Pullup ticket 744 - requested by Julio M. Merino Vidal

security fix for gpdf

Revisions pulled up:
- pkgsrc/print/gpdf/Makefile		1.29
- pkgsrc/print/gpdf/distinfo		1.12
- pkgsrc/print/gpdf/patches/patch-ab	1.1

   Module Name:		pkgsrc
   Committed By:	jmmv
   Date:		Mon Sep  5 14:42:43 UTC 2005

   Modified Files:
   	pkgsrc/print/gpdf: Makefile distinfo
   Added Files:
   	pkgsrc/print/gpdf/patches: patch-ab

   Log Message:
   Apply patch to fix CAN-2005-2097; taken from the Gentoo package, which
   in turn took the patch from Red Hat.  Bump PKGREVISION to 1.

3 files changed, 72 insertions, 2 deletions

diff --git a/print/gpdf/Makefile b/print/gpdf/Makefile
index e28d135c190..8a0170c2077 100644
--- a/print/gpdf/Makefile
+++ b/print/gpdf/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2005/06/01 18:03:09 jlam Exp $
+# $NetBSD: Makefile,v 1.26.2.1 2005/09/08 10:27:34 salo Exp $
 #
 
 DISTNAME=	gpdf-2.10.0
+PKGREVISION=	1
 CATEGORIES=	print
 MASTER_SITES=	${MASTER_SITE_GNOME:=sources/gpdf/2.10/}
 EXTRACT_SUFX=	.tar.bz2
diff --git a/print/gpdf/distinfo b/print/gpdf/distinfo
index 0a941f8ed0b..b0fb55e3a5c 100644
--- a/print/gpdf/distinfo
+++ b/print/gpdf/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.11 2005/03/22 16:32:56 jmmv Exp $
+$NetBSD: distinfo,v 1.11.2.1 2005/09/08 10:27:34 salo Exp $
 
 SHA1 (gpdf-2.10.0.tar.bz2) = f9b925ed5b15deb90968e834fd63fc7628688808
 RMD160 (gpdf-2.10.0.tar.bz2) = 16cb9413e012c2c5268082d8322d1468e5c30907
 Size (gpdf-2.10.0.tar.bz2) = 1079944 bytes
 SHA1 (patch-aa) = 8985b54bad962a31a6ee315747c0297419b8e291
+SHA1 (patch-ab) = 4601088604b8c5a52546e689bfdccc2aa18ea1e6
diff --git a/print/gpdf/patches/patch-ab b/print/gpdf/patches/patch-ab
new file mode 100644
index 00000000000..7aa140f80bc
--- /dev/null
+++ b/print/gpdf/patches/patch-ab
@@ -0,0 +1,68 @@
+$NetBSD: patch-ab,v 1.1.2.2 2005/09/08 10:27:34 salo Exp $
+
+Patch to fix CAN-2005-2097.  The patch in #163920 doesn't apply to
+gpdf, since gpdf uses the gnome print api for rendering.  The crux of
+that patch is to avoid using the FoFi (font file) classes for fixing
+up the embedded truetype font, but instead pass the font to freetype
+directly.  This patch does the same thing for the gpdf rendering code.
+
+Kristian Høgsberg <krh@redhat.com>
+
+--- xpdf/GPOutputDev.cc.krh	2005-08-01 11:44:43.000000000 -0400
++++ xpdf/GPOutputDev.cc	2005-08-01 11:45:32.000000000 -0400
+@@ -258,9 +258,6 @@
+   }
+   case fontTrueType: {
+     FoFiTrueType *ff;
+-    gint fd;
+-    gchar *temp_name;
+-    FILE *f;
+     gushort *code_to_gid;
+ 
+     ff = FoFiTrueType::make((char *)contents, length);
+@@ -269,16 +266,7 @@
+ 
+     code_to_gid = ((Gfx8BitFont *)font)->getCodeToGIDMap(ff); // this is g(oo)malloc'd
+ 
+-    fd = g_file_open_tmp("gpdf-ttf-XXXXXX", &temp_name, NULL);
+-    f = fdopen(fd, "wb");
+-    ff->writeTTF(&fileWrite, f);
+     delete ff;
+-    g_free(contents);
+-    fclose(f);
+-
+-    g_file_get_contents(temp_name, (gchar **)&contents, &length, NULL);
+-    unlink(temp_name);
+-    g_free(temp_name);
+ 
+     gff = gpdf_font_face_download((const guchar *)font_name,
+ 				  (const guchar *)"",
+@@ -324,28 +312,8 @@
+     break;
+   }
+   case fontCIDType2: {
+-    FoFiTrueType *ff;
+-    gint fd;
+-    gchar *temp_name;
+-    FILE *f;
+     gint n_cids;    
+     gushort *code_to_gid;
+-
+-    ff = FoFiTrueType::make((char *)contents, length);
+-    if (!ff)
+-      return getFontFaceFallback(font);
+-
+-    fd = g_file_open_tmp("gpdf-ttf-XXXXXX", &temp_name, NULL);
+-    f = fdopen(fd, "wb");
+-    ff->writeTTF(&fileWrite, f);
+-    delete ff;
+-    g_free(contents);
+-    fclose(f);
+-
+-    g_file_get_contents(temp_name, (gchar **)&contents, &length, NULL);
+-    unlink(temp_name);
+-    g_free(temp_name);
+-
+     gff = gpdf_font_face_download((const guchar *)font_name,
+ 				  (const guchar *)"",
+ 				  GNOME_FONT_REGULAR, FALSE,