Pullup ticket 961 - requested by Lubomir Sedlacik

security fix for devel/libextractor

Revisions pulled up:
- pkgsrc/devel/libextractor/Makefile                          1.10
- pkgsrc/devel/libextractor/distinfo                          1.8
- pkgsrc/devel/libextractor/patches/patch-ad                  1.3
- pkgsrc/devel/libextractor/patches/patch-ae                  1.1

   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Thu Dec 15 13:26:18 UTC 2005

   Modified Files:
   	pkgsrc/devel/libextractor: Makefile distinfo
   Added Files:
   	pkgsrc/devel/libextractor/patches: patch-ad patch-ae

   Log Message:
   Security fix for CVE-2005-3191 and CVE-2005-3192.
   Backported from 0.5.8.

4 files changed, 106 insertions, 2 deletions

diff --git a/devel/libextractor/Makefile b/devel/libextractor/Makefile
index 873b0d19627..ac09b8966ea 100644
--- a/devel/libextractor/Makefile
+++ b/devel/libextractor/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.9 2005/08/16 12:37:29 adam Exp $
+# $NetBSD: Makefile,v 1.9.2.1 2005/12/16 17:15:56 seb Exp $
 
 DISTNAME=	libextractor-0.5.3
+PKGREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	http://gnunet.org/libextractor/download/
 
diff --git a/devel/libextractor/distinfo b/devel/libextractor/distinfo
index 2b7a65bc50c..f3301370822 100644
--- a/devel/libextractor/distinfo
+++ b/devel/libextractor/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2005/08/16 12:37:29 adam Exp $
+$NetBSD: distinfo,v 1.7.2.1 2005/12/16 17:15:56 seb Exp $
 
 SHA1 (libextractor-0.5.3.tar.gz) = 9535146c02897f522a34a756bee211ebeb764df5
 RMD160 (libextractor-0.5.3.tar.gz) = ba7bd534d975938778011358668a98fbbe4b1e28
@@ -6,3 +6,5 @@ Size (libextractor-0.5.3.tar.gz) = 6018214 bytes
 SHA1 (patch-aa) = e3c770fd3a0cc918cf1f05f79cb1a148dd928533
 SHA1 (patch-ab) = f4d0ab325aba0a624da755dc60c7b4b99652566f
 SHA1 (patch-ac) = 8e6382b5052636cf0d9f85193465bcb0499acbfc
+SHA1 (patch-ad) = 80887bc7491aee65d86b102b0de2adb3f0e3d218
+SHA1 (patch-ae) = d3699327d5370022f8de70222f4f123813a7f412
diff --git a/devel/libextractor/patches/patch-ad b/devel/libextractor/patches/patch-ad
new file mode 100644
index 00000000000..a193a1f953f
--- /dev/null
+++ b/devel/libextractor/patches/patch-ad
@@ -0,0 +1,77 @@
+$NetBSD: patch-ad,v 1.2.4.1 2005/12/16 17:15:56 seb Exp $
+
+Security fix for CVE-2005-3191 and CVE-2005-3192.
+From libextractor 0.5.8.
+
+--- src/plugins/pdf/Stream.cc.orig	2005-04-24 04:59:57.000000000 +0200
++++ src/plugins/pdf/Stream.cc	2005-12-15 13:49:30.000000000 +0100
+@@ -410,18 +410,32 @@ void ImageStream::skipLine() {
+ 
+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
+ 				 int widthA, int nCompsA, int nBitsA) {
++  int totalBits;
++
+   str = strA;
+   predictor = predictorA;
+   width = widthA;
+   nComps = nCompsA;
+   nBits = nBitsA;
++  predLine = NULL;
++  ok = gFalse;
+ 
+   nVals = width * nComps;
++  totalBits = nVals * nBits;
++  if (totalBits == 0 ||
++       (totalBits / nBits) / nComps != width ||
++       totalBits + 7 < 0) {
++    return;
++  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+-  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
++  if (rowBytes < 0) {
++   return;
++  }
+   predLine = (Guchar *)gmalloc(rowBytes);
+   memset(predLine, 0, rowBytes);
+   predIdx = rowBytes;
++  ok = gTrue;
+ }
+ 
+ StreamPredictor::~StreamPredictor() {
+@@ -1015,6 +1029,10 @@ LZWStream::LZWStream(Stream *strA, int p
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (! pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }	    
+   } else {
+     pred = NULL;
+   }
+@@ -2900,6 +2918,13 @@ GBool DCTStream::readBaselineSOF() {
+   height = read16();
+   width = read16();
+   numComps = str->getChar();
++  if (numComps <= 0 || numComps > 4) {
++    return gFalse;
++  }
++  if (numComps <= 0 || numComps > 4) {
++    return gFalse;
++  }
++
+   if (prec != 8) {
+     error(getPos(), "Bad DCT precision %d", prec);
+     return gFalse;
+@@ -3258,6 +3283,10 @@ FlateStream::FlateStream(Stream *strA, i
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (! pred->isOk()) { 
++      delete pred;
++      pred = NULL;
++    }  
+   } else {
+     pred = NULL;
+   }
diff --git a/devel/libextractor/patches/patch-ae b/devel/libextractor/patches/patch-ae
new file mode 100644
index 00000000000..537c20e69ee
--- /dev/null
+++ b/devel/libextractor/patches/patch-ae
@@ -0,0 +1,24 @@
+$NetBSD: patch-ae,v 1.1.2.2 2005/12/16 17:15:56 seb Exp $
+
+Security fix for CVE-2005-3192.
+From libextractor 0.5.8.
+
+--- src/plugins/pdf/Stream.h.orig	2005-04-24 04:59:57.000000000 +0200
++++ src/plugins/pdf/Stream.h	2005-12-15 13:49:30.000000000 +0100
+@@ -231,6 +231,8 @@ public:
+   StreamPredictor(Stream *strA, int predictorA,
+ 		  int widthA, int nCompsA, int nBitsA);
+ 
++  GBool isOk() { return ok; }
++  
+   ~StreamPredictor();
+ 
+   int lookChar();
+@@ -250,6 +252,7 @@ private:
+   int rowBytes;			// bytes per line
+   Guchar *predLine;		// line buffer
+   int predIdx;			// current index in predLine
++  GBool ok;
+ };
+ 
+ //------------------------------------------------------------------------