diff options
| -rw-r--r-- | editors/calligra/Makefile | 1 | ||||
| -rw-r--r-- | editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff | 41 | ||||
| -rw-r--r-- | editors/koffice-kde3/Makefile | 1 | ||||
| -rw-r--r-- | editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff | 41 | ||||
| -rw-r--r-- | editors/koffice-kde4/Makefile | 1 | ||||
| -rw-r--r-- | editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff | 41 |
6 files changed, 126 insertions, 0 deletions
diff --git a/editors/calligra/Makefile b/editors/calligra/Makefile index 73501ed3bf0..3b6102eac61 100644 --- a/editors/calligra/Makefile +++ b/editors/calligra/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.5 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff b/editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff new file mode 100644 index 00000000000..929a3ba2964 --- /dev/null +++ b/editors/calligra/files/patch-xpdf_security_integer_overflow_2.diff @@ -0,0 +1,41 @@ +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/Gfx.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +- for (i = 0; i < maskObj.arrayGetLength(); ++i) { ++ for (i = 0; ++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++ ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/GfxState.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par + goto err2; + } + nCompsA = obj1.arrayGetLength(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "DeviceN color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + for (i = 0; i < nCompsA; ++i) { + if (!obj1.arrayGet(i, &obj2)->isName()) { + error(-1, "Bad DeviceN color space (names)"); diff --git a/editors/koffice-kde3/Makefile b/editors/koffice-kde3/Makefile index 73501ed3bf0..3b6102eac61 100644 --- a/editors/koffice-kde3/Makefile +++ b/editors/koffice-kde3/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.5 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff b/editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff new file mode 100644 index 00000000000..929a3ba2964 --- /dev/null +++ b/editors/koffice-kde3/files/patch-xpdf_security_integer_overflow_2.diff @@ -0,0 +1,41 @@ +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/Gfx.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +- for (i = 0; i < maskObj.arrayGetLength(); ++i) { ++ for (i = 0; ++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++ ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/GfxState.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par + goto err2; + } + nCompsA = obj1.arrayGetLength(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "DeviceN color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + for (i = 0; i < nCompsA; ++i) { + if (!obj1.arrayGet(i, &obj2)->isName()) { + error(-1, "Bad DeviceN color space (names)"); diff --git a/editors/koffice-kde4/Makefile b/editors/koffice-kde4/Makefile index 73501ed3bf0..3b6102eac61 100644 --- a/editors/koffice-kde4/Makefile +++ b/editors/koffice-kde4/Makefile @@ -8,6 +8,7 @@ PORTNAME= koffice PORTVERSION= 1.3.5 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= editors kde MASTER_SITES= ${MASTER_SITE_KDE} diff --git a/editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff b/editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff new file mode 100644 index 00000000000..929a3ba2964 --- /dev/null +++ b/editors/koffice-kde4/files/patch-xpdf_security_integer_overflow_2.diff @@ -0,0 +1,41 @@ +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/Gfx.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s + haveMask = gFalse; + dict->lookup("Mask", &maskObj); + if (maskObj.isArray()) { +- for (i = 0; i < maskObj.arrayGetLength(); ++i) { ++ for (i = 0; ++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++ ++i) { + maskObj.arrayGet(i, &obj1); + maskColors[i] = obj1.getInt(); + obj1.free(); +diff -u -b -p -u -r1.3 -r1.3.2.1 +--- filters/kword/pdf/xpdf/xpdf/GfxState.cc 25 Jan 2003 23:17:44 -0000 1.3 ++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc 22 Dec 2004 12:07:12 -0000 1.3.2.1 +@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa + } + nCompsA = obj2.getInt(); + obj2.free(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "ICCBased color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + if (dict->lookup("Alternate", &obj2)->isNull() || + !(altA = GfxColorSpace::parse(&obj2))) { + switch (nCompsA) { +@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par + goto err2; + } + nCompsA = obj1.arrayGetLength(); ++ if (nCompsA > gfxColorMaxComps) { ++ error(-1, "DeviceN color space with too many (%d > %d) components", ++ nCompsA, gfxColorMaxComps); ++ nCompsA = gfxColorMaxComps; ++ } + for (i = 0; i < nCompsA; ++i) { + if (!obj1.arrayGet(i, &obj2)->isName()) { + error(-1, "Bad DeviceN color space (names)"); |