Fixes for CVE-2010-3702 and CVE-2010-3704 via the patches for xpdf.

2010-10-25 19:30:04 +00:00 · 2010-10-25 19:30:04 +00:00 · ef5119cabd
commit ef5119cabd
parent 032f9b9f32
4 changed files with 57 additions and 3 deletions
--- a/graphics/kdegraphics3/Makefile
+++ b/graphics/kdegraphics3/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.87 2010/07/14 11:11:15 sbd Exp $
+# $NetBSD: Makefile,v 1.88 2010/10/25 19:30:04 markd Exp $

 DISTNAME=	kdegraphics-${_KDE_VERSION}
-PKGREVISION=	8
+PKGREVISION=	9
 CATEGORIES=	graphics
 COMMENT=	Graphics programs for the KDE integrated X11 desktop

--- a/graphics/kdegraphics3/distinfo
+++ b/graphics/kdegraphics3/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2009/06/03 12:29:42 markd Exp $
+$NetBSD: distinfo,v 1.52 2010/10/25 19:30:04 markd Exp $

 SHA1 (kdegraphics-3.5.10.tar.bz2) = 9634e3ab364d017152fb6d636efad8811aeec6c3
 RMD160 (kdegraphics-3.5.10.tar.bz2) = 94278e4419ab99885fc9efae9b6ba5ba787f831e
@ -6,3 +6,5 @@ Size (kdegraphics-3.5.10.tar.bz2) = 7440912 bytes
 SHA1 (patch-aa) = e5817f29b7857575dbb375db2388b37214f5d8c6
 SHA1 (patch-ab) = f2aa9e992904add4b95ecf2553a4e1bf9510913f
 SHA1 (patch-ac) = 3738313046fbb69ac527ae472fe5db24bdff3fff
+SHA1 (patch-ad) = 39f9af23006d6b8d09d0ecbb83a382df6b125152
+SHA1 (patch-ae) = e1984e4441f2b96697ae7a17028bd59bacb7cc73
--- a/graphics/kdegraphics3/patches/patch-ad
+++ b/graphics/kdegraphics3/patches/patch-ad
@ -0,0 +1,22 @@
+$NetBSD: patch-ad,v 1.8 2010/10/25 19:30:04 markd Exp $
+
+Fix for CVE-2010-3702
+
+--- kpdf/xpdf/xpdf/Gfx.cc.orig	2008-02-13 09:37:05.000000000 +0000
+++ kpdf/xpdf/xpdf/Gfx.cc
+@@ -443,6 +443,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, i
+ 
+   xref = xrefA;
+   subPage = gFalse;
+  parser = NULL;
+   printCommands = globalParams->getPrintCommands();
+ 
+   // start the resource stack
+@@ -485,6 +486,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, D
+ 
+   xref = xrefA;
+   subPage = gTrue;
+  parser=NULL;
+   printCommands = globalParams->getPrintCommands();
+ 
+   // start the resource stack
--- a/graphics/kdegraphics3/patches/patch-ae
+++ b/graphics/kdegraphics3/patches/patch-ae
@ -0,0 +1,30 @@
+$NetBSD: patch-ae,v 1.3 2010/10/25 19:30:04 markd Exp $
+
+Fix for CVE-2010-3704
+
+--- kpdf/xpdf/fofi/FoFiType1.cc.orig	2007-05-14 07:39:30.000000000 +0000
+++ kpdf/xpdf/fofi/FoFiType1.cc
+@@ -18,6 +18,14 @@
+ #include "FoFiEncodings.h"
+ #include "FoFiType1.h"
+ 
+#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
+# define likely(x)      __builtin_expect((x), 1)
+# define unlikely(x)    __builtin_expect((x), 0)
+#else
+# define likely(x)      (x)
+# define unlikely(x)    (x)
+#endif
+
+ //------------------------------------------------------------------------
+ // FoFiType1
+ //------------------------------------------------------------------------
+@@ -224,7 +232,7 @@ void FoFiType1::parse() {
+ 		code = code * 8 + (*p2 - '0');
+ 	      }
+ 	    }
+-	    if (code < 256) {
+	    if (likely(code < 256 && code >= 0)) {
+ 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ 	      if (*p == '/') {
+ 		++p;