Patch vulnerability in imported xpdf code. Bump PORTREVISION.

Approved by:	pav(mentor)
With hat:	secteam

References:	http://www.vuxml.org/freebsd/e3e266e9-5473-11d9-a9e7-0001020eed82.html

2 files changed, 28 insertions, 1 deletions

diff --git a/print/teTeX-base/Makefile b/print/teTeX-base/Makefile
index 20773b5e0416..8c4c98d7e3be 100644
--- a/print/teTeX-base/Makefile
+++ b/print/teTeX-base/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	teTeX-base
 PORTVERSION=	2.0.2
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	print
 MASTER_SITES=	ftp://sunsite.informatik.rwth-aachen.de/pub/comp/tex/teTeX/2.0/distrib/ \
 		${MASTER_SITE_TEX_CTAN}
diff --git a/print/teTeX-base/files/patch-CAN-2004-1125 b/print/teTeX-base/files/patch-CAN-2004-1125
new file mode 100644
index 000000000000..9f7d9445b2f6
--- /dev/null
+++ b/print/teTeX-base/files/patch-CAN-2004-1125
@@ -0,0 +1,27 @@
+--- libs/xpdf/xpdf/Gfx.cc	Mon May 17 21:37:57 2004
++++ libs/xpdf/xpdf/Gfx.cc	Fri Dec 24 17:01:42 2004
+@@ -2654,7 +2654,9 @@
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++	   i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++	   ++i) {
+ 	maskObj.arrayGet(i, &obj1);
+ 	maskColors[i] = obj1.getInt();
+ 	obj1.free();
+--- libs/xpdf/xpdf/GfxState.cc	Mon May 17 21:37:57 2004
++++ libs/xpdf/xpdf/GfxState.cc	Fri Dec 24 17:01:42 2004
+@@ -714,6 +714,11 @@
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++	  nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {