vulnerabilities in included xpdf code, #114429

(Portage version: 2.0.53)
author: Carsten Lohrke <carlo@gentoo.org> 2005-12-06 02:01:05 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2005-12-06 02:01:05 +0000
commit: 34973b0cf5dc7e676c01e6794c8f8e449cfca42c (patch)
tree: fe592621fe87e5564ae7256a87f1fe28eb0df3a4 /app-office/kword
parent: whitespace fix (diff)
download: gentoo-2-34973b0cf5dc7e676c01e6794c8f8e449cfca42c.tar.gz
gentoo-2-34973b0cf5dc7e676c01e6794c8f8e449cfca42c.tar.bz2
gentoo-2-34973b0cf5dc7e676c01e6794c8f8e449cfca42c.zip
7 files changed, 167 insertions, 6 deletions
diff --git a/app-office/kword/ChangeLog b/app-office/kword/ChangeLog
index f8289076158a..e494c591c776 100644
--- a/app-office/kword/ChangeLog
+++ b/app-office/kword/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-office/kword
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.27 2005/12/03 19:45:46 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.28 2005/12/06 02:01:05 carlo Exp $
+
+*kword-1.4.2-r3 (06 Dec 2005)
+*kword-1.4.2-r2 (06 Dec 2005)
+
+  06 Dec 2005; Carsten Lohrke <carlo@gentoo.org>
+  +files/kword-1.4.2-CAN-2005-3193.patch, -kword-1.4.2-r1.ebuild,
+  +kword-1.4.2-r2.ebuild, +kword-1.4.2-r3.ebuild:
+  vulnerabilities in included xpdf code, #114429
 
 *kword-1.4.2-r1 (03 Dec 2005)
 
diff --git a/app-office/kword/Manifest b/app-office/kword/Manifest
index b1aee101c23a..ebea72b5a5f3 100644
--- a/app-office/kword/Manifest
+++ b/app-office/kword/Manifest
@@ -1,17 +1,20 @@
-MD5 302ac4abe140a52a25e7a327a98c8cd4 ChangeLog 3328
+MD5 5e015d3e0b53147d6d5cbaf8f8923925 ChangeLog 3604
 MD5 6ee3768e50296eb2a8158093ee518133 files/CAN-2005-0064.patch 829
 MD5 12d141df83ce3d5769387e780ee073f7 files/digest-kword-1.3.5 211
 MD5 4db1fd7ff582f6437830745f93412312 files/digest-kword-1.3.5-r1 287
 MD5 79e9d059a9a700c3c8009978d0aa0ce3 files/digest-kword-1.4.1 68
 MD5 59512f920182567b8e9420e5e3d1bc9b files/digest-kword-1.4.1-r1 144
 MD5 cf5b314fdf4094ea845edfddf2cf39b5 files/digest-kword-1.4.2 68
-MD5 cf5b314fdf4094ea845edfddf2cf39b5 files/digest-kword-1.4.2-r1 68
+MD5 cf5b314fdf4094ea845edfddf2cf39b5 files/digest-kword-1.4.2-r2 68
+MD5 cf5b314fdf4094ea845edfddf2cf39b5 files/digest-kword-1.4.2-r3 68
 MD5 77399be6733ffca4ed1142ab319c1453 files/koffice_1_3_xpdf_buffer_overflow.diff 1808
 MD5 f1f58cce115f40fcba31a4976b61d260 files/kspread-1.4.2-gcc41.patch 451
+MD5 fc99a43dc841dc1e656d67266b720f71 files/kword-1.4.2-CAN-2005-3193.patch 2454
 MD5 113e6434c255e20ee8de241c0a1b53bd kword-1.3.5-r1.ebuild 1440
 MD5 5948a99247e2967f49cbd364cbe194d7 kword-1.3.5.ebuild 1378
 MD5 4a5def53a5e48ab29b32d9ddcd601258 kword-1.4.1-r1.ebuild 1396
 MD5 18ae024a439fc6a208affee87245e886 kword-1.4.1.ebuild 1200
-MD5 963ccbe83614f44465a425308f646e07 kword-1.4.2-r1.ebuild 1284
+MD5 bc4cbc2fc19c1dd0adc40d4d35b1cf21 kword-1.4.2-r2.ebuild 1264
+MD5 d80c152b3f3e5ef5154fb3eae46fbba0 kword-1.4.2-r3.ebuild 1229
 MD5 b0d602dfdc9115c98b9fe1f9a45052e2 kword-1.4.2.ebuild 1205
 MD5 02039d51ca4a42817775fd436dfaa956 metadata.xml 157
diff --git a/app-office/kword/files/digest-kword-1.4.2-r1 b/app-office/kword/files/digest-kword-1.4.2-r2
index a054824ae545..a054824ae545 100644
--- a/app-office/kword/files/digest-kword-1.4.2-r1
+++ b/app-office/kword/files/digest-kword-1.4.2-r2
diff --git a/app-office/kword/files/digest-kword-1.4.2-r3 b/app-office/kword/files/digest-kword-1.4.2-r3
new file mode 100644
index 000000000000..a054824ae545
--- /dev/null
+++ b/app-office/kword/files/digest-kword-1.4.2-r3
@@ -0,0 +1 @@
+MD5 6b456fb7d54c84b11396b27a96ae0cf8 koffice-1.4.2.tar.bz2 19486852
diff --git a/app-office/kword/files/kword-1.4.2-CAN-2005-3193.patch b/app-office/kword/files/kword-1.4.2-CAN-2005-3193.patch
new file mode 100644
index 000000000000..323cdf520b6f
--- /dev/null
+++ b/app-office/kword/files/kword-1.4.2-CAN-2005-3193.patch
@@ -0,0 +1,93 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.h.orig	2005-12-04 18:21:42.000000000 +0100
++++ filters/kword/pdf/xpdf/xpdf/Stream.h	2005-12-04 18:25:55.000000000 +0100
+@@ -225,6 +225,8 @@
+ 
+   ~StreamPredictor();
+ 
++  GBool isOk() { return ok; }
++
+   int lookChar();
+   int getChar();
+ 
+@@ -242,6 +244,7 @@
+   int rowBytes;			// bytes per line
+   Guchar *predLine;		// line buffer
+   int predIdx;			// current index in predLine
++  GBool ok;
+ };
+ 
+ //------------------------------------------------------------------------
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc.orig	2005-12-04 18:21:29.000000000 +0100
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc	2005-12-04 18:33:51.000000000 +0100
+@@ -404,18 +404,33 @@
+ 
+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
+ 				 int widthA, int nCompsA, int nBitsA) {
++  int totalBits;
++
+   str = strA;
+   predictor = predictorA;
+   width = widthA;
+   nComps = nCompsA;
+   nBits = nBitsA;
++  predLine = NULL;
++  ok = gFalse;
+ 
+   nVals = width * nComps;
++  totalBits = nVals * nBits;
++  if (totalBits == 0 ||
++      (totalBits / nBits) / nComps != width ||
++      totalBits + 7 < 0) {
++    return;
++  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+-  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
++  if (rowBytes < 0) {
++    return;
++  }
+   predLine = (Guchar *)gmalloc(rowBytes);
+   memset(predLine, 0, rowBytes);
+   predIdx = rowBytes;
++
++  ok = gTrue;
+ }
+ 
+ StreamPredictor::~StreamPredictor() {
+@@ -982,6 +997,10 @@
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (!pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }
+   } else {
+     pred = NULL;
+   }
+@@ -2887,6 +2906,14 @@
+   height = read16();
+   width = read16();
+   numComps = str->getChar();
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream", prec);
++    return gFalse;
++  }
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream", prec);
++    return gFalse;
++  }
+   if (prec != 8) {
+     error(getPos(), "Bad DCT precision %d", prec);
+     return gFalse;
+@@ -3179,6 +3206,10 @@
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (!pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }
+   } else {
+     pred = NULL;
+   }
diff --git a/app-office/kword/kword-1.4.2-r2.ebuild b/app-office/kword/kword-1.4.2-r2.ebuild
new file mode 100644
index 000000000000..1dd8253d22f6
--- /dev/null
+++ b/app-office/kword/kword-1.4.2-r2.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.4.2-r2.ebuild,v 1.1 2005/12/06 02:01:05 carlo Exp $
+
+KMNAME=koffice
+MAXKOFFICEVER=${PV}
+inherit kde-meta eutils
+
+DESCRIPTION="KOffice word processor."
+HOMEPAGE="http://www.koffice.org/"
+LICENSE="GPL-2 LGPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+
+RDEPEND="$(deprange $PV $MAXKOFFICEVER app-office/koffice-libs)
+	$(deprange $PV $MAXKOFFICEVER app-office/kspread)
+	>=app-text/wv2-0.1.8
+	>=media-gfx/imagemagick-5.5.2"
+
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig"
+
+KMCOPYLIB="
+	libkformula lib/kformula
+	libkofficecore lib/kofficecore
+	libkofficeui lib/kofficeui
+	libkopainter lib/kopainter
+	libkoscript lib/koscript
+	libkotext lib/kotext
+	libkwmf lib/kwmf
+	libkowmf lib/kwmf
+	libkstore lib/store
+	libkspreadcommon kspread"
+
+KMEXTRACTONLY="
+	lib/
+	kspread/"
+
+KMCOMPILEONLY="filters/liboofilter"
+
+KMEXTRA="filters/kword"
+
+need-kde 3.3
+
+PATCHES="${FILESDIR}/kword-1.4.2-CAN-2005-3193.patch"
+
+src_unpack() {
+	kde-meta_src_unpack unpack
+
+	# We need to compile liboofilter first
+	echo "SUBDIRS = liboofilter kword" > $S/filters/Makefile.am
+
+	kde-meta_src_unpack makefiles
+}
diff --git a/app-office/kword/kword-1.4.2-r1.ebuild b/app-office/kword/kword-1.4.2-r3.ebuild
index bca041bee538..0149d0c76d1f 100644
--- a/app-office/kword/kword-1.4.2-r1.ebuild
+++ b/app-office/kword/kword-1.4.2-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.4.2-r1.ebuild,v 1.1 2005/12/03 19:45:46 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.4.2-r3.ebuild,v 1.1 2005/12/06 02:01:05 carlo Exp $
 
 KMNAME=koffice
 MAXKOFFICEVER=${PV}
@@ -45,7 +45,7 @@ KMEXTRA="filters/kword"
 
 need-kde 3.3
 
-PATCHES="${FILESDIR}/kspread-1.4.2-gcc41.patch"
+PATCHES="${FILESDIR}/kspread-1.4.2-gcc41.patch ${FILESDIR}/kword-1.4.2-CAN-2005-3193.patch"
 
 src_unpack() {
 	kde-meta_src_unpack unpack
author	Carsten Lohrke <carlo@gentoo.org>	2005-12-06 02:01:05 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2005-12-06 02:01:05 +0000
commit	34973b0cf5dc7e676c01e6794c8f8e449cfca42c (patch)
tree	fe592621fe87e5564ae7256a87f1fe28eb0df3a4 /app-office/kword
parent	whitespace fix (diff)
download	gentoo-2-34973b0cf5dc7e676c01e6794c8f8e449cfca42c.tar.gz gentoo-2-34973b0cf5dc7e676c01e6794c8f8e449cfca42c.tar.bz2 gentoo-2-34973b0cf5dc7e676c01e6794c8f8e449cfca42c.zip