xpdf heap based buffer overflow, #121375

Package-Manager: portage-2.0.54
author: Carsten Lohrke <carlo@gentoo.org> 2006-02-03 00:58:09 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2006-02-03 00:58:09 +0000
commit: b8e462472a75837a32f0f9e979b7981d0f69b322 (patch)
tree: 0eb5b6b39d17bf51e44758540ae59a172dd4f9fd /kde-base/kpdf
parent: Remove stale version; port over to modular X. (diff)
download: historical-b8e462472a75837a32f0f9e979b7981d0f69b322.tar.gz
historical-b8e462472a75837a32f0f9e979b7981d0f69b322.tar.bz2
historical-b8e462472a75837a32f0f9e979b7981d0f69b322.zip
8 files changed, 191 insertions, 2 deletions
diff --git a/kde-base/kpdf/ChangeLog b/kde-base/kpdf/ChangeLog
index 27459047d784..97fa2fcb9472 100644
--- a/kde-base/kpdf/ChangeLog
+++ b/kde-base/kpdf/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for kde-base/kpdf
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.70 2006/02/01 11:56:08 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.71 2006/02/03 00:54:13 carlo Exp $
+
+*kpdf-3.5.1-r1 (03 Feb 2006)
+*kpdf-3.4.3-r4 (03 Feb 2006)
+
+  03 Feb 2006; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.4.3-kdegraphics-CVE-2006-0301.diff,
+  +files/post-3.5.1-kdegraphics-CVE-2006-0301.diff, +kpdf-3.4.3-r4.ebuild,
+  +kpdf-3.5.1-r1.ebuild:
+  xpdf heap based buffer overflow, #121375
 
   01 Feb 2006; Carsten Lohrke <carlo@gentoo.org> kpdf-3.4.3-r3.ebuild:
   Correct poppler dependency.
diff --git a/kde-base/kpdf/Manifest b/kde-base/kpdf/Manifest
index 25a0428cab4f..719eda16c757 100644
--- a/kde-base/kpdf/Manifest
+++ b/kde-base/kpdf/Manifest
@@ -1,4 +1,4 @@
-MD5 8356188b4513440193e801e18999c107 ChangeLog 9310
+MD5 61f6658ff00fac8ff5fdd9adfc34e6bc ChangeLog 9614
 MD5 1334abaee53983ad0a0810adeafef453 files/digest-kpdf-3.4.1 221
 MD5 1334abaee53983ad0a0810adeafef453 files/digest-kpdf-3.4.1-r1 221
 MD5 912bf2607fc0c67f023f6084731eba21 files/digest-kpdf-3.4.1-r3 221
@@ -8,10 +8,12 @@ MD5 cb94e5a98246b8c80e29c3d668e4be9d files/digest-kpdf-3.4.2-r2 300
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3-r2 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3-r3 71
+MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3-r4 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kpdf-3.5.0 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kpdf-3.5.0-r2 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kpdf-3.5.0-r3 71
 MD5 caced8d9ad43d51ee9d60fa05a53ed52 files/digest-kpdf-3.5.1 71
+MD5 caced8d9ad43d51ee9d60fa05a53ed52 files/digest-kpdf-3.5.1-r1 71
 MD5 653bd55a1e87c51731d0b0512051774e files/kdegraphics-3.4.2-kpdf-contentcrash.patch 749
 MD5 4caddebea4d845abb2de6dbbfe1b979a files/kdegraphics-3.4.2-kpdf-fix.patch 1024
 MD5 cba50683fe0c9704ddfcd91fde5129c8 files/kpdf-3.5.0-cropbox-fix.patch 631
@@ -19,7 +21,9 @@ MD5 d18efc8eb0bf3e3b54a33cf04cdba3fd files/kpdf-3.5.0-splitter-io.patch 1415
 MD5 191a45e1b9346c3bbeb4bfda29f3d48a files/kpdf-3.5.1-saveas.patch 926
 MD5 ec3b95efe9139f4259d6de213fe4b87b files/post-3.4.1-kdegraphics-4.diff 1827
 MD5 e8dde74416769d4589dcca25072aea3e files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685
+MD5 ebbce0a49537b694932b3c0efcf18261 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775
 MD5 17ea076e986be5e26a4feea3cd264f7e files/post-3.5.0-kdegraphics-CAN-2005-3193.diff 8611
+MD5 bc7dc2a5235f95a41fc1d7ab885899da files/post-3.5.1-kdegraphics-CVE-2006-0301.diff 1684
 MD5 493fdf9a2dc94e56301161f38122b422 kpdf-3.4.1-r1.ebuild 627
 MD5 8d30155d231e3dec857b28b81b157f36 kpdf-3.4.1-r3.ebuild 684
 MD5 710200655b097652c4ea66ea6e5931db kpdf-3.4.1.ebuild 569
@@ -28,9 +32,11 @@ MD5 26ec262357d5acdd4fbe2e83d488e692 kpdf-3.4.2-r2.ebuild 816
 MD5 9d42c07d0672b69a347a437c76b5e024 kpdf-3.4.2.ebuild 578
 MD5 fb75128e908283c51dbc40125468bb21 kpdf-3.4.3-r2.ebuild 645
 MD5 e8ae49a7983a5ae9280c354de61d226f kpdf-3.4.3-r3.ebuild 1078
+MD5 072623a0a5c83813e714c051453fe7f8 kpdf-3.4.3-r4.ebuild 1139
 MD5 71273e2bb8b2c3a5e1407a5a32a4b68a kpdf-3.4.3.ebuild 576
 MD5 531c4b155103eed24f2f88d83d3b6461 kpdf-3.5.0-r2.ebuild 953
 MD5 319d936787de54e4423c1a9fdf499c5e kpdf-3.5.0-r3.ebuild 1101
 MD5 83802275c8156d6e4aff171ef643d683 kpdf-3.5.0.ebuild 841
+MD5 018ad6167249841e223be033bf7ad8f2 kpdf-3.5.1-r1.ebuild 1048
 MD5 b71520405927b5861fa74ecca94abc04 kpdf-3.5.1.ebuild 993
 MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
diff --git a/kde-base/kpdf/files/digest-kpdf-3.4.3-r4 b/kde-base/kpdf/files/digest-kpdf-3.4.3-r4
new file mode 100644
index 000000000000..2cb888ba9f29
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.4.3-r4
@@ -0,0 +1 @@
+MD5 e2b2926301204a0f587d9e6e163c06d9 kdegraphics-3.4.3.tar.bz2 6554272
diff --git a/kde-base/kpdf/files/digest-kpdf-3.5.1-r1 b/kde-base/kpdf/files/digest-kpdf-3.5.1-r1
new file mode 100644
index 000000000000..9166f01a0810
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.5.1-r1
@@ -0,0 +1 @@
+MD5 2cd1c5348b7df46cf7f9d91e1dbfebd2 kdegraphics-3.5.1.tar.bz2 7315482
diff --git a/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff b/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..7c6b1fe28d80
--- /dev/null
+++ b/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,52 @@
+Index: kpdf/xpdf/splash/SplashXPathScanner.cc
+===================================================================
+--- kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 504400)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 505063)
+@@ -182,7 +182,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+ 
+ void SplashXPathScanner::computeIntersections(int y) {
+-  SplashCoord ySegMin, ySegMax, xx0, xx1;
++  SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+   SplashXPathSeg *seg;
+   int i, j;
+ 
+@@ -232,19 +232,27 @@ void SplashXPathScanner::computeIntersec
+     } else if (seg->flags & splashXPathVert) {
+       xx0 = xx1 = seg->x0;
+     } else {
+-      if (ySegMin <= y) {
+-	// intersection with top edge
+-	xx0 = seg->x0 + (y - seg->y0) * seg->dxdy;
++      if (seg->x0 < seg->x1) {
++	xSegMin = seg->x0;
++	xSegMax = seg->x1;
+       } else {
+-	// x coord of segment endpoint with min y coord
+-	xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++	xSegMin = seg->x1;
++	xSegMax = seg->x0;
+       }
+-      if (ySegMax >= y + 1) {
+-	// intersection with bottom edge
+-	xx1 = seg->x0 + (y + 1 - seg->y0) * seg->dxdy;
+-      } else {
+-	// x coord of segment endpoint with max y coord
+-	xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++      // intersection with top edge
++      xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      // intersection with bottom edge
++      xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++      // the segment may not actually extend to the top and/or bottom edges
++      if (xx0 < xSegMin) {
++	xx0 = xSegMin;
++      } else if (xx0 > xSegMax) {
++	xx0 = xSegMax;
++      }
++      if (xx1 < xSegMin) {
++	xx1 = xSegMin;
++      } else if (xx1 > xSegMax) {
++	xx1 = xSegMax;
+       }
+     }
+     if (xx0 < xx1) {
diff --git a/kde-base/kpdf/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff b/kde-base/kpdf/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..e2e19b511dd7
--- /dev/null
+++ b/kde-base/kpdf/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,50 @@
+--- kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 505052)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc	(Arbeitskopie)
+@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+ 
+ void SplashXPathScanner::computeIntersections(int y) {
+-  SplashCoord ySegMin, ySegMax, xx0, xx1;
++  SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+   SplashXPathSeg *seg;
+   int i, j;
+ 
+@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec
+     } else if (seg->flags & splashXPathVert) {
+       xx0 = xx1 = seg->x0;
+     } else {
+-      if (ySegMin <= y) {
+-	// intersection with top edge
+-	xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      if (seg->x0 < seg->x1) {
++	xSegMin = seg->x0;
++	xSegMax = seg->x1;
+       } else {
+-	// x coord of segment endpoint with min y coord
+-	xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++	xSegMin = seg->x1;
++	xSegMax = seg->x0;
+       }
+-      if (ySegMax >= y + 1) {
+-	// intersection with bottom edge
+-	xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
+-      } else {
+-	// x coord of segment endpoint with max y coord
+-	xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++      // intersection with top edge
++      xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      // intersection with bottom edge
++      xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++      // the segment may not actually extend to the top and/or bottom edges
++      if (xx0 < xSegMin) {
++	xx0 = xSegMin;
++      } else if (xx0 > xSegMax) {
++	xx0 = xSegMax;
++      }
++      if (xx1 < xSegMin) {
++	xx1 = xSegMin;
++      } else if (xx1 > xSegMax) {
++	xx1 = xSegMax;
+       }
+     }
+     if (xx0 < xx1) {
diff --git a/kde-base/kpdf/kpdf-3.4.3-r4.ebuild b/kde-base/kpdf/kpdf-3.4.3-r4.ebuild
new file mode 100644
index 000000000000..b90242c96cbd
--- /dev/null
+++ b/kde-base/kpdf/kpdf-3.4.3-r4.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.4.3-r4.ebuild,v 1.1 2006/02/03 00:54:13 carlo Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="nodrm"
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+	media-libs/t1lib"
+RDEPEND="${DEPEND}
+	|| ( >=app-text/poppler-bindings-0.4.3-r1
+	     <app-text/xpdf-3.01-r4 )" # kfile-plugins/pdf depends on "pdfinfo"
+
+PATCHES="${FILESDIR}/post-3.4.3-kdegraphics-CAN-2005-3193.diff
+	${FILESDIR}/post-3.4.3-kdegraphics-CVE-2006-0301.diff"
+
+pkg_setup() {
+	if ! built_with_use app-text/poppler-bindings qt; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+	fi
+}
+
+src_compile() {
+	myconf="${myconf} $(use_enable !nodrm kpdf-drm)"
+
+	kde-meta_src_compile
+}
diff --git a/kde-base/kpdf/kpdf-3.5.1-r1.ebuild b/kde-base/kpdf/kpdf-3.5.1-r1.ebuild
new file mode 100644
index 000000000000..cfbba4ad0198
--- /dev/null
+++ b/kde-base/kpdf/kpdf-3.5.1-r1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.1-r1.ebuild,v 1.1 2006/02/03 00:54:13 carlo Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta flag-o-matic
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+	media-libs/t1lib
+	>=app-text/poppler-bindings-0.3.1"
+
+PATCHES="${FILESDIR}/${P}-saveas.patch
+	${FILESDIR}/post-3.5.1-kdegraphics-CVE-2006-0301.diff"
+
+pkg_setup() {
+	if ! built_with_use app-text/poppler-bindings qt; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+	fi
+}
+
+src_compile() {
+	local myconf="--with-poppler"
+	replace-flags "-Os" "-O2" # see bug 114822
+	kde-meta_src_compile
+}
author	Carsten Lohrke <carlo@gentoo.org>	2006-02-03 00:58:09 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2006-02-03 00:58:09 +0000
commit	b8e462472a75837a32f0f9e979b7981d0f69b322 (patch)
tree	0eb5b6b39d17bf51e44758540ae59a172dd4f9fd /kde-base/kpdf
parent	Remove stale version; port over to modular X. (diff)
download	historical-b8e462472a75837a32f0f9e979b7981d0f69b322.tar.gz historical-b8e462472a75837a32f0f9e979b7981d0f69b322.tar.bz2 historical-b8e462472a75837a32f0f9e979b7981d0f69b322.zip