Fix for bug 187139.

Package-Manager: portage-2.1.3_rc9
author: Carsten Lohrke <carlo@gentoo.org> 2007-07-30 18:05:53 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2007-07-30 18:05:53 +0000
commit: 8fd540117c7ff62b7bec2a29f5b2de38ba777066 (patch)
tree: 44b50febba4ccdb0a07741a4d091522b2a2815f4 /kde-base
parent: Stable for HPPA (bug #187057). (diff)
download: historical-8fd540117c7ff62b7bec2a29f5b2de38ba777066.tar.gz
historical-8fd540117c7ff62b7bec2a29f5b2de38ba777066.tar.bz2
historical-8fd540117c7ff62b7bec2a29f5b2de38ba777066.zip
8 files changed, 159 insertions, 2 deletions
diff --git a/kde-base/kdegraphics/ChangeLog b/kde-base/kdegraphics/ChangeLog
index cf977d55117c..43bf05322eff 100644
--- a/kde-base/kdegraphics/ChangeLog
+++ b/kde-base/kdegraphics/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for kde-base/kdegraphics
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.305 2007/06/04 00:31:45 kumba Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.306 2007/07/30 18:05:53 carlo Exp $
+
+*kdegraphics-3.5.7-r1 (30 Jul 2007)
+
+  30 Jul 2007; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.5.7-kdegraphics-CVE-2007-3387.diff,
+  +kdegraphics-3.5.7-r1.ebuild:
+  Fix for bug 187139.
 
   04 Jun 2007; Joshua Kinard <kumba@gentoo.org> kdegraphics-3.5.6-r2.ebuild:
   Marked unstable on mips.
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.7-r1 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.7-r1
new file mode 100644
index 000000000000..ba24610e2ca5
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.7-r1
@@ -0,0 +1,3 @@
+MD5 eae753e80c5f8dd304e7fd0dca84ae67 kdegraphics-3.5.7.tar.bz2 7424976
+RMD160 ccf36f5c34a1d484f0878a42a51dc620c2bdfa71 kdegraphics-3.5.7.tar.bz2 7424976
+SHA256 5689882ade29d0f56e95783f1c3e443fd512ca8291bcb81aac60ac719a8dcdcc kdegraphics-3.5.7.tar.bz2 7424976
diff --git a/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff b/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
new file mode 100644
index 000000000000..e28add87e275
--- /dev/null
+++ b/kde-base/kdegraphics/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
@@ -0,0 +1,17 @@
+Index: kpdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- kpdf/xpdf/xpdf/Stream.cc	(revision 689574)
++++ kpdf/xpdf/xpdf/Stream.cc	(working copy)
+@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream 
+ 
+   nVals = width * nComps;
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
++      nComps > gfxColorMaxComps || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/kde-base/kdegraphics/kdegraphics-3.5.7-r1.ebuild b/kde-base/kdegraphics/kdegraphics-3.5.7-r1.ebuild
new file mode 100644
index 000000000000..3f68b6cdba24
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.5.7-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.5.7-r1.ebuild,v 1.1 2007/07/30 18:05:53 carlo Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gphoto2 imlib openexr opengl pdf povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )
+	pdf? ( >=app-text/poppler-0.5.1
+		>=app-text/poppler-bindings-0.5.1 )"
+
+RDEPEND="${DEPEND}
+	tetex? (
+	|| ( >=app-text/tetex-2
+		 app-text/ptex
+		 app-text/cstetex
+		 app-text/dvipdfm ) )"
+
+
+PATCHES="${FILESDIR}/post-3.5.7-kdegraphics-CVE-2007-3387.diff"
+
+pkg_setup() {
+	kde_pkg_setup
+	for ghostscript in app-text/ghostscript-{gnu,esp,afpl}; do
+		if has_version ${ghostscript} && ! built_with_use ${ghostscript} X; then
+			eerror "This package requires ${ghostscript} compiled with X11 support."
+			eerror "Please reemerge ${ghostscript} with USE=\"X\"."
+			die "Please reemerge ${ghostscript} with USE=\"X\"."
+		fi
+	done
+	if use pdf && ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="$(use_with openexr) $(use_with pdf poppler)
+				  $(use_with gphoto2 kamera)"
+
+	use imlib || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kuickshow"
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+	use pdf || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpdf"
+
+	rm -f "${S}/configure" # ask rebuilding
+	kde_src_compile
+}
diff --git a/kde-base/kpdf/ChangeLog b/kde-base/kpdf/ChangeLog
index c4c11d71cca2..85ceaca4a64e 100644
--- a/kde-base/kpdf/ChangeLog
+++ b/kde-base/kpdf/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/kpdf
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.130 2007/05/23 01:01:12 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.131 2007/07/30 18:05:10 carlo Exp $
+
+*kpdf-3.5.7-r1 (30 Jul 2007)
+
+  30 Jul 2007; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.5.7-kdegraphics-CVE-2007-3387.diff, +kpdf-3.5.7-r1.ebuild:
+  Fix for bug 187139.
 
 *kpdf-3.5.7 (23 May 2007)
 
diff --git a/kde-base/kpdf/files/digest-kpdf-3.5.7-r1 b/kde-base/kpdf/files/digest-kpdf-3.5.7-r1
new file mode 100644
index 000000000000..ba24610e2ca5
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.5.7-r1
@@ -0,0 +1,3 @@
+MD5 eae753e80c5f8dd304e7fd0dca84ae67 kdegraphics-3.5.7.tar.bz2 7424976
+RMD160 ccf36f5c34a1d484f0878a42a51dc620c2bdfa71 kdegraphics-3.5.7.tar.bz2 7424976
+SHA256 5689882ade29d0f56e95783f1c3e443fd512ca8291bcb81aac60ac719a8dcdcc kdegraphics-3.5.7.tar.bz2 7424976
diff --git a/kde-base/kpdf/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff b/kde-base/kpdf/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
new file mode 100644
index 000000000000..e28add87e275
--- /dev/null
+++ b/kde-base/kpdf/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
@@ -0,0 +1,17 @@
+Index: kpdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- kpdf/xpdf/xpdf/Stream.cc	(revision 689574)
++++ kpdf/xpdf/xpdf/Stream.cc	(working copy)
+@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream 
+ 
+   nVals = width * nComps;
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
++      nComps > gfxColorMaxComps || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/kde-base/kpdf/kpdf-3.5.7-r1.ebuild b/kde-base/kpdf/kpdf-3.5.7-r1.ebuild
new file mode 100644
index 000000000000..12b3839d78f0
--- /dev/null
+++ b/kde-base/kpdf/kpdf-3.5.7-r1.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.7-r1.ebuild,v 1.1 2007/07/30 18:05:10 carlo Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta flag-o-matic
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+	media-libs/t1lib
+	>=app-text/poppler-0.5.1
+	>=app-text/poppler-bindings-0.5.1"
+RDEPEND="${DEPEND}
+	$(deprange-dual $PV $MAXKDEVER kde-base/kdeprint)"
+
+PATCHES="${FILESDIR}/post-3.5.7-kdegraphics-CVE-2007-3387.diff"
+
+pkg_setup() {
+	kde_pkg_setup
+	# check for qt still until it had a revision bump in both ~arch and stable.
+	if ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="--with-poppler"
+	replace-flags "-Os" "-O2" # see bug 114822
+	kde-meta_src_compile
+}
author	Carsten Lohrke <carlo@gentoo.org>	2007-07-30 18:05:53 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2007-07-30 18:05:53 +0000
commit	8fd540117c7ff62b7bec2a29f5b2de38ba777066 (patch)
tree	44b50febba4ccdb0a07741a4d091522b2a2815f4 /kde-base
parent	Stable for HPPA (bug #187057). (diff)
download	historical-8fd540117c7ff62b7bec2a29f5b2de38ba777066.tar.gz historical-8fd540117c7ff62b7bec2a29f5b2de38ba777066.tar.bz2 historical-8fd540117c7ff62b7bec2a29f5b2de38ba777066.zip