New revisions, not using the poppler patch. Add patch for security bug in 3.5.5-r2 too.

(Portage version: 2.1.2-r8)

6 files changed, 212 insertions, 1 deletions

diff --git a/kde-base/kdegraphics/ChangeLog b/kde-base/kdegraphics/ChangeLog
index b8298b2e12c5..f4e783badb01 100644
--- a/kde-base/kdegraphics/ChangeLog
+++ b/kde-base/kdegraphics/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for kde-base/kdegraphics
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.293 2007/02/04 17:56:05 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.294 2007/02/07 18:26:13 flameeyes Exp $
+
+*kdegraphics-3.5.6-r1 (07 Feb 2007)
+*kdegraphics-3.5.5-r2 (07 Feb 2007)
+
+  07 Feb 2007; Diego Pettenò <flameeyes@gentoo.org>
+  +files/post-3.5.5-kdegraphics-CVE-2007-0104.diff,
+  +kdegraphics-3.5.5-r2.ebuild, +kdegraphics-3.5.6-r1.ebuild:
+  New revisions, not using the poppler patch. Add patch for security bug in
+  3.5.5-r2 too.
 
   04 Feb 2007; Jeroen Roovers <jer@gentoo.org> kdegraphics-3.5.6.ebuild:
   Marked ~hppa.
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2
new file mode 100644
index 000000000000..7dbb38b9a877
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2
@@ -0,0 +1,3 @@
+MD5 cdbe15afc01c5da7af9557e803bbb7e6 kdegraphics-3.5.5.tar.bz2 7334117
+RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f kdegraphics-3.5.5.tar.bz2 7334117
+SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16 kdegraphics-3.5.5.tar.bz2 7334117
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1
new file mode 100644
index 000000000000..de24125a93ab
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1
@@ -0,0 +1,3 @@
+MD5 79a1ffb7ae89bede1410411a30be3210 kdegraphics-3.5.6.tar.bz2 7332938
+RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 kdegraphics-3.5.6.tar.bz2 7332938
+SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f kdegraphics-3.5.6.tar.bz2 7332938
diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
new file mode 100644
index 000000000000..092cf67f360b
--- /dev/null
+++ b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
@@ -0,0 +1,61 @@
+--- kpdf/xpdf/xpdf/Catalog.cc
++++ kpdf/xpdf/xpdf/Catalog.cc
+@@ -26,6 +26,12 @@
+ #include "UGString.h"
+ #include "Catalog.h"
+ 
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
+     pageRefs[i].num = -1;
+     pageRefs[i].gen = -1;
+   }
+-  numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++  numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+   if (numPages != numPages0) {
+     error(-1, "Page count in top-level pages object is incorrect");
+   }
+@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
+   return s;
+ }
+ 
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+   Object kids;
+   Object kid;
+   Object kidRef;
+@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
+     // This should really be isDict("Pages"), but I've seen at least one
+     // PDF file where the /Type entry is missing.
+     } else if (kid.isDict()) {
+-      if ((start = readPageTree(kid.getDict(), attrs1, start))
+-	  < 0)
+-	goto err2;
++      if (callDepth > MAX_CALL_DEPTH) {
++        error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++      } else {
++        if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++	    < 0)
++	  goto err2;
++      }
+     } else {
+       error(-1, "Kid object (page %d) is wrong type (%s)",
+ 	    start+1, kid.getTypeName());
+--- kpdf/xpdf/xpdf/Catalog.h
++++ kpdf/xpdf/xpdf/Catalog.h
+@@ -128,7 +128,7 @@ private:
+   Object acroForm;		// AcroForm dictionary
+   GBool ok;			// true if catalog is valid
+ 
+-  int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++  int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+   Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+ 
diff --git a/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild b/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild
new file mode 100644
index 000000000000..00d6ef3f7ef4
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild,v 1.1 2007/02/07 18:26:13 flameeyes Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gphoto2 imlib openexr opengl pdf povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )
+	pdf? ( >=app-text/poppler-0.5.1
+		>=app-text/poppler-bindings-0.5.1 )"
+
+RDEPEND="${DEPEND}
+	tetex? (
+	|| ( >=app-text/tetex-2
+		 app-text/ptex
+		 app-text/cstetex
+		 app-text/dvipdfm ) )"
+
+DEPEND="${DEPEND}
+	dev-util/pkgconfig"
+
+PATCHES="${FILESDIR}/post-3.5.5-kdegraphics.diff
+	${FILESDIR}/post-3.5.5-kdegraphics-CVE-2007-0104.diff"
+
+pkg_setup() {
+	kde_pkg_setup
+	for ghostscript in app-text/ghostscript-{gnu,esp,afpl}; do
+		if has_version ${ghostscript} && ! built_with_use ${ghostscript} X; then
+			eerror "This package requires ${ghostscript} compiled with X11 support."
+			eerror "Please reemerge ${ghostscript} with USE=\"X\"."
+			die "Please reemerge ${ghostscript} with USE=\"X\"."
+		fi
+	done
+	if use pdf && ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="$(use_with openexr) $(use_with pdf poppler)
+				  $(use_with gphoto2 kamera)"
+
+	use imlib || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kuickshow"
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+	use pdf || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpdf"
+
+	rm -f ${S}/configure # ask rebuilding
+	kde_src_compile
+}
diff --git a/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild b/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild
new file mode 100644
index 000000000000..5789ec4943e6
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild,v 1.1 2007/02/07 18:26:13 flameeyes Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gphoto2 imlib openexr opengl pdf povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )
+	pdf? ( >=app-text/poppler-0.5.1
+		>=app-text/poppler-bindings-0.5.1 )"
+
+RDEPEND="${DEPEND}
+	tetex? (
+	|| ( >=app-text/tetex-2
+		 app-text/ptex
+		 app-text/cstetex
+		 app-text/dvipdfm ) )"
+
+DEPEND="${DEPEND}
+	dev-util/pkgconfig"
+
+pkg_setup() {
+	kde_pkg_setup
+	for ghostscript in app-text/ghostscript-{gnu,esp,afpl}; do
+		if has_version ${ghostscript} && ! built_with_use ${ghostscript} X; then
+			eerror "This package requires ${ghostscript} compiled with X11 support."
+			eerror "Please reemerge ${ghostscript} with USE=\"X\"."
+			die "Please reemerge ${ghostscript} with USE=\"X\"."
+		fi
+	done
+	if use pdf && ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="$(use_with openexr) $(use_with pdf poppler)
+				  $(use_with gphoto2 kamera)"
+
+	use imlib || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kuickshow"
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+	use pdf || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpdf"
+
+	rm -f "${S}/configure" # ask rebuilding
+	kde_src_compile
+}