Patch vulnerability in imported xpdf code. Bump PORTREVISION.

Approved by:	pav(mentor, gnome hat)
References:	http://www.vuxml.org/freebsd/e3e266e9-5473-11d9-a9e7-0001020eed82.html

2 files changed, 37 insertions, 0 deletions

diff --git a/graphics/gpdf/Makefile b/graphics/gpdf/Makefile
index b24cd1e789c0..5a62dc913300 100644
--- a/graphics/gpdf/Makefile
+++ b/graphics/gpdf/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	gpdf
 PORTVERSION=	2.8.1
+PORTREVISION=	1
 CATEGORIES=	graphics print gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	sources/${PORTNAME}/2.8
diff --git a/graphics/gpdf/files/patch-xpdf_gpdf-glx.cc b/graphics/gpdf/files/patch-xpdf_gpdf-glx.cc
new file mode 100644
index 000000000000..b7fc74eacb15
--- /dev/null
+++ b/graphics/gpdf/files/patch-xpdf_gpdf-glx.cc
@@ -0,0 +1,36 @@
+--- xpdf/Gfx.cc	Mon May 17 21:37:57 2004
++++ xpdf/Gfx.cc	Fri Dec 24 17:01:42 2004
+@@ -2654,7 +2654,9 @@
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++	   i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++	   ++i) {
+ 	maskObj.arrayGet(i, &obj1);
+ 	maskColors[i] = obj1.getInt();
+ 	obj1.free();
+--- xpdf/GfxState.cc	Mon May 17 21:37:57 2004
++++ xpdf/GfxState.cc	Fri Dec 24 17:01:42 2004
+@@ -714,6 +714,11 @@
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++	  nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {
+@@ -1060,7 +1065,7 @@
+   }
+   nCompsA = obj1.arrayGetLength();
+   if (nCompsA > gfxColorMaxComps) {
+-    error(-1, "DeviceN color space with more than %d > %d components",
++    error(-1, "DeviceN color space with too many (%d > %d) components",
+ 	  nCompsA, gfxColorMaxComps);
+     nCompsA = gfxColorMaxComps;
+   }