diff options
author | lofi <lofi@FreeBSD.org> | 2006-02-03 19:08:43 +0800 |
---|---|---|
committer | lofi <lofi@FreeBSD.org> | 2006-02-03 19:08:43 +0800 |
commit | 1e2884c9ddc271090ae93572373c200e9861fc6b (patch) | |
tree | cac810abe03fa34110760e25ff2160b5ab50c938 /graphics | |
parent | 050c3fd058373a338161643f99c176081533a779 (diff) | |
download | freebsd-ports-gnome-1e2884c9ddc271090ae93572373c200e9861fc6b.tar.gz freebsd-ports-gnome-1e2884c9ddc271090ae93572373c200e9861fc6b.tar.zst freebsd-ports-gnome-1e2884c9ddc271090ae93572373c200e9861fc6b.zip |
No KDE release without an xpdf-inherited security issue.
Security: CVE-2006-0301,
http://www.kde.org/info/security/advisory-20060202-1.txt
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a heap based buffer overflow in the splash rasterizer engine that
can crash kpdf or even execute arbitrary code.
Diffstat (limited to 'graphics')
4 files changed, 102 insertions, 0 deletions
diff --git a/graphics/kdegraphics3/Makefile b/graphics/kdegraphics3/Makefile index 4b49bf3ae684..40fd6748e580 100644 --- a/graphics/kdegraphics3/Makefile +++ b/graphics/kdegraphics3/Makefile @@ -8,6 +8,7 @@ PORTNAME= kdegraphics PORTVERSION= ${KDE_VERSION} +PORTREVISION= 1 CATEGORIES= graphics kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff b/graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff new file mode 100644 index 000000000000..e2e19b511dd7 --- /dev/null +++ b/graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff @@ -0,0 +1,50 @@ +--- kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 505052) ++++ kpdf/xpdf/splash/SplashXPathScanner.cc (Arbeitskopie) +@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in + } + + void SplashXPathScanner::computeIntersections(int y) { +- SplashCoord ySegMin, ySegMax, xx0, xx1; ++ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1; + SplashXPathSeg *seg; + int i, j; + +@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec + } else if (seg->flags & splashXPathVert) { + xx0 = xx1 = seg->x0; + } else { +- if (ySegMin <= y) { +- // intersection with top edge +- xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy; ++ if (seg->x0 < seg->x1) { ++ xSegMin = seg->x0; ++ xSegMax = seg->x1; + } else { +- // x coord of segment endpoint with min y coord +- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0; ++ xSegMin = seg->x1; ++ xSegMax = seg->x0; + } +- if (ySegMax >= y + 1) { +- // intersection with bottom edge +- xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy; +- } else { +- // x coord of segment endpoint with max y coord +- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1; ++ // intersection with top edge ++ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy; ++ // intersection with bottom edge ++ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy; ++ // the segment may not actually extend to the top and/or bottom edges ++ if (xx0 < xSegMin) { ++ xx0 = xSegMin; ++ } else if (xx0 > xSegMax) { ++ xx0 = xSegMax; ++ } ++ if (xx1 < xSegMin) { ++ xx1 = xSegMin; ++ } else if (xx1 > xSegMax) { ++ xx1 = xSegMax; + } + } + if (xx0 < xx1) { diff --git a/graphics/kdegraphics4/Makefile b/graphics/kdegraphics4/Makefile index 4b49bf3ae684..40fd6748e580 100644 --- a/graphics/kdegraphics4/Makefile +++ b/graphics/kdegraphics4/Makefile @@ -8,6 +8,7 @@ PORTNAME= kdegraphics PORTVERSION= ${KDE_VERSION} +PORTREVISION= 1 CATEGORIES= graphics kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff b/graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff new file mode 100644 index 000000000000..e2e19b511dd7 --- /dev/null +++ b/graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff @@ -0,0 +1,50 @@ +--- kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 505052) ++++ kpdf/xpdf/splash/SplashXPathScanner.cc (Arbeitskopie) +@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in + } + + void SplashXPathScanner::computeIntersections(int y) { +- SplashCoord ySegMin, ySegMax, xx0, xx1; ++ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1; + SplashXPathSeg *seg; + int i, j; + +@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec + } else if (seg->flags & splashXPathVert) { + xx0 = xx1 = seg->x0; + } else { +- if (ySegMin <= y) { +- // intersection with top edge +- xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy; ++ if (seg->x0 < seg->x1) { ++ xSegMin = seg->x0; ++ xSegMax = seg->x1; + } else { +- // x coord of segment endpoint with min y coord +- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0; ++ xSegMin = seg->x1; ++ xSegMax = seg->x0; + } +- if (ySegMax >= y + 1) { +- // intersection with bottom edge +- xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy; +- } else { +- // x coord of segment endpoint with max y coord +- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1; ++ // intersection with top edge ++ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy; ++ // intersection with bottom edge ++ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy; ++ // the segment may not actually extend to the top and/or bottom edges ++ if (xx0 < xSegMin) { ++ xx0 = xSegMin; ++ } else if (xx0 > xSegMax) { ++ xx0 = xSegMax; ++ } ++ if (xx1 < xSegMin) { ++ xx1 = xSegMin; ++ } else if (xx1 > xSegMax) { ++ xx1 = xSegMax; + } + } + if (xx0 < xx1) { |