xpdf heap based buffer overflow, #121375

(Portage version: 2.0.54)
author: Carsten Lohrke <carlo@gentoo.org> 2006-02-03 00:58:09 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2006-02-03 00:58:09 +0000
commit: f94ed026d8aeb184ab19b69c87cbe9e177c76657 (patch)
tree: f51280e57224d165ccbfce5bae0848635b2fce71
parent: Remove stale version; port over to modular X. (diff)
download: gentoo-2-f94ed026d8aeb184ab19b69c87cbe9e177c76657.tar.gz
gentoo-2-f94ed026d8aeb184ab19b69c87cbe9e177c76657.tar.bz2
gentoo-2-f94ed026d8aeb184ab19b69c87cbe9e177c76657.zip
16 files changed, 457 insertions, 4 deletions
diff --git a/kde-base/kdegraphics/ChangeLog b/kde-base/kdegraphics/ChangeLog
index da14c450bbc0..72f26591a79f 100644
--- a/kde-base/kdegraphics/ChangeLog
+++ b/kde-base/kdegraphics/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for kde-base/kdegraphics
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.227 2006/02/01 11:54:27 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.228 2006/02/03 00:58:09 carlo Exp $
+
+*kdegraphics-3.5.1-r1 (03 Feb 2006)
+*kdegraphics-3.4.3-r4 (03 Feb 2006)
+
+  03 Feb 2006; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.4.3-kdegraphics-CVE-2006-0301.diff,
+  +files/post-3.5.1-kdegraphics-CVE-2006-0301.diff,
+  +kdegraphics-3.4.3-r4.ebuild, +kdegraphics-3.5.1-r1.ebuild:
+  xpdf heap based buffer overflow, #121375
 
   01 Feb 2006; Carsten Lohrke <carlo@gentoo.org>
   kdegraphics-3.4.3-r3.ebuild, kdegraphics-3.5.1.ebuild:
diff --git a/kde-base/kdegraphics/Manifest b/kde-base/kdegraphics/Manifest
index 7fe98f4ebe58..06e259c0062f 100644
--- a/kde-base/kdegraphics/Manifest
+++ b/kde-base/kdegraphics/Manifest
@@ -1,4 +1,4 @@
-MD5 0b14b8da797e10ffcad1676f32212069 ChangeLog 32292
+MD5 6b83102f8dec91d1ebb1385e1c2c1b42 ChangeLog 32624
 MD5 284f518172a2843428d308d2d48bbbee files/CAN-2005-0064.patch 793
 MD5 9eb12845ce85cc31e216d463877cb519 files/digest-kdegraphics-3.3.2-r3 71
 MD5 1a6dde4414b4ad894e4ed7ed3fa919ff files/digest-kdegraphics-3.4.1-r1 71
@@ -7,11 +7,13 @@ MD5 a603b1f40c870db682665f57f908df0e files/digest-kdegraphics-3.4.2-r2 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kdegraphics-3.4.3 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kdegraphics-3.4.3-r2 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kdegraphics-3.4.3-r3 71
+MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kdegraphics-3.4.3-r4 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kdegraphics-3.5.0 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kdegraphics-3.5.0-r2 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kdegraphics-3.5.0-r3 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kdegraphics-3.5.0-r4 71
 MD5 caced8d9ad43d51ee9d60fa05a53ed52 files/digest-kdegraphics-3.5.1 71
+MD5 caced8d9ad43d51ee9d60fa05a53ed52 files/digest-kdegraphics-3.5.1-r1 71
 MD5 72b0e0cd29559b5ac4a20829a3da892c files/kdegraphics-3.4-configure.patch 847
 MD5 c52515e268cbff75a6f7b7d1ee1fad47 files/kdegraphics-3.4-gcc4.patch 1226
 MD5 0abb98c262645006a4b116c0635edb49 files/kdegraphics-3.4.1-gocr.patch 454
@@ -25,17 +27,21 @@ MD5 4a4bcdcb2456ab92b7846b6646da1bcb files/post-3.3.1-kdegraphics-4.diff 1797
 MD5 bf6b28780e0f5ea8f99e0777187e73cb files/post-3.3.2-kdegraphics.diff 1385
 MD5 ec3b95efe9139f4259d6de213fe4b87b files/post-3.4.1-kdegraphics-4.diff 1827
 MD5 e8dde74416769d4589dcca25072aea3e files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685
+MD5 ebbce0a49537b694932b3c0efcf18261 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775
 MD5 17ea076e986be5e26a4feea3cd264f7e files/post-3.5.0-kdegraphics-CAN-2005-3193.diff 8611
+MD5 bc7dc2a5235f95a41fc1d7ab885899da files/post-3.5.1-kdegraphics-CVE-2006-0301.diff 1684
 MD5 8752f936f226c4117006b64736b21b05 kdegraphics-3.3.2-r3.ebuild 1612
 MD5 511facb4e5557ab04a88092e393860db kdegraphics-3.4.1-r1.ebuild 1456
 MD5 ea77c224d553595991b0545b9c9eb29d kdegraphics-3.4.1-r3.ebuild 1525
 MD5 f8b2b24be0e28925e87267accd66968a kdegraphics-3.4.2-r2.ebuild 2089
 MD5 61cf5771b25a9724b41b13d5fba9ecb9 kdegraphics-3.4.3-r2.ebuild 1796
 MD5 1f5a1435bc649f5dadfd6a5524b955a2 kdegraphics-3.4.3-r3.ebuild 2200
+MD5 7bfb966074d6cd8af37b4e20ab2e22e1 kdegraphics-3.4.3-r4.ebuild 2272
 MD5 5627d28e9933d004259103c8feec5609 kdegraphics-3.4.3.ebuild 1738
 MD5 5709a55ffcff66d128e042db2770cb23 kdegraphics-3.5.0-r2.ebuild 1967
 MD5 ac5906cf478a42d22cdd61b24fa2514a kdegraphics-3.5.0-r3.ebuild 2109
 MD5 a26db213b1c84e8b28f243cd297c5d88 kdegraphics-3.5.0-r4.ebuild 2401
 MD5 9653b01977a047d3528800df71e30411 kdegraphics-3.5.0.ebuild 1858
+MD5 59459e0235e7aae37d735a01c01b64ad kdegraphics-3.5.1-r1.ebuild 2021
 MD5 6ecf618abb434eb9fb8eec23f4fab494 kdegraphics-3.5.1.ebuild 1966
 MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.4.3-r4 b/kde-base/kdegraphics/files/digest-kdegraphics-3.4.3-r4
new file mode 100644
index 000000000000..2cb888ba9f29
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.4.3-r4
@@ -0,0 +1 @@
+MD5 e2b2926301204a0f587d9e6e163c06d9 kdegraphics-3.4.3.tar.bz2 6554272
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.1-r1 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.1-r1
new file mode 100644
index 000000000000..9166f01a0810
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.1-r1
@@ -0,0 +1 @@
+MD5 2cd1c5348b7df46cf7f9d91e1dbfebd2 kdegraphics-3.5.1.tar.bz2 7315482
diff --git a/kde-base/kdegraphics/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff b/kde-base/kdegraphics/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..7c6b1fe28d80
--- /dev/null
+++ b/kde-base/kdegraphics/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,52 @@
+Index: kpdf/xpdf/splash/SplashXPathScanner.cc
+===================================================================
+--- kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 504400)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 505063)
+@@ -182,7 +182,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+ 
+ void SplashXPathScanner::computeIntersections(int y) {
+-  SplashCoord ySegMin, ySegMax, xx0, xx1;
++  SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+   SplashXPathSeg *seg;
+   int i, j;
+ 
+@@ -232,19 +232,27 @@ void SplashXPathScanner::computeIntersec
+     } else if (seg->flags & splashXPathVert) {
+       xx0 = xx1 = seg->x0;
+     } else {
+-      if (ySegMin <= y) {
+-	// intersection with top edge
+-	xx0 = seg->x0 + (y - seg->y0) * seg->dxdy;
++      if (seg->x0 < seg->x1) {
++	xSegMin = seg->x0;
++	xSegMax = seg->x1;
+       } else {
+-	// x coord of segment endpoint with min y coord
+-	xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++	xSegMin = seg->x1;
++	xSegMax = seg->x0;
+       }
+-      if (ySegMax >= y + 1) {
+-	// intersection with bottom edge
+-	xx1 = seg->x0 + (y + 1 - seg->y0) * seg->dxdy;
+-      } else {
+-	// x coord of segment endpoint with max y coord
+-	xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++      // intersection with top edge
++      xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      // intersection with bottom edge
++      xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++      // the segment may not actually extend to the top and/or bottom edges
++      if (xx0 < xSegMin) {
++	xx0 = xSegMin;
++      } else if (xx0 > xSegMax) {
++	xx0 = xSegMax;
++      }
++      if (xx1 < xSegMin) {
++	xx1 = xSegMin;
++      } else if (xx1 > xSegMax) {
++	xx1 = xSegMax;
+       }
+     }
+     if (xx0 < xx1) {
diff --git a/kde-base/kdegraphics/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff b/kde-base/kdegraphics/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..e2e19b511dd7
--- /dev/null
+++ b/kde-base/kdegraphics/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,50 @@
+--- kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 505052)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc	(Arbeitskopie)
+@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+ 
+ void SplashXPathScanner::computeIntersections(int y) {
+-  SplashCoord ySegMin, ySegMax, xx0, xx1;
++  SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+   SplashXPathSeg *seg;
+   int i, j;
+ 
+@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec
+     } else if (seg->flags & splashXPathVert) {
+       xx0 = xx1 = seg->x0;
+     } else {
+-      if (ySegMin <= y) {
+-	// intersection with top edge
+-	xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      if (seg->x0 < seg->x1) {
++	xSegMin = seg->x0;
++	xSegMax = seg->x1;
+       } else {
+-	// x coord of segment endpoint with min y coord
+-	xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++	xSegMin = seg->x1;
++	xSegMax = seg->x0;
+       }
+-      if (ySegMax >= y + 1) {
+-	// intersection with bottom edge
+-	xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
+-      } else {
+-	// x coord of segment endpoint with max y coord
+-	xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++      // intersection with top edge
++      xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      // intersection with bottom edge
++      xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++      // the segment may not actually extend to the top and/or bottom edges
++      if (xx0 < xSegMin) {
++	xx0 = xSegMin;
++      } else if (xx0 > xSegMax) {
++	xx0 = xSegMax;
++      }
++      if (xx1 < xSegMin) {
++	xx1 = xSegMin;
++      } else if (xx1 > xSegMax) {
++	xx1 = xSegMax;
+       }
+     }
+     if (xx0 < xx1) {
diff --git a/kde-base/kdegraphics/kdegraphics-3.4.3-r4.ebuild b/kde-base/kdegraphics/kdegraphics-3.4.3-r4.ebuild
new file mode 100644
index 000000000000..cfbc20e0e98e
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.4.3-r4.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.4.3-r4.ebuild,v 1.1 2006/02/03 00:58:09 carlo Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gphoto2 imlib nodrm openexr opengl povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )"
+
+RDEPEND="${DEPEND}
+	|| ( >=app-text/poppler-bindings-0.4.3-r1
+	     <app-text/xpdf-3.01-r4 )
+	tetex? (
+	|| ( >=app-text/tetex-2
+	     app-text/ptex
+	     app-text/cstetex
+	     app-text/dvipdfm ) )"
+# kfile-plugins/pdf depends on "pdfinfo"
+
+DEPEND="${DEPEND}
+	dev-util/pkgconfig"
+
+pkg_setup() {
+	if ! built_with_use app-text/poppler-bindings qt; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+	fi
+}
+
+src_unpack() {
+	kde_src_unpack
+
+	# Fix detection of gocr (kde bug 90082).
+	epatch "${FILESDIR}/kdegraphics-3.4.1-gocr.patch"
+
+	# Configure patch. Applied for 3.5.
+	epatch "${FILESDIR}/kdegraphics-3.4-configure.patch"
+
+	epatch "${FILESDIR}/post-3.4.3-kdegraphics-CAN-2005-3193.diff"
+
+	epatch "${FILESDIR}/post-3.4.3-kdegraphics-CVE-2006-0301.diff"
+
+	# For the configure patch.
+	make -f admin/Makefile.common || die
+}
+
+src_compile() {
+	if use gphoto2; then
+		myconf="${myconf} --with-kamera \
+				  --with-gphoto2-includes=/usr/include/gphoto2 \
+				  --with-gphoto2-libraries=/usr/lib/gphoto2"
+	else
+		myconf="${myconf} --without-kamera"
+	fi
+
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+
+	myconf="${myconf} $(use_with imlib) $(use_enable !nodrm kpdf-drm)
+		$(use_with openexr)"
+
+	kde_src_compile
+}
diff --git a/kde-base/kdegraphics/kdegraphics-3.5.1-r1.ebuild b/kde-base/kdegraphics/kdegraphics-3.5.1-r1.ebuild
new file mode 100644
index 000000000000..b1eb1776c040
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.5.1-r1.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.5.1-r1.ebuild,v 1.1 2006/02/03 00:58:09 carlo Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~sparc ~x86"
+IUSE="gphoto2 imlib openexr opengl pdf povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )
+	pdf? ( >=app-text/poppler-bindings-0.3.1 )"
+
+RDEPEND="${DEPEND}
+	tetex? (
+	|| ( >=app-text/tetex-2
+	     app-text/ptex
+	     app-text/cstetex
+	     app-text/dvipdfm ) )"
+
+DEPEND="${DEPEND}
+	dev-util/pkgconfig"
+
+PATCHES="${FILESDIR}/kpdf-3.5.1-saveas.patch
+	${FILESDIR}/post-3.5.1-kdegraphics-CVE-2006-0301.diff"
+
+pkg_setup() {
+	if ! built_with_use virtual/ghostscript X; then
+		eerror "This package requires virtual/ghostscript compiled with X11 support."
+		eerror "Please reemerge virtual/ghostscript with USE=\"X\"."
+		die "Please reemerge virtual/ghostscript with USE=\"X\"."
+	fi
+	if use pdf && ! built_with_use app-text/poppler-bindings qt; then
+		eerror "This package requires app-text/poppler compiled with Qt support."
+		eerror "Please reemerge app-text/poppler with USE=\"qt\"."
+		die "Please reemerge app-text/poppler with USE=\"qt\"."
+	fi
+}
+
+src_compile() {
+	local myconf="$(use_with openexr) $(use_with pdf poppler)
+	              $(use_with gphoto2 kamera)"
+
+	use imlib || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kuickshow"
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+
+	replace-flags "-Os" "-O2" # see bug 114822
+	kde_src_compile
+}
diff --git a/kde-base/kpdf/ChangeLog b/kde-base/kpdf/ChangeLog
index 27459047d784..97fa2fcb9472 100644
--- a/kde-base/kpdf/ChangeLog
+++ b/kde-base/kpdf/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for kde-base/kpdf
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.70 2006/02/01 11:56:08 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.71 2006/02/03 00:54:13 carlo Exp $
+
+*kpdf-3.5.1-r1 (03 Feb 2006)
+*kpdf-3.4.3-r4 (03 Feb 2006)
+
+  03 Feb 2006; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.4.3-kdegraphics-CVE-2006-0301.diff,
+  +files/post-3.5.1-kdegraphics-CVE-2006-0301.diff, +kpdf-3.4.3-r4.ebuild,
+  +kpdf-3.5.1-r1.ebuild:
+  xpdf heap based buffer overflow, #121375
 
   01 Feb 2006; Carsten Lohrke <carlo@gentoo.org> kpdf-3.4.3-r3.ebuild:
   Correct poppler dependency.
diff --git a/kde-base/kpdf/Manifest b/kde-base/kpdf/Manifest
index 25a0428cab4f..719eda16c757 100644
--- a/kde-base/kpdf/Manifest
+++ b/kde-base/kpdf/Manifest
@@ -1,4 +1,4 @@
-MD5 8356188b4513440193e801e18999c107 ChangeLog 9310
+MD5 61f6658ff00fac8ff5fdd9adfc34e6bc ChangeLog 9614
 MD5 1334abaee53983ad0a0810adeafef453 files/digest-kpdf-3.4.1 221
 MD5 1334abaee53983ad0a0810adeafef453 files/digest-kpdf-3.4.1-r1 221
 MD5 912bf2607fc0c67f023f6084731eba21 files/digest-kpdf-3.4.1-r3 221
@@ -8,10 +8,12 @@ MD5 cb94e5a98246b8c80e29c3d668e4be9d files/digest-kpdf-3.4.2-r2 300
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3-r2 71
 MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3-r3 71
+MD5 ad9f9a5920cdd067ae76d39d768fce5f files/digest-kpdf-3.4.3-r4 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kpdf-3.5.0 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kpdf-3.5.0-r2 71
 MD5 0459ac16349d79da6246392e2454796b files/digest-kpdf-3.5.0-r3 71
 MD5 caced8d9ad43d51ee9d60fa05a53ed52 files/digest-kpdf-3.5.1 71
+MD5 caced8d9ad43d51ee9d60fa05a53ed52 files/digest-kpdf-3.5.1-r1 71
 MD5 653bd55a1e87c51731d0b0512051774e files/kdegraphics-3.4.2-kpdf-contentcrash.patch 749
 MD5 4caddebea4d845abb2de6dbbfe1b979a files/kdegraphics-3.4.2-kpdf-fix.patch 1024
 MD5 cba50683fe0c9704ddfcd91fde5129c8 files/kpdf-3.5.0-cropbox-fix.patch 631
@@ -19,7 +21,9 @@ MD5 d18efc8eb0bf3e3b54a33cf04cdba3fd files/kpdf-3.5.0-splitter-io.patch 1415
 MD5 191a45e1b9346c3bbeb4bfda29f3d48a files/kpdf-3.5.1-saveas.patch 926
 MD5 ec3b95efe9139f4259d6de213fe4b87b files/post-3.4.1-kdegraphics-4.diff 1827
 MD5 e8dde74416769d4589dcca25072aea3e files/post-3.4.3-kdegraphics-CAN-2005-3193.diff 9685
+MD5 ebbce0a49537b694932b3c0efcf18261 files/post-3.4.3-kdegraphics-CVE-2006-0301.diff 1775
 MD5 17ea076e986be5e26a4feea3cd264f7e files/post-3.5.0-kdegraphics-CAN-2005-3193.diff 8611
+MD5 bc7dc2a5235f95a41fc1d7ab885899da files/post-3.5.1-kdegraphics-CVE-2006-0301.diff 1684
 MD5 493fdf9a2dc94e56301161f38122b422 kpdf-3.4.1-r1.ebuild 627
 MD5 8d30155d231e3dec857b28b81b157f36 kpdf-3.4.1-r3.ebuild 684
 MD5 710200655b097652c4ea66ea6e5931db kpdf-3.4.1.ebuild 569
@@ -28,9 +32,11 @@ MD5 26ec262357d5acdd4fbe2e83d488e692 kpdf-3.4.2-r2.ebuild 816
 MD5 9d42c07d0672b69a347a437c76b5e024 kpdf-3.4.2.ebuild 578
 MD5 fb75128e908283c51dbc40125468bb21 kpdf-3.4.3-r2.ebuild 645
 MD5 e8ae49a7983a5ae9280c354de61d226f kpdf-3.4.3-r3.ebuild 1078
+MD5 072623a0a5c83813e714c051453fe7f8 kpdf-3.4.3-r4.ebuild 1139
 MD5 71273e2bb8b2c3a5e1407a5a32a4b68a kpdf-3.4.3.ebuild 576
 MD5 531c4b155103eed24f2f88d83d3b6461 kpdf-3.5.0-r2.ebuild 953
 MD5 319d936787de54e4423c1a9fdf499c5e kpdf-3.5.0-r3.ebuild 1101
 MD5 83802275c8156d6e4aff171ef643d683 kpdf-3.5.0.ebuild 841
+MD5 018ad6167249841e223be033bf7ad8f2 kpdf-3.5.1-r1.ebuild 1048
 MD5 b71520405927b5861fa74ecca94abc04 kpdf-3.5.1.ebuild 993
 MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
diff --git a/kde-base/kpdf/files/digest-kpdf-3.4.3-r4 b/kde-base/kpdf/files/digest-kpdf-3.4.3-r4
new file mode 100644
index 000000000000..2cb888ba9f29
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.4.3-r4
@@ -0,0 +1 @@
+MD5 e2b2926301204a0f587d9e6e163c06d9 kdegraphics-3.4.3.tar.bz2 6554272
diff --git a/kde-base/kpdf/files/digest-kpdf-3.5.1-r1 b/kde-base/kpdf/files/digest-kpdf-3.5.1-r1
new file mode 100644
index 000000000000..9166f01a0810
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.5.1-r1
@@ -0,0 +1 @@
+MD5 2cd1c5348b7df46cf7f9d91e1dbfebd2 kdegraphics-3.5.1.tar.bz2 7315482
diff --git a/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff b/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..7c6b1fe28d80
--- /dev/null
+++ b/kde-base/kpdf/files/post-3.4.3-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,52 @@
+Index: kpdf/xpdf/splash/SplashXPathScanner.cc
+===================================================================
+--- kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 504400)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 505063)
+@@ -182,7 +182,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+ 
+ void SplashXPathScanner::computeIntersections(int y) {
+-  SplashCoord ySegMin, ySegMax, xx0, xx1;
++  SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+   SplashXPathSeg *seg;
+   int i, j;
+ 
+@@ -232,19 +232,27 @@ void SplashXPathScanner::computeIntersec
+     } else if (seg->flags & splashXPathVert) {
+       xx0 = xx1 = seg->x0;
+     } else {
+-      if (ySegMin <= y) {
+-	// intersection with top edge
+-	xx0 = seg->x0 + (y - seg->y0) * seg->dxdy;
++      if (seg->x0 < seg->x1) {
++	xSegMin = seg->x0;
++	xSegMax = seg->x1;
+       } else {
+-	// x coord of segment endpoint with min y coord
+-	xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++	xSegMin = seg->x1;
++	xSegMax = seg->x0;
+       }
+-      if (ySegMax >= y + 1) {
+-	// intersection with bottom edge
+-	xx1 = seg->x0 + (y + 1 - seg->y0) * seg->dxdy;
+-      } else {
+-	// x coord of segment endpoint with max y coord
+-	xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++      // intersection with top edge
++      xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      // intersection with bottom edge
++      xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++      // the segment may not actually extend to the top and/or bottom edges
++      if (xx0 < xSegMin) {
++	xx0 = xSegMin;
++      } else if (xx0 > xSegMax) {
++	xx0 = xSegMax;
++      }
++      if (xx1 < xSegMin) {
++	xx1 = xSegMin;
++      } else if (xx1 > xSegMax) {
++	xx1 = xSegMax;
+       }
+     }
+     if (xx0 < xx1) {
diff --git a/kde-base/kpdf/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff b/kde-base/kpdf/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff
new file mode 100644
index 000000000000..e2e19b511dd7
--- /dev/null
+++ b/kde-base/kpdf/files/post-3.5.1-kdegraphics-CVE-2006-0301.diff
@@ -0,0 +1,50 @@
+--- kpdf/xpdf/splash/SplashXPathScanner.cc	(Revision 505052)
++++ kpdf/xpdf/splash/SplashXPathScanner.cc	(Arbeitskopie)
+@@ -186,7 +186,7 @@ GBool SplashXPathScanner::getNextSpan(in
+ }
+ 
+ void SplashXPathScanner::computeIntersections(int y) {
+-  SplashCoord ySegMin, ySegMax, xx0, xx1;
++  SplashCoord xSegMin, xSegMax, ySegMin, ySegMax, xx0, xx1;
+   SplashXPathSeg *seg;
+   int i, j;
+ 
+@@ -236,19 +236,27 @@ void SplashXPathScanner::computeIntersec
+     } else if (seg->flags & splashXPathVert) {
+       xx0 = xx1 = seg->x0;
+     } else {
+-      if (ySegMin <= y) {
+-	// intersection with top edge
+-	xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      if (seg->x0 < seg->x1) {
++	xSegMin = seg->x0;
++	xSegMax = seg->x1;
+       } else {
+-	// x coord of segment endpoint with min y coord
+-	xx0 = (seg->flags & splashXPathFlip) ? seg->x1 : seg->x0;
++	xSegMin = seg->x1;
++	xSegMax = seg->x0;
+       }
+-      if (ySegMax >= y + 1) {
+-	// intersection with bottom edge
+-	xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
+-      } else {
+-	// x coord of segment endpoint with max y coord
+-	xx1 = (seg->flags & splashXPathFlip) ? seg->x0 : seg->x1;
++      // intersection with top edge
++      xx0 = seg->x0 + ((SplashCoord)y - seg->y0) * seg->dxdy;
++      // intersection with bottom edge
++      xx1 = seg->x0 + ((SplashCoord)y + 1 - seg->y0) * seg->dxdy;
++      // the segment may not actually extend to the top and/or bottom edges
++      if (xx0 < xSegMin) {
++	xx0 = xSegMin;
++      } else if (xx0 > xSegMax) {
++	xx0 = xSegMax;
++      }
++      if (xx1 < xSegMin) {
++	xx1 = xSegMin;
++      } else if (xx1 > xSegMax) {
++	xx1 = xSegMax;
+       }
+     }
+     if (xx0 < xx1) {
diff --git a/kde-base/kpdf/kpdf-3.4.3-r4.ebuild b/kde-base/kpdf/kpdf-3.4.3-r4.ebuild
new file mode 100644
index 000000000000..b90242c96cbd
--- /dev/null
+++ b/kde-base/kpdf/kpdf-3.4.3-r4.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.4.3-r4.ebuild,v 1.1 2006/02/03 00:54:13 carlo Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="nodrm"
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+	media-libs/t1lib"
+RDEPEND="${DEPEND}
+	|| ( >=app-text/poppler-bindings-0.4.3-r1
+	     <app-text/xpdf-3.01-r4 )" # kfile-plugins/pdf depends on "pdfinfo"
+
+PATCHES="${FILESDIR}/post-3.4.3-kdegraphics-CAN-2005-3193.diff
+	${FILESDIR}/post-3.4.3-kdegraphics-CVE-2006-0301.diff"
+
+pkg_setup() {
+	if ! built_with_use app-text/poppler-bindings qt; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+	fi
+}
+
+src_compile() {
+	myconf="${myconf} $(use_enable !nodrm kpdf-drm)"
+
+	kde-meta_src_compile
+}
diff --git a/kde-base/kpdf/kpdf-3.5.1-r1.ebuild b/kde-base/kpdf/kpdf-3.5.1-r1.ebuild
new file mode 100644
index 000000000000..cfbba4ad0198
--- /dev/null
+++ b/kde-base/kpdf/kpdf-3.5.1-r1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.1-r1.ebuild,v 1.1 2006/02/03 00:54:13 carlo Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta flag-o-matic
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+	media-libs/t1lib
+	>=app-text/poppler-bindings-0.3.1"
+
+PATCHES="${FILESDIR}/${P}-saveas.patch
+	${FILESDIR}/post-3.5.1-kdegraphics-CVE-2006-0301.diff"
+
+pkg_setup() {
+	if ! built_with_use app-text/poppler-bindings qt; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt\"."
+	fi
+}
+
+src_compile() {
+	local myconf="--with-poppler"
+	replace-flags "-Os" "-O2" # see bug 114822
+	kde-meta_src_compile
+}
author	Carsten Lohrke <carlo@gentoo.org>	2006-02-03 00:58:09 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2006-02-03 00:58:09 +0000
commit	f94ed026d8aeb184ab19b69c87cbe9e177c76657 (patch)
tree	f51280e57224d165ccbfce5bae0848635b2fce71
parent	Remove stale version; port over to modular X. (diff)
download	gentoo-2-f94ed026d8aeb184ab19b69c87cbe9e177c76657.tar.gz gentoo-2-f94ed026d8aeb184ab19b69c87cbe9e177c76657.tar.bz2 gentoo-2-f94ed026d8aeb184ab19b69c87cbe9e177c76657.zip