++ }
+ rows = rowsA;
+ endOfBlock = endOfBlockA;
+ black = blackA;
+@@ -2897,6 +2921,11 @@ GBool DCTStream::readBaselineSOF() {
+ height = read16();
+ width = read16();
+ numComps = str->getChar();
++ if (numComps <= 0 || numComps > 4) {
++ numComps = 0;
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ if (prec != 8) {
+ error(getPos(), "Bad DCT precision %d", prec);
+ return gFalse;
+@@ -2923,6 +2952,11 @@ GBool DCTStream::readProgressiveSOF() {
+ height = read16();
+ width = read16();
+ numComps = str->getChar();
++ if (numComps <= 0 || numComps > 4) {
++ numComps = 0;
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ if (prec != 8) {
+ error(getPos(), "Bad DCT precision %d", prec);
+ return gFalse;
+@@ -2945,6 +2979,11 @@ GBool DCTStream::readScanInfo() {
+
+ length = read16() - 2;
+ scanInfo.numComps = str->getChar();
++ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
++ scanInfo.numComps = 0;
++ error(getPos(), "Bad number of components in DCT stream");
++ return gFalse;
++ }
+ --length;
+ if (length != 2 * scanInfo.numComps + 3) {
+ error(getPos(), "Bad DCT scan info block");
+@@ -3019,12 +3058,12 @@ GBool DCTStream::readHuffmanTables() {
+ while (length > 0) {
+ index = str->getChar();
+ --length;
+- if ((index & 0x0f) >= 4) {
++ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
+ error(getPos(), "Bad DCT Huffman table");
+ return gFalse;
+ }
+ if (index & 0x10) {
+- index &= 0x0f;
++ index &= 0x03;
+ if (index >= numACHuffTables)
+ numACHuffTables = index+1;
+ tbl = &acHuffTables[index];
+@@ -3142,9 +3181,11 @@ int DCTStream::readMarker() {
+ do {
+ do {
+ c = str->getChar();
++ if(c == EOF) return EOF;
+ } while (c != 0xff);
+ do {
+ c = str->getChar();
++ if(c == EOF) return EOF;
+ } while (c == 0xff);
+ } while (c == 0x00);
+ return c;
+@@ -3255,6 +3296,10 @@ FlateStream::FlateStream(Stream *strA, i
+ FilterStream(strA) {
+ if (predictor != 1) {
+ pred = new StreamPredictor(this, predictor, columns, colors, bits);
++ if (!pred->isOk()) {
++ delete pred;
++ pred = NULL;
++ }
+ } else {
+ pred = NULL;
+ }
+Index: xpdf/JBIG2Stream.cc
+===================================================================
+--- xpdf/JBIG2Stream.cc
++++ xpdf/JBIG2Stream.cc
+@@ -7,6 +7,7 @@
+ //========================================================================
+
+ #include <aconf.h>
++#include <limits.h>
+
+ #ifdef USE_GCC_PRAGMAS
+ #pragma implementation
+@@ -681,7 +682,16 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
+ w = wA;
+ h = hA;
+ line = (wA + 7) >> 3;
+- data = (Guchar *)gmalloc(h * line);
++
++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
++ error(-1, "invalid width/height");
++ data = NULL;
++ return;
++ }
++
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
++ data[h * line] = 0;
+ }
+
+ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, JBIG2Bitmap *bitmap):
+@@ -690,8 +700,17 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
+ w = bitmap->w;
+ h = bitmap->h;
+ line = bitmap->line;
+- data = (Guchar *)gmalloc(h * line);
++
++ if (h < 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
++ error(-1, "invalid width/height");
++ data = NULL;
++ return;
++ }
++
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)gmalloc(h * line + 1);
+ memcpy(data, bitmap->data, h * line);
++ data[h * line] = 0;
+ }
+
+ JBIG2Bitmap::~JBIG2Bitmap() {
+@@ -716,10 +735,14 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint
+ }
+
+ void JBIG2Bitmap::expand(int newH, Guint pixel) {
+- if (newH <= h) {
++ if (newH <= h || line <= 0 || newH >= (INT_MAX - 1) / line) {
++ error(-1, "invalid width/height");
++ gfree(data);
++ data = NULL;
+ return;
+ }
+- data = (Guchar *)grealloc(data, newH * line);
++ // need to allocate one extra guard byte for use in combine()
++ data = (Guchar *)grealloc(data, newH * line + 1);
+ if (pixel) {
+ memset(data + h * line, 0xff, (newH - h) * line);
+ } else {
+@@ -2256,6 +2279,15 @@ void JBIG2Stream::readHalftoneRegionSeg(
+ error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
+ return;
+ }
++ if (gridH == 0 || gridW >= INT_MAX / gridH) {
++ error(getPos(), "Bad size in JBIG2 halftone segment");
++ return;
++ }
++ if (w == 0 || h >= INT_MAX / w) {
++ error(getPos(), "Bad size in JBIG2 bitmap segment");
++ return;
++ }
++
+ patternDict = (JBIG2PatternDict *)seg;
+ bpp = 0;
+ i = 1;
+@@ -2887,6 +2919,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef
+ JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2;
+ int x, y, pix;
+
++ if (w < 0 || h <= 0 || w >= INT_MAX / h) {
++ error(-1, "invalid width/height");
++ return NULL;
++ }
++
+ bitmap = new JBIG2Bitmap(0, w, h);
+ bitmap->clearToZero();
+
+# vim: syntax=diff
diff --git a/graphics/gpdf/files/patch-SA18677 b/graphics/gpdf/files/patch-SA18677
new file mode 100644
index 000000000000..61ccfbae40b7
--- /dev/null
+++ b/graphics/gpdf/files/patch-SA18677
@@ -0,0 +1,52 @@
+diff --exclude-from=/home/dang/.diffrc -u -ruN splash/SplashXPathScanner.cc splash/SplashXPathScanner.cc
+--- splash/SplashXPathScanner.cc 2004-05-17 14:10:56.000000000 -0400
++++ splash/SplashXPathScanner.cc 2006-02-12 14:35:09.000000000 -0500
+@@ -182,7 +182,7 @@
+ }
+
+ void SplashXPathScanner::computeIntersections(int y) {
+- SplashCoord ySegMin, ySegMax, xx0, xx1;
++ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+ SplashXPathSeg *seg;
+ int i, j;
+
+@@ -232,19 +232,27 @@
+ } else if (seg->flags & splashXPathVert) {
+ xx0 = xx1 = seg->x0;
+ } else {
+- if (ySegMin <= y) {
+- // intersection with top edge
+- xx0 = seg->x0 + (y - seg->y0) * seg->dxdy;
+- } else {
+- // x coord of segment endpoint with min y coord
+- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++ if (seg->x0 < seg->x1) {
++ xSegMin = seg->x0;
++ xSegMax = seg->x1;
++ } else {
++ xSegMin = seg->x1;
++ xSegMax = seg->x0;
++ }
++ // intersection with top edge
++ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++ // intersection with bottom edge
++ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++ // the segment may not actually extend to the top and/or bottom edges
++ if (xx0 < xSegMin) {
++ xx0 = xSegMin;
++ } else if (xx0 > xSegMax) {
++ xx0 = xSegMax;
+ }
+- if (ySegMax >= y + 1) {
+- // intersection with bottom edge
+- xx1 = seg->x0 + (y + 1 - seg->y0) * seg->dxdy;
+- } else {
+- // x coord of segment endpoint with max y coord
+- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++ if (xx1 < xSegMin) {
++ xx1 = xSegMin;
++ } else if (xx1 > xSegMax) {
++ xx1 = xSegMax;
+ }
+ }
+ if (xx0 < xx1) {