Add fix for Memory Corruption Vulnerability (CVE-2010-2575, bug 334469), straight to stable

(Portage version: 2.1.9.26/cvs/Linux i686, RepoMan options: --force)

3 files changed, 91 insertions, 1 deletions

diff --git a/kde-base/okular/ChangeLog b/kde-base/okular/ChangeLog
index d1b40bc6b2b6..17bc6f7e9c8e 100644
--- a/kde-base/okular/ChangeLog
+++ b/kde-base/okular/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for kde-base/okular
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/okular/ChangeLog,v 1.88 2010/12/02 21:16:16 alexxy Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/okular/ChangeLog,v 1.89 2010/12/30 13:55:11 dilfridge Exp $
+
+*okular-4.4.5-r2 (30 Dec 2010)
+
+  30 Dec 2010; Andreas K. Huettel <dilfridge@gentoo.org>
+  +okular-4.4.5-r2.ebuild, +files/okular-4.4.5-overflow.patch:
+  Add fix for Memory Corruption Vulnerability (CVE-2010-2575, bug 334469),
+  straight to stable
 
 *okular-4.5.4 (02 Dec 2010)
 
diff --git a/kde-base/okular/files/okular-4.4.5-overflow.patch b/kde-base/okular/files/okular-4.4.5-overflow.patch
new file mode 100644
index 000000000000..478bb4d4359e
--- /dev/null
+++ b/kde-base/okular/files/okular-4.4.5-overflow.patch
@@ -0,0 +1,30 @@
+Index: okular/generators/plucker/unpluck/image.cpp
+===================================================================
+--- okular/generators/plucker/unpluck/image.cpp	(Revision 1167825)
++++ okular/generators/plucker/unpluck/image.cpp	(Revision 1167826)
+@@ -289,8 +289,23 @@
+             for (j = 0; j < bytes_per_row;) {
+                 incount = *palm_ptr++;
+                 inval = *palm_ptr++;
+-                memset (rowbuf + j, inval, incount);
+-                j += incount;
++                if (incount + j <= bytes_per_row  * width)
++                {
++                    memset (rowbuf + j, inval, incount);
++                    j += incount;
++                }
++                else
++                {
++                    free (rowbuf);
++                    free (lastrow);
++                    free (jpeg_row);
++
++                    jpeg_destroy_compress (&cinfo);
++
++                    fclose( outfile );
++
++                    return false;
++                }
+             }
+         }
+         else if ((flags & PALM_IS_COMPRESSED_FLAG)
diff --git a/kde-base/okular/okular-4.4.5-r2.ebuild b/kde-base/okular/okular-4.4.5-r2.ebuild
new file mode 100644
index 000000000000..d46e1ff50b48
--- /dev/null
+++ b/kde-base/okular/okular-4.4.5-r2.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/okular/okular-4.4.5-r2.ebuild,v 1.1 2010/12/30 13:55:11 dilfridge Exp $
+
+EAPI="3"
+
+KMNAME="kdegraphics"
+inherit kde4-meta
+
+DESCRIPTION="Okular is an universal document viewer based on KPDF for KDE 4."
+KEYWORDS="amd64 ~ppc ~ppc64 x86 ~amd64-linux ~x86-linux"
+IUSE="chm crypt debug djvu ebook +handbook +jpeg +ps +pdf +tiff"
+
+DEPEND="
+	media-libs/freetype
+	sys-libs/zlib
+	chm? ( dev-libs/chmlib )
+	crypt? ( app-crypt/qca:2 )
+	djvu? ( app-text/djvu )
+	ebook? ( app-text/ebook-tools )
+	jpeg? ( virtual/jpeg:0 )
+	pdf? ( >=app-text/poppler-0.12.3-r3[lcms,qt4,-exceptions] )
+	ps? ( app-text/libspectre )
+	tiff? ( media-libs/tiff )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=( "${FILESDIR}/${P}"-overflow.patch )
+
+KMEXTRACTONLY="libs/mobipocket"
+
+src_configure() {
+	mycmakeargs=(
+		$(cmake-utils_use_with chm)
+		$(cmake-utils_use_with crypt QCA2)
+		$(cmake-utils_use_with djvu DjVuLibre)
+		$(cmake-utils_use_with ebook EPub)
+		$(cmake-utils_use_with jpeg)
+		$(cmake-utils_use_with ps LibSpectre)
+		$(cmake-utils_use_with pdf PopplerQt4)
+		$(cmake-utils_use_with pdf Poppler)
+		$(cmake-utils_use_with tiff)
+	)
+
+	kde4-meta_src_configure
+}
+
+src_install() {
+	insinto "${KDEDIR}"/share/apps/cmake/modules
+	doins "${S}"/cmake/modules/FindOkular.cmake
+
+	kde4-meta_src_install
+}