Add patch for CVE-2007-0104 vulnerability.
authorDiego Elio Pettenò <flameeyes@gentoo.org>
Wed, 17 Jan 2007 01:09:17 +0000 (01:09 +0000)
committerDiego Elio Pettenò <flameeyes@gentoo.org>
Wed, 17 Jan 2007 01:09:17 +0000 (01:09 +0000)
Package-Manager: portage-2.1.2

app-office/kword/ChangeLog
app-office/kword/Manifest
app-office/kword/files/digest-kword-1.5.2-r1 [new file with mode: 0644]
app-office/kword/files/digest-kword-1.6.1-r1 [new file with mode: 0644]
app-office/kword/files/koffice-xpdf-CVE-2007-0104.diff [new file with mode: 0644]
app-office/kword/kword-1.5.2-r1.ebuild [new file with mode: 0644]
app-office/kword/kword-1.6.1-r1.ebuild [new file with mode: 0644]

index 2f24163acfd45add1288f0d01b8f70769b1589a3..9e56810d9557de88cb261d0dec33b4c66f3df90e 100644 (file)
@@ -1,6 +1,14 @@
 # ChangeLog for app-office/kword
-# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.79 2006/12/01 18:19:29 flameeyes Exp $
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.80 2007/01/17 01:09:17 flameeyes Exp $
+
+*kword-1.6.1-r1 (17 Jan 2007)
+*kword-1.5.2-r1 (17 Jan 2007)
+
+  17 Jan 2007; Diego Pettenò <flameeyes@gentoo.org>
+  +files/koffice-xpdf-CVE-2007-0104.diff, +kword-1.5.2-r1.ebuild,
+  +kword-1.6.1-r1.ebuild:
+  Add patch for CVE-2007-0104 vulnerability.
 
 *kword-1.6.1 (01 Dec 2006)
 
index f7614edb983b911538e46241258e155935591360..8a7ba241842af0cf774dc38e0f51a0fb9bf1c406 100644 (file)
@@ -1,9 +1,17 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX koffice-xpdf-CVE-2007-0104.diff 3185 RMD160 1ea990a06dfdc709362a6cb0fbb69851da86a3d6 SHA1 bef37ffafbae9a509363f7bc63806ab7162576b9 SHA256 36585b64bc23c9e352c0ff4edff9788add81381049dff5ae1d9de708f9696bfe
+MD5 dc28881c39f11c040f8c942e4af238d1 files/koffice-xpdf-CVE-2007-0104.diff 3185
+RMD160 1ea990a06dfdc709362a6cb0fbb69851da86a3d6 files/koffice-xpdf-CVE-2007-0104.diff 3185
+SHA256 36585b64bc23c9e352c0ff4edff9788add81381049dff5ae1d9de708f9696bfe files/koffice-xpdf-CVE-2007-0104.diff 3185
 DIST koffice-1.5.2.tar.bz2 35878218 RMD160 eb33d9e74adec0fc3409d38c2bfe84b5dfdd5546 SHA1 e35bd08adfb3bf6acf195dd176147de1d6cf215a SHA256 d57d8a7611337f2678a7e28b100b9ab64148bf5483c01dbd204529f07b148611
 DIST koffice-1.6.0.tar.bz2 56718478 RMD160 be09c18005eb33f6dc35ab0359cc97a8a658ce7c SHA1 e34d57d0941884496bd3f99b85787697fb55692e SHA256 9eddaae640ada9bd184f001e2489854daf7094b73e5f15b0b8deffb4cc654ae2
 DIST koffice-1.6.1.tar.bz2 56999028 RMD160 ee4fa84a53f92035c0ab9427e0acb18feca701db SHA1 891fb0a28ec3c4b070c4d6c2eae7fee1d2e37761 SHA256 5505a6c54009dd0cb75a3770c3daa476154958f92692ca0748b1842d9cd6e728
+EBUILD kword-1.5.2-r1.ebuild 1359 RMD160 8699fc362a1130de8cc0459d2900e5a1bb9b220d SHA1 f549dd147bb644f7d133da5d026a77ab7e4695e6 SHA256 bd7d608aa3b94f9c1ceb024854c7e8b112652147674b4cdada6a218972d63b7d
+MD5 29facdf93e20955308eb895e95a35b25 kword-1.5.2-r1.ebuild 1359
+RMD160 8699fc362a1130de8cc0459d2900e5a1bb9b220d kword-1.5.2-r1.ebuild 1359
+SHA256 bd7d608aa3b94f9c1ceb024854c7e8b112652147674b4cdada6a218972d63b7d kword-1.5.2-r1.ebuild 1359
 EBUILD kword-1.5.2.ebuild 1291 RMD160 9e35953a0c3d8c1d9b788ef3bbe23b841b6a45ef SHA1 c34cadd650f97a552c188c0aa707153cfcdad52b SHA256 c0ac6412c24794dc3805648c0242ceaed291b0270e50cc7a1c4f28e1fa2eaab0
 MD5 e625c364570c7e89edf3414cc236e4bb kword-1.5.2.ebuild 1291
 RMD160 9e35953a0c3d8c1d9b788ef3bbe23b841b6a45ef kword-1.5.2.ebuild 1291
@@ -12,14 +20,18 @@ EBUILD kword-1.6.0.ebuild 1301 RMD160 8f18a33d0081ea606dec0cf17aa0af75b0ad84fb S
 MD5 a74215a557e51e54ca0b95b0be1736e8 kword-1.6.0.ebuild 1301
 RMD160 8f18a33d0081ea606dec0cf17aa0af75b0ad84fb kword-1.6.0.ebuild 1301
 SHA256 c0260297eca626a4e771eb8fe4c00c99c2529180d928cf33d659164efd6c8a51 kword-1.6.0.ebuild 1301
+EBUILD kword-1.6.1-r1.ebuild 1359 RMD160 9224ed155ed9ee8301b19597c38914b96cc5cb62 SHA1 e26ec54076fbd4629137fa8eb191cb7d9ea15872 SHA256 3437e7a6d972edfb3fbb8831172dcab18bf5e5282277881aa6535ee7cb78e4ff
+MD5 26e1643f035aefc25be74761890d0804 kword-1.6.1-r1.ebuild 1359
+RMD160 9224ed155ed9ee8301b19597c38914b96cc5cb62 kword-1.6.1-r1.ebuild 1359
+SHA256 3437e7a6d972edfb3fbb8831172dcab18bf5e5282277881aa6535ee7cb78e4ff kword-1.6.1-r1.ebuild 1359
 EBUILD kword-1.6.1.ebuild 1301 RMD160 a13aa3b7c1b5324afa1c13f142c54f3f9608868d SHA1 485070c4b3303822690e19b59bbcf96cb3ed6454 SHA256 318d756cce96e6c82c3aac504bd81823ff3e473b0aaabbd7b2582fc71d831b3e
 MD5 ab1c7fd287f92899b1ce9a0f4f1be381 kword-1.6.1.ebuild 1301
 RMD160 a13aa3b7c1b5324afa1c13f142c54f3f9608868d kword-1.6.1.ebuild 1301
 SHA256 318d756cce96e6c82c3aac504bd81823ff3e473b0aaabbd7b2582fc71d831b3e kword-1.6.1.ebuild 1301
-MISC ChangeLog 9661 RMD160 1cf1c79c908aa38aebcbf9506054f0810ba377da SHA1 a7d6927c739d98500aed507269c9c02cb97449bd SHA256 89c541a693ff3ab19eb0c75aee81a626ad20030f91f6f7bb2bc08c95a8b7b9b0
-MD5 0136e046acdf8b41887849fb519e00af ChangeLog 9661
-RMD160 1cf1c79c908aa38aebcbf9506054f0810ba377da ChangeLog 9661
-SHA256 89c541a693ff3ab19eb0c75aee81a626ad20030f91f6f7bb2bc08c95a8b7b9b0 ChangeLog 9661
+MISC ChangeLog 9913 RMD160 702b1e08134d2b488eba8cdacfe71225451e38a8 SHA1 b3a67364af587f9599552b6b05b3239220bce311 SHA256 722c7e05c5ee691eeeb5aaac49b48719e1708ac5e93100ccb37b5653ea43198b
+MD5 9ed4fb43d9b2602039ab92647ce4b2db ChangeLog 9913
+RMD160 702b1e08134d2b488eba8cdacfe71225451e38a8 ChangeLog 9913
+SHA256 722c7e05c5ee691eeeb5aaac49b48719e1708ac5e93100ccb37b5653ea43198b ChangeLog 9913
 MISC metadata.xml 157 RMD160 9258d9691830e58ee00ca89f0a6df9ce077f2439 SHA1 b2ca0d856f38a09bf6d2e58ee77b344552585862 SHA256 e0e268ca18fef286617fcfe97773d5df5b8fbdb5fbcb9a29adc5e8b0baea4292
 MD5 02039d51ca4a42817775fd436dfaa956 metadata.xml 157
 RMD160 9258d9691830e58ee00ca89f0a6df9ce077f2439 metadata.xml 157
@@ -27,16 +39,22 @@ SHA256 e0e268ca18fef286617fcfe97773d5df5b8fbdb5fbcb9a29adc5e8b0baea4292 metadata
 MD5 6353f4b1dea05aa025ec83436c25e6b8 files/digest-kword-1.5.2 250
 RMD160 9141af51df3c51e43191e4193d1f5c61873599df files/digest-kword-1.5.2 250
 SHA256 13c1606ac5036bfd64ce43667b31a5494b8ae894317b016b703201f53409cfb3 files/digest-kword-1.5.2 250
+MD5 6353f4b1dea05aa025ec83436c25e6b8 files/digest-kword-1.5.2-r1 250
+RMD160 9141af51df3c51e43191e4193d1f5c61873599df files/digest-kword-1.5.2-r1 250
+SHA256 13c1606ac5036bfd64ce43667b31a5494b8ae894317b016b703201f53409cfb3 files/digest-kword-1.5.2-r1 250
 MD5 3df311d51b7d32b34a55e2b3a9f375d2 files/digest-kword-1.6.0 250
 RMD160 089f72ec1cf3c245bb967622bf7acbba8c773ce9 files/digest-kword-1.6.0 250
 SHA256 94cfa2bebe4c165ca1e455a9773050546661c01f896551db89c6cbbd1556e3cb files/digest-kword-1.6.0 250
 MD5 44d307bd453fb21c59c4f449870d5859 files/digest-kword-1.6.1 250
 RMD160 bba235b5d7bdb20b43d72df70e83f94e73f8468a files/digest-kword-1.6.1 250
 SHA256 8947fdfcfda8edd2bd5291f3d5c44f7521d41f2686b116c88b6f8c72448b5054 files/digest-kword-1.6.1 250
+MD5 44d307bd453fb21c59c4f449870d5859 files/digest-kword-1.6.1-r1 250
+RMD160 bba235b5d7bdb20b43d72df70e83f94e73f8468a files/digest-kword-1.6.1-r1 250
+SHA256 8947fdfcfda8edd2bd5291f3d5c44f7521d41f2686b116c88b6f8c72448b5054 files/digest-kword-1.6.1-r1 250
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.5 (GNU/Linux)
+Version: GnuPG v2.0.1 (GNU/Linux)
 
-iD8DBQFFcHJBAiZjviIA2XgRAgOoAKC9lr1ZwG2Vg4VSDvqWo7Qc5+HuqACgmOfd
-m7hLOLIlN/0wz9aApP4gNqY=
-=2niY
+iD8DBQFFrXdSAiZjviIA2XgRAjZTAJ9f+gQmI3N+UDn5WVWOxNB26KaeRwCglcFh
+OC0FKQnJW7uqGeQMESbfzGw=
+=88mV
 -----END PGP SIGNATURE-----
diff --git a/app-office/kword/files/digest-kword-1.5.2-r1 b/app-office/kword/files/digest-kword-1.5.2-r1
new file mode 100644 (file)
index 0000000..d1ae445
--- /dev/null
@@ -0,0 +1,3 @@
+MD5 cbe9deeb7c811a6bb5a954989b25c1f2 koffice-1.5.2.tar.bz2 35878218
+RMD160 eb33d9e74adec0fc3409d38c2bfe84b5dfdd5546 koffice-1.5.2.tar.bz2 35878218
+SHA256 d57d8a7611337f2678a7e28b100b9ab64148bf5483c01dbd204529f07b148611 koffice-1.5.2.tar.bz2 35878218
diff --git a/app-office/kword/files/digest-kword-1.6.1-r1 b/app-office/kword/files/digest-kword-1.6.1-r1
new file mode 100644 (file)
index 0000000..8296a04
--- /dev/null
@@ -0,0 +1,3 @@
+MD5 f7b90b46b79019edc60761a6bff2d387 koffice-1.6.1.tar.bz2 56999028
+RMD160 ee4fa84a53f92035c0ab9427e0acb18feca701db koffice-1.6.1.tar.bz2 56999028
+SHA256 5505a6c54009dd0cb75a3770c3daa476154958f92692ca0748b1842d9cd6e728 koffice-1.6.1.tar.bz2 56999028
diff --git a/app-office/kword/files/koffice-xpdf-CVE-2007-0104.diff b/app-office/kword/files/koffice-xpdf-CVE-2007-0104.diff
new file mode 100644 (file)
index 0000000..f5e51a1
--- /dev/null
@@ -0,0 +1,74 @@
+------------------------------------------------------------------------
+r622463 | aacid | 2007-01-11 23:05:54 +0100 (Thu, 11 Jan 2007) | 2 lines
+Changed paths:
+   M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc
+   M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.h
+
+Commiting the patch agreed between kpdf and poppler developers to fix MOAB-06-01-2007 issue.
+
+------------------------------------------------------------------------
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.cc
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.cc     (revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc     (revision 622463)
+@@ -24,6 +24,12 @@
+ #include "Link.h"
+ #include "Catalog.h"
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -77,7 +83,7 @@ Catalog::Catalog(XRef *xrefA) {
+     pageRefs[i].num = -1;
+     pageRefs[i].gen = -1;
+   }
+-  numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++  numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+   if (numPages != numPages0) {
+     error(-1, "Page count in top-level pages object is incorrect");
+   }
+@@ -171,7 +177,7 @@ GString *Catalog::readMetadata() {
+   return s;
+ }
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+   Object kids;
+   Object kid;
+   Object kidRef;
+@@ -221,9 +227,13 @@ int Catalog::readPageTree(Dict *pagesDic
+     // This should really be isDict("Pages"), but I've seen at least one
+     // PDF file where the /Type entry is missing.
+     } else if (kid.isDict()) {
+-      if ((start = readPageTree(kid.getDict(), attrs1, start))
+-        < 0)
+-      goto err2;
++      if (callDepth > MAX_CALL_DEPTH) {
++        error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++      } else {
++        if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++          < 0)
++        goto err2;
++      }
+     } else {
+       error(-1, "Kid object (page %d) is wrong type (%s)",
+           start+1, kid.getTypeName());
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.h
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.h      (revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.h      (revision 622463)
+@@ -82,7 +82,7 @@ private:
+   Object outline;             // outline dictionary
+   GBool ok;                   // true if catalog is valid
+-  int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++  int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+   Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
diff --git a/app-office/kword/kword-1.5.2-r1.ebuild b/app-office/kword/kword-1.5.2-r1.ebuild
new file mode 100644 (file)
index 0000000..8bc90da
--- /dev/null
@@ -0,0 +1,59 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.5.2-r1.ebuild,v 1.1 2007/01/17 01:09:17 flameeyes Exp $
+
+KMNAME=koffice
+MAXKOFFICEVER=${PV}
+inherit kde-meta eutils
+
+DESCRIPTION="KOffice word processor."
+HOMEPAGE="http://www.koffice.org/"
+LICENSE="GPL-2 LGPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND="$(deprange $PV $MAXKOFFICEVER app-office/koffice-libs)
+       $(deprange $PV $MAXKOFFICEVER app-office/kspread)
+       >=app-text/wv2-0.1.8
+       >=media-gfx/imagemagick-5.5.2
+       >=app-text/libwpd-0.8.2"
+
+DEPEND="${RDEPEND}
+       dev-util/pkgconfig"
+
+KMCOPYLIB="libkformula lib/kformula
+       libkofficecore lib/kofficecore
+       libkofficeui lib/kofficeui
+       libkopainter lib/kopainter
+       libkotext lib/kotext
+       libkwmf lib/kwmf
+       libkowmf lib/kwmf
+       libkstore lib/store
+       libkspreadcommon kspread"
+
+KMEXTRACTONLY="
+       lib/
+       kspread/"
+
+KMCOMPILEONLY="filters/liboofilter"
+
+KMEXTRA="filters/kword"
+
+PATCHES="${FILESDIR}/koffice-xpdf-CVE-2007-0104.diff"
+
+need-kde 3.4
+
+src_unpack() {
+       kde-meta_src_unpack unpack
+
+       # We need to compile libs first
+       echo "SUBDIRS = liboofilter kword" > $S/filters/Makefile.am
+
+       for i in $(find ${S}/lib -iname "*\.ui"); do
+               ${QTDIR}/bin/uic ${i} > ${i%.ui}.h
+       done
+
+       kde-meta_src_unpack makefiles
+}
diff --git a/app-office/kword/kword-1.6.1-r1.ebuild b/app-office/kword/kword-1.6.1-r1.ebuild
new file mode 100644 (file)
index 0000000..9b2990f
--- /dev/null
@@ -0,0 +1,59 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.6.1-r1.ebuild,v 1.1 2007/01/17 01:09:17 flameeyes Exp $
+
+KMNAME=koffice
+MAXKOFFICEVER=${PV}
+inherit kde-meta eutils
+
+DESCRIPTION="KOffice word processor."
+HOMEPAGE="http://www.koffice.org/"
+LICENSE="GPL-2 LGPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND="$(deprange $PV $MAXKOFFICEVER app-office/koffice-libs)
+       $(deprange $PV $MAXKOFFICEVER app-office/kspread)
+       >=app-text/wv2-0.1.8
+       >=media-gfx/imagemagick-5.5.2
+       >=app-text/libwpd-0.8.2"
+
+DEPEND="${RDEPEND}
+       dev-util/pkgconfig"
+
+KMCOPYLIB="libkformula lib/kformula
+       libkofficecore lib/kofficecore
+       libkofficeui lib/kofficeui
+       libkopainter lib/kopainter
+       libkotext lib/kotext
+       libkwmf lib/kwmf
+       libkowmf lib/kwmf
+       libkstore lib/store
+       libkspreadcommon kspread"
+
+KMEXTRACTONLY="
+       lib/
+       kspread/"
+
+KMCOMPILEONLY="filters/liboofilter"
+
+KMEXTRA="filters/kword"
+
+PATCHES="${FILESDIR}/koffice-xpdf-CVE-2007-0104.diff"
+
+need-kde 3.4
+
+src_unpack() {
+       kde-meta_src_unpack unpack
+
+       # We need to compile libs first
+       echo "SUBDIRS = liboofilter kword" > $S/filters/Makefile.am
+
+       for i in $(find ${S}/lib -iname "*\.ui"); do
+               ${QTDIR}/bin/uic ${i} > ${i%.ui}.h
+       done
+
+       kde-meta_src_unpack makefiles
+}