Fix for bug 187139.

(Portage version: 2.1.3_rc9)

4 files changed, 65 insertions, 1 deletions

diff --git a/kde-base/kpdf/ChangeLog b/kde-base/kpdf/ChangeLog
index c4c11d71cca2..85ceaca4a64e 100644
--- a/kde-base/kpdf/ChangeLog
+++ b/kde-base/kpdf/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/kpdf
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.130 2007/05/23 01:01:12 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/ChangeLog,v 1.131 2007/07/30 18:05:10 carlo Exp $
+
+*kpdf-3.5.7-r1 (30 Jul 2007)
+
+  30 Jul 2007; Carsten Lohrke <carlo@gentoo.org>
+  +files/post-3.5.7-kdegraphics-CVE-2007-3387.diff, +kpdf-3.5.7-r1.ebuild:
+  Fix for bug 187139.
 
 *kpdf-3.5.7 (23 May 2007)
 
diff --git a/kde-base/kpdf/files/digest-kpdf-3.5.7-r1 b/kde-base/kpdf/files/digest-kpdf-3.5.7-r1
new file mode 100644
index 000000000000..ba24610e2ca5
--- /dev/null
+++ b/kde-base/kpdf/files/digest-kpdf-3.5.7-r1
@@ -0,0 +1,3 @@
+MD5 eae753e80c5f8dd304e7fd0dca84ae67 kdegraphics-3.5.7.tar.bz2 7424976
+RMD160 ccf36f5c34a1d484f0878a42a51dc620c2bdfa71 kdegraphics-3.5.7.tar.bz2 7424976
+SHA256 5689882ade29d0f56e95783f1c3e443fd512ca8291bcb81aac60ac719a8dcdcc kdegraphics-3.5.7.tar.bz2 7424976
diff --git a/kde-base/kpdf/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff b/kde-base/kpdf/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
new file mode 100644
index 000000000000..e28add87e275
--- /dev/null
+++ b/kde-base/kpdf/files/post-3.5.7-kdegraphics-CVE-2007-3387.diff
@@ -0,0 +1,17 @@
+Index: kpdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- kpdf/xpdf/xpdf/Stream.cc	(revision 689574)
++++ kpdf/xpdf/xpdf/Stream.cc	(working copy)
+@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream 
+ 
+   nVals = width * nComps;
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
++      nComps > gfxColorMaxComps || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/kde-base/kpdf/kpdf-3.5.7-r1.ebuild b/kde-base/kpdf/kpdf-3.5.7-r1.ebuild
new file mode 100644
index 000000000000..12b3839d78f0
--- /dev/null
+++ b/kde-base/kpdf/kpdf-3.5.7-r1.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kpdf/kpdf-3.5.7-r1.ebuild,v 1.1 2007/07/30 18:05:10 carlo Exp $
+
+KMNAME=kdegraphics
+MAXKDEVER=$PV
+KM_DEPRANGE="$PV $MAXKDEVER"
+inherit kde-meta flag-o-matic
+
+DESCRIPTION="kpdf, a kde pdf viewer based on xpdf"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+KMEXTRA="kfile-plugins/pdf"
+
+DEPEND=">=media-libs/freetype-2.0.5
+	media-libs/t1lib
+	>=app-text/poppler-0.5.1
+	>=app-text/poppler-bindings-0.5.1"
+RDEPEND="${DEPEND}
+	$(deprange-dual $PV $MAXKDEVER kde-base/kdeprint)"
+
+PATCHES="${FILESDIR}/post-3.5.7-kdegraphics-CVE-2007-3387.diff"
+
+pkg_setup() {
+	kde_pkg_setup
+	# check for qt still until it had a revision bump in both ~arch and stable.
+	if ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="--with-poppler"
+	replace-flags "-Os" "-O2" # see bug 114822
+	kde-meta_src_compile
+}