add sec fixes

author: Marinus Schraal <foser@gentoo.org> 2004-11-01 23:27:27 +0000
committer: Marinus Schraal <foser@gentoo.org> 2004-11-01 23:27:27 +0000
commit: 566f61c91418a82979c14d79936e33249604ac97 (patch)
tree: b6b5f9dc06f77ee82b8deef087bcae159dd574a5 /app-text/gpdf
parent: Version bumped. Closes 69723. (diff)
download: historical-566f61c91418a82979c14d79936e33249604ac97.tar.gz
historical-566f61c91418a82979c14d79936e33249604ac97.tar.bz2
historical-566f61c91418a82979c14d79936e33249604ac97.zip
11 files changed, 217 insertions, 71 deletions
diff --git a/app-text/gpdf/ChangeLog b/app-text/gpdf/ChangeLog
index 1cfd43192288..6b510e03fa6c 100644
--- a/app-text/gpdf/ChangeLog
+++ b/app-text/gpdf/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-text/gpdf
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/gpdf/ChangeLog,v 1.51 2004/10/26 07:04:01 sejo Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/gpdf/ChangeLog,v 1.52 2004/11/01 23:27:27 foser Exp $
+
+*gpdf-2.8.0-r2 (02 Nov 2004)
+*gpdf-0.132-r2 (02 Nov 2004)
+
+  02 Nov 2004; foser <foser@gentoo.org> gpdf-0.132-r2.ebuild, gpdf-2.8.0-r2.ebuild :
+  More sec patches added (#69662)
 
   26 Oct 2004; <SeJo@gentoo.org> gpdf-0.132-r1.ebuild, gpdf-2.8.0-r1.ebuild:
   stable on ppc gsla: 68571
diff --git a/app-text/gpdf/Manifest b/app-text/gpdf/Manifest
index e61c362a7c1f..2b376901a2bc 100644
--- a/app-text/gpdf/Manifest
+++ b/app-text/gpdf/Manifest
@@ -1,25 +1,17 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 5f94881a4020d363767a598dedda5a07 ChangeLog 5338
-MD5 feb7fdf2f480631492191491302c0812 gpdf-0.112.ebuild 925
-MD5 38550e0c3c0410b03f5dde6dd1f0b3ce gpdf-0.131.ebuild 925
+MD5 2c904e5e026038c1dda1f0c8923b56fa gpdf-2.8.0-r1.ebuild 1010
+MD5 72d3635551080ebc17aecb791a8b75d1 gpdf-0.132-r2.ebuild 1169
 MD5 5907625e80bdb0965456f467553857e6 gpdf-0.132.ebuild 872
-MD5 03ad2e6c4ab41244af1015a8bbb0b39f metadata.xml 158
 MD5 9972193424743258f4594915e2fb3797 gpdf-0.132-r1.ebuild 1021
-MD5 2c904e5e026038c1dda1f0c8923b56fa gpdf-2.8.0-r1.ebuild 1010
-MD5 a257b05533ebd7ecff92c22511880be3 files/digest-gpdf-0.112 63
-MD5 cee45d187382024b10b02c4c577a7546 files/digest-gpdf-0.131 64
+MD5 7c294205a50ca249187a32c959e260e3 gpdf-2.8.0-r2.ebuild 1086
+MD5 aafb33cdac852d12c7da77704d0c9d05 ChangeLog 5518
+MD5 03ad2e6c4ab41244af1015a8bbb0b39f metadata.xml 158
+MD5 362296e34a1a04a6e5e2a7d9e97547c6 files/gpdf-xpdf2_underflow.patch 2363
 MD5 167bcfd9a6e435acc241c07dc522b562 files/digest-gpdf-0.132 64
-MD5 9336bbbfbb54ba88fb5e4aba2da1833f files/gpdf-0.112-remove_gtk24_call.patch 607
+MD5 2fce5bedd61300fad1566a41f991a782 files/gpdf-xpdf_goo_sizet.patch 1424
+MD5 5e63c86e19a1c1387cab38b7e2902c9e files/gpdf-xpdf_3_CAN-2004-0889.patch 8115
 MD5 167bcfd9a6e435acc241c07dc522b562 files/digest-gpdf-0.132-r1 64
-MD5 f61386d00d5674f3bbb80b181e8cea3a files/digest-gpdf-2.8.0-r1 64
+MD5 167bcfd9a6e435acc241c07dc522b562 files/digest-gpdf-0.132-r2 64
 MD5 b32f90fc9249d1f7434659642b36f9d9 files/gpdf-xpdf_2_CAN-2004-0888.patch 2716
-MD5 5e63c86e19a1c1387cab38b7e2902c9e files/gpdf-xpdf_3_CAN-2004-0889.patch 8115
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
-
-iD8DBQFBfhCoI1lqEGTUzyQRAvn7AJ9l29G7Vqj8POP5LhZrSnqTeJcMSwCffDlx
-UchmwbVUfpgUY/Xf+L7qMWw=
-=JsP3
------END PGP SIGNATURE-----
+MD5 f61386d00d5674f3bbb80b181e8cea3a files/digest-gpdf-2.8.0-r1 64
+MD5 f61386d00d5674f3bbb80b181e8cea3a files/digest-gpdf-2.8.0-r2 64
+MD5 9336bbbfbb54ba88fb5e4aba2da1833f files/gpdf-0.112-remove_gtk24_call.patch 607
diff --git a/app-text/gpdf/files/digest-gpdf-0.112 b/app-text/gpdf/files/digest-gpdf-0.112
deleted file mode 100644
index 8c740aa49965..000000000000
--- a/app-text/gpdf/files/digest-gpdf-0.112
+++ /dev/null
@@ -1 +0,0 @@
-MD5 4df88fb2d9998807c05ce6cc395c022f gpdf-0.112.tar.bz2 841415
diff --git a/app-text/gpdf/files/digest-gpdf-0.131 b/app-text/gpdf/files/digest-gpdf-0.131
deleted file mode 100644
index b69356630e2a..000000000000
--- a/app-text/gpdf/files/digest-gpdf-0.131
+++ /dev/null
@@ -1 +0,0 @@
-MD5 95eeb0a33d37fbb5c56cf9260656d86d gpdf-0.131.tar.bz2 1101285
diff --git a/app-text/gpdf/files/digest-gpdf-0.132-r2 b/app-text/gpdf/files/digest-gpdf-0.132-r2
new file mode 100644
index 000000000000..dfe43a4d0e99
--- /dev/null
+++ b/app-text/gpdf/files/digest-gpdf-0.132-r2
@@ -0,0 +1 @@
+MD5 1b8ba3384210b89a3628281e6aa5edaa gpdf-0.132.tar.bz2 1109005
diff --git a/app-text/gpdf/files/digest-gpdf-2.8.0-r2 b/app-text/gpdf/files/digest-gpdf-2.8.0-r2
new file mode 100644
index 000000000000..09584962edfd
--- /dev/null
+++ b/app-text/gpdf/files/digest-gpdf-2.8.0-r2
@@ -0,0 +1 @@
+MD5 a1c054d5de1d5ef361006975c57b45f5 gpdf-2.8.0.tar.bz2 1046763
diff --git a/app-text/gpdf/files/gpdf-xpdf2_underflow.patch b/app-text/gpdf/files/gpdf-xpdf2_underflow.patch
new file mode 100644
index 000000000000..9371be84352e
--- /dev/null
+++ b/app-text/gpdf/files/gpdf-xpdf2_underflow.patch
@@ -0,0 +1,81 @@
+diff -ru xpdf-2.02pl1/xpdf/XRef.cc xpdf-2.02pl1/xpdf/XRef.cc
+--- xpdf-2.02pl1/xpdf/XRef.cc	2004-10-29 15:16:45.790089001 +0200
++++ xpdf-2.02pl1/xpdf/XRef.cc	2004-10-29 15:11:54.132168025 +0200
+@@ -66,6 +66,8 @@
+   start = str->getStart();
+   pos = readTrailer();
+ 
++  entries = NULL;
++
+   // if there was a problem with the trailer,
+   // try to reconstruct the xref table
+   if (pos == 0) {
+@@ -76,7 +78,7 @@
+ 
+   // trailer is ok - read the xref table
+   } else {
+-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++    if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {
+       error(-1, "Invalid 'size' inside xref table.");
+       ok = gFalse;
+       errCode = errDamaged;
+@@ -181,7 +183,7 @@
+     n = atoi(p);
+     while ('0' <= *p && *p <= '9') ++p;
+     while (isspace(*p)) ++p;
+-    if (p == buf)
++    if ((p == buf) || (n < 0)) /* must make progress */
+       return 0;
+     pos1 += (p - buf) + n * 20;
+   }
+@@ -255,6 +257,10 @@
+     }
+     s[i] = '\0';
+     first = atoi(s);
++    if (first < 0) {
++        error(-1, "Invalid 'first'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -266,6 +272,10 @@
+     }
+     s[i] = '\0';
+     n = atoi(s);
++    if (n<=0) {
++        error(-1, "Invalid 'n'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -273,7 +283,7 @@
+     // table size
+     if (first + n > size) {
+       newSize = size + 256;
+-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++      if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+         error(-1, "Invalid 'newSize'");
+         goto err2;
+       }
+@@ -406,6 +416,10 @@
+     // look for object
+     } else if (isdigit(*p)) {
+       num = atoi(p);
++      if (num < 0) {
++	error(-1, "Invalid 'num' parameters.");
++	return gFalse;
++      }
+       do {
+ 	++p;
+       } while (*p && isdigit(*p));
+@@ -425,7 +439,7 @@
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
+-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	        if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+ 	          error(-1, "Invalid 'obj' parameters.");
+ 	          return gFalse;
+ 	        }
diff --git a/app-text/gpdf/files/gpdf-xpdf_goo_sizet.patch b/app-text/gpdf/files/gpdf-xpdf_goo_sizet.patch
new file mode 100644
index 000000000000..5d90c5120bd4
--- /dev/null
+++ b/app-text/gpdf/files/gpdf-xpdf_goo_sizet.patch
@@ -0,0 +1,57 @@
+diff -ru xpdf-2.02pl1/goo/gmem.c xpdf-2.02pl1/goo/gmem.c
+--- xpdf-2.02pl1/goo/gmem.c	2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.c	2004-10-29 15:13:34.866919791 +0200
+@@ -53,9 +53,9 @@
+ 
+ #endif /* DEBUG_MEM */
+ 
+-void *gmalloc(int size) {
++void *gmalloc(size_t size) {
+ #ifdef DEBUG_MEM
+-  int size1;
++  size_t size1;
+   char *mem;
+   GMemHdr *hdr;
+   void *data;
+@@ -94,11 +94,11 @@
+ #endif
+ }
+ 
+-void *grealloc(void *p, int size) {
++void *grealloc(void *p, size_t size) {
+ #ifdef DEBUG_MEM
+   GMemHdr *hdr;
+   void *q;
+-  int oldSize;
++  size_t oldSize;
+ 
+   if (size == 0) {
+     if (p)
+@@ -137,7 +137,7 @@
+ 
+ void gfree(void *p) {
+ #ifdef DEBUG_MEM
+-  int size;
++  size_t size;
+   GMemHdr *hdr;
+   GMemHdr *prevHdr, *q;
+   int lst;
+diff -ru xpdf-2.02pl1/goo/gmem.h xpdf-2.02pl1/goo/gmem.h
+--- xpdf-2.02pl1/goo/gmem.h	2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.h	2004-10-29 15:13:50.864027201 +0200
+@@ -19,13 +19,13 @@
+  * Same as malloc, but prints error message and exits if malloc()
+  * returns NULL.
+  */
+-extern void *gmalloc(int size);
++extern void *gmalloc(size_t size);
+ 
+ /*
+  * Same as realloc, but prints error message and exits if realloc()
+  * returns NULL.  If <p> is NULL, calls malloc instead of realloc().
+  */
+-extern void *grealloc(void *p, int size);
++extern void *grealloc(void *p, size_t size);
+ 
+ /*
+  * Same as free, but checks for and ignores NULL pointers.
diff --git a/app-text/gpdf/gpdf-0.112.ebuild b/app-text/gpdf/gpdf-0.112.ebuild
deleted file mode 100644
index a4de589210e5..000000000000
--- a/app-text/gpdf/gpdf-0.112.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/gpdf/gpdf-0.112.ebuild,v 1.7 2004/10/25 07:32:56 usata Exp $
-
-inherit gnome2 flag-o-matic eutils
-
-DESCRIPTION="your favourite pdf previewer"
-HOMEPAGE="http://www.gnome.org/"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="x86 ppc alpha sparc hppa ~amd64 ia64"
-IUSE=""
-
-RDEPEND=">=gnome-base/libgnomeui-2
-	>=gnome-base/libbonobo-2.2.1
-	>=gnome-base/libbonoboui-2
-	>=gnome-base/gnome-vfs-2
-	>=gnome-base/libgnomeprint-2.3
-	>=gnome-base/libgnomeprintui-2.2
-	>=gnome-base/libglade-2"
-
-DEPEND="${RDEPEND}
-	>=dev-util/pkgconfig-0.12.0"
-
-PROVIDE="virtual/pdfviewer"
-
-DOCS="AUTHORS CHANGES ChangeLog COPYING INSTALL NEWS README*"
-
-src_unpack() {
-
-	unpack ${A}
-
-	cd ${S}
-	epatch ${FILESDIR}/${P}-remove_gtk24_call.patch
-
-}
-
-src_compile() {
-	use alpha && append-flags -fPIC
-	gnome2_src_compile
-}
diff --git a/app-text/gpdf/gpdf-0.132-r2.ebuild b/app-text/gpdf/gpdf-0.132-r2.ebuild
new file mode 100644
index 000000000000..b82c57db9fdf
--- /dev/null
+++ b/app-text/gpdf/gpdf-0.132-r2.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/gpdf/gpdf-0.132-r2.ebuild,v 1.1 2004/11/01 23:27:27 foser Exp $
+
+inherit gnome2 flag-o-matic eutils
+
+DESCRIPTION="Viewer for Portable Document Format (PDF) files"
+HOMEPAGE="http://www.gnome.org/"
+LICENSE="GPL-2"
+
+IUSE=""
+SLOT="0"
+KEYWORDS="x86 ~ppc ~alpha ~sparc ~hppa ~amd64 ~ia64 ~mips"
+
+RDEPEND=">=x11-libs/gtk+-2.3
+	>=gnome-base/gconf-2
+	>=gnome-base/libgnomeui-2
+	>=gnome-base/libbonobo-2.2.1
+	>=gnome-base/libbonoboui-2
+	>=gnome-base/gnome-vfs-2
+	>=gnome-base/libgnomeprint-2.6
+	>=gnome-base/libgnomeprintui-2.2
+	>=gnome-base/libglade-2"
+
+DEPEND="${RDEPEND}
+	app-text/scrollkeeper
+	>=dev-util/intltool-0.29
+	>=dev-util/pkgconfig-0.12.0"
+
+PROVIDE="virtual/pdfviewer"
+
+DOCS="AUTHORS CHANGES ChangeLog COPYING INSTALL NEWS README*"
+
+src_unpack() {
+
+	unpack ${A}
+
+	cd ${S}/xpdf
+	# fix security vulnerability (#68571)
+	epatch ${FILESDIR}/${PN}-xpdf_2_CAN-2004-0888.patch
+	# fix security vulnerabilities (#69662)
+	cd ${S}
+	epatch ${FILESDIR}/gpdf-xpdf2_underflow.patch
+	epatch ${FILESDIR}/gpdf-xpdf_goo_sizet.patch
+
+}
diff --git a/app-text/gpdf/gpdf-0.131.ebuild b/app-text/gpdf/gpdf-2.8.0-r2.ebuild
index 15a36ba6e6fa..51e389c17550 100644
--- a/app-text/gpdf/gpdf-0.131.ebuild
+++ b/app-text/gpdf/gpdf-2.8.0-r2.ebuild
@@ -1,16 +1,16 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/gpdf/gpdf-0.131.ebuild,v 1.10 2004/10/25 07:32:56 usata Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/gpdf/gpdf-2.8.0-r2.ebuild,v 1.1 2004/11/01 23:27:27 foser Exp $
 
 inherit gnome2 flag-o-matic
 
-DESCRIPTION="A viewer for Portable Document Format (PDF) files"
+DESCRIPTION="Viewer for Portable Document Format (PDF) files"
 HOMEPAGE="http://www.gnome.org/"
 LICENSE="GPL-2"
 
 IUSE=""
 SLOT="0"
-KEYWORDS="x86 ppc alpha ~sparc hppa amd64 ~ia64 mips"
+KEYWORDS="x86 ~ppc ~alpha ~sparc ~hppa ~amd64 ~ia64 ~mips"
 
 RDEPEND=">=x11-libs/gtk+-2.3
 	>=gnome-base/gconf-2
@@ -23,6 +23,7 @@ RDEPEND=">=x11-libs/gtk+-2.3
 	>=gnome-base/libglade-2"
 
 DEPEND="${RDEPEND}
+	app-text/scrollkeeper
 	>=dev-util/intltool-0.29
 	>=dev-util/pkgconfig-0.12.0"
 
@@ -30,9 +31,14 @@ PROVIDE="virtual/pdfviewer"
 
 DOCS="AUTHORS CHANGES ChangeLog COPYING INSTALL NEWS README*"
 
-src_compile() {
+src_unpack() {
 
-	use alpha && append-flags -fPIC
-	gnome2_src_compile
+	unpack ${A}
+
+	cd ${S}
+	# fix security vulnerability (#68571)
+	epatch ${FILESDIR}/${PN}-xpdf_3_CAN-2004-0889.patch
+	# fix sec vuln (#69662)
+	epatch ${FILESDIR}/${PN}-xpdf_goo_sizet.patch
 
 }
author	Marinus Schraal <foser@gentoo.org>	2004-11-01 23:27:27 +0000
committer	Marinus Schraal <foser@gentoo.org>	2004-11-01 23:27:27 +0000
commit	566f61c91418a82979c14d79936e33249604ac97 (patch)
tree	b6b5f9dc06f77ee82b8deef087bcae159dd574a5 /app-text/gpdf
parent	Version bumped. Closes 69723. (diff)
download	historical-566f61c91418a82979c14d79936e33249604ac97.tar.gz historical-566f61c91418a82979c14d79936e33249604ac97.tar.bz2 historical-566f61c91418a82979c14d79936e33249604ac97.zip