From b2d038bac5c710c509a12d028e3097e6076c8ac3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Diego=20Elio=20Petten=C3=B2?= Date: Sun, 11 Feb 2007 13:27:33 +0000 Subject: [PATCH] Restore file removed by mistake. Package-Manager: portage-2.1.2-r9 --- app-office/koffice/ChangeLog | 6 +- app-office/koffice/Manifest | 18 +++-- .../files/koffice-xpdf-CVE-2007-0104.diff | 74 +++++++++++++++++++ 3 files changed, 90 insertions(+), 8 deletions(-) create mode 100644 app-office/koffice/files/koffice-xpdf-CVE-2007-0104.diff diff --git a/app-office/koffice/ChangeLog b/app-office/koffice/ChangeLog index 0a6ec57ab15b..492d7b4d9a43 100644 --- a/app-office/koffice/ChangeLog +++ b/app-office/koffice/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for app-office/koffice # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-office/koffice/ChangeLog,v 1.204 2007/02/10 20:22:27 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-office/koffice/ChangeLog,v 1.205 2007/02/11 13:27:33 flameeyes Exp $ + + 11 Feb 2007; Diego Pettenò + +files/koffice-xpdf-CVE-2007-0104.diff: + Restore file removed by mistake. 10 Feb 2007; Diego Pettenò -files/koffice-xpdf-CVE-2007-0104.diff, -files/koffice-ole-filter.patch, diff --git a/app-office/koffice/Manifest b/app-office/koffice/Manifest index 6f783e3901e2..9639a79c907f 100644 --- a/app-office/koffice/Manifest +++ b/app-office/koffice/Manifest @@ -1,6 +1,10 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +AUX koffice-xpdf-CVE-2007-0104.diff 3185 RMD160 1ea990a06dfdc709362a6cb0fbb69851da86a3d6 SHA1 bef37ffafbae9a509363f7bc63806ab7162576b9 SHA256 36585b64bc23c9e352c0ff4edff9788add81381049dff5ae1d9de708f9696bfe +MD5 dc28881c39f11c040f8c942e4af238d1 files/koffice-xpdf-CVE-2007-0104.diff 3185 +RMD160 1ea990a06dfdc709362a6cb0fbb69851da86a3d6 files/koffice-xpdf-CVE-2007-0104.diff 3185 +SHA256 36585b64bc23c9e352c0ff4edff9788add81381049dff5ae1d9de708f9696bfe files/koffice-xpdf-CVE-2007-0104.diff 3185 AUX krita-1.6.0-corrupt_png_save.diff 571 RMD160 b50fe5e974eaed7b1397ce962edf5c67cf4e087a SHA1 9a5f216c4b9e527396125b4524e4852734a519aa SHA256 508e4ff46458170dac5d06bf2d75fac1c3a1b0560f86744fa809c85e3fd48e6b MD5 5f18026e387a792516a3ca5c840020c6 files/krita-1.6.0-corrupt_png_save.diff 571 RMD160 b50fe5e974eaed7b1397ce962edf5c67cf4e087a files/krita-1.6.0-corrupt_png_save.diff 571 @@ -19,10 +23,10 @@ EBUILD koffice-1.6.1-r1.ebuild 2403 RMD160 3827dec008092093aea1ef2bc9a882dbfc70a MD5 bf3c8a80e0eff3a9c8e579503a7a5825 koffice-1.6.1-r1.ebuild 2403 RMD160 3827dec008092093aea1ef2bc9a882dbfc70a6c2 koffice-1.6.1-r1.ebuild 2403 SHA256 e16fc6f2bbba65a370b934c7ad5074fa9fe3c1e20b3a33d115197238d5f60995 koffice-1.6.1-r1.ebuild 2403 -MISC ChangeLog 28824 RMD160 f6a14e2ba04ee83992b413b2a8236e9960eb05ea SHA1 5d944b657cdf4ff32e36d5611373af2564ccc3ce SHA256 1b48316b5d511cf514e65be9a9126b4d669aad5e684aabe2313bbf3567fea641 -MD5 94d30e00fa9f74087a61667499ac9082 ChangeLog 28824 -RMD160 f6a14e2ba04ee83992b413b2a8236e9960eb05ea ChangeLog 28824 -SHA256 1b48316b5d511cf514e65be9a9126b4d669aad5e684aabe2313bbf3567fea641 ChangeLog 28824 +MISC ChangeLog 28955 RMD160 0b0a9a93552072bec1ed9db7028cb76946d87261 SHA1 1678a72254f341c99121d71873288c9962260570 SHA256 97dc8bee40f9228e3597e5e0ef8728170b9624a979fce8089f9d666d9c54a97a +MD5 b5dfaa2778d5887d399a85d68d642c9c ChangeLog 28955 +RMD160 0b0a9a93552072bec1ed9db7028cb76946d87261 ChangeLog 28955 +SHA256 97dc8bee40f9228e3597e5e0ef8728170b9624a979fce8089f9d666d9c54a97a ChangeLog 28955 MISC metadata.xml 157 RMD160 9258d9691830e58ee00ca89f0a6df9ce077f2439 SHA1 b2ca0d856f38a09bf6d2e58ee77b344552585862 SHA256 e0e268ca18fef286617fcfe97773d5df5b8fbdb5fbcb9a29adc5e8b0baea4292 MD5 02039d51ca4a42817775fd436dfaa956 metadata.xml 157 RMD160 9258d9691830e58ee00ca89f0a6df9ce077f2439 metadata.xml 157 @@ -39,7 +43,7 @@ SHA256 8947fdfcfda8edd2bd5291f3d5c44f7521d41f2686b116c88b6f8c72448b5054 files/di -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.2 (GNU/Linux) -iD8DBQFFzimJAiZjviIA2XgRAhA5AJ909tMy0sA4pX2vzf2F4arHVCSaegCgwNzw -AFN6FzUvqwUEJo01bgEorM0= -=ffsg +iD8DBQFFzxnLAiZjviIA2XgRAoPoAJ9wSt8bZKYLWUqEWEHgH3tVtLtzuQCeLd6C +jC7GUmekog7rt938C6vdv+0= +=BNVj -----END PGP SIGNATURE----- diff --git a/app-office/koffice/files/koffice-xpdf-CVE-2007-0104.diff b/app-office/koffice/files/koffice-xpdf-CVE-2007-0104.diff new file mode 100644 index 000000000000..f5e51a1c706e --- /dev/null +++ b/app-office/koffice/files/koffice-xpdf-CVE-2007-0104.diff @@ -0,0 +1,74 @@ +------------------------------------------------------------------------ +r622463 | aacid | 2007-01-11 23:05:54 +0100 (Thu, 11 Jan 2007) | 2 lines +Changed paths: + M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc + M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.h + +Commiting the patch agreed between kpdf and poppler developers to fix MOAB-06-01-2007 issue. + +------------------------------------------------------------------------ +Index: filters/kword/pdf/xpdf/xpdf/Catalog.cc +=================================================================== +--- filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622462) ++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622463) +@@ -24,6 +24,12 @@ + #include "Link.h" + #include "Catalog.h" + ++// This define is used to limit the depth of recursive readPageTree calls ++// This is needed because the page tree nodes can reference their parents ++// leaving us in an infinite loop ++// Most sane pdf documents don't have a call depth higher than 10 ++#define MAX_CALL_DEPTH 1000 ++ + //------------------------------------------------------------------------ + // Catalog + //------------------------------------------------------------------------ +@@ -77,7 +83,7 @@ Catalog::Catalog(XRef *xrefA) { + pageRefs[i].num = -1; + pageRefs[i].gen = -1; + } +- numPages = readPageTree(pagesDict.getDict(), NULL, 0); ++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); + if (numPages != numPages0) { + error(-1, "Page count in top-level pages object is incorrect"); + } +@@ -171,7 +177,7 @@ GString *Catalog::readMetadata() { + return s; + } + +-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { ++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { + Object kids; + Object kid; + Object kidRef; +@@ -221,9 +227,13 @@ int Catalog::readPageTree(Dict *pagesDic + // This should really be isDict("Pages"), but I've seen at least one + // PDF file where the /Type entry is missing. + } else if (kid.isDict()) { +- if ((start = readPageTree(kid.getDict(), attrs1, start)) +- < 0) +- goto err2; ++ if (callDepth > MAX_CALL_DEPTH) { ++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); ++ } else { ++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) ++ < 0) ++ goto err2; ++ } + } else { + error(-1, "Kid object (page %d) is wrong type (%s)", + start+1, kid.getTypeName()); +Index: filters/kword/pdf/xpdf/xpdf/Catalog.h +=================================================================== +--- filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622462) ++++ filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622463) +@@ -82,7 +82,7 @@ private: + Object outline; // outline dictionary + GBool ok; // true if catalog is valid + +- int readPageTree(Dict *pages, PageAttrs *attrs, int start); ++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); + Object *findDestInTree(Object *tree, GString *name, Object *obj); + }; + -- 2.26.2