Fixes for CVE-2010-3702 and CVE-2010-3704 via the patches for xpdf.

4 files changed, 57 insertions, 3 deletions

diff --git a/graphics/kdegraphics3/Makefile b/graphics/kdegraphics3/Makefile
index 17e235ebb51..c5c7bfe1936 100644
--- a/graphics/kdegraphics3/Makefile
+++ b/graphics/kdegraphics3/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.87 2010/07/14 11:11:15 sbd Exp $
+# $NetBSD: Makefile,v 1.88 2010/10/25 19:30:04 markd Exp $
 
 DISTNAME=	kdegraphics-${_KDE_VERSION}
-PKGREVISION=	8
+PKGREVISION=	9
 CATEGORIES=	graphics
 COMMENT=	Graphics programs for the KDE integrated X11 desktop
 
diff --git a/graphics/kdegraphics3/distinfo b/graphics/kdegraphics3/distinfo
index 3d123ad2edc..9142692ea84 100644
--- a/graphics/kdegraphics3/distinfo
+++ b/graphics/kdegraphics3/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2009/06/03 12:29:42 markd Exp $
+$NetBSD: distinfo,v 1.52 2010/10/25 19:30:04 markd Exp $
 
 SHA1 (kdegraphics-3.5.10.tar.bz2) = 9634e3ab364d017152fb6d636efad8811aeec6c3
 RMD160 (kdegraphics-3.5.10.tar.bz2) = 94278e4419ab99885fc9efae9b6ba5ba787f831e
@@ -6,3 +6,5 @@ Size (kdegraphics-3.5.10.tar.bz2) = 7440912 bytes
 SHA1 (patch-aa) = e5817f29b7857575dbb375db2388b37214f5d8c6
 SHA1 (patch-ab) = f2aa9e992904add4b95ecf2553a4e1bf9510913f
 SHA1 (patch-ac) = 3738313046fbb69ac527ae472fe5db24bdff3fff
+SHA1 (patch-ad) = 39f9af23006d6b8d09d0ecbb83a382df6b125152
+SHA1 (patch-ae) = e1984e4441f2b96697ae7a17028bd59bacb7cc73
diff --git a/graphics/kdegraphics3/patches/patch-ad b/graphics/kdegraphics3/patches/patch-ad
new file mode 100644
index 00000000000..f1319457558
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-ad
@@ -0,0 +1,22 @@
+$NetBSD: patch-ad,v 1.8 2010/10/25 19:30:04 markd Exp $
+
+Fix for CVE-2010-3702
+
+--- kpdf/xpdf/xpdf/Gfx.cc.orig	2008-02-13 09:37:05.000000000 +0000
++++ kpdf/xpdf/xpdf/Gfx.cc
+@@ -443,6 +443,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, i
+ 
+   xref = xrefA;
+   subPage = gFalse;
++  parser = NULL;
+   printCommands = globalParams->getPrintCommands();
+ 
+   // start the resource stack
+@@ -485,6 +486,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, D
+ 
+   xref = xrefA;
+   subPage = gTrue;
++  parser=NULL;
+   printCommands = globalParams->getPrintCommands();
+ 
+   // start the resource stack
diff --git a/graphics/kdegraphics3/patches/patch-ae b/graphics/kdegraphics3/patches/patch-ae
new file mode 100644
index 00000000000..cd77c9347f6
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-ae
@@ -0,0 +1,30 @@
+$NetBSD: patch-ae,v 1.3 2010/10/25 19:30:04 markd Exp $
+
+Fix for CVE-2010-3704
+
+--- kpdf/xpdf/fofi/FoFiType1.cc.orig	2007-05-14 07:39:30.000000000 +0000
++++ kpdf/xpdf/fofi/FoFiType1.cc
+@@ -18,6 +18,14 @@
+ #include "FoFiEncodings.h"
+ #include "FoFiType1.h"
+ 
++#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
++# define likely(x)      __builtin_expect((x), 1)
++# define unlikely(x)    __builtin_expect((x), 0)
++#else
++# define likely(x)      (x)
++# define unlikely(x)    (x)
++#endif
++
+ //------------------------------------------------------------------------
+ // FoFiType1
+ //------------------------------------------------------------------------
+@@ -224,7 +232,7 @@ void FoFiType1::parse() {
+ 		code = code * 8 + (*p2 - '0');
+ 	      }
+ 	    }
+-	    if (code < 256) {
++	    if (likely(code < 256 && code >= 0)) {
+ 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ 	      if (*p == '/') {
+ 		++p;