aboutsummaryrefslogtreecommitdiffstats
path: root/graphics
diff options
context:
space:
mode:
authorlofi <lofi@FreeBSD.org>2006-02-03 19:08:43 +0800
committerlofi <lofi@FreeBSD.org>2006-02-03 19:08:43 +0800
commit1e2884c9ddc271090ae93572373c200e9861fc6b (patch)
treecac810abe03fa34110760e25ff2160b5ab50c938 /graphics
parent050c3fd058373a338161643f99c176081533a779 (diff)
downloadfreebsd-ports-gnome-1e2884c9ddc271090ae93572373c200e9861fc6b.tar.gz
freebsd-ports-gnome-1e2884c9ddc271090ae93572373c200e9861fc6b.tar.zst
freebsd-ports-gnome-1e2884c9ddc271090ae93572373c200e9861fc6b.zip
No KDE release without an xpdf-inherited security issue.
Security: CVE-2006-0301, http://www.kde.org/info/security/advisory-20060202-1.txt kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.
Diffstat (limited to 'graphics')
-rw-r--r--graphics/kdegraphics3/Makefile1
-rw-r--r--graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff50
-rw-r--r--graphics/kdegraphics4/Makefile1
-rw-r--r--graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff50
4 files changed, 102 insertions, 0 deletions
diff --git a/graphics/kdegraphics3/Makefile b/graphics/kdegraphics3/Makefile
index 4b49bf3ae684..40fd6748e580 100644
--- a/graphics/kdegraphics3/Makefile
+++ b/graphics/kdegraphics3/Makefile
@@ -8,6 +8,7 @@
PORTNAME= kdegraphics
PORTVERSION= ${KDE_VERSION}
+PORTREVISION= 1
CATEGORIES= graphics kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
diff --git a/graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff b/graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..e2e19b511dd7
--- /dev/null
+++ b/graphics/kdegraphics3/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,50 @@
+--- kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 505052)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc (Arbeitskopie)
+@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+
+ void SplashXPathScanner::computeIntersections(int y) {
+- SplashCoord ySegMin, ySegMax, xx0, xx1;
++ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+ SplashXPathSeg *seg;
+ int i, j;
+
+@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec
+ } else if (seg->flags & splashXPathVert) {
+ xx0 = xx1 = seg->x0;
+ } else {
+- if (ySegMin <= y) {
+- // intersection with top edge
+- xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++ if (seg->x0 < seg->x1) {
++ xSegMin = seg->x0;
++ xSegMax = seg->x1;
+ } else {
+- // x coord of segment endpoint with min y coord
+- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++ xSegMin = seg->x1;
++ xSegMax = seg->x0;
+ }
+- if (ySegMax >= y + 1) {
+- // intersection with bottom edge
+- xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
+- } else {
+- // x coord of segment endpoint with max y coord
+- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++ // intersection with top edge
++ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++ // intersection with bottom edge
++ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++ // the segment may not actually extend to the top and/or bottom edges
++ if (xx0 < xSegMin) {
++ xx0 = xSegMin;
++ } else if (xx0 > xSegMax) {
++ xx0 = xSegMax;
++ }
++ if (xx1 < xSegMin) {
++ xx1 = xSegMin;
++ } else if (xx1 > xSegMax) {
++ xx1 = xSegMax;
+ }
+ }
+ if (xx0 < xx1) {
diff --git a/graphics/kdegraphics4/Makefile b/graphics/kdegraphics4/Makefile
index 4b49bf3ae684..40fd6748e580 100644
--- a/graphics/kdegraphics4/Makefile
+++ b/graphics/kdegraphics4/Makefile
@@ -8,6 +8,7 @@
PORTNAME= kdegraphics
PORTVERSION= ${KDE_VERSION}
+PORTREVISION= 1
CATEGORIES= graphics kde
MASTER_SITES= ${MASTER_SITE_KDE}
MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src
diff --git a/graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff b/graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..e2e19b511dd7
--- /dev/null
+++ b/graphics/kdegraphics4/files/patch-post-3.5.1-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,50 @@
+--- kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 505052)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc (Arbeitskopie)
+@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+
+ void SplashXPathScanner::computeIntersections(int y) {
+- SplashCoord ySegMin, ySegMax, xx0, xx1;
++ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+ SplashXPathSeg *seg;
+ int i, j;
+
+@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec
+ } else if (seg->flags & splashXPathVert) {
+ xx0 = xx1 = seg->x0;
+ } else {
+- if (ySegMin <= y) {
+- // intersection with top edge
+- xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++ if (seg->x0 < seg->x1) {
++ xSegMin = seg->x0;
++ xSegMax = seg->x1;
+ } else {
+- // x coord of segment endpoint with min y coord
+- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++ xSegMin = seg->x1;
++ xSegMax = seg->x0;
+ }
+- if (ySegMax >= y + 1) {
+- // intersection with bottom edge
+- xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
+- } else {
+- // x coord of segment endpoint with max y coord
+- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++ // intersection with top edge
++ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++ // intersection with bottom edge
++ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++ // the segment may not actually extend to the top and/or bottom edges
++ if (xx0 < xSegMin) {
++ xx0 = xSegMin;
++ } else if (xx0 > xSegMax) {
++ xx0 = xSegMax;
++ }
++ if (xx1 < xSegMin) {
++ xx1 = xSegMin;
++ } else if (xx1 > xSegMax) {
++ xx1 = xSegMax;
+ }
+ }
+ if (xx0 < xx1) {