From: Diego Elio Pettenò Date: Sat, 27 Jan 2007 17:19:34 +0000 (+0000) Subject: As the current situation with Gentoo KDE team and KPDF developers changed since we... X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=87cdf40e8cd88844776a0901a716a74c4d8197a6;p=gentoo.git As the current situation with Gentoo KDE team and KPDF developers changed since we originally decided to use KUbuntu's patch for Poppler, add two testing revisions of kpdf that are vanilla. For 3.5.5 version, add the patch to fix last week's security problem too. Remove old patches in the mean time. Package-Manager: portage-2.1.2-r4 --- diff --git a/kde-base/kpdf/ChangeLog b/kde-base/kpdf/ChangeLog index 49625b1af9ec..13768b9a9b29 100644 --- a/kde-base/kpdf/ChangeLog +++ b/kde-base/kpdf/ChangeLog @@ -1,6 +1,20 @@ # ChangeLog for kde-base/kpdf # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.121 2007/01/17 12:44:09 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.122 2007/01/27 17:19:33 flameeyes Exp $ + +*kpdf-3.5.6-r1 (27 Jan 2007) +*kpdf-3.5.5-r1 (27 Jan 2007) + + 27 Jan 2007; Diego Pettenò + -files/post-3.4.3-kdegraphics-CAN-2005-3193.diff, + -files/post-3.4.3-kdegraphics-CVE-2006-0301.diff, + +files/post-3.5.5-kdegraphics-CVE-2007-0104.diff, +kpdf-3.5.5-r1.ebuild, + +kpdf-3.5.6-r1.ebuild: + As the current situation with Gentoo KDE team and KPDF developers changed + since we originally decided to use KUbuntu's patch for Poppler, add two + testing revisions of kpdf that are vanilla. For 3.5.5 version, add the patch + to fix last week's security problem too. Remove old patches in the mean + time. 17 Jan 2007; Diego Pettenò files/digest-kpdf-3.5.6, Manifest: diff --git a/kde-base/kpdf/Manifest b/kde-base/kpdf/Manifest index 563476f924e4..e04c151f039f 100644 --- a/kde-base/kpdf/Manifest +++ b/kde-base/kpdf/Manifest @@ -1,14 +1,10 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -AUX post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685 RMD160 77e176e272746f9fb99506b3a3dc32e7b17401e3 SHA1 1e323c4cc1210fb380746b897dc1bc3452043c5a SHA256 62da36cf89ea7a9a03a32dc6d96b27e1ee66d24798eb302902ffe6f80e8adfc0 -MD5 e8dde74416769d4589dcca25072aea3e files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685 -RMD160 77e176e272746f9fb99506b3a3dc32e7b17401e3 files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685 -SHA256 62da36cf89ea7a9a03a32dc6d96b27e1ee66d24798eb302902ffe6f80e8adfc0 files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685 -AUX post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775 RMD160 8245dc7b6ae38c8f320ced7b12c978bf266ffce5 SHA1 91667f793df9ecee48db6218914fa9fe462235a9 SHA256 6c72956c3c2a8d6ee3c1722184428309ec277172ecd422b25169aaa58b109915 -MD5 ebbce0a49537b694932b3c0efcf18261 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775 -RMD160 8245dc7b6ae38c8f320ced7b12c978bf266ffce5 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775 -SHA256 6c72956c3c2a8d6ee3c1722184428309ec277172ecd422b25169aaa58b109915 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775 +AUX post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366 RMD160 27d47660b189b5956f70baf0666ce0ec563e22ea SHA1 885eee20b7afe720e59276ae155f7804f5cd1d55 SHA256 3bfaba3c19087ab94e1a719e4ca0332bb807a019a97f3b2886721390917e3daa +MD5 a690ce46117257609c2b43485ea4d0d7 files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366 +RMD160 27d47660b189b5956f70baf0666ce0ec563e22ea files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366 +SHA256 3bfaba3c19087ab94e1a719e4ca0332bb807a019a97f3b2886721390917e3daa files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366 DIST kdegraphics-3.5.2.tar.bz2 7288264 RMD160 cf2fce91b76af7d570b20f336ba551c5c3bd767f SHA1 80703d46fd90b7ab95f92d7b7c411a04f431d13b SHA256 b33e26d99188f0aee2dc0ff95923a1c1bca7f2a2510a1f761b155b8d2781e64f DIST kdegraphics-3.5.5.tar.bz2 7334117 RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f SHA1 e063f9351e2781cc6a5d23834611fc7dc7dc4fbd SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16 DIST kdegraphics-3.5.6.tar.bz2 7332938 RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 SHA1 481d3f3733c042f7dfe7d9fc6620d17f8b945957 SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f @@ -19,18 +15,26 @@ EBUILD kpdf-3.5.2.ebuild 1262 RMD160 bd646e96f44aace8380f76afb42cd634757e6b30 SH MD5 8eeb7f08d6215e70eb2ea469c4d66c00 kpdf-3.5.2.ebuild 1262 RMD160 bd646e96f44aace8380f76afb42cd634757e6b30 kpdf-3.5.2.ebuild 1262 SHA256 173bd30d51cda8efe2c06101687bc17cda554bdfaa3fa75f30d6dbc7bc218aa8 kpdf-3.5.2.ebuild 1262 +EBUILD kpdf-3.5.5-r1.ebuild 1232 RMD160 375233216bcea0296b1f405c17130fd4d0c4d31b SHA1 ac770d11669ad5879031c74a4e9f49bffba639db SHA256 43dbcd9ce5d84835a0e95773bfea44621b94ba288061c73751b7dcea6e6dc373 +MD5 0d0b28142ed643154898ddfe5c2d221a kpdf-3.5.5-r1.ebuild 1232 +RMD160 375233216bcea0296b1f405c17130fd4d0c4d31b kpdf-3.5.5-r1.ebuild 1232 +SHA256 43dbcd9ce5d84835a0e95773bfea44621b94ba288061c73751b7dcea6e6dc373 kpdf-3.5.5-r1.ebuild 1232 EBUILD kpdf-3.5.5.ebuild 1283 RMD160 344af8c4400470d162a169f86567e3f75656bd93 SHA1 6bbd9270ff3ac3ef6b96469e587ef5fa61655aac SHA256 f59b2cc139e697e2d69a4c7f519786a8d32f650134ad7eaf7f44e69570566bea MD5 6a0b14143a1931df1894b7a02251631c kpdf-3.5.5.ebuild 1283 RMD160 344af8c4400470d162a169f86567e3f75656bd93 kpdf-3.5.5.ebuild 1283 SHA256 f59b2cc139e697e2d69a4c7f519786a8d32f650134ad7eaf7f44e69570566bea kpdf-3.5.5.ebuild 1283 +EBUILD kpdf-3.5.6-r1.ebuild 1167 RMD160 8cb96ddd8248dcfe4174e17caa8905109a8790cd SHA1 e9d1191f51a12333db15294f532cc28c534bdbec SHA256 67ea1ab1924880311eb7154ac86693ad7eb38fe877718d26cc5bde930783ad5e +MD5 241d583490cd2aa997d09706d6197a5f kpdf-3.5.6-r1.ebuild 1167 +RMD160 8cb96ddd8248dcfe4174e17caa8905109a8790cd kpdf-3.5.6-r1.ebuild 1167 +SHA256 67ea1ab1924880311eb7154ac86693ad7eb38fe877718d26cc5bde930783ad5e kpdf-3.5.6-r1.ebuild 1167 EBUILD kpdf-3.5.6.ebuild 1271 RMD160 f7537b0f1856e71d7249c0ff879b0629bf1a5bd9 SHA1 c23af9c8f511cbd91bec1851f0239e4a45255f28 SHA256 fa1c5aede5db13e2951262acaf25bdda946598690a0a6d8420349b15f6fd8a3d MD5 87cbc31c4aa8cb6655cd4bf1dc38d120 kpdf-3.5.6.ebuild 1271 RMD160 f7537b0f1856e71d7249c0ff879b0629bf1a5bd9 kpdf-3.5.6.ebuild 1271 SHA256 fa1c5aede5db13e2951262acaf25bdda946598690a0a6d8420349b15f6fd8a3d kpdf-3.5.6.ebuild 1271 -MISC ChangeLog 16223 RMD160 77969da3a96196495d713da97fbae7dd30264bba SHA1 4655f79b54deae65d4976b62eb478510c187eadd SHA256 9166a693c022a19c54782c612403d70e4ce35242266cba1472960ac6e1f69947 -MD5 3c0901e751aacc5f114dec220dcdceb1 ChangeLog 16223 -RMD160 77969da3a96196495d713da97fbae7dd30264bba ChangeLog 16223 -SHA256 9166a693c022a19c54782c612403d70e4ce35242266cba1472960ac6e1f69947 ChangeLog 16223 +MISC ChangeLog 16851 RMD160 9c852683edcd91d8321dc8e3db4851c147cf6b95 SHA1 6713ee76c3f64620dcc45dcf233efcf7346d9c6e SHA256 1fd15ad19fc1502f58d6e888eb7b42a1498561e1ab90d591d1c3d668c4605b20 +MD5 d653e83951fbec91c0a5be5a57bf4889 ChangeLog 16851 +RMD160 9c852683edcd91d8321dc8e3db4851c147cf6b95 ChangeLog 16851 +SHA256 1fd15ad19fc1502f58d6e888eb7b42a1498561e1ab90d591d1c3d668c4605b20 ChangeLog 16851 MISC metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 SHA1 b64f7c0b4e5db816d82ad19848f72118af129d35 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 metadata.xml 156 @@ -41,13 +45,19 @@ SHA256 ced659c452eeeeb3057e56d16de64c5896102f6d87c8d18d30bfdcee0316e734 files/di MD5 3b9cbd63f909e817f24fa89232add1bb files/digest-kpdf-3.5.5 530 RMD160 5de1c169b2eb3719321a551cbedce3dfebb548d9 files/digest-kpdf-3.5.5 530 SHA256 39bcb2efbd35d5482ca8b69fa95e68b60e0b8e6cef77e41f219ec52670ffe996 files/digest-kpdf-3.5.5 530 +MD5 a3aaa0343f00484f85258058e8ac348c files/digest-kpdf-3.5.5-r1 259 +RMD160 2a9a22c3f7376170cd8d44cb1979ef76636fb43d files/digest-kpdf-3.5.5-r1 259 +SHA256 5f1d4470a3e6814d9f1f1ccbaaa1dc86001c6d16985f48f21c1063a2b5968686 files/digest-kpdf-3.5.5-r1 259 MD5 aa4615eef496feeffffb91753c8c1d77 files/digest-kpdf-3.5.6 518 RMD160 cf0ab5c2f07e9a15318dcc5bfcc4a2c9442f64c3 files/digest-kpdf-3.5.6 518 SHA256 69d3b3856ba4a44987bcab7a4722f2b59798078a6681170753b41180ea1a3c96 files/digest-kpdf-3.5.6 518 +MD5 84871ccbdb3c5b89fdc0bb1c1175faa6 files/digest-kpdf-3.5.6-r1 259 +RMD160 b68729ada6badaf6558bafcbb091a3701068fcc7 files/digest-kpdf-3.5.6-r1 259 +SHA256 585aa29db716746963d4e4383f027d3afd88cc73550bdb8010fd688152b7afd8 files/digest-kpdf-3.5.6-r1 259 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (GNU/Linux) -iD8DBQFFrhogAiZjviIA2XgRAuU/AJ92AckBDs3sBTVXrsuCCNaowthJkgCgoGU9 -c61Mk8Me4cqBQFfVwVimwQE= -=NiBd +iD8DBQFFu4m7AiZjviIA2XgRAi+lAKDNOvqVWf5ia+iklZ/BtktV8rKmfgCg6LmR +RESLPYLUHIaUY0UYEw1WhfE= +=WbdA -----END PGP SIGNATURE----- diff --git a/kde-base/kpdf/files/digest-kpdf-3.5.5-r1 b/kde-base/kpdf/files/digest-kpdf-3.5.5-r1 new file mode 100644 index 000000000000..7dbb38b9a877 --- /dev/null +++ b/kde-base/kpdf/files/digest-kpdf-3.5.5-r1 @@ -0,0 +1,3 @@ +MD5 cdbe15afc01c5da7af9557e803bbb7e6 kdegraphics-3.5.5.tar.bz2 7334117 +RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f kdegraphics-3.5.5.tar.bz2 7334117 +SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16 kdegraphics-3.5.5.tar.bz2 7334117 diff --git a/kde-base/kpdf/files/digest-kpdf-3.5.6-r1 b/kde-base/kpdf/files/digest-kpdf-3.5.6-r1 new file mode 100644 index 000000000000..de24125a93ab --- /dev/null +++ b/kde-base/kpdf/files/digest-kpdf-3.5.6-r1 @@ -0,0 +1,3 @@ +MD5 79a1ffb7ae89bede1410411a30be3210 kdegraphics-3.5.6.tar.bz2 7332938 +RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 kdegraphics-3.5.6.tar.bz2 7332938 +SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f kdegraphics-3.5.6.tar.bz2 7332938 diff --git a/kde-base/kpdf/files/post-3.4.3-kdegraphics-CAN-2005-3193.diff b/kde-base/kpdf/files/post-3.4.3-kdegraphics-CAN-2005-3193.diff deleted file mode 100644 index 8c1d3ac42603..000000000000 --- a/kde-base/kpdf/files/post-3.4.3-kdegraphics-CAN-2005-3193.diff +++ /dev/null @@ -1,334 +0,0 @@ -Index: kpdf/xpdf/xpdf/JBIG2Stream.cc -=================================================================== ---- kpdf/xpdf/xpdf/JBIG2Stream.cc (revision 466932) -+++ kpdf/xpdf/xpdf/JBIG2Stream.cc (revision 488714) -@@ -7,6 +7,7 @@ - //======================================================================== - - #include -+#include - - #ifdef USE_GCC_PRAGMAS - #pragma implementation -@@ -681,6 +682,13 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, - w = wA; - h = hA; - line = (wA + 7) >> 3; -+ -+ if (h < 0 || line <= 0 || h >= INT_MAX / line) { -+ error(-1, "invalid width/height"); -+ data = NULL; -+ return; -+ } -+ - data = (Guchar *)gmalloc(h * line); - } - -@@ -690,6 +698,13 @@ JBIG2Bitmap::JBIG2Bitmap(Guint segNumA, - w = bitmap->w; - h = bitmap->h; - line = bitmap->line; -+ -+ if (h < 0 || line <= 0 || h >= INT_MAX / line) { -+ error(-1, "invalid width/height"); -+ data = NULL; -+ return; -+ } -+ - data = (Guchar *)gmalloc(h * line); - memcpy(data, bitmap->data, h * line); - } -@@ -716,7 +731,10 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint - } - - void JBIG2Bitmap::expand(int newH, Guint pixel) { -- if (newH <= h) { -+ if (newH <= h || line <= 0 || newH >= INT_MAX / line) { -+ error(-1, "invalid width/height"); -+ gfree(data); -+ data = NULL; - return; - } - data = (Guchar *)grealloc(data, newH * line); -@@ -2256,6 +2274,15 @@ void JBIG2Stream::readHalftoneRegionSeg( - error(getPos(), "Bad symbol dictionary reference in JBIG2 halftone segment"); - return; - } -+ if (gridH == 0 || gridW >= INT_MAX / gridH) { -+ error(getPos(), "Bad size in JBIG2 halftone segment"); -+ return; -+ } -+ if (w == 0 || h >= INT_MAX / w) { -+ error(getPos(), "Bad size in JBIG2 bitmap segment"); -+ return; -+ } -+ - patternDict = (JBIG2PatternDict *)seg; - bpp = 0; - i = 1; -@@ -2887,6 +2914,11 @@ JBIG2Bitmap *JBIG2Stream::readGenericRef - JBIG2BitmapPtr tpgrCXPtr0, tpgrCXPtr1, tpgrCXPtr2; - int x, y, pix; - -+ if (w < 0 || h <= 0 || w >= INT_MAX / h) { -+ error(-1, "invalid width/height"); -+ return NULL; -+ } -+ - bitmap = new JBIG2Bitmap(0, w, h); - bitmap->clearToZero(); - -Index: kpdf/xpdf/xpdf/Stream.cc -=================================================================== ---- kpdf/xpdf/xpdf/Stream.cc (revision 466932) -+++ kpdf/xpdf/xpdf/Stream.cc (revision 488714) -@@ -15,6 +15,7 @@ - #include - #include - #include -+#include - #ifndef WIN32 - #include - #endif -@@ -413,13 +414,27 @@ StreamPredictor::StreamPredictor(Stream - width = widthA; - nComps = nCompsA; - nBits = nBitsA; -+ predLine = NULL; -+ ok = gFalse; -+ -+ if (width <= 0 || nComps <= 0 || nBits <= 0 || -+ nComps >= INT_MAX / nBits || -+ width >= INT_MAX / nComps / nBits) -+ return; - - nVals = width * nComps; -+ if (nVals * nBits + 7 <= 0) -+ return; - pixBytes = (nComps * nBits + 7) >> 3; - rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; -+ if (rowBytes < 0) -+ return; -+ - predLine = (Guchar *)gmalloc(rowBytes); - memset(predLine, 0, rowBytes); - predIdx = rowBytes; -+ -+ ok = gTrue; - } - - StreamPredictor::~StreamPredictor() { -@@ -1013,6 +1028,10 @@ LZWStream::LZWStream(Stream *strA, int p - FilterStream(strA) { - if (predictor != 1) { - pred = new StreamPredictor(this, predictor, columns, colors, bits); -+ if (!pred->isOk()) { -+ delete pred; -+ pred = NULL; -+ } - } else { - pred = NULL; - } -@@ -1261,6 +1280,10 @@ CCITTFaxStream::CCITTFaxStream(Stream *s - endOfLine = endOfLineA; - byteAlign = byteAlignA; - columns = columnsA; -+ if (columns < 1 || columns >= INT_MAX / sizeof(short)) { -+ error(-1, "invalid number of columns"); -+ exit(1); -+ } - rows = rowsA; - endOfBlock = endOfBlockA; - black = blackA; -@@ -2899,6 +2922,11 @@ GBool DCTStream::readBaselineSOF() { - height = read16(); - width = read16(); - numComps = str->getChar(); -+ if (numComps <= 0 || numComps > 4) { -+ numComps = 0; -+ error(getPos(), "Bad number of components in DCT stream"); -+ return gFalse; -+ } - if (prec != 8) { - error(getPos(), "Bad DCT precision %d", prec); - return gFalse; -@@ -2925,6 +2953,11 @@ GBool DCTStream::readProgressiveSOF() { - height = read16(); - width = read16(); - numComps = str->getChar(); -+ if (numComps <= 0 || numComps > 4) { -+ numComps = 0; -+ error(getPos(), "Bad number of components in DCT stream"); -+ return gFalse; -+ } - if (prec != 8) { - error(getPos(), "Bad DCT precision %d", prec); - return gFalse; -@@ -2947,6 +2980,11 @@ GBool DCTStream::readScanInfo() { - - length = read16() - 2; - scanInfo.numComps = str->getChar(); -+ if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) { -+ scanInfo.numComps = 0; -+ error(getPos(), "Bad number of components in DCT stream"); -+ return gFalse; -+ } - --length; - if (length != 2 * scanInfo.numComps + 3) { - error(getPos(), "Bad DCT scan info block"); -@@ -3021,12 +3059,12 @@ GBool DCTStream::readHuffmanTables() { - while (length > 0) { - index = str->getChar(); - --length; -- if ((index & 0x0f) >= 4) { -+ if ((index & ~0x10) >= 4 || (index & ~0x10) < 0) { - error(getPos(), "Bad DCT Huffman table"); - return gFalse; - } - if (index & 0x10) { -- index &= 0x0f; -+ index &= 0x03; - if (index >= numACHuffTables) - numACHuffTables = index+1; - tbl = &acHuffTables[index]; -@@ -3144,9 +3182,11 @@ int DCTStream::readMarker() { - do { - do { - c = str->getChar(); -+ if(c == EOF) return EOF; - } while (c != 0xff); - do { - c = str->getChar(); -+ if(c == EOF) return EOF; - } while (c == 0xff); - } while (c == 0x00); - return c; -@@ -3258,6 +3298,10 @@ FlateStream::FlateStream(Stream *strA, i - FilterStream(strA) { - if (predictor != 1) { - pred = new StreamPredictor(this, predictor, columns, colors, bits); -+ if (!pred->isOk()) { -+ delete pred; -+ pred = NULL; -+ } - } else { - pred = NULL; - } -Index: kpdf/xpdf/xpdf/Stream.h -=================================================================== ---- kpdf/xpdf/xpdf/Stream.h (revision 466932) -+++ kpdf/xpdf/xpdf/Stream.h (revision 488714) -@@ -233,6 +233,8 @@ public: - - ~StreamPredictor(); - -+ GBool isOk() { return ok; } -+ - int lookChar(); - int getChar(); - -@@ -250,6 +252,7 @@ private: - int rowBytes; // bytes per line - Guchar *predLine; // line buffer - int predIdx; // current index in predLine -+ GBool ok; - }; - - //------------------------------------------------------------------------ -Index: kpdf/xpdf/xpdf/JPXStream.cc -=================================================================== ---- kpdf/xpdf/xpdf/JPXStream.cc (revision 466932) -+++ kpdf/xpdf/xpdf/JPXStream.cc (revision 488714) -@@ -7,6 +7,7 @@ - //======================================================================== - - #include -+#include - - #ifdef USE_GCC_PRAGMAS - #pragma implementation -@@ -666,7 +667,7 @@ GBool JPXStream::readCodestream(Guint /* - int segType; - GBool haveSIZ, haveCOD, haveQCD, haveSOT; - Guint precinctSize, style; -- Guint segLen, capabilities, comp, i, j, r; -+ Guint segLen, capabilities, nTiles, comp, i, j, r; - - //----- main header - haveSIZ = haveCOD = haveQCD = haveSOT = gFalse; -@@ -701,8 +702,12 @@ GBool JPXStream::readCodestream(Guint /* - / img.xTileSize; - img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1) - / img.yTileSize; -- img.tiles = (JPXTile *)gmalloc(img.nXTiles * img.nYTiles * -- sizeof(JPXTile)); -+ nTiles = img.nXTiles * img.nYTiles; -+ if (img.nXTiles <= 0 || img.nYTiles <= 0 || img.nXTiles >= INT_MAX / img.nYTiles) { -+ error(getPos(), "Bad tile count in JPX SIZ marker segment"); -+ return gFalse; -+ } -+ img.tiles = (JPXTile *)gmallocn(nTiles, sizeof(JPXTile)); - for (i = 0; i < img.nXTiles * img.nYTiles; ++i) { - img.tiles[i].tileComps = (JPXTileComp *)gmalloc(img.nComps * - sizeof(JPXTileComp)); -Index: kpdf/xpdf/goo/gmem.c -=================================================================== ---- kpdf/xpdf/goo/gmem.c (revision 466932) -+++ kpdf/xpdf/goo/gmem.c (revision 488714) -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - #include "gmem.h" - - #ifdef DEBUG_MEM -@@ -175,6 +176,28 @@ void gfree(void *p) { - #endif - } - -+void *gmallocn(int nObjs, int objSize) { -+ int n; -+ -+ n = nObjs * objSize; -+ if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) { -+ fprintf(stderr, "Bogus memory allocation size\n"); -+ exit(1); -+ } -+ return gmalloc(n); -+} -+ -+void *greallocn(void *p, int nObjs, int objSize) { -+ int n; -+ -+ n = nObjs * objSize; -+ if (objSize <= 0 || nObjs < 0 || nObjs >= INT_MAX / objSize) { -+ fprintf(stderr, "Bogus memory allocation size\n"); -+ exit(1); -+ } -+ return grealloc(p, n); -+} -+ - #ifdef DEBUG_MEM - void gMemReport(FILE *f) { - GMemHdr *p; -Index: kpdf/xpdf/goo/gmem.h -=================================================================== ---- kpdf/xpdf/goo/gmem.h (revision 466932) -+++ kpdf/xpdf/goo/gmem.h (revision 488714) -@@ -28,6 +28,15 @@ extern void *gmalloc(size_t size); - extern void *grealloc(void *p, size_t size); - - /* -+ * These are similar to gmalloc and grealloc, but take an object count -+ * and size. The result is similar to allocating nObjs * objSize -+ * bytes, but there is an additional error check that the total size -+ * doesn't overflow an int. -+ */ -+extern void *gmallocn(int nObjs, int objSize); -+extern void *greallocn(void *p, int nObjs, int objSize); -+ -+/* - * Same as free, but checks for and ignores NULL pointers. - */ - extern void gfree(void *p); diff --git a/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff b/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff deleted file mode 100644 index 7c6b1fe28d80..000000000000 --- a/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff +++ /dev/null @@ -1,52 +0,0 @@ -Index: kpdf/xpdf/splash/SplashXPathScanner.cc -=================================================================== ---- kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 504400) -+++ kpdf/xpdf/splash/SplashXPathScanner.cc (Revision 505063) -@@ -182,7 +182,7 @@ GBool SplashXPathScanner::getNextSpan(in - } - - void SplashXPathScanner::computeIntersections(int y) { -- SplashCoord ySegMin, ySegMax, xx0, xx1; -+ SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1; - SplashXPathSeg *seg; - int i, j; - -@@ -232,19 +232,27 @@ void SplashXPathScanner::computeIntersec - } else if (seg->flags & splashXPathVert) { - xx0 = xx1 = seg->x0; - } else { -- if (ySegMin <= y) { -- // intersection with top edge -- xx0 = seg->x0 + (y - seg->y0) * seg->dxdy; -+ if (seg->x0 < seg->x1) { -+ xSegMin = seg->x0; -+ xSegMax = seg->x1; - } else { -- // x coord of segment endpoint with min y coord -- xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0; -+ xSegMin = seg->x1; -+ xSegMax = seg->x0; - } -- if (ySegMax >= y + 1) { -- // intersection with bottom edge -- xx1 = seg->x0 + (y + 1 - seg->y0) * seg->dxdy; -- } else { -- // x coord of segment endpoint with max y coord -- xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1; -+ // intersection with top edge -+ xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy; -+ // intersection with bottom edge -+ xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy; -+ // the segment may not actually extend to the top and/or bottom edges -+ if (xx0 < xSegMin) { -+ xx0 = xSegMin; -+ } else if (xx0 > xSegMax) { -+ xx0 = xSegMax; -+ } -+ if (xx1 < xSegMin) { -+ xx1 = xSegMin; -+ } else if (xx1 > xSegMax) { -+ xx1 = xSegMax; - } - } - if (xx0 < xx1) { diff --git a/kde-base/kpdf/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff b/kde-base/kpdf/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff new file mode 100644 index 000000000000..092cf67f360b --- /dev/null +++ b/kde-base/kpdf/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff @@ -0,0 +1,61 @@ +--- kpdf/xpdf/xpdf/Catalog.cc ++++ kpdf/xpdf/xpdf/Catalog.cc +@@ -26,6 +26,12 @@ + #include "UGString.h" + #include "Catalog.h" + ++// This define is used to limit the depth of recursive readPageTree calls ++// This is needed because the page tree nodes can reference their parents ++// leaving us in an infinite loop ++// Most sane pdf documents don't have a call depth higher than 10 ++#define MAX_CALL_DEPTH 1000 ++ + //------------------------------------------------------------------------ + // Catalog + //------------------------------------------------------------------------ +@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) { + pageRefs[i].num = -1; + pageRefs[i].gen = -1; + } +- numPages = readPageTree(pagesDict.getDict(), NULL, 0); ++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); + if (numPages != numPages0) { + error(-1, "Page count in top-level pages object is incorrect"); + } +@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() { + return s; + } + +-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { ++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { + Object kids; + Object kid; + Object kidRef; +@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic + // This should really be isDict("Pages"), but I've seen at least one + // PDF file where the /Type entry is missing. + } else if (kid.isDict()) { +- if ((start = readPageTree(kid.getDict(), attrs1, start)) +- < 0) +- goto err2; ++ if (callDepth > MAX_CALL_DEPTH) { ++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); ++ } else { ++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) ++ < 0) ++ goto err2; ++ } + } else { + error(-1, "Kid object (page %d) is wrong type (%s)", + start+1, kid.getTypeName()); +--- kpdf/xpdf/xpdf/Catalog.h ++++ kpdf/xpdf/xpdf/Catalog.h +@@ -128,7 +128,7 @@ private: + Object acroForm; // AcroForm dictionary + GBool ok; // true if catalog is valid + +- int readPageTree(Dict *pages, PageAttrs *attrs, int start); ++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); + Object *findDestInTree(Object *tree, GString *name, Object *obj); + }; + diff --git a/kde-base/kpdf/kpdf-3.5.5-r1.ebuild b/kde-base/kpdf/kpdf-3.5.5-r1.ebuild new file mode 100644 index 000000000000..c8bd5a01212d --- /dev/null +++ b/kde-base/kpdf/kpdf-3.5.5-r1.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.5-r1.ebuild,v 1.1 2007/01/27 17:19:33 flameeyes Exp $ + +KMNAME=kdegraphics +MAXKDEVER=$PV +KM_DEPRANGE="$PV $MAXKDEVER" +inherit kde-meta flag-o-matic + +DESCRIPTION="kpdf, a kde pdf viewer based on xpdf" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="" +KMEXTRA="kfile-plugins/pdf" + +DEPEND=">=media-libs/freetype-2.0.5 + media-libs/t1lib + >=app-text/poppler-0.5.1 + >=app-text/poppler-bindings-0.5.1" +RDEPEND="${DEPEND} + $(deprange-dual $PV $MAXKDEVER kde-base/kdeprint)" + +PATCHES="${FILESDIR}/post-3.5.5-kdegraphics-CVE-2007-0104.diff" + +pkg_setup() { + kde_pkg_setup + # check for qt still until it had a revision bump in both ~arch and stable. + if ! built_with_use app-text/poppler-bindings qt3; then + eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support." + eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"." + die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"." + fi +} + +src_compile() { + local myconf="--with-poppler" + replace-flags "-Os" "-O2" # see bug 114822 + kde-meta_src_compile +} diff --git a/kde-base/kpdf/kpdf-3.5.6-r1.ebuild b/kde-base/kpdf/kpdf-3.5.6-r1.ebuild new file mode 100644 index 000000000000..99affda39bed --- /dev/null +++ b/kde-base/kpdf/kpdf-3.5.6-r1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.6-r1.ebuild,v 1.1 2007/01/27 17:19:33 flameeyes Exp $ + +KMNAME=kdegraphics +MAXKDEVER=$PV +KM_DEPRANGE="$PV $MAXKDEVER" +inherit kde-meta flag-o-matic + +DESCRIPTION="kpdf, a kde pdf viewer based on xpdf" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="" +KMEXTRA="kfile-plugins/pdf" + +DEPEND=">=media-libs/freetype-2.0.5 + media-libs/t1lib + >=app-text/poppler-0.5.1 + >=app-text/poppler-bindings-0.5.1" +RDEPEND="${DEPEND} + $(deprange-dual $PV $MAXKDEVER kde-base/kdeprint)" + +pkg_setup() { + kde_pkg_setup + # check for qt still until it had a revision bump in both ~arch and stable. + if ! built_with_use app-text/poppler-bindings qt3; then + eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support." + eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"." + die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"." + fi +} + +src_compile() { + local myconf="--with-poppler" + replace-flags "-Os" "-O2" # see bug 114822 + kde-meta_src_compile +}