Add the patches from KDE Security Advisory 20030409-1:

  PS/PDF file handling vulnerability
http://www.kde.org/info/security/advisory-20030409-1.txt
Bump PKGREVISION.

9 files changed, 302 insertions, 3 deletions

diff --git a/graphics/kdegraphics3/Makefile b/graphics/kdegraphics3/Makefile
index a2b61e3de42..16e7b0c7360 100644
--- a/graphics/kdegraphics3/Makefile
+++ b/graphics/kdegraphics3/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.17 2003/04/03 14:39:31 markd Exp $
+# $NetBSD: Makefile,v 1.18 2003/04/10 13:13:27 markd Exp $
 
 DISTNAME=	kdegraphics-3.1.1
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	graphics
 COMMENT=	Graphics programs for the KDE integrated X11 desktop
 
diff --git a/graphics/kdegraphics3/distinfo b/graphics/kdegraphics3/distinfo
index 58ecfc22791..99afc01296f 100644
--- a/graphics/kdegraphics3/distinfo
+++ b/graphics/kdegraphics3/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2003/04/01 12:27:07 markd Exp $
+$NetBSD: distinfo,v 1.9 2003/04/10 13:13:27 markd Exp $
 
 SHA1 (kdegraphics-3.1.1.tar.bz2) = 983eb9f17581f19f4062248d8533516188c2e49d
 Size (kdegraphics-3.1.1.tar.bz2) = 4535382 bytes
@@ -8,3 +8,10 @@ SHA1 (patch-af) = 854f2f4eac31afd89184871a79dc7f459f866f34
 SHA1 (patch-ag) = ee685c88b0bcbd70256f49190e9b9bb4520d81e0
 SHA1 (patch-ah) = ef2b3242b91ad42a5ff8cf5f92ccb9e0442d340c
 SHA1 (patch-ai) = 78e82154d831918f7ebe6d4a1d89b5cb208b57f1
+SHA1 (patch-aj) = 73bec164c9e20fed37f9338f6c0260907d7b626d
+SHA1 (patch-ak) = 0676f089ff362b7fef321a77750e5aa724f4c942
+SHA1 (patch-al) = 0c1bd33fe62faeea42f60b0dcdad669c65d14672
+SHA1 (patch-am) = b0d8c944030575f3f6df194d53465e61ab80bb2c
+SHA1 (patch-an) = 9c72826fff4b1f9dedb4274d9c3a16e404f23249
+SHA1 (patch-ao) = 94878d6b30925bd9bd3e1d9d4e7feff8f8260860
+SHA1 (patch-ap) = 7c03d98f20bcc3c71cbb0713d238360bab9c2c9a
diff --git a/graphics/kdegraphics3/patches/patch-aj b/graphics/kdegraphics3/patches/patch-aj
new file mode 100644
index 00000000000..7acec326c6b
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-aj
@@ -0,0 +1,42 @@
+$NetBSD: patch-aj,v 1.3 2003/04/10 13:13:24 markd Exp $
+
+--- kdvi/dviwin.cpp.orig	Mon Mar  3 07:57:19 2003
++++ kdvi/dviwin.cpp
+@@ -37,7 +37,7 @@
+ #include <klocale.h>
+ #include <kprinter.h>
+ #include <kprocess.h>
+-
++#include <kstandarddirs.h>
+ 
+ #include "dviwin.h"
+ #include "fontpool.h"
+@@ -503,6 +503,28 @@ bool dviWindow::setFile(QString fname, Q
+   // specials in PostScriptDirectory, and the headers in the
+   // PostScriptHeaderString.
+   PS_interface->clear();
++
++  // Files that reside under "tmp" or under the "data" resource are most
++  // likely remote files. We limit the files they are able to read to
++  // the directory they are in in order to limit the possibilities of a 
++  // denial of service attack.
++  bool restrictIncludePath = true;
++  QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null);
++  if (!filename.startsWith(tmp))
++  {
++     tmp = KGlobal::dirs()->saveLocation("data", QString::null);
++     if (!filename.startsWith(tmp))
++        restrictIncludePath = false;
++  }
++  
++  QString includePath;
++  if (restrictIncludePath)
++  {
++     includePath = filename;
++     includePath.truncate(includePath.findRev('/'));
++  }
++
++  PS_interface->setIncludePath(includePath);     
+ 
+   // We will also generate a list of hyperlink-anchors in the
+   // document. So declare the existing list empty.
diff --git a/graphics/kdegraphics3/patches/patch-ak b/graphics/kdegraphics3/patches/patch-ak
new file mode 100644
index 00000000000..1e5e320d698
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-ak
@@ -0,0 +1,33 @@
+$NetBSD: patch-ak,v 1.1 2003/04/10 13:13:24 markd Exp $
+
+--- kdvi/psgs.cpp.orig	Mon Sep 16 09:12:40 2002
++++ kdvi/psgs.cpp
+@@ -59,6 +59,12 @@ void ghostscript_interface::setSize(doub
+   DiskCache->clear();
+ }
+ 
++void ghostscript_interface::setIncludePath(const QString &_includePath) {
++  if (_includePath.isEmpty())
++     includePath = "*"; // Allow all files
++  else
++     includePath = _includePath+"/*";
++}
+ 
+ void ghostscript_interface::setPostScript(int page, QString PostScript) {
+   pageInfo *info = new pageInfo(PostScript);
+@@ -125,11 +131,13 @@ void ghostscript_interface::gs_generate_
+   // Step 2: Call GS with the File
+   KProcess proc;
+   proc << "gs";
+-  proc << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256";
++  proc << "-dSAFER" << "-dPARANOIDSAFER" << "-dDELAYSAFER" << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256";
+   proc << QString("-sOutputFile=%1").arg(filename);
++  proc << QString("-sExtraIncludePath=%1").arg(includePath);
+   proc << QString("-g%1x%2").arg(pixel_page_w).arg(pixel_page_h); // page size in pixels
+   proc << QString("-r%1").arg(resolution);                       // resolution in dpi
+-  proc << PSfile.name();
++  proc << "-c" << "<< /PermitFileReading [ ExtraIncludePath ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe";
++  proc << "-f" << PSfile.name();
+   proc.start(KProcess::Block);
+   PSfile.unlink();
+   emit(setStatusBarText(QString::null));
diff --git a/graphics/kdegraphics3/patches/patch-al b/graphics/kdegraphics3/patches/patch-al
new file mode 100644
index 00000000000..0718a016790
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-al
@@ -0,0 +1,23 @@
+$NetBSD: patch-al,v 1.1 2003/04/10 13:13:24 markd Exp $
+
+--- kdvi/psgs.h.orig	Mon Sep 16 09:12:40 2002
++++ kdvi/psgs.h
+@@ -42,6 +42,9 @@ public:
+   // 
+   void setPostScript(int page, QString PostScript);
+ 
++  // sets path from additional postscript files may be read
++  void setIncludePath(const QString &_includePath);
++
+   // Returns the graphics of the page, if possible. The functions
+   // returns a pointer to a QPixmap, or null. The referred QPixmap
+   // should be deleted after use.
+@@ -64,6 +67,8 @@ private:
+   double                resolution;    // in dots per inch
+   int                   pixel_page_w; // in pixels
+   int                   pixel_page_h; // in pixels
++
++  QString               includePath;
+ 
+ signals:
+   /** Passed through to the top-level kpart. */
diff --git a/graphics/kdegraphics3/patches/patch-am b/graphics/kdegraphics3/patches/patch-am
new file mode 100644
index 00000000000..d87a5fe97a5
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-am
@@ -0,0 +1,87 @@
+$NetBSD: patch-am,v 1.1 2003/04/10 13:13:25 markd Exp $
+
+--- kghostview/kgv_miniwidget.cpp.orig	Fri Jan  3 17:55:05 2003
++++ kghostview/kgv_miniwidget.cpp
+@@ -293,23 +293,22 @@ void KGVMiniWidget::openPDFFileContinue(
+     }
+ 
+     _tmpDSC->close();
+-    _pdfFileName = _fileName;
+-    _fileName = _tmpDSC->name();
+     _format = PDF;
+ 
+-    openPSFile();
++    openPSFile(_tmpDSC->name());
+ }
+ 
+-void KGVMiniWidget::openPSFile()
++void KGVMiniWidget::openPSFile(const QString &file)
+ {
++    QString fileName = file.isEmpty() ? _fileName : file;
+     kdDebug(4500) << "KGVMiniWidget::openPSFile" << endl;
+     
+-    FILE* fp = fopen( QFile::encodeName( _fileName ), "r");
++    FILE* fp = fopen( QFile::encodeName( fileName ), "r");
+     if( fp == 0 ) 
+     {
+ 	KMessageBox::error( _part->widget(),
+ 		i18n( "<qt>Error opening file <nobr><strong>%1</strong></nobr>: %2</qt>" )
+-		.arg( _fileName )
++		.arg( fileName )
+ 		.arg( strerror( errno ) ) );
+ 	emit canceled( "" );
+ 	return;
+@@ -320,9 +319,7 @@ void KGVMiniWidget::openPSFile()
+ 	_isFileOpen = true;    
+ 	scanDSC();
+ 	buildTOC();
+-	_psWidget->setFileName( dsc()->isStructured() 
+-	                            ? QString::null 
+-				    : _fileName );
++	_psWidget->setFileName( _fileName, dsc()->isStructured() );
+ 	emit completed();
+     }
+ }
+@@ -859,6 +856,7 @@ bool KGVMiniWidget::convertFromPDF( cons
+             << "-dNOPAUSE"
+             << "-dBATCH"
+             << "-dSAFER"
++            << "-dPARANOIDSAFER"
+             << "-sDEVICE=pswrite"
+             << ( QCString("-sOutputFile=")+QFile::encodeName(saveFileName) )
+             << ( QString("-dFirstPage=")+QString::number( firstPage ) )
+@@ -867,7 +865,7 @@ bool KGVMiniWidget::convertFromPDF( cons
+             << "save"
+             << "pop"
+             << "-f"
+-            << QFile::encodeName(_pdfFileName);
++            << QFile::encodeName(_fileName);
+ 
+     /*QValueList<QCString> args = process.args();
+     QValueList<QCString>::Iterator it = args.begin();
+@@ -1074,7 +1072,7 @@ void KGVMiniWidget::saveAs()
+                           QString::null, 
+                           _part->widget(), 
+                           QString::null );
+-    if( !KIO::NetAccess::upload( _format == PDF ? _pdfFileName : _fileName,
++    if( !KIO::NetAccess::upload( _fileName,
+ 				 saveURL ) )
+ 	; // TODO: Proper error dialog
+ }
+@@ -1311,10 +1309,16 @@ void Pdf2dsc::run( const QString& pdfNam
+     
+     _process = new KProcess;
+     *_process << _ghostscriptPath
++              << "-dSAFER"
++              << "-dPARANOIDSAFER"
++              << "-dDELAYSAFER"
+               << "-dNODISPLAY"
+               << "-dQUIET"
+               << QString( "-sPDFname=%1" ).arg( pdfName )
+               << QString( "-sDSCname=%1" ).arg( dscName )
++              << "-c"
++              << "<< /PermitFileReading [ PDFname ] /PermitFileWriting [ DSCname ] /PermitFileControl [] >> setuserparams .locksafe"
++              << "-f"
+               << "pdf2dsc.ps"
+               << "-c"
+               << "quit";
diff --git a/graphics/kdegraphics3/patches/patch-an b/graphics/kdegraphics3/patches/patch-an
new file mode 100644
index 00000000000..8dc8c949e72
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-an
@@ -0,0 +1,30 @@
+$NetBSD: patch-an,v 1.1 2003/04/10 13:13:25 markd Exp $
+
+--- kghostview/kgv_miniwidget.h.orig	Mon Sep 16 09:12:40 2002
++++ kghostview/kgv_miniwidget.h
+@@ -85,7 +85,7 @@ protected:
+     void clearTemporaryFiles();
+     
+     void uncompressFile();
+-    void openPSFile();
++    void openPSFile(const QString &file=QString::null);
+ 
+ protected slots:
+     void doOpenFile();
+@@ -116,7 +116,7 @@ protected:
+ /*- PRINTING and SAVING ---------------------------------------------------*/
+ 
+ // private data used: 
+-//   Document specific: _dsc, _fileName, _pdfFileName, _format, _origurl
++//   Document specific: _dsc, _fileName, _format, _origurl
+ //   View specific:     _currentPage, _marklist 
+ //   This section only: _printer, _tmpFromPDF
+     
+@@ -267,7 +267,6 @@ private:
+     int _visiblePage;
+ 
+     QString _fileName;
+-    QString _pdfFileName;
+     QString _mimetype;
+ 
+     MarkList* _marklist;
diff --git a/graphics/kdegraphics3/patches/patch-ao b/graphics/kdegraphics3/patches/patch-ao
new file mode 100644
index 00000000000..1b28ebe0166
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-ao
@@ -0,0 +1,50 @@
+$NetBSD: patch-ao,v 1.1 2003/04/10 13:13:25 markd Exp $
+
+--- kghostview/kpswidget.cpp.orig	Mon Sep 16 09:12:40 2002
++++ kghostview/kpswidget.cpp
+@@ -309,10 +309,11 @@ void KPSWidget::setGhostscriptArguments(
+     }
+ }
+ 
+-void KPSWidget::setFileName( const QString& fileName )
++void KPSWidget::setFileName( const QString& fileName, bool usePipe )
+ {
+-    if( _fileName != fileName )
++    if(( _fileName != fileName ) || (_usePipe != usePipe))
+     {
++        _usePipe = usePipe;
+ 	_fileName = fileName;
+ 	stopInterpreter();
+ 	_ghostscriptDirty = true;
+@@ -508,8 +509,11 @@ void KPSWidget::startInterpreter()
+     for( ; it != _ghostscriptArguments.end(); ++it )
+ 	*_process << (*it);
+     
+-    if( _fileName.isEmpty() )
+-	*_process << "-";
++    if( _usePipe )
++        *_process <<
++        // The following two lines are their to ensure that we are allowed to read _fileName
++        "-dDELAYSAFER" << "-sInputFile="+_fileName << "-c" <<
++        "<< /PermitFileReading [ InputFile ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe";
+     else
+ 	*_process << _fileName << "-c" << "quit";
+ 
+@@ -527,7 +531,7 @@ void KPSWidget::startInterpreter()
+     // Finally fire up the interpreter.
+     kdDebug(4500) << "KPSWidget: starting interpreter" << endl;
+     if( _process->start( KProcess::NotifyOnExit, 
+-              _fileName.isEmpty() ? KProcess::All : KProcess::AllOutput ) ) 
++              _usePipe ? KProcess::All : KProcess::AllOutput ) ) 
+     {
+ 	_interpreterBusy = true;
+ 	setCursor( waitCursor );
+@@ -648,7 +652,7 @@ void KPSWidget::readSettings()
+     if( !intConfig->platformFonts() )
+ 	arguments << "-dNOPLATFONTS";
+     
+-    arguments << "-dNOPAUSE" << "-dQUIET" << "-dSAFER";
++    arguments << "-dNOPAUSE" << "-dQUIET" << "-dSAFER" << "-dPARANOIDSAFER";
+ 
+     setGhostscriptArguments( arguments );
+ 
diff --git a/graphics/kdegraphics3/patches/patch-ap b/graphics/kdegraphics3/patches/patch-ap
new file mode 100644
index 00000000000..9a58bfdb6dd
--- /dev/null
+++ b/graphics/kdegraphics3/patches/patch-ap
@@ -0,0 +1,27 @@
+$NetBSD: patch-ap,v 1.1 2003/04/10 13:13:25 markd Exp $
+
+--- kghostview/kpswidget.h.orig	Mon Sep 16 09:12:40 2002
++++ kghostview/kpswidget.h
+@@ -134,10 +134,11 @@ public:
+     bool sendPS( FILE*, unsigned int begin, unsigned int end );
+    
+     /**
+-     * Sets the filename of the ghostscript input. Usually we use a pipe for
+-     * communication and no filename will be needed.
++     * Sets the filename of the ghostscript input. 
++     * @p usePipe indicates whether we use a pipe for
++     * communication or let ghoscript read the file itself.
+      */
+-    void setFileName( const QString& );
++    void setFileName( const QString&, bool usePipe );
+ 
+     /**
+      * Set the bounding box of the drawable. See my comment in the source
+@@ -243,6 +244,7 @@ private:
+     QString     _ghostscriptPath;
+     QStringList _ghostscriptArguments;
+     QString     _fileName;
++    bool        _usePipe;
+ 
+     /**
+      * Flag set when one of the properties _ghostscriptPath,