KOFFICE_1_3_BRANCH: koffice/debian
CVS commit by benb:
Use the koffice patch, not the debian patch.
M +6 -5 changelog 1.149.2.20
M +15 -44 patches/xpdf3.diff 1.1.2.2
--- koffice/debian/changelog #1.149.2.19:1.149.2.20
@@ -1,13 +1,14 @@
koffice (1:1.3.5-2) unstable; urgency=high
- * Yet another xpdf security fix. This time a buffer overflow in the
- Decrypt::makeFileKey2 function from the xpdf sources has been fixed
- (closes: #291245). See the following URL for further information:
- - http://www.kde.org/info/security/advisory-20050119-1.txt
+ * Yet another xpdf security fix. This time a buffer overflow has been
+ fixed relating to an invalid key length (closes: #291245). See the
+ following URLs for further information:
+ - http://www.koffice.org/security/advisory-20050120-1.txt
+ - http://www.kde.org/info/security/advisory-20050120-1.txt
References: CAN-2005-0064, DSA-648
* Added CAN and DSA reference numbers to the previous changelog entry
for easier tracking.
- -- Ben Burton <bab@debian.org> Fri, 21 Jan 2005 02:02:46 +1100
+ -- Ben Burton <bab@debian.org> Sat, 22 Jan 2005 01:48:18 +1100
koffice (1:1.3.5-1) unstable; urgency=high
--- koffice/debian/patches/xpdf3.diff #1.1.2.1:1.1.2.2
@@ -1,44 +1,15 @@
---- koffice/filters/kword/pdf/xpdf/xpdf/Decrypt.cc
-+++ koffice/filters/kword/pdf/xpdf/xpdf/Decrypt.cc
-@@ -73,6 +73,11 @@
- Guchar fx, fy;
- int len, i, j;
-
-+ // check whether we have non-zero keyLength
-+ if ( !keyLength ) {
-+ return gFalse;
-+ }
-+
- // try using the supplied owner password to generate the user password
- if (ownerPassword) {
- len = ownerPassword->getLength();
-@@ -100,7 +105,7 @@
- } else {
- memcpy(test2, ownerKey->getCString(), 32);
- for (i = 19; i >= 0; --i) {
-- for (j = 0; j < keyLength; ++j) {
-+ for (j = 0; j < keyLength && j < 16; ++j) {
- tmpKey[j] = test[j] ^ i;
- }
- rc4InitKey(tmpKey, keyLength, fState);
-@@ -137,6 +142,11 @@
- int len, i, j;
- GBool ok;
-
-+ // check whether we have non-zero keyLength
-+ if ( !keyLength ) {
-+ return gFalse;
-+ }
-+
- // generate file key
- buf = (Guchar *)gmalloc(68 + fileID->getLength());
- if (userPassword) {
-@@ -174,7 +184,7 @@
- } else if (encRevision == 3) {
- memcpy(test, userKey->getCString(), 32);
- for (i = 19; i >= 0; --i) {
-- for (j = 0; j < keyLength; ++j) {
-+ for (j = 0; j < keyLength && j < 16; ++j) {
- tmpKey[j] = fileKey[j] ^ i;
- }
- rc4InitKey(tmpKey, keyLength, fState);
+--- koffice/filters/kword/pdf/xpdf/xpdf/XRef.cc 30 Oct 2004 16:35:33 -0000 1.6
++++ koffice/filters/kword/pdf/xpdf/xpdf/XRef.cc 20 Jan 2005 17:36:38 -0000 1.8
+@@ -501,6 +501,12 @@ GBool XRef::checkEncrypted(GString *owne
+ } else {
+ keyLength = 5;
+ }
++ if (keyLength < 1) {
++ keyLength = 1;
++ }
++ if (keyLength > 16) {
++ keyLength = 16;
++ }
+ permFlags = permissions.getInt();
+ if (encVersion >= 1 && encVersion <= 2 &&
+ encRevision >= 2 && encRevision <= 3) {
Reply to: