Fix embedded xpdf vulnerability. Bump PORTREVISION.

Approved by:	asa@agava.com (maintainer, timeout 3 weeks), linimon
Obtained from:	RedHat/FC3
Security:	http://www.FreeBSD.org/ports/portaudit/24eee285-09c7-11da-bc08-0001020eed82.html
Security:	CAN-2005-2097

2 files changed, 13 insertions, 1 deletions

diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile
index 91eb46cb23b2..933c0b3bafdb 100644
--- a/print/cups-base/Makefile
+++ b/print/cups-base/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	cups-base
 PORTVERSION=	${CUPS_PORTVER}
-PORTREVISION=	4
+PORTREVISION=	5
 PORTEPOCH=	${CUPS_PORTEPOCH}
 CATEGORIES=	print
 MASTER_SITES=	${CUPS_MASTER_SITES}
diff --git a/print/cups-base/files/patch-CAN-2005-2097 b/print/cups-base/files/patch-CAN-2005-2097
new file mode 100644
index 000000000000..6de18ba3e35b
--- /dev/null
+++ b/print/cups-base/files/patch-CAN-2005-2097
@@ -0,0 +1,12 @@
+--- pdftops/FontFile.cxx.orig	Tue Feb  3 09:41:09 2004
++++ pdftops/FontFile.cxx	Tue Sep  6 16:16:04 2005
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error(1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {