Pullup ticket 199 - requested by Mark Davies

security fix for koffice

    Module Name: pkgsrc
    Committed By: markd
    Date:  Thu Dec 30 21:49:14 UTC 2004

    Modified Files:
     pkgsrc/misc/koffice: Makefile distinfo
    Added Files:
     pkgsrc/misc/koffice/patches: patch-ac patch-ad

    Log Message:
    Add patches to address the latest xpdf security issue in the PDF import
    filter. Bump PKGREVISION.

4 files changed, 48 insertions, 2 deletions

diff --git a/misc/koffice/Makefile b/misc/koffice/Makefile
index d0430b898ed..636495cc3d2 100644
--- a/misc/koffice/Makefile
+++ b/misc/koffice/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2004/11/23 20:24:08 markd Exp $
+# $NetBSD: Makefile,v 1.48.2.1 2004/12/30 22:24:47 snj Exp $
 
 DISTNAME=	koffice-1.3.5
+PKGREVISION=	3
 CATEGORIES=	misc kde
 MASTER_SITES=	ftp://ftp.kde.org/pub/kde/stable/koffice-1.3.5/src/ \
 		ftp://ftp.us.kde.org/pub/kde/stable/koffice-1.3.5/src/ \
diff --git a/misc/koffice/distinfo b/misc/koffice/distinfo
index f9aa17a355a..5352e9d44b1 100644
--- a/misc/koffice/distinfo
+++ b/misc/koffice/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.18 2004/11/23 20:24:08 markd Exp $
+$NetBSD: distinfo,v 1.18.2.1 2004/12/30 22:24:47 snj Exp $
 
 SHA1 (koffice-1.3.5.tar.bz2) = feccb391be8039514f23f0f9cde9b01e22625769
 Size (koffice-1.3.5.tar.bz2) = 10778584 bytes
 SHA1 (patch-aa) = 64f32eaaa0f6e29f6ec3c9b92ecf4599cd11f178
 SHA1 (patch-ab) = 6f253484f6c09877cca6b1d1d7610725c895e13a
+SHA1 (patch-ac) = bd83be082e58c09630d97e26f21eacbc0ae028f9
+SHA1 (patch-ad) = 83f18c3d073027df62614f7e60035c13100682cf
diff --git a/misc/koffice/patches/patch-ac b/misc/koffice/patches/patch-ac
new file mode 100644
index 00000000000..4fa2417d214
--- /dev/null
+++ b/misc/koffice/patches/patch-ac
@@ -0,0 +1,15 @@
+$NetBSD: patch-ac,v 1.7.2.1 2004/12/30 22:24:47 snj Exp $
+
+--- filters/kword/pdf/xpdf/xpdf/Gfx.cc.orig	2003-01-26 12:17:44.000000000 +1300
++++ filters/kword/pdf/xpdf/xpdf/Gfx.cc
+@@ -2379,7 +2379,9 @@ void Gfx::doImage(Object *ref, Stream *s
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++	   i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++	   ++i) {
+ 	maskObj.arrayGet(i, &obj1);
+ 	maskColors[i] = obj1.getInt();
+ 	obj1.free();
diff --git a/misc/koffice/patches/patch-ad b/misc/koffice/patches/patch-ad
new file mode 100644
index 00000000000..d4abaa1158c
--- /dev/null
+++ b/misc/koffice/patches/patch-ad
@@ -0,0 +1,28 @@
+$NetBSD: patch-ad,v 1.8.2.1 2004/12/30 22:24:47 snj Exp $
+
+--- filters/kword/pdf/xpdf/xpdf/GfxState.cc.orig	2003-01-26 12:17:44.000000000 +1300
++++ filters/kword/pdf/xpdf/xpdf/GfxState.cc
+@@ -682,6 +682,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++	  nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {
+@@ -1023,6 +1028,11 @@ GfxColorSpace *GfxDeviceNColorSpace::par
+     goto err2;
+   }
+   nCompsA = obj1.arrayGetLength();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "DeviceN color space with too many (%d > %d) components",
++        nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   for (i = 0; i < nCompsA; ++i) {
+     if (!obj1.arrayGet(i, &obj2)->isName()) {
+       error(-1, "Bad DeviceN color space (names)");