# ChangeLog for kde-base/kpdf
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.121 2007/01/17 12:44:09 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.122 2007/01/27 17:19:33 flameeyes Exp $
+
+*kpdf-3.5.6-r1 (27 Jan 2007)
+*kpdf-3.5.5-r1 (27 Jan 2007)
+
+ 27 Jan 2007; Diego Pettenò <flameeyes@gentoo.org>
+ -files/post-3.4.3-kdegraphics-CAN-2005-3193.diff,
+ -files/post-3.4.3-kdegraphics-CVE-2006-0301.diff,
+ +files/post-3.5.5-kdegraphics-CVE-2007-0104.diff, +kpdf-3.5.5-r1.ebuild,
+ +kpdf-3.5.6-r1.ebuild:
+ As the current situation with Gentoo KDE team and KPDF developers changed
+ since we originally decided to use KUbuntu's patch for Poppler, add two
+ testing revisions of kpdf that are vanilla. For 3.5.5 version, add the patch
+ to fix last week's security problem too. Remove old patches in the mean
+ time.
17 Jan 2007; Diego Pettenò <flameeyes@gentoo.org>
files/digest-kpdf-3.5.6, Manifest:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-AUX post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685 RMD160 77e176e272746f9fb99506b3a3dc32e7b17401e3 SHA1 1e323c4cc1210fb380746b897dc1bc3452043c5a SHA256 62da36cf89ea7a9a03a32dc6d96b27e1ee66d24798eb302902ffe6f80e8adfc0
-MD5 e8dde74416769d4589dcca25072aea3e files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685
-RMD160 77e176e272746f9fb99506b3a3dc32e7b17401e3 files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685
-SHA256 62da36cf89ea7a9a03a32dc6d96b27e1ee66d24798eb302902ffe6f80e8adfc0 files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685
-AUX post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775 RMD160 8245dc7b6ae38c8f320ced7b12c978bf266ffce5 SHA1 91667f793df9ecee48db6218914fa9fe462235a9 SHA256 6c72956c3c2a8d6ee3c1722184428309ec277172ecd422b25169aaa58b109915
-MD5 ebbce0a49537b694932b3c0efcf18261 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775
-RMD160 8245dc7b6ae38c8f320ced7b12c978bf266ffce5 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775
-SHA256 6c72956c3c2a8d6ee3c1722184428309ec277172ecd422b25169aaa58b109915 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775
+AUX post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366 RMD160 27d47660b189b5956f70baf0666ce0ec563e22ea SHA1 885eee20b7afe720e59276ae155f7804f5cd1d55 SHA256 3bfaba3c19087ab94e1a719e4ca0332bb807a019a97f3b2886721390917e3daa
+MD5 a690ce46117257609c2b43485ea4d0d7 files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366
+RMD160 27d47660b189b5956f70baf0666ce0ec563e22ea files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366
+SHA256 3bfaba3c19087ab94e1a719e4ca0332bb807a019a97f3b2886721390917e3daa files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366
DIST kdegraphics-3.5.2.tar.bz2 7288264 RMD160 cf2fce91b76af7d570b20f336ba551c5c3bd767f SHA1 80703d46fd90b7ab95f92d7b7c411a04f431d13b SHA256 b33e26d99188f0aee2dc0ff95923a1c1bca7f2a2510a1f761b155b8d2781e64f
DIST kdegraphics-3.5.5.tar.bz2 7334117 RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f SHA1 e063f9351e2781cc6a5d23834611fc7dc7dc4fbd SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16
DIST kdegraphics-3.5.6.tar.bz2 7332938 RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 SHA1 481d3f3733c042f7dfe7d9fc6620d17f8b945957 SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f
MD5 8eeb7f08d6215e70eb2ea469c4d66c00 kpdf-3.5.2.ebuild 1262
RMD160 bd646e96f44aace8380f76afb42cd634757e6b30 kpdf-3.5.2.ebuild 1262
SHA256 173bd30d51cda8efe2c06101687bc17cda554bdfaa3fa75f30d6dbc7bc218aa8 kpdf-3.5.2.ebuild 1262
+EBUILD kpdf-3.5.5-r1.ebuild 1232 RMD160 375233216bcea0296b1f405c17130fd4d0c4d31b SHA1 ac770d11669ad5879031c74a4e9f49bffba639db SHA256 43dbcd9ce5d84835a0e95773bfea44621b94ba288061c73751b7dcea6e6dc373
+MD5 0d0b28142ed643154898ddfe5c2d221a kpdf-3.5.5-r1.ebuild 1232
+RMD160 375233216bcea0296b1f405c17130fd4d0c4d31b kpdf-3.5.5-r1.ebuild 1232
+SHA256 43dbcd9ce5d84835a0e95773bfea44621b94ba288061c73751b7dcea6e6dc373 kpdf-3.5.5-r1.ebuild 1232
EBUILD kpdf-3.5.5.ebuild 1283 RMD160 344af8c4400470d162a169f86567e3f75656bd93 SHA1 6bbd9270ff3ac3ef6b96469e587ef5fa61655aac SHA256 f59b2cc139e697e2d69a4c7f519786a8d32f650134ad7eaf7f44e69570566bea
MD5 6a0b14143a1931df1894b7a02251631c kpdf-3.5.5.ebuild 1283
RMD160 344af8c4400470d162a169f86567e3f75656bd93 kpdf-3.5.5.ebuild 1283
SHA256 f59b2cc139e697e2d69a4c7f519786a8d32f650134ad7eaf7f44e69570566bea kpdf-3.5.5.ebuild 1283
+EBUILD kpdf-3.5.6-r1.ebuild 1167 RMD160 8cb96ddd8248dcfe4174e17caa8905109a8790cd SHA1 e9d1191f51a12333db15294f532cc28c534bdbec SHA256 67ea1ab1924880311eb7154ac86693ad7eb38fe877718d26cc5bde930783ad5e
+MD5 241d583490cd2aa997d09706d6197a5f kpdf-3.5.6-r1.ebuild 1167
+RMD160 8cb96ddd8248dcfe4174e17caa8905109a8790cd kpdf-3.5.6-r1.ebuild 1167
+SHA256 67ea1ab1924880311eb7154ac86693ad7eb38fe877718d26cc5bde930783ad5e kpdf-3.5.6-r1.ebuild 1167
EBUILD kpdf-3.5.6.ebuild 1271 RMD160 f7537b0f1856e71d7249c0ff879b0629bf1a5bd9 SHA1 c23af9c8f511cbd91bec1851f0239e4a45255f28 SHA256 fa1c5aede5db13e2951262acaf25bdda946598690a0a6d8420349b15f6fd8a3d
MD5 87cbc31c4aa8cb6655cd4bf1dc38d120 kpdf-3.5.6.ebuild 1271
RMD160 f7537b0f1856e71d7249c0ff879b0629bf1a5bd9 kpdf-3.5.6.ebuild 1271
SHA256 fa1c5aede5db13e2951262acaf25bdda946598690a0a6d8420349b15f6fd8a3d kpdf-3.5.6.ebuild 1271
-MISC ChangeLog 16223 RMD160 77969da3a96196495d713da97fbae7dd30264bba SHA1 4655f79b54deae65d4976b62eb478510c187eadd SHA256 9166a693c022a19c54782c612403d70e4ce35242266cba1472960ac6e1f69947
-MD5 3c0901e751aacc5f114dec220dcdceb1 ChangeLog 16223
-RMD160 77969da3a96196495d713da97fbae7dd30264bba ChangeLog 16223
-SHA256 9166a693c022a19c54782c612403d70e4ce35242266cba1472960ac6e1f69947 ChangeLog 16223
+MISC ChangeLog 16851 RMD160 9c852683edcd91d8321dc8e3db4851c147cf6b95 SHA1 6713ee76c3f64620dcc45dcf233efcf7346d9c6e SHA256 1fd15ad19fc1502f58d6e888eb7b42a1498561e1ab90d591d1c3d668c4605b20
+MD5 d653e83951fbec91c0a5be5a57bf4889 ChangeLog 16851
+RMD160 9c852683edcd91d8321dc8e3db4851c147cf6b95 ChangeLog 16851
+SHA256 1fd15ad19fc1502f58d6e888eb7b42a1498561e1ab90d591d1c3d668c4605b20 ChangeLog 16851
MISC metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 SHA1 b64f7c0b4e5db816d82ad19848f72118af129d35 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a
MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 metadata.xml 156
MD5 3b9cbd63f909e817f24fa89232add1bb files/digest-kpdf-3.5.5 530
RMD160 5de1c169b2eb3719321a551cbedce3dfebb548d9 files/digest-kpdf-3.5.5 530
SHA256 39bcb2efbd35d5482ca8b69fa95e68b60e0b8e6cef77e41f219ec52670ffe996 files/digest-kpdf-3.5.5 530
+MD5 a3aaa0343f00484f85258058e8ac348c files/digest-kpdf-3.5.5-r1 259
+RMD160 2a9a22c3f7376170cd8d44cb1979ef76636fb43d files/digest-kpdf-3.5.5-r1 259
+SHA256 5f1d4470a3e6814d9f1f1ccbaaa1dc86001c6d16985f48f21c1063a2b5968686 files/digest-kpdf-3.5.5-r1 259
MD5 aa4615eef496feeffffb91753c8c1d77 files/digest-kpdf-3.5.6 518
RMD160 cf0ab5c2f07e9a15318dcc5bfcc4a2c9442f64c3 files/digest-kpdf-3.5.6 518
SHA256 69d3b3856ba4a44987bcab7a4722f2b59798078a6681170753b41180ea1a3c96 files/digest-kpdf-3.5.6 518
+MD5 84871ccbdb3c5b89fdc0bb1c1175faa6 files/digest-kpdf-3.5.6-r1 259
+RMD160 b68729ada6badaf6558bafcbb091a3701068fcc7 files/digest-kpdf-3.5.6-r1 259
+SHA256 585aa29db716746963d4e4383f027d3afd88cc73550bdb8010fd688152b7afd8 files/digest-kpdf-3.5.6-r1 259
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)
-iD8DBQFFrhogAiZjviIA2XgRAuU/AJ92AckBDs3sBTVXrsuCCNaowthJkgCgoGU9
-c61Mk8Me4cqBQFfVwVimwQE=
-=NiBd
+iD8DBQFFu4m7AiZjviIA2XgRAi+lAKDNOvqVWf5ia+iklZ/BtktV8rKmfgCg6LmR
+RESLPYLUHIaUY0UYEw1WhfE=
+=WbdA
-----END PGP SIGNATURE-----
--- /dev/null
+MD5 cdbe15afc01c5da7af9557e803bbb7e6 kdegraphics-3.5.5.tar.bz2 7334117
+RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f kdegraphics-3.5.5.tar.bz2 7334117
+SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16 kdegraphics-3.5.5.tar.bz2 7334117
--- /dev/null
+MD5 79a1ffb7ae89bede1410411a30be3210 kdegraphics-3.5.6.tar.bz2 7332938
+RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 kdegraphics-3.5.6.tar.bz2 7332938
+SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f kdegraphics-3.5.6.tar.bz2 7332938
+++ /dev/null
-Index: kpdf/xpdf/xpdf/JBIG2Stream.cc
-===================================================================
---- kpdf/xpdf/xpdf/JBIG2Stream.cc (revision 466932)
-+++ kpdf/xpdf/xpdf/JBIG2Stream.cc (revision 488714)
-@@ -7,6 +7,7 @@
- //========================================================================
-
- #include <aconf.h>
-+#include <limits.h>
-
- #ifdef USE_GCC_PRAGMAS
- #pragma implementation
-@@ -681,6 +682,13 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
- w = wA;
- h = hA;
- line = (wA + 7) >> 3;
-+
-+ if (h < 0 || line <= 0 || h >= INT_MAX / line) {
-+ error(-1, "invalid width/height");
-+ data = NULL;
-+ return;
-+ }
-+
- data = (Guchar *)gmalloc(h * line);
- }
-
-@@ -690,6 +698,13 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA,
- w = bitmap->w;
- h = bitmap->h;
- line = bitmap->line;
-+
-+ if (h < 0 || line <= 0 || h >= INT_MAX / line) {
-+ error(-1, "invalid width/height");
-+ data = NULL;
-+ return;
-+ }
-+
- data = (Guchar *)gmalloc(h * line);
- memcpy(data, bitmap->data, h * line);
- }
-@@ -716,7 +731,10 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint
- }
-
- void JBIG2Bitmap::expand(int newH, Guint pixel) {
-- if (newH <= h) {
-+ if (newH <= h || line <= 0 || newH >= INT_MAX / line) {
-+ error(-1, "invalid width/height");
-+ gfree(data);
-+ data = NULL;
- return;
- }
- data = (Guchar *)grealloc(data, newH * line);
-@@ -2256,6 +2274,15 @@ void JBIG2Stream::readHalftoneRegionSeg(
- error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment");
- return;
- }
-+ if (gridH == 0 || gridW >= INT_MAX / gridH) {
-+ error(getPos(), "Bad size in JBIG2 halftone segment");
-+ return;
-+ }
-+ if (w == 0 || h >= INT_MAX / w) {
-+ error(getPos(), "Bad size in JBIG2 bitmap segment");
-+ return;
-+ }
-+
- patternDict = (JBIG2PatternDict *)seg;
- bpp = 0;
- i = 1;
-@@ -2887,6 +2914,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef
- JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2;
- int x, y, pix;
-
-+ if (w < 0 || h <= 0 || w >= INT_MAX / h) {
-+ error(-1, "invalid width/height");
-+ return NULL;
-+ }
-+
- bitmap = new JBIG2Bitmap(0, w, h);
- bitmap->clearToZero();
-
-Index: kpdf/xpdf/xpdf/Stream.cc
-===================================================================
---- kpdf/xpdf/xpdf/Stream.cc (revision 466932)
-+++ kpdf/xpdf/xpdf/Stream.cc (revision 488714)
-@@ -15,6 +15,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <stddef.h>
-+#include <limits.h>
- #ifndef WIN32
- #include <unistd.h>
- #endif
-@@ -413,13 +414,27 @@ StreamPredictor::StreamPredictor(Stream
- width = widthA;
- nComps = nCompsA;
- nBits = nBitsA;
-+ predLine = NULL;
-+ ok = gFalse;
-+
-+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-+ nComps >= INT_MAX / nBits ||
-+ width >= INT_MAX / nComps / nBits)
-+ return;
-
- nVals = width * nComps;
-+ if (nVals * nBits + 7 <= 0)
-+ return;
- pixBytes = (nComps * nBits + 7) >> 3;
- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-+ if (rowBytes < 0)
-+ return;
-+
- predLine = (Guchar *)gmalloc(rowBytes);
- memset(predLine, 0, rowBytes);
- predIdx = rowBytes;
-+
-+ ok = gTrue;
- }
-
- StreamPredictor::~StreamPredictor() {
-@@ -1013,6 +1028,10 @@ LZWStream::LZWStream(Stream *strA, int p
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
-@@ -1261,6 +1280,10 @@ CCITTFaxStream::CCITTFaxStream(Stream *s
- endOfLine = endOfLineA;
- byteAlign = byteAlignA;
- columns = columnsA;
-+ if (columns < 1 || columns >= INT_MAX / sizeof(short)) {
-+ error(-1, "invalid number of columns");
-+ exit(1);
-+ }
- rows = rowsA;
- endOfBlock = endOfBlockA;
- black = blackA;
-@@ -2899,6 +2922,11 @@ GBool DCTStream::readBaselineSOF() {
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ numComps = 0;
-+ error(getPos(), "Bad number of components in DCT stream");
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-@@ -2925,6 +2953,11 @@ GBool DCTStream::readProgressiveSOF() {
- height = read16();
- width = read16();
- numComps = str->getChar();
-+ if (numComps <= 0 || numComps > 4) {
-+ numComps = 0;
-+ error(getPos(), "Bad number of components in DCT stream");
-+ return gFalse;
-+ }
- if (prec != 8) {
- error(getPos(), "Bad DCT precision %d", prec);
- return gFalse;
-@@ -2947,6 +2980,11 @@ GBool DCTStream::readScanInfo() {
-
- length = read16() - 2;
- scanInfo.numComps = str->getChar();
-+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) {
-+ scanInfo.numComps = 0;
-+ error(getPos(), "Bad number of components in DCT stream");
-+ return gFalse;
-+ }
- --length;
- if (length != 2 * scanInfo.numComps + 3) {
- error(getPos(), "Bad DCT scan info block");
-@@ -3021,12 +3059,12 @@ GBool DCTStream::readHuffmanTables() {
- while (length > 0) {
- index = str->getChar();
- --length;
-- if ((index & 0x0f) >= 4) {
-+ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) {
- error(getPos(), "Bad DCT Huffman table");
- return gFalse;
- }
- if (index & 0x10) {
-- index &= 0x0f;
-+ index &= 0x03;
- if (index >= numACHuffTables)
- numACHuffTables = index+1;
- tbl = &acHuffTables[index];
-@@ -3144,9 +3182,11 @@ int DCTStream::readMarker() {
- do {
- do {
- c = str->getChar();
-+ if(c == EOF) return EOF;
- } while (c != 0xff);
- do {
- c = str->getChar();
-+ if(c == EOF) return EOF;
- } while (c == 0xff);
- } while (c == 0x00);
- return c;
-@@ -3258,6 +3298,10 @@ FlateStream::FlateStream(Stream *strA, i
- FilterStream(strA) {
- if (predictor != 1) {
- pred = new StreamPredictor(this, predictor, columns, colors, bits);
-+ if (!pred->isOk()) {
-+ delete pred;
-+ pred = NULL;
-+ }
- } else {
- pred = NULL;
- }
-Index: kpdf/xpdf/xpdf/Stream.h
-===================================================================
---- kpdf/xpdf/xpdf/Stream.h (revision 466932)
-+++ kpdf/xpdf/xpdf/Stream.h (revision 488714)
-@@ -233,6 +233,8 @@ public:
-
- ~StreamPredictor();
-
-+ GBool isOk() { return ok; }
-+
- int lookChar();
- int getChar();
-
-@@ -250,6 +252,7 @@ private:
- int rowBytes; // bytes per line
- Guchar *predLine; // line buffer
- int predIdx; // current index in predLine
-+ GBool ok;
- };
-
- //------------------------------------------------------------------------
-Index: kpdf/xpdf/xpdf/JPXStream.cc
-===================================================================
---- kpdf/xpdf/xpdf/JPXStream.cc (revision 466932)
-+++ kpdf/xpdf/xpdf/JPXStream.cc (revision 488714)
-@@ -7,6 +7,7 @@
- //========================================================================
-
- #include <aconf.h>
-+#include <limits.h>
-
- #ifdef USE_GCC_PRAGMAS
- #pragma implementation
-@@ -666,7 +667,7 @@ GBool JPXStream::readCodestream(Guint /*
- int segType;
- GBool haveSIZ, haveCOD, haveQCD, haveSOT;
- Guint precinctSize, style;
-- Guint segLen, capabilities, comp, i, j, r;
-+ Guint segLen, capabilities, nTiles, comp, i, j, r;
-
- //----- main header
- haveSIZ = haveCOD = haveQCD = haveSOT = gFalse;
-@@ -701,8 +702,12 @@ GBool JPXStream::readCodestream(Guint /*
- / img.xTileSize;
- img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1)
- / img.yTileSize;
-- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles *
-- sizeof(JPXTile));
-+ nTiles = img.nXTiles * img.nYTiles;
-+ if (img.nXTiles <= 0 || img.nYTiles <= 0 || img.nXTiles >= INT_MAX / img.nYTiles) {
-+ error(getPos(), "Bad tile count in JPX SIZ marker segment");
-+ return gFalse;
-+ }
-+ img.tiles = (JPXTile *)gmallocn(nTiles, sizeof(JPXTile));
- for (i = 0; i < img.nXTiles * img.nYTiles; ++i) {
- img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps *
- sizeof(JPXTileComp));
-Index: kpdf/xpdf/goo/gmem.c
-===================================================================
---- kpdf/xpdf/goo/gmem.c (revision 466932)
-+++ kpdf/xpdf/goo/gmem.c (revision 488714)
-@@ -11,6 +11,7 @@
- #include <stdlib.h>
- #include <stddef.h>
- #include <string.h>
-+#include <limits.h>
- #include "gmem.h"
-
- #ifdef DEBUG_MEM
-@@ -175,6 +176,28 @@ void gfree(void *p) {
- #endif
- }
-
-+void *gmallocn(int nObjs, int objSize) {
-+ int n;
-+
-+ n = nObjs * objSize;
-+ if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) {
-+ fprintf(stderr, "Bogus memory allocation size\n");
-+ exit(1);
-+ }
-+ return gmalloc(n);
-+}
-+
-+void *greallocn(void *p, int nObjs, int objSize) {
-+ int n;
-+
-+ n = nObjs * objSize;
-+ if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) {
-+ fprintf(stderr, "Bogus memory allocation size\n");
-+ exit(1);
-+ }
-+ return grealloc(p, n);
-+}
-+
- #ifdef DEBUG_MEM
- void gMemReport(FILE *f) {
- GMemHdr *p;
-Index: kpdf/xpdf/goo/gmem.h
-===================================================================
---- kpdf/xpdf/goo/gmem.h (revision 466932)
-+++ kpdf/xpdf/goo/gmem.h (revision 488714)
-@@ -28,6 +28,15 @@ extern void *gmalloc(size_t size);
- extern void *grealloc(void *p, size_t size);
-
- /*
-+ * These are similar to gmalloc and grealloc, but take an object count
-+ * and size. The result is similar to allocating nObjs * objSize
-+ * bytes, but there is an additional error check that the total size
-+ * doesn't overflow an int.
-+ */
-+extern void *gmallocn(int nObjs, int objSize);
-+extern void *greallocn(void *p, int nObjs, int objSize);
-+
-+/*
- * Same as free, but checks for and ignores NULL pointers.
- */
- extern void gfree(void *p);
+++ /dev/null
-Index: kpdf/xpdf/splash/SplashXPathScanner.cc
-===================================================================
---- kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 504400)
-+++ kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 505063)
-@@ -182,7 +182,7 @@ GBool SplashXPathScanner::getNextSpan(in
- }
-
- void SplashXPathScanner::computeIntersections(int y) {
-- SplashCoord ySegMin, ySegMax, xx0, xx1;
-+ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
- SplashXPathSeg *seg;
- int i, j;
-
-@@ -232,19 +232,27 @@ void SplashXPathScanner::computeIntersec
- } else if (seg->flags & splashXPathVert) {
- xx0 = xx1 = seg->x0;
- } else {
-- if (ySegMin <= y) {
-- // intersection with top edge
-- xx0 = seg->x0 + (y - seg->y0) * seg->dxdy;
-+ if (seg->x0 < seg->x1) {
-+ xSegMin = seg->x0;
-+ xSegMax = seg->x1;
- } else {
-- // x coord of segment endpoint with min y coord
-- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
-+ xSegMin = seg->x1;
-+ xSegMax = seg->x0;
- }
-- if (ySegMax >= y + 1) {
-- // intersection with bottom edge
-- xx1 = seg->x0 + (y + 1 - seg->y0) * seg->dxdy;
-- } else {
-- // x coord of segment endpoint with max y coord
-- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
-+ // intersection with top edge
-+ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
-+ // intersection with bottom edge
-+ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
-+ // the segment may not actually extend to the top and/or bottom edges
-+ if (xx0 < xSegMin) {
-+ xx0 = xSegMin;
-+ } else if (xx0 > xSegMax) {
-+ xx0 = xSegMax;
-+ }
-+ if (xx1 < xSegMin) {
-+ xx1 = xSegMin;
-+ } else if (xx1 > xSegMax) {
-+ xx1 = xSegMax;
- }
- }
- if (xx0 < xx1) {
--- /dev/null
+--- kpdf/xpdf/xpdf/Catalog.cc
++++ kpdf/xpdf/xpdf/Catalog.cc
+@@ -26,6 +26,12 @@
+ #include "UGString.h"
+ #include "Catalog.h"
+
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
+ pageRefs[i].num = -1;
+ pageRefs[i].gen = -1;
+ }
+- numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+ if (numPages != numPages0) {
+ error(-1, "Page count in top-level pages object is incorrect");
+ }
+@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
+ return s;
+ }
+
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+ Object kids;
+ Object kid;
+ Object kidRef;
+@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
+ // This should really be isDict("Pages"), but I've seen at least one
+ // PDF file where the /Type entry is missing.
+ } else if (kid.isDict()) {
+- if ((start = readPageTree(kid.getDict(), attrs1, start))
+- < 0)
+- goto err2;
++ if (callDepth > MAX_CALL_DEPTH) {
++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++ } else {
++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++ < 0)
++ goto err2;
++ }
+ } else {
+ error(-1, "Kid object (page %d) is wrong type (%s)",
+ start+1, kid.getTypeName());
+--- kpdf/xpdf/xpdf/Catalog.h
++++ kpdf/xpdf/xpdf/Catalog.h
+@@ -128,7 +128,7 @@ private:
+ Object acroForm; // AcroForm dictionary
+ GBool ok; // true if catalog is valid
+
+- int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+ Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+
--- /dev/null
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.5-r1.ebuild,v 1.1 2007/01/27 17:19:33 flameeyes Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta flag-o-matic
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+ media-libs/t1lib
+ >=app-text/poppler-0.5.1
+ >=app-text/poppler-bindings-0.5.1"
+RDEPEND="${DEPEND}
+ $(deprange-dual $PV $MAXKDEVER kde-base/kdeprint)"
+
+PATCHES="${FILESDIR}/post-3.5.5-kdegraphics-CVE-2007-0104.diff"
+
+pkg_setup() {
+ kde_pkg_setup
+ # check for qt still until it had a revision bump in both ~arch and stable.
+ if ! built_with_use app-text/poppler-bindings qt3; then
+ eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+ eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+ die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+ fi
+}
+
+src_compile() {
+ local myconf="--with-poppler"
+ replace-flags "-Os" "-O2" # see bug 114822
+ kde-meta_src_compile
+}
--- /dev/null
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.6-r1.ebuild,v 1.1 2007/01/27 17:19:33 flameeyes Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta flag-o-matic
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+ media-libs/t1lib
+ >=app-text/poppler-0.5.1
+ >=app-text/poppler-bindings-0.5.1"
+RDEPEND="${DEPEND}
+ $(deprange-dual $PV $MAXKDEVER kde-base/kdeprint)"
+
+pkg_setup() {
+ kde_pkg_setup
+ # check for qt still until it had a revision bump in both ~arch and stable.
+ if ! built_with_use app-text/poppler-bindings qt3; then
+ eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+ eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+ die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+ fi
+}
+
+src_compile() {
+ local myconf="--with-poppler"
+ replace-flags "-Os" "-O2" # see bug 114822
+ kde-meta_src_compile
+}
projects / gentoo.git / commitdiff