diff options
| author | markd <markd> | 2002-10-14 11:55:17 +0000 |
|---|---|---|
| committer | markd <markd> | 2002-10-14 11:55:17 +0000 |
| commit | ddf02a4b246673d17134efcf7db379f9f76cc695 (patch) | |
| tree | 883590a86addeb23c8e83bc4f70bc93bc6f2934f | |
| parent | fbebb99eb477142316f9caefcf88c1cb2af1ca5b (diff) | |
| download | pkgsrc-ddf02a4b246673d17134efcf7db379f9f76cc695.tar.gz | |
Patch from KDE Security Advisory: 20021008-1:
KGhostview Arbitary Code Execution
This is untested by me other than the patch applies cleanly.
Bumped PKGREVISION.
| -rw-r--r-- | graphics/kdegraphics2/Makefile | 4 | ||||
| -rw-r--r-- | graphics/kdegraphics2/distinfo | 4 | ||||
| -rw-r--r-- | graphics/kdegraphics2/patches/patch-ab | 217 | ||||
| -rw-r--r-- | graphics/kdegraphics2/patches/patch-ac | 24 |
4 files changed, 246 insertions, 3 deletions
diff --git a/graphics/kdegraphics2/Makefile b/graphics/kdegraphics2/Makefile index 40a8308612a..d10621b59fa 100644 --- a/graphics/kdegraphics2/Makefile +++ b/graphics/kdegraphics2/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.12 2002/09/20 04:48:15 jlam Exp $ +# $NetBSD: Makefile,v 1.13 2002/10/14 11:55:17 markd Exp $ DISTNAME= kdegraphics-2.2.2 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics COMMENT= Graphics programs for the KDE integrated X11 desktop diff --git a/graphics/kdegraphics2/distinfo b/graphics/kdegraphics2/distinfo index 87e452a2e1b..e5754d5ac9b 100644 --- a/graphics/kdegraphics2/distinfo +++ b/graphics/kdegraphics2/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.6 2001/12/03 15:37:16 skrll Exp $ +$NetBSD: distinfo,v 1.7 2002/10/14 11:55:18 markd Exp $ SHA1 (kdegraphics-2.2.2.tar.bz2) = c52d921d3a99f52466cfe718cf8562b09d436bb1 Size (kdegraphics-2.2.2.tar.bz2) = 1648936 bytes SHA1 (patch-aa) = 2d560cb3eef4bfb5b5685a292696b1e165b44432 +SHA1 (patch-ab) = a074def1950102058f48ce5ec975c786a8c00be1 +SHA1 (patch-ac) = c101876bfd5488d6c651561dceb17189e8ddb0f1 diff --git a/graphics/kdegraphics2/patches/patch-ab b/graphics/kdegraphics2/patches/patch-ab new file mode 100644 index 00000000000..c8b9d0fd3b6 --- /dev/null +++ b/graphics/kdegraphics2/patches/patch-ab @@ -0,0 +1,217 @@ +$NetBSD: patch-ab,v 1.3 2002/10/14 11:55:17 markd Exp $ + +Index: ps.c +=================================================================== +RCS file: /home/kde/kdegraphics/kghostview/ps.c,v +retrieving revision 1.11 +retrieving revision 1.11.2.1 +diff -u -5 -d -p -r1.11 -r1.11.2.1 +--- kghostview/ps.c 2001/05/04 09:37:49 1.11 ++++ kghostview/ps.c 2002/09/27 02:39:53 1.11.2.1 +@@ -224,11 +224,12 @@ psscan(file) + if (doc == NULL) { + fprintf(stderr, "Fatal Error: Dynamic memory exhausted.\n"); + exit(-1); + } + memset(doc, 0, sizeof(struct document)); +- sscanf(line, "%*s %s", text); ++ sscanf(line, "%*s %256s", text); ++ text[256] = 0; + doc->epsf = iscomment(text, "EPSF-"); + doc->beginheader = position; + section_len = line_len; + } else { + return(NULL); +@@ -248,11 +249,12 @@ psscan(file) + } else if (doc->title == NULL && iscomment(line+2, "Title:")) { + doc->title = gettextline(line+length("%%Title:")); + } else if (doc->date == NULL && iscomment(line+2, "CreationDate:")) { + doc->date = gettextline(line+length("%%CreationDate:")); + } else if (bb_set == NONE && iscomment(line+2, "BoundingBox:")) { +- sscanf(line+length("%%BoundingBox:"), "%s", text); ++ sscanf(line+length("%%BoundingBox:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "(atend)") == 0) { + bb_set = ATEND; + } else { + if (sscanf(line+length("%%BoundingBox:"), "%d %d %d %d", + &(doc->boundingbox[LLX]), +@@ -280,11 +282,12 @@ psscan(file) + } + } + } + } else if (orientation_set == NONE && + iscomment(line+2, "Orientation:")) { +- sscanf(line+length("%%Orientation:"), "%s", text); ++ sscanf(line+length("%%Orientation:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "(atend)") == 0) { + orientation_set = ATEND; + } else if (strcmp(text, "Portrait") == 0) { + doc->orientation = PORTRAIT; + orientation_set = 1; +@@ -297,11 +300,12 @@ psscan(file) + } else if (strcmp(text, "Seascape") == 0) { + doc->orientation = SEASCAPE; + orientation_set = 1; + } + } else if (page_order_set == NONE && iscomment(line+2, "PageOrder:")) { +- sscanf(line+length("%%PageOrder:"), "%s", text); ++ sscanf(line+length("%%PageOrder:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "(atend)") == 0) { + page_order_set = ATEND; + } else if (strcmp(text, "Ascend") == 0) { + doc->pageorder = ASCEND; + page_order_set = 1; +@@ -311,11 +315,12 @@ psscan(file) + } else if (strcmp(text, "Special") == 0) { + doc->pageorder = SPECIAL; + page_order_set = 1; + } + } else if (pages_set == NONE && iscomment(line+2, "Pages:")) { +- sscanf(line+length("%%Pages:"), "%s", text); ++ sscanf(line+length("%%Pages:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "(atend)") == 0) { + pages_set = ATEND; + } else { + switch (sscanf(line+length("%%Pages:"), "%d %d", + &maxpages, &i)) { +@@ -560,11 +565,12 @@ psscan(file) + section_len += line_len; + if (!DSCcomment(line)) { + /* Do nothing */ + } else if (doc->default_page_orientation == NONE && + iscomment(line+2, "PageOrientation:")) { +- sscanf(line+length("%%PageOrientation:"), "%s", text); ++ sscanf(line+length("%%PageOrientation:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "Portrait") == 0) { + doc->default_page_orientation = PORTRAIT; + } else if (strcmp(text, "Landscape") == 0) { + doc->default_page_orientation = LANDSCAPE; + } else if (strcmp(text, "UpsideDown") == 0) { +@@ -688,11 +694,12 @@ psscan(file) + preread = 0; + if (!DSCcomment(line)) { + /* Do nothing */ + } else if (doc->default_page_orientation == NONE && + iscomment(line+2, "PageOrientation:")) { +- sscanf(line+length("%%PageOrientation:"), "%s", text); ++ sscanf(line+length("%%PageOrientation:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "Portrait") == 0) { + doc->default_page_orientation = PORTRAIT; + } else if (strcmp(text, "Landscape") == 0) { + doc->default_page_orientation = LANDSCAPE; + } else if (strcmp(text, "UpsideDown") == 0) { +@@ -814,11 +821,12 @@ continuepage: + section_len += line_len; + if (!DSCcomment(line)) { + /* Do nothing */ + } else if (doc->pages[doc->numpages].orientation == NONE && + iscomment(line+2, "PageOrientation:")) { +- sscanf(line+length("%%PageOrientation:"), "%s", text); ++ sscanf(line+length("%%PageOrientation:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "Portrait") == 0) { + doc->pages[doc->numpages].orientation = PORTRAIT; + } else if (strcmp(text, "Landscape") == 0) { + doc->pages[doc->numpages].orientation = LANDSCAPE; + } else if (strcmp(text, "UpsideDown") == 0) { +@@ -850,11 +858,12 @@ continuepage: + } + } + free(cp); + } else if ((page_bb_set == NONE || page_bb_set == ATEND) && + iscomment(line+2, "PageBoundingBox:")) { +- sscanf(line+length("%%PageBoundingBox:"), "%s", text); ++ sscanf(line+length("%%PageBoundingBox:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "(atend)") == 0) { + page_bb_set = ATEND; + } else { + if (sscanf(line+length("%%PageBoundingBox:"), "%d %d %d %d", + &(doc->pages[doc->numpages].boundingbox[LLX]), +@@ -954,22 +963,24 @@ continuepage: + doc->boundingbox[URY]++; + } + } + } else if (orientation_set == ATEND && + iscomment(line+2, "Orientation:")) { +- sscanf(line+length("%%Orientation:"), "%s", text); ++ sscanf(line+length("%%Orientation:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "Portrait") == 0) { + doc->orientation = PORTRAIT; + } else if (strcmp(text, "Landscape") == 0) { + doc->orientation = LANDSCAPE; + } else if (strcmp(text, "UpsideDown") == 0) { + doc->orientation = UPSIDEDOWN; + } else if (strcmp(text, "Seascape") == 0) { + doc->orientation = SEASCAPE; + } + } else if (page_order_set == ATEND && iscomment(line+2, "PageOrder:")) { +- sscanf(line+length("%%PageOrder:"), "%s", text); ++ sscanf(line+length("%%PageOrder:"), "%256s", text); ++ text[256] = 0; + if (strcmp(text, "Ascend") == 0) { + doc->pageorder = ASCEND; + } else if (strcmp(text, "Descend") == 0) { + doc->pageorder = DESCEND; + } else if (strcmp(text, "Special") == 0) { +@@ -1248,13 +1259,16 @@ readline(line, size, fp, position, line_ + *line_len += nbytes; + } + *line_len += nbytes; + strcpy(line, save); + } else if (iscomment(line+7, "Data:")) { ++ int rc = 0; + text[0] = '\0'; + strcpy(save, line+7); +- if (sscanf(line+length("%%BeginData:"), "%d %*s %s", &num, text) >= 1) { ++ rc = sscanf(line+length("%%BeginData:"), "%d %*s %256s", &num, text); ++ text[256] = 0; ++ if (rc >= 1) { + if (strcmp(text, "Lines") == 0) { + for (i=0; i < num; i++) { + cp = fgets(line, size, fp); + *line_len += cp ? strlen(line) : 0; + } +@@ -1323,13 +1337,15 @@ pscopy(from, to, begin, end) + fputs(line, to); + + if (!(DSCcomment(line) && iscomment(line+2, "Begin"))) { + /* Do nothing */ + } else if (iscomment(line+7, "Data:")) { ++ int rc = 0; + text[0] = '\0'; +- if (sscanf(line+length("%%BeginData:"), +- "%d %*s %s", &num, text) >= 1) { ++ rc = sscanf(line+length("%%BeginData:"),"%d %*s %256s", &num, text); ++ text[256] = 0; ++ if (rc >= 1) { + if (strcmp(text, "Lines") == 0) { + for (i=0; i < num; i++) { + fgets(line, sizeof line, from); + fputs(line, to); + } +@@ -1403,13 +1419,15 @@ pscopyuntil(from, to, begin, end, commen + } + fputs(line, to); + if (!(DSCcomment(line) && iscomment(line+2, "Begin"))) { + /* Do nothing */ + } else if (iscomment(line+7, "Data:")) { ++ int rc = 0; + text[0] = '\0'; +- if (sscanf(line+length("%%BeginData:"), +- "%d %*s %s", &num, text) >= 1) { ++ rc = sscanf(line+length("%%BeginData:"),"%d %*s %256s", &num, text); ++ text[256] = 0; ++ if (rc >= 1) { + if (strcmp(text, "Lines") == 0) { + for (i=0; i < num; i++) { + fgets(line, sizeof line, from); + fputs(line, to); + } diff --git a/graphics/kdegraphics2/patches/patch-ac b/graphics/kdegraphics2/patches/patch-ac new file mode 100644 index 00000000000..b5b2a85137c --- /dev/null +++ b/graphics/kdegraphics2/patches/patch-ac @@ -0,0 +1,24 @@ +$NetBSD: patch-ac,v 1.3 2002/10/14 11:55:17 markd Exp $ + +Index: kgv_miniwidget.cpp +=================================================================== +RCS file: /home/kde/kdegraphics/kghostview/kgv_miniwidget.cpp,v +retrieving revision 1.100.2.2 +retrieving revision 1.100.2.3 +diff -u -5 -d -p -u -r1.100.2.2 -r1.100.2.3 +--- kghostview/kgv_miniwidget.cpp 2001/11/08 00:35:51 1.100.2.2 ++++ kghostview/kgv_miniwidget.cpp 2002/09/27 02:39:53 1.100.2.3 +@@ -527,11 +527,12 @@ bool KGVMiniWidget::psCopyDoc( const QSt + here = ftell( from ); + if( pages_written || pages_atend ) { + free( comment ); + continue; + } +- sscanf( comment + length("%%Pages:" ), "%s", text ); ++ sscanf( comment + length("%%Pages:" ), "%256s", text ); ++ text[256] = 0; + if( strcmp( text, "(atend)" ) == 0 ) { + fputs( comment, to ); + pages_atend = true; + } + else { |