Add patch for CVE-2007-0104 vulnerability.

(Portage version: 2.1.2)
author: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-01-17 01:09:17 +0000
committer: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-01-17 01:09:17 +0000
commit: c48a7517b3cc0fca156f20472fc418cee037065b (patch)
tree: 0309a53f5ec1144ad3c49b708b0f1e1db84b9fc0 /app-office/kword
parent: Proper sorting and minor naming fix (diff)
download: gentoo-2-c48a7517b3cc0fca156f20472fc418cee037065b.tar.gz
gentoo-2-c48a7517b3cc0fca156f20472fc418cee037065b.tar.bz2
gentoo-2-c48a7517b3cc0fca156f20472fc418cee037065b.zip
6 files changed, 208 insertions, 2 deletions
diff --git a/app-office/kword/ChangeLog b/app-office/kword/ChangeLog
index 2f24163acfd4..9e56810d9557 100644
--- a/app-office/kword/ChangeLog
+++ b/app-office/kword/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-office/kword
-# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.79 2006/12/01 18:19:29 flameeyes Exp $
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.80 2007/01/17 01:09:17 flameeyes Exp $
+
+*kword-1.6.1-r1 (17 Jan 2007)
+*kword-1.5.2-r1 (17 Jan 2007)
+
+  17 Jan 2007; Diego Pettenò <flameeyes@gentoo.org>
+  +files/koffice-xpdf-CVE-2007-0104.diff, +kword-1.5.2-r1.ebuild,
+  +kword-1.6.1-r1.ebuild:
+  Add patch for CVE-2007-0104 vulnerability.
 
 *kword-1.6.1 (01 Dec 2006)
 
diff --git a/app-office/kword/files/digest-kword-1.5.2-r1 b/app-office/kword/files/digest-kword-1.5.2-r1
new file mode 100644
index 000000000000..d1ae4451f5cb
--- /dev/null
+++ b/app-office/kword/files/digest-kword-1.5.2-r1
@@ -0,0 +1,3 @@
+MD5 cbe9deeb7c811a6bb5a954989b25c1f2 koffice-1.5.2.tar.bz2 35878218
+RMD160 eb33d9e74adec0fc3409d38c2bfe84b5dfdd5546 koffice-1.5.2.tar.bz2 35878218
+SHA256 d57d8a7611337f2678a7e28b100b9ab64148bf5483c01dbd204529f07b148611 koffice-1.5.2.tar.bz2 35878218
diff --git a/app-office/kword/files/digest-kword-1.6.1-r1 b/app-office/kword/files/digest-kword-1.6.1-r1
new file mode 100644
index 000000000000..8296a0484c60
--- /dev/null
+++ b/app-office/kword/files/digest-kword-1.6.1-r1
@@ -0,0 +1,3 @@
+MD5 f7b90b46b79019edc60761a6bff2d387 koffice-1.6.1.tar.bz2 56999028
+RMD160 ee4fa84a53f92035c0ab9427e0acb18feca701db koffice-1.6.1.tar.bz2 56999028
+SHA256 5505a6c54009dd0cb75a3770c3daa476154958f92692ca0748b1842d9cd6e728 koffice-1.6.1.tar.bz2 56999028
diff --git a/app-office/kword/files/koffice-xpdf-CVE-2007-0104.diff b/app-office/kword/files/koffice-xpdf-CVE-2007-0104.diff
new file mode 100644
index 000000000000..f5e51a1c706e
--- /dev/null
+++ b/app-office/kword/files/koffice-xpdf-CVE-2007-0104.diff
@@ -0,0 +1,74 @@
+------------------------------------------------------------------------
+r622463 | aacid | 2007-01-11 23:05:54 +0100 (Thu, 11 Jan 2007) | 2 lines
+Changed paths:
+   M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc
+   M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.h
+
+Commiting the patch agreed between kpdf and poppler developers to fix MOAB-06-01-2007 issue.
+
+------------------------------------------------------------------------
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.cc
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.cc	(revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.cc	(revision 622463)
+@@ -24,6 +24,12 @@
+ #include "Link.h"
+ #include "Catalog.h"
+ 
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -77,7 +83,7 @@ Catalog::Catalog(XRef *xrefA) {
+     pageRefs[i].num = -1;
+     pageRefs[i].gen = -1;
+   }
+-  numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++  numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+   if (numPages != numPages0) {
+     error(-1, "Page count in top-level pages object is incorrect");
+   }
+@@ -171,7 +177,7 @@ GString *Catalog::readMetadata() {
+   return s;
+ }
+ 
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+   Object kids;
+   Object kid;
+   Object kidRef;
+@@ -221,9 +227,13 @@ int Catalog::readPageTree(Dict *pagesDic
+     // This should really be isDict("Pages"), but I've seen at least one
+     // PDF file where the /Type entry is missing.
+     } else if (kid.isDict()) {
+-      if ((start = readPageTree(kid.getDict(), attrs1, start))
+-	  < 0)
+-	goto err2;
++      if (callDepth > MAX_CALL_DEPTH) {
++        error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++      } else {
++        if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++	    < 0)
++	  goto err2;
++      }
+     } else {
+       error(-1, "Kid object (page %d) is wrong type (%s)",
+ 	    start+1, kid.getTypeName());
+Index: filters/kword/pdf/xpdf/xpdf/Catalog.h
+===================================================================
+--- filters/kword/pdf/xpdf/xpdf/Catalog.h	(revision 622462)
++++ filters/kword/pdf/xpdf/xpdf/Catalog.h	(revision 622463)
+@@ -82,7 +82,7 @@ private:
+   Object outline;		// outline dictionary
+   GBool ok;			// true if catalog is valid
+ 
+-  int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++  int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+   Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+ 
diff --git a/app-office/kword/kword-1.5.2-r1.ebuild b/app-office/kword/kword-1.5.2-r1.ebuild
new file mode 100644
index 000000000000..8bc90daf04d5
--- /dev/null
+++ b/app-office/kword/kword-1.5.2-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.5.2-r1.ebuild,v 1.1 2007/01/17 01:09:17 flameeyes Exp $
+
+KMNAME=koffice
+MAXKOFFICEVER=${PV}
+inherit kde-meta eutils
+
+DESCRIPTION="KOffice word processor."
+HOMEPAGE="http://www.koffice.org/"
+LICENSE="GPL-2 LGPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND="$(deprange $PV $MAXKOFFICEVER app-office/koffice-libs)
+	$(deprange $PV $MAXKOFFICEVER app-office/kspread)
+	>=app-text/wv2-0.1.8
+	>=media-gfx/imagemagick-5.5.2
+	>=app-text/libwpd-0.8.2"
+
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig"
+
+KMCOPYLIB="libkformula lib/kformula
+	libkofficecore lib/kofficecore
+	libkofficeui lib/kofficeui
+	libkopainter lib/kopainter
+	libkotext lib/kotext
+	libkwmf lib/kwmf
+	libkowmf lib/kwmf
+	libkstore lib/store
+	libkspreadcommon kspread"
+
+KMEXTRACTONLY="
+	lib/
+	kspread/"
+
+KMCOMPILEONLY="filters/liboofilter"
+
+KMEXTRA="filters/kword"
+
+PATCHES="${FILESDIR}/koffice-xpdf-CVE-2007-0104.diff"
+
+need-kde 3.4
+
+src_unpack() {
+	kde-meta_src_unpack unpack
+
+	# We need to compile libs first
+	echo "SUBDIRS = liboofilter kword" > $S/filters/Makefile.am
+
+	for i in $(find ${S}/lib -iname "*\.ui"); do
+		${QTDIR}/bin/uic ${i} > ${i%.ui}.h
+	done
+
+	kde-meta_src_unpack makefiles
+}
diff --git a/app-office/kword/kword-1.6.1-r1.ebuild b/app-office/kword/kword-1.6.1-r1.ebuild
new file mode 100644
index 000000000000..9b2990fc0bc8
--- /dev/null
+++ b/app-office/kword/kword-1.6.1-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.6.1-r1.ebuild,v 1.1 2007/01/17 01:09:17 flameeyes Exp $
+
+KMNAME=koffice
+MAXKOFFICEVER=${PV}
+inherit kde-meta eutils
+
+DESCRIPTION="KOffice word processor."
+HOMEPAGE="http://www.koffice.org/"
+LICENSE="GPL-2 LGPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND="$(deprange $PV $MAXKOFFICEVER app-office/koffice-libs)
+	$(deprange $PV $MAXKOFFICEVER app-office/kspread)
+	>=app-text/wv2-0.1.8
+	>=media-gfx/imagemagick-5.5.2
+	>=app-text/libwpd-0.8.2"
+
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig"
+
+KMCOPYLIB="libkformula lib/kformula
+	libkofficecore lib/kofficecore
+	libkofficeui lib/kofficeui
+	libkopainter lib/kopainter
+	libkotext lib/kotext
+	libkwmf lib/kwmf
+	libkowmf lib/kwmf
+	libkstore lib/store
+	libkspreadcommon kspread"
+
+KMEXTRACTONLY="
+	lib/
+	kspread/"
+
+KMCOMPILEONLY="filters/liboofilter"
+
+KMEXTRA="filters/kword"
+
+PATCHES="${FILESDIR}/koffice-xpdf-CVE-2007-0104.diff"
+
+need-kde 3.4
+
+src_unpack() {
+	kde-meta_src_unpack unpack
+
+	# We need to compile libs first
+	echo "SUBDIRS = liboofilter kword" > $S/filters/Makefile.am
+
+	for i in $(find ${S}/lib -iname "*\.ui"); do
+		${QTDIR}/bin/uic ${i} > ${i%.ui}.h
+	done
+
+	kde-meta_src_unpack makefiles
+}
author	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-01-17 01:09:17 +0000
committer	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-01-17 01:09:17 +0000
commit	c48a7517b3cc0fca156f20472fc418cee037065b (patch)
tree	0309a53f5ec1144ad3c49b708b0f1e1db84b9fc0 /app-office/kword
parent	Proper sorting and minor naming fix (diff)
download	gentoo-2-c48a7517b3cc0fca156f20472fc418cee037065b.tar.gz gentoo-2-c48a7517b3cc0fca156f20472fc418cee037065b.tar.bz2 gentoo-2-c48a7517b3cc0fca156f20472fc418cee037065b.zip