summaryrefslogtreecommitdiff
path: root/graphics
diff options
context:
space:
mode:
authormarkd <markd>2002-10-14 11:55:17 +0000
committermarkd <markd>2002-10-14 11:55:17 +0000
commitddf02a4b246673d17134efcf7db379f9f76cc695 (patch)
tree883590a86addeb23c8e83bc4f70bc93bc6f2934f /graphics
parentfbebb99eb477142316f9caefcf88c1cb2af1ca5b (diff)
downloadpkgsrc-ddf02a4b246673d17134efcf7db379f9f76cc695.tar.gz
Patch from KDE Security Advisory: 20021008-1:
KGhostview Arbitary Code Execution This is untested by me other than the patch applies cleanly. Bumped PKGREVISION.
Diffstat (limited to 'graphics')
-rw-r--r--graphics/kdegraphics2/Makefile4
-rw-r--r--graphics/kdegraphics2/distinfo4
-rw-r--r--graphics/kdegraphics2/patches/patch-ab217
-rw-r--r--graphics/kdegraphics2/patches/patch-ac24
4 files changed, 246 insertions, 3 deletions
diff --git a/graphics/kdegraphics2/Makefile b/graphics/kdegraphics2/Makefile
index 40a8308612a..d10621b59fa 100644
--- a/graphics/kdegraphics2/Makefile
+++ b/graphics/kdegraphics2/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2002/09/20 04:48:15 jlam Exp $
+# $NetBSD: Makefile,v 1.13 2002/10/14 11:55:17 markd Exp $
DISTNAME= kdegraphics-2.2.2
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
COMMENT= Graphics programs for the KDE integrated X11 desktop
diff --git a/graphics/kdegraphics2/distinfo b/graphics/kdegraphics2/distinfo
index 87e452a2e1b..e5754d5ac9b 100644
--- a/graphics/kdegraphics2/distinfo
+++ b/graphics/kdegraphics2/distinfo
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.6 2001/12/03 15:37:16 skrll Exp $
+$NetBSD: distinfo,v 1.7 2002/10/14 11:55:18 markd Exp $
SHA1 (kdegraphics-2.2.2.tar.bz2) = c52d921d3a99f52466cfe718cf8562b09d436bb1
Size (kdegraphics-2.2.2.tar.bz2) = 1648936 bytes
SHA1 (patch-aa) = 2d560cb3eef4bfb5b5685a292696b1e165b44432
+SHA1 (patch-ab) = a074def1950102058f48ce5ec975c786a8c00be1
+SHA1 (patch-ac) = c101876bfd5488d6c651561dceb17189e8ddb0f1
diff --git a/graphics/kdegraphics2/patches/patch-ab b/graphics/kdegraphics2/patches/patch-ab
new file mode 100644
index 00000000000..c8b9d0fd3b6
--- /dev/null
+++ b/graphics/kdegraphics2/patches/patch-ab
@@ -0,0 +1,217 @@
+$NetBSD: patch-ab,v 1.3 2002/10/14 11:55:17 markd Exp $
+
+Index: ps.c
+===================================================================
+RCS file: /home/kde/kdegraphics/kghostview/ps.c,v
+retrieving revision 1.11
+retrieving revision 1.11.2.1
+diff -u -5 -d -p -r1.11 -r1.11.2.1
+--- kghostview/ps.c 2001/05/04 09:37:49 1.11
++++ kghostview/ps.c 2002/09/27 02:39:53 1.11.2.1
+@@ -224,11 +224,12 @@ psscan(file)
+ if (doc == NULL) {
+ fprintf(stderr, "Fatal Error: Dynamic memory exhausted.\n");
+ exit(-1);
+ }
+ memset(doc, 0, sizeof(struct document));
+- sscanf(line, "%*s %s", text);
++ sscanf(line, "%*s %256s", text);
++ text[256] = 0;
+ doc->epsf = iscomment(text, "EPSF-");
+ doc->beginheader = position;
+ section_len = line_len;
+ } else {
+ return(NULL);
+@@ -248,11 +249,12 @@ psscan(file)
+ } else if (doc->title == NULL && iscomment(line+2, "Title:")) {
+ doc->title = gettextline(line+length("%%Title:"));
+ } else if (doc->date == NULL && iscomment(line+2, "CreationDate:")) {
+ doc->date = gettextline(line+length("%%CreationDate:"));
+ } else if (bb_set == NONE && iscomment(line+2, "BoundingBox:")) {
+- sscanf(line+length("%%BoundingBox:"), "%s", text);
++ sscanf(line+length("%%BoundingBox:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "(atend)") == 0) {
+ bb_set = ATEND;
+ } else {
+ if (sscanf(line+length("%%BoundingBox:"), "%d %d %d %d",
+ &(doc->boundingbox[LLX]),
+@@ -280,11 +282,12 @@ psscan(file)
+ }
+ }
+ }
+ } else if (orientation_set == NONE &&
+ iscomment(line+2, "Orientation:")) {
+- sscanf(line+length("%%Orientation:"), "%s", text);
++ sscanf(line+length("%%Orientation:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "(atend)") == 0) {
+ orientation_set = ATEND;
+ } else if (strcmp(text, "Portrait") == 0) {
+ doc->orientation = PORTRAIT;
+ orientation_set = 1;
+@@ -297,11 +300,12 @@ psscan(file)
+ } else if (strcmp(text, "Seascape") == 0) {
+ doc->orientation = SEASCAPE;
+ orientation_set = 1;
+ }
+ } else if (page_order_set == NONE && iscomment(line+2, "PageOrder:")) {
+- sscanf(line+length("%%PageOrder:"), "%s", text);
++ sscanf(line+length("%%PageOrder:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "(atend)") == 0) {
+ page_order_set = ATEND;
+ } else if (strcmp(text, "Ascend") == 0) {
+ doc->pageorder = ASCEND;
+ page_order_set = 1;
+@@ -311,11 +315,12 @@ psscan(file)
+ } else if (strcmp(text, "Special") == 0) {
+ doc->pageorder = SPECIAL;
+ page_order_set = 1;
+ }
+ } else if (pages_set == NONE && iscomment(line+2, "Pages:")) {
+- sscanf(line+length("%%Pages:"), "%s", text);
++ sscanf(line+length("%%Pages:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "(atend)") == 0) {
+ pages_set = ATEND;
+ } else {
+ switch (sscanf(line+length("%%Pages:"), "%d %d",
+ &maxpages, &i)) {
+@@ -560,11 +565,12 @@ psscan(file)
+ section_len += line_len;
+ if (!DSCcomment(line)) {
+ /* Do nothing */
+ } else if (doc->default_page_orientation == NONE &&
+ iscomment(line+2, "PageOrientation:")) {
+- sscanf(line+length("%%PageOrientation:"), "%s", text);
++ sscanf(line+length("%%PageOrientation:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "Portrait") == 0) {
+ doc->default_page_orientation = PORTRAIT;
+ } else if (strcmp(text, "Landscape") == 0) {
+ doc->default_page_orientation = LANDSCAPE;
+ } else if (strcmp(text, "UpsideDown") == 0) {
+@@ -688,11 +694,12 @@ psscan(file)
+ preread = 0;
+ if (!DSCcomment(line)) {
+ /* Do nothing */
+ } else if (doc->default_page_orientation == NONE &&
+ iscomment(line+2, "PageOrientation:")) {
+- sscanf(line+length("%%PageOrientation:"), "%s", text);
++ sscanf(line+length("%%PageOrientation:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "Portrait") == 0) {
+ doc->default_page_orientation = PORTRAIT;
+ } else if (strcmp(text, "Landscape") == 0) {
+ doc->default_page_orientation = LANDSCAPE;
+ } else if (strcmp(text, "UpsideDown") == 0) {
+@@ -814,11 +821,12 @@ continuepage:
+ section_len += line_len;
+ if (!DSCcomment(line)) {
+ /* Do nothing */
+ } else if (doc->pages[doc->numpages].orientation == NONE &&
+ iscomment(line+2, "PageOrientation:")) {
+- sscanf(line+length("%%PageOrientation:"), "%s", text);
++ sscanf(line+length("%%PageOrientation:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "Portrait") == 0) {
+ doc->pages[doc->numpages].orientation = PORTRAIT;
+ } else if (strcmp(text, "Landscape") == 0) {
+ doc->pages[doc->numpages].orientation = LANDSCAPE;
+ } else if (strcmp(text, "UpsideDown") == 0) {
+@@ -850,11 +858,12 @@ continuepage:
+ }
+ }
+ free(cp);
+ } else if ((page_bb_set == NONE || page_bb_set == ATEND) &&
+ iscomment(line+2, "PageBoundingBox:")) {
+- sscanf(line+length("%%PageBoundingBox:"), "%s", text);
++ sscanf(line+length("%%PageBoundingBox:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "(atend)") == 0) {
+ page_bb_set = ATEND;
+ } else {
+ if (sscanf(line+length("%%PageBoundingBox:"), "%d %d %d %d",
+ &(doc->pages[doc->numpages].boundingbox[LLX]),
+@@ -954,22 +963,24 @@ continuepage:
+ doc->boundingbox[URY]++;
+ }
+ }
+ } else if (orientation_set == ATEND &&
+ iscomment(line+2, "Orientation:")) {
+- sscanf(line+length("%%Orientation:"), "%s", text);
++ sscanf(line+length("%%Orientation:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "Portrait") == 0) {
+ doc->orientation = PORTRAIT;
+ } else if (strcmp(text, "Landscape") == 0) {
+ doc->orientation = LANDSCAPE;
+ } else if (strcmp(text, "UpsideDown") == 0) {
+ doc->orientation = UPSIDEDOWN;
+ } else if (strcmp(text, "Seascape") == 0) {
+ doc->orientation = SEASCAPE;
+ }
+ } else if (page_order_set == ATEND && iscomment(line+2, "PageOrder:")) {
+- sscanf(line+length("%%PageOrder:"), "%s", text);
++ sscanf(line+length("%%PageOrder:"), "%256s", text);
++ text[256] = 0;
+ if (strcmp(text, "Ascend") == 0) {
+ doc->pageorder = ASCEND;
+ } else if (strcmp(text, "Descend") == 0) {
+ doc->pageorder = DESCEND;
+ } else if (strcmp(text, "Special") == 0) {
+@@ -1248,13 +1259,16 @@ readline(line, size, fp, position, line_
+ *line_len += nbytes;
+ }
+ *line_len += nbytes;
+ strcpy(line, save);
+ } else if (iscomment(line+7, "Data:")) {
++ int rc = 0;
+ text[0] = '\0';
+ strcpy(save, line+7);
+- if (sscanf(line+length("%%BeginData:"), "%d %*s %s", &num, text) >= 1) {
++ rc = sscanf(line+length("%%BeginData:"), "%d %*s %256s", &num, text);
++ text[256] = 0;
++ if (rc >= 1) {
+ if (strcmp(text, "Lines") == 0) {
+ for (i=0; i < num; i++) {
+ cp = fgets(line, size, fp);
+ *line_len += cp ? strlen(line) : 0;
+ }
+@@ -1323,13 +1337,15 @@ pscopy(from, to, begin, end)
+ fputs(line, to);
+
+ if (!(DSCcomment(line) && iscomment(line+2, "Begin"))) {
+ /* Do nothing */
+ } else if (iscomment(line+7, "Data:")) {
++ int rc = 0;
+ text[0] = '\0';
+- if (sscanf(line+length("%%BeginData:"),
+- "%d %*s %s", &num, text) >= 1) {
++ rc = sscanf(line+length("%%BeginData:"),"%d %*s %256s", &num, text);
++ text[256] = 0;
++ if (rc >= 1) {
+ if (strcmp(text, "Lines") == 0) {
+ for (i=0; i < num; i++) {
+ fgets(line, sizeof line, from);
+ fputs(line, to);
+ }
+@@ -1403,13 +1419,15 @@ pscopyuntil(from, to, begin, end, commen
+ }
+ fputs(line, to);
+ if (!(DSCcomment(line) && iscomment(line+2, "Begin"))) {
+ /* Do nothing */
+ } else if (iscomment(line+7, "Data:")) {
++ int rc = 0;
+ text[0] = '\0';
+- if (sscanf(line+length("%%BeginData:"),
+- "%d %*s %s", &num, text) >= 1) {
++ rc = sscanf(line+length("%%BeginData:"),"%d %*s %256s", &num, text);
++ text[256] = 0;
++ if (rc >= 1) {
+ if (strcmp(text, "Lines") == 0) {
+ for (i=0; i < num; i++) {
+ fgets(line, sizeof line, from);
+ fputs(line, to);
+ }
diff --git a/graphics/kdegraphics2/patches/patch-ac b/graphics/kdegraphics2/patches/patch-ac
new file mode 100644
index 00000000000..b5b2a85137c
--- /dev/null
+++ b/graphics/kdegraphics2/patches/patch-ac
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.3 2002/10/14 11:55:17 markd Exp $
+
+Index: kgv_miniwidget.cpp
+===================================================================
+RCS file: /home/kde/kdegraphics/kghostview/kgv_miniwidget.cpp,v
+retrieving revision 1.100.2.2
+retrieving revision 1.100.2.3
+diff -u -5 -d -p -u -r1.100.2.2 -r1.100.2.3
+--- kghostview/kgv_miniwidget.cpp 2001/11/08 00:35:51 1.100.2.2
++++ kghostview/kgv_miniwidget.cpp 2002/09/27 02:39:53 1.100.2.3
+@@ -527,11 +527,12 @@ bool KGVMiniWidget::psCopyDoc( const QSt
+ here = ftell( from );
+ if( pages_written || pages_atend ) {
+ free( comment );
+ continue;
+ }
+- sscanf( comment + length("%%Pages:" ), "%s", text );
++ sscanf( comment + length("%%Pages:" ), "%256s", text );
++ text[256] = 0;
+ if( strcmp( text, "(atend)" ) == 0 ) {
+ fputs( comment, to );
+ pages_atend = true;
+ }
+ else {