pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2009Q1]: pkgsrc/graphics/kdegraphics3 Pullup ticket #2784 - re...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/fff868459ac1
branches:  pkgsrc-2009Q1
changeset: 556845:fff868459ac1
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jun 04 16:49:29 2009 +0000

description:
Pullup ticket #2784 - requested by markd
kdegraphics3: security patch

Revisions pulled up:
- graphics/kdegraphics3/Makefile                1.81 via patch
- graphics/kdegraphics3/distinfo                1.51
- graphics/kdegraphics3/patches/patch-aa        1.14
- graphics/kdegraphics3/patches/patch-ab        1.11
- graphics/kdegraphics3/patches/patch-ac        1.8
---
Module Name:    pkgsrc
Committed By:   markd
Date:           Wed Jun  3 12:29:43 UTC 2009

Modified Files:
        pkgsrc/graphics/kdegraphics3: Makefile distinfo
Added Files:
        pkgsrc/graphics/kdegraphics3/patches: patch-aa patch-ab patch-ac

Log Message:
Update kpdf to have the xpdf3.02pl patches for the vulnerabilities
reported in CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
CVE-2009-1182 and CVE-2009-1183.
also some patches from poppler for postscript output generation problems
seen here.

diffstat:

 graphics/kdegraphics3/Makefile         |     3 +-
 graphics/kdegraphics3/distinfo         |     5 +-
 graphics/kdegraphics3/patches/patch-aa |   205 ++++++
 graphics/kdegraphics3/patches/patch-ab |    17 +
 graphics/kdegraphics3/patches/patch-ac |  1015 ++++++++++++++++++++++++++++++++
 5 files changed, 1243 insertions(+), 2 deletions(-)

diffs (truncated from 1274 to 300 lines):

diff -r 1a3d087cb6ab -r fff868459ac1 graphics/kdegraphics3/Makefile
--- a/graphics/kdegraphics3/Makefile    Thu Jun 04 08:57:21 2009 +0000
+++ b/graphics/kdegraphics3/Makefile    Thu Jun 04 16:49:29 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.79 2008/07/14 12:56:05 joerg Exp $
+# $NetBSD: Makefile,v 1.79.8.1 2009/06/04 16:49:29 tron Exp $
 
 DISTNAME=      kdegraphics-${_KDE_VERSION}
+PKGREVISION=   2
 CATEGORIES=    graphics
 COMMENT=       Graphics programs for the KDE integrated X11 desktop
 
diff -r 1a3d087cb6ab -r fff868459ac1 graphics/kdegraphics3/distinfo
--- a/graphics/kdegraphics3/distinfo    Thu Jun 04 08:57:21 2009 +0000
+++ b/graphics/kdegraphics3/distinfo    Thu Jun 04 16:49:29 2009 +0000
@@ -1,5 +1,8 @@
-$NetBSD: distinfo,v 1.50 2008/08/27 12:22:10 markd Exp $
+$NetBSD: distinfo,v 1.50.8.1 2009/06/04 16:49:29 tron Exp $
 
 SHA1 (kdegraphics-3.5.10.tar.bz2) = 9634e3ab364d017152fb6d636efad8811aeec6c3
 RMD160 (kdegraphics-3.5.10.tar.bz2) = 94278e4419ab99885fc9efae9b6ba5ba787f831e
 Size (kdegraphics-3.5.10.tar.bz2) = 7440912 bytes
+SHA1 (patch-aa) = e5817f29b7857575dbb375db2388b37214f5d8c6
+SHA1 (patch-ab) = f2aa9e992904add4b95ecf2553a4e1bf9510913f
+SHA1 (patch-ac) = 3738313046fbb69ac527ae472fe5db24bdff3fff
diff -r 1a3d087cb6ab -r fff868459ac1 graphics/kdegraphics3/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/kdegraphics3/patches/patch-aa    Thu Jun 04 16:49:29 2009 +0000
@@ -0,0 +1,205 @@
+$NetBSD: patch-aa,v 1.14.2.2 2009/06/04 16:49:30 tron Exp $
+
+poppler git patch f86514c3fbc867fc6457feacba23451e89993524
+poppler git patch ac16174da1d6f19445f78e7cd7c4a18cb9524dde
+
+--- kpdf/xpdf/xpdf/PSOutputDev.cc.orig 2007-10-08 22:48:37.000000000 +1300
++++ kpdf/xpdf/xpdf/PSOutputDev.cc
+@@ -2547,6 +2547,7 @@ void PSOutputDev::setupImage(Ref id, Str
+   GString *s;
+   int c;
+   int size, line, col, i;
++  int outerSize, outer;
+ 
+   // check if image is already setup
+   for (i = 0; i < imgIDLen; ++i) {
+@@ -2633,56 +2634,72 @@ void PSOutputDev::setupImage(Ref id, Str
+   if (useRLE) {
+     ++size;
+   }
++  outerSize = size/65535 + 1;
++
+   writePSFmt("{0:d} array dup /ImData_{1:d}_{2:d} exch def\n",
+-           size, id.num, id.gen);
++           outerSize, id.num, id.gen);
+   str->close();
+ 
+   // write the data into the array
+   str->reset();
+-  line = col = 0;
+-  writePS((char *)(useASCIIHex ? "dup 0 <" : "dup 0 <~"));
+-  do {
+-    do {
+-      c = str->getChar();
+-    } while (c == '\n' || c == '\r');
+-    if (c == (useASCIIHex ? '>' : '~') || c == EOF) {
+-      break;
+-    }
+-    if (c == 'z') {
+-      writePSChar(c);
+-      ++col;
+-    } else {
+-      writePSChar(c);
+-      ++col;
+-      for (i = 1; i <= (useASCIIHex ? 1 : 4); ++i) {
+-      do {
+-        c = str->getChar();
+-      } while (c == '\n' || c == '\r');
+-      if (c == (useASCIIHex ? '>' : '~') || c == EOF) {
+-        break;
+-      }
++  for (outer = 0;outer < outerSize;outer++) {
++    int innerSize = size > 65535 ? 65535 : size;
++
++    // put the inner array into the outer array
++    writePSFmt("{0:d} array 1 index {1:d} 2 index put\n",
++             innerSize, outer);
++    line = col = 0;
++    writePS((char *)(useASCIIHex ? "dup 0 <" : "dup 0 <~"));
++    for (;;) {
++      do {
++      c = str->getChar();
++      } while (c == '\n' || c == '\r');
++      if (c == (useASCIIHex ? '>' : '~') || c == EOF) {
++      break;
++      }
++      if (c == 'z') {
+       writePSChar(c);
+       ++col;
++      } else {
++      writePSChar(c);
++      ++col;
++      for (i = 1; i <= (useASCIIHex ? 1 : 4); ++i) {
++        do {
++          c = str->getChar();
++        } while (c == '\n' || c == '\r');
++        if (c == (useASCIIHex ? '>' : '~') || c == EOF) {
++          break;
++        }
++        writePSChar(c);
++        ++col;
++      }
++      }
++      // each line is: "dup nnnnn <~...data...~> put<eol>"
++      // so max data length = 255 - 20 = 235
++      // chunks are 1 or 4 bytes each, so we have to stop at 232
++      // but make it 225 just to be safe
++      if (col > 225) {
++      writePS((char *)(useASCIIHex ? "> put\n" : "~> put\n"));
++      ++line;
++      if (line >= innerSize) break;
++      writePSFmt((char *)(useASCIIHex ? "dup {0:d} <" : "dup {0:d} <~"), line);
++      col = 0;
+       }
+     }
+-    // each line is: "dup nnnnn <~...data...~> put<eol>"
+-    // so max data length = 255 - 20 = 235
+-    // chunks are 1 or 4 bytes each, so we have to stop at 232
+-    // but make it 225 just to be safe
+-    if (col > 225) {
++    if (c == (useASCIIHex ? '>' : '~') || c == EOF) {
+       writePS((char *)(useASCIIHex ? "> put\n" : "~> put\n"));
+-      ++line;
+-      writePSFmt((char *)(useASCIIHex ? "dup {0:d} <" : "dup {0:d} <~"), line);
+-      col = 0;
++      if (useRLE) {
++      ++line;
++      writePSFmt("{0:d} <> put\n", line);
++      } else {
++      writePS("pop\n");
++      }
++      break;
+     }
+-  } while (c != (useASCIIHex ? '>' : '~') && c != EOF);
+-  writePS((char *)(useASCIIHex ? "> put\n" : "~> put\n"));
+-  if (useRLE) {
+-    ++line;
+-    writePSFmt("{0:d} <> put\n", line);
+-  } else {
+     writePS("pop\n");
++    size -= innerSize;
+   }
++  writePS("pop\n");
+   str->close();
+ 
+   delete str;
+@@ -4299,8 +4316,10 @@ void PSOutputDev::doImageL1(Object *ref,
+       str->close();
+       delete str;
+     } else {
++      // make sure the image is setup, it sometimes is not like on bug #17645
++      setupImage(ref->getRef(), str);
+       // set up to use the array already created by setupImages()
+-      writePSFmt("ImData_{0:d}_{1:d} 0\n", ref->getRefNum(), ref->getRefGen());
++      writePSFmt("ImData_{0:d}_{1:d} 0 0\n", ref->getRefNum(), ref->getRefGen());
+     }
+   }
+ 
+@@ -4760,8 +4779,10 @@ void PSOutputDev::doImageL2(Object *ref,
+       str2->close();
+       delete str2;
+     } else {
++      // make sure the image is setup, it sometimes is not like on bug #17645
++      setupImage(ref->getRef(), str);
+       // set up to use the array already created by setupImages()
+-      writePSFmt("ImData_{0:d}_{1:d} 0\n", ref->getRefNum(), ref->getRefGen());
++      writePSFmt("ImData_{0:d}_{1:d} 0 0\n",ref->getRefNum(), ref->getRefGen());
+     }
+   }
+ 
+@@ -4815,7 +4836,12 @@ void PSOutputDev::doImageL2(Object *ref,
+ 
+   // data source
+   if (mode == psModeForm || inType3Char || preload) {
+-    writePS("  /DataSource { 2 copy get exch 1 add exch }\n");
++    if (inlineImg) {
++      writePS("  /DataSource { 2 copy get exch 1 add exch }\n");
++    } else {
++      writePS("  /DataSource { dup 65535 ge { pop 1 add 0 } if 2 index 2"
++      " index get 1 index get exch 1 add exch }\n");
++    }
+   } else {
+     writePS("  /DataSource currentfile\n");
+   }
+@@ -4854,6 +4880,7 @@ void PSOutputDev::doImageL2(Object *ref,
+     writePSFmt(">>\n{0:s}\n", colorMap ? "image" : "imagemask");
+ 
+     // get rid of the array and index
++    if (!inlineImg) writePS("pop ");
+     writePS("pop pop\n");
+ 
+   } else {
+@@ -5028,8 +5055,10 @@ void PSOutputDev::doImageL3(Object *ref,
+       str2->close();
+       delete str2;
+     } else {
++      // make sure the image is setup, it sometimes is not like on bug #17645
++      setupImage(ref->getRef(), str);
+       // set up to use the array already created by setupImages()
+-      writePSFmt("ImData_{0:d}_{1:d} 0\n", ref->getRefNum(), ref->getRefGen());
++      writePSFmt("ImData_{0:d}_{1:d} 0 0\n", ref->getRefNum(), ref->getRefGen());
+     }
+   }
+ 
+@@ -5100,7 +5129,12 @@ void PSOutputDev::doImageL3(Object *ref,
+ 
+   // data source
+   if (mode == psModeForm || inType3Char || preload) {
+-    writePS("  /DataSource { 2 copy get exch 1 add exch }\n");
++    if (inlineImg) {
++      writePS("  /DataSource { 2 copy get exch 1 add exch }\n");
++    } else {
++      writePS("  /DataSource { dup 65535 ge { pop 1 add 0 } if 2 index 2"
++        " index get 1 index get exch 1 add exch }\n");
++    }
+   } else {
+     writePS("  /DataSource currentfile\n");
+   }
+@@ -5236,6 +5270,7 @@ void PSOutputDev::doImageL3(Object *ref,
+ 
+   // get rid of the array and index
+   if (mode == psModeForm || inType3Char || preload) {
++    if (!inlineImg) writePS("pop ");
+     writePS("pop pop\n");
+ 
+   // image data
diff -r 1a3d087cb6ab -r fff868459ac1 graphics/kdegraphics3/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/kdegraphics3/patches/patch-ab    Thu Jun 04 16:49:29 2009 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ab,v 1.11.2.2 2009/06/04 16:49:30 tron Exp $
+
+xpdf 3.02pl3 by way of poppler git 9f1312f3d7dfa7e536606a7c7296b7c876b11c00
+
+--- kpdf/xpdf/xpdf/JBIG2Stream.h.orig  2007-05-14 19:39:30.000000000 +1200
++++ kpdf/xpdf/xpdf/JBIG2Stream.h
+@@ -78,6 +78,10 @@ private:
+                            Guint *refSegs, Guint nRefSegs);
+   void readGenericRegionSeg(Guint segNum, GBool imm,
+                           GBool lossless, Guint length);
++  void mmrAddPixels(int a1, int blackPixels,
++                  int *codingLine, int *a0i, int w);
++  void mmrAddPixelsNeg(int a1, int blackPixels,
++                     int *codingLine, int *a0i, int w);
+   JBIG2Bitmap *readGenericBitmap(GBool mmr, int w, int h,
+                                int templ, GBool tpgdOn,
+                                GBool useSkip, JBIG2Bitmap *skip,
diff -r 1a3d087cb6ab -r fff868459ac1 graphics/kdegraphics3/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/kdegraphics3/patches/patch-ac    Thu Jun 04 16:49:29 2009 +0000
@@ -0,0 +1,1015 @@
+$NetBSD: patch-ac,v 1.8.2.2 2009/06/04 16:49:30 tron Exp $
+
+xpdf 3.02pl3 by way of poppler git 9f1312f3d7dfa7e536606a7c7296b7c876b11c00
+also poppler git 305af8cdb6822858e152e1f930bba2ce3904bf1b
+
+--- kpdf/xpdf/xpdf/JBIG2Stream.cc.orig 2008-08-20 06:12:37.000000000 +1200
++++ kpdf/xpdf/xpdf/JBIG2Stream.cc
+@@ -422,12 +422,14 @@ void JBIG2HuffmanDecoder::buildTable(JBI
+   table[i] = table[len];
+ 
+   // assign prefixes
+-  i = 0;
+-  prefix = 0;
+-  table[i++].prefix = prefix++;
+-  for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
+-    prefix <<= table[i].prefixLen - table[i-1].prefixLen;
+-    table[i].prefix = prefix++;
++  if (table[0].rangeLen != jbig2HuffmanEOT) {
++    i = 0;
++    prefix = 0;
++    table[i++].prefix = prefix++;
++    for (; table[i].rangeLen != jbig2HuffmanEOT; ++i) {
++      prefix <<= table[i].prefixLen - table[i-1].prefixLen;
++      table[i].prefix = prefix++;
++    }
+   }
+ }
+ 
+@@ -491,7 +493,7 @@ int JBIG2MMRDecoder::get2DCode() {
+   }
+   if (p->bits < 0) {
+     error(str->getPos(), "Bad two dim code in JBIG2 MMR stream");
+-    return 0;
++    return EOF;
+   }
+   bufLen -= p->bits;
+   return p->n;
+@@ -668,6 +670,7 @@ public:
+   void combine(JBIG2Bitmap *bitmap, int x, int y, Guint combOp);
+   Guchar *getDataPtr() { return data; }
+   int getDataSize() { return h * line; }



Home | Main Index | Thread Index | Old Index