Patch applied according to #115851.

(Portage version: 2.0.53)
author: Carsten Lohrke <carlo@gentoo.org> 2005-12-20 17:29:23 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2005-12-20 17:29:23 +0000
commit: c71498f43434bda0027f308ef7d5d73fc27d69dc (patch)
tree: 49498c71f7bb84be341618b80a472ffcf4c2f6d9 /app-office/koffice/files
parent: Remove QtAssistant manual installation (it looks to me like it's handled now)... (diff)
download: gentoo-2-c71498f43434bda0027f308ef7d5d73fc27d69dc.tar.gz
gentoo-2-c71498f43434bda0027f308ef7d5d73fc27d69dc.tar.bz2
gentoo-2-c71498f43434bda0027f308ef7d5d73fc27d69dc.zip
3 files changed, 130 insertions, 6 deletions
diff --git a/app-office/koffice/files/digest-koffice-1.4.2-r6 b/app-office/koffice/files/digest-koffice-1.4.2-r6
new file mode 100644
index 000000000000..a054824ae545
--- /dev/null
+++ b/app-office/koffice/files/digest-koffice-1.4.2-r6
@@ -0,0 +1 @@
+MD5 6b456fb7d54c84b11396b27a96ae0cf8 koffice-1.4.2.tar.bz2 19486852
diff --git a/app-office/koffice/files/digest-koffice-1.4.2-r7 b/app-office/koffice/files/digest-koffice-1.4.2-r7
new file mode 100644
index 000000000000..a054824ae545
--- /dev/null
+++ b/app-office/koffice/files/digest-koffice-1.4.2-r7
@@ -0,0 +1 @@
+MD5 6b456fb7d54c84b11396b27a96ae0cf8 koffice-1.4.2.tar.bz2 19486852
diff --git a/app-office/koffice/files/post-1.3-koffice-CAN-2005-3193.diff b/app-office/koffice/files/post-1.3-koffice-CAN-2005-3193.diff
index 57fee5c3757f..b1f436e9781f 100644
--- a/app-office/koffice/files/post-1.3-koffice-CAN-2005-3193.diff
+++ b/app-office/koffice/files/post-1.3-koffice-CAN-2005-3193.diff
@@ -1,7 +1,87 @@
+Index: filters/kword/pdf/xpdf/xpdf/JBIG2Stream.cc
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/JBIG2Stream.cc	(revision 409205)
++++ filters/kword/pdf/xpdf/xpdf/JBIG2Stream.cc	(revision 488234)
+@@ -7,6 +7,7 @@
+ //========================================================================
+ 
+ #include <aconf.h>
++#include <limits.h>
+ 
+ #ifdef USE_GCC_PRAGMAS
+ #pragma implementation
+@@ -977,6 +978,13 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, 
+   w = wA;
+   h = hA;
+   line = (wA + 7) >> 3;
++
++  if (h < 0 || line <= 0 || h >= INT_MAX / line) {
++    error(-1, "invalid width/height");
++    data = NULL;
++    return;
++  }
++
+   data = (Guchar *)gmalloc(h * line);
+ }
+ 
+@@ -986,6 +994,13 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, 
+   w = bitmap->w;
+   h = bitmap->h;
+   line = bitmap->line;
++
++  if (h < 0 || line <= 0 || h >= INT_MAX / line) {
++    error(-1, "invalid width/height");
++    data = NULL;
++    return;
++  }
++
+   data = (Guchar *)gmalloc(h * line);
+   memcpy(data, bitmap->data, h * line);
+ }
+@@ -1012,7 +1027,10 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint
+ }
+ 
+ void JBIG2Bitmap::expand(int newH, Guint pixel) {
+-  if (newH <= h) {
++  if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
++    error(-1, "invalid width/height");
++    gfree(data);
++    data = NULL;
+     return;
+   }
+   data = (Guchar *)grealloc(data, newH * line);
+@@ -2505,6 +2523,15 @@ void JBIG2Stream::readHalftoneRegionSeg(
+     error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
+     return;
+   }
++  if (gridH == 0 || gridW >= INT_MAX / gridH) {
++    error(getPos(), "Bad size in JBIG2 halftone segment");
++    return;
++  }
++  if (w == 0 || h >= INT_MAX / w) {
++     error(getPos(), "Bad size in JBIG2 bitmap segment");
++    return;
++  }
++
+   patternDict = (JBIG2PatternDict *)seg;
+   bpp = 0;
+   i = 1;
+@@ -3078,6 +3105,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef
+   Guint ltpCX, cx, cx0, cx2, cx3, cx4, tpgrCX0, tpgrCX1, tpgrCX2;
+   int x, y, pix;
+ 
++  if (w < 0 || h <= 0 || w >= INT_MAX / h) {
++    error(-1, "invalid width/height");
++    return NULL;
++  }
++
+   bitmap = new JBIG2Bitmap(0, w, h);
+   bitmap->clearToZero();
+ 
 Index: filters/kword/pdf/xpdf/xpdf/Stream.cc
 ===================================================================
 --- filters/kword/pdf/xpdf/xpdf/Stream.cc	(revision 409205)
-+++ filters/kword/pdf/xpdf/xpdf/Stream.cc	(revision 487205)
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc	(revision 488234)
 @@ -15,6 +15,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -50,40 +130,82 @@ Index: filters/kword/pdf/xpdf/xpdf/Stream.cc
    } else {
      pred = NULL;
    }
-@@ -2861,6 +2881,10 @@ GBool DCTStream::readBaselineSOF() {
+@@ -1227,6 +1247,11 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
+   endOfLine = endOfLineA;
+   byteAlign = byteAlignA;
+   columns = columnsA;
++  if (columns < 1 || columns + 2 < 0 || columns + 3 < 0 ||
++	  (columns + 2) >= INT_MAX / sizeof(short) || (columns + 3) >= INT_MAX / sizeof(short)) {
++    error(-1, "invalid number of columns");
++    exit(1);
++  }
+   rows = rowsA;
+   endOfBlock = endOfBlockA;
+   black = blackA;
+@@ -2861,6 +2886,11 @@ GBool DCTStream::readBaselineSOF() {
    height = read16();
    width = read16();
    numComps = str->getChar();
 +  if (numComps <= 0 || numComps > 4) {
++     numComps = 0;
 +     error(getPos(), "Bad number of components in DCT stream");
 +     return gFalse;
 +  }
    if (prec != 8) {
      error(getPos(), "Bad DCT precision %d", prec);
      return gFalse;
-@@ -2887,6 +2911,10 @@ GBool DCTStream::readProgressiveSOF() {
+@@ -2887,6 +2917,11 @@ GBool DCTStream::readProgressiveSOF() {
    height = read16();
    width = read16();
    numComps = str->getChar();
 +  if (numComps <= 0 || numComps > 4) {
++     numComps = 0;
 +     error(getPos(), "Bad number of components in DCT stream");
 +     return gFalse;
 +  }
    if (prec != 8) {
      error(getPos(), "Bad DCT precision %d", prec);
      return gFalse;
-@@ -2909,6 +2937,10 @@ GBool DCTStream::readScanInfo() {
+@@ -2909,6 +2944,11 @@ GBool DCTStream::readScanInfo() {
  
    length = read16() - 2;
    scanInfo.numComps = str->getChar();
 +  if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
++     scanInfo.numComps = 0;
 +     error(getPos(), "Bad number of components in DCT stream");
 +     return gFalse;
 +  }
    --length;
    if (length != 2 * scanInfo.numComps + 3) {
      error(getPos(), "Bad DCT scan info block");
-@@ -3179,6 +3211,10 @@ FlateStream::FlateStream(Stream *strA, i
+@@ -2976,12 +3016,12 @@ GBool DCTStream::readHuffmanTables() {
+   while (length > 0) {
+     index = str->getChar();
+     --length;
+-    if ((index & 0x0f) >= 4) {
++    if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
+       error(getPos(), "Bad DCT Huffman table");
+       return gFalse;
+     }
+     if (index & 0x10) {
+-      index &= 0x0f;
++      index &= 0x03;
+       if (index >= numACHuffTables)
+ 	numACHuffTables = index+1;
+       tbl = &acHuffTables[index];
+@@ -3069,9 +3109,11 @@ int DCTStream::readMarker() {
+   do {
+     do {
+       c = str->getChar();
++      if(c == EOF) return EOF;
+     } while (c != 0xff);
+     do {
+       c = str->getChar();
++      if(c == EOF) return EOF;
+     } while (c == 0xff);
+   } while (c == 0x00);
+   return c;
+@@ -3179,6 +3221,10 @@ FlateStream::FlateStream(Stream *strA, i
      FilterStream(strA) {
    if (predictor != 1) {
      pred = new StreamPredictor(this, predictor, columns, colors, bits);
@@ -97,7 +219,7 @@ Index: filters/kword/pdf/xpdf/xpdf/Stream.cc
 Index: filters/kword/pdf/xpdf/xpdf/Stream.h
 ===================================================================
 --- filters/kword/pdf/xpdf/xpdf/Stream.h	(revision 409205)
-+++ filters/kword/pdf/xpdf/xpdf/Stream.h	(revision 487205)
++++ filters/kword/pdf/xpdf/xpdf/Stream.h	(revision 488234)
 @@ -227,6 +227,7 @@ public:
  
    int lookChar();
author	Carsten Lohrke <carlo@gentoo.org>	2005-12-20 17:29:23 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2005-12-20 17:29:23 +0000
commit	c71498f43434bda0027f308ef7d5d73fc27d69dc (patch)
tree	49498c71f7bb84be341618b80a472ffcf4c2f6d9 /app-office/koffice/files
parent	Remove QtAssistant manual installation (it looks to me like it's handled now)... (diff)
download	gentoo-2-c71498f43434bda0027f308ef7d5d73fc27d69dc.tar.gz gentoo-2-c71498f43434bda0027f308ef7d5d73fc27d69dc.tar.bz2 gentoo-2-c71498f43434bda0027f308ef7d5d73fc27d69dc.zip