vulnerabilities in included xpdf code, #114429

Package-Manager: portage-2.0.53
author: Carsten Lohrke <carlo@gentoo.org> 2005-12-06 02:01:05 +0000
committer: Carsten Lohrke <carlo@gentoo.org> 2005-12-06 02:01:05 +0000
commit: 033ab5697c89de6cd37691ba25c1164b2612bfd4 (patch)
tree: 4e0ecc82f2bca759d9ad1a927276234668609657 /app-office/kword
parent: whitespace fix (diff)
download: historical-033ab5697c89de6cd37691ba25c1164b2612bfd4.tar.gz
historical-033ab5697c89de6cd37691ba25c1164b2612bfd4.tar.bz2
historical-033ab5697c89de6cd37691ba25c1164b2612bfd4.zip
6 files changed, 161 insertions, 3 deletions
diff --git a/app-office/kword/ChangeLog b/app-office/kword/ChangeLog
index f8289076158a..e494c591c776 100644
--- a/app-office/kword/ChangeLog
+++ b/app-office/kword/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-office/kword
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.27 2005/12/03 19:45:46 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/ChangeLog,v 1.28 2005/12/06 02:01:05 carlo Exp $
+
+*kword-1.4.2-r3 (06 Dec 2005)
+*kword-1.4.2-r2 (06 Dec 2005)
+
+  06 Dec 2005; Carsten Lohrke <carlo@gentoo.org>
+  +files/kword-1.4.2-CAN-2005-3193.patch, -kword-1.4.2-r1.ebuild,
+  +kword-1.4.2-r2.ebuild, +kword-1.4.2-r3.ebuild:
+  vulnerabilities in included xpdf code, #114429
 
 *kword-1.4.2-r1 (03 Dec 2005)
 
diff --git a/app-office/kword/files/digest-kword-1.4.2-r1 b/app-office/kword/files/digest-kword-1.4.2-r2
index a054824ae545..a054824ae545 100644
--- a/app-office/kword/files/digest-kword-1.4.2-r1
+++ b/app-office/kword/files/digest-kword-1.4.2-r2
diff --git a/app-office/kword/files/digest-kword-1.4.2-r3 b/app-office/kword/files/digest-kword-1.4.2-r3
new file mode 100644
index 000000000000..a054824ae545
--- /dev/null
+++ b/app-office/kword/files/digest-kword-1.4.2-r3
@@ -0,0 +1 @@
+MD5 6b456fb7d54c84b11396b27a96ae0cf8 koffice-1.4.2.tar.bz2 19486852
diff --git a/app-office/kword/files/kword-1.4.2-CAN-2005-3193.patch b/app-office/kword/files/kword-1.4.2-CAN-2005-3193.patch
new file mode 100644
index 000000000000..323cdf520b6f
--- /dev/null
+++ b/app-office/kword/files/kword-1.4.2-CAN-2005-3193.patch
@@ -0,0 +1,93 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.h.orig	2005-12-04 18:21:42.000000000 +0100
++++ filters/kword/pdf/xpdf/xpdf/Stream.h	2005-12-04 18:25:55.000000000 +0100
+@@ -225,6 +225,8 @@
+ 
+   ~StreamPredictor();
+ 
++  GBool isOk() { return ok; }
++
+   int lookChar();
+   int getChar();
+ 
+@@ -242,6 +244,7 @@
+   int rowBytes;			// bytes per line
+   Guchar *predLine;		// line buffer
+   int predIdx;			// current index in predLine
++  GBool ok;
+ };
+ 
+ //------------------------------------------------------------------------
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc.orig	2005-12-04 18:21:29.000000000 +0100
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc	2005-12-04 18:33:51.000000000 +0100
+@@ -404,18 +404,33 @@
+ 
+ StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
+ 				 int widthA, int nCompsA, int nBitsA) {
++  int totalBits;
++
+   str = strA;
+   predictor = predictorA;
+   width = widthA;
+   nComps = nCompsA;
+   nBits = nBitsA;
++  predLine = NULL;
++  ok = gFalse;
+ 
+   nVals = width * nComps;
++  totalBits = nVals * nBits;
++  if (totalBits == 0 ||
++      (totalBits / nBits) / nComps != width ||
++      totalBits + 7 < 0) {
++    return;
++  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+-  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
++  if (rowBytes < 0) {
++    return;
++  }
+   predLine = (Guchar *)gmalloc(rowBytes);
+   memset(predLine, 0, rowBytes);
+   predIdx = rowBytes;
++
++  ok = gTrue;
+ }
+ 
+ StreamPredictor::~StreamPredictor() {
+@@ -982,6 +997,10 @@
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (!pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }
+   } else {
+     pred = NULL;
+   }
+@@ -2887,6 +2906,14 @@
+   height = read16();
+   width = read16();
+   numComps = str->getChar();
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream", prec);
++    return gFalse;
++  }
++  if (numComps <= 0 || numComps > 4) {
++    error(getPos(), "Bad number of components in DCT stream", prec);
++    return gFalse;
++  }
+   if (prec != 8) {
+     error(getPos(), "Bad DCT precision %d", prec);
+     return gFalse;
+@@ -3179,6 +3206,10 @@
+     FilterStream(strA) {
+   if (predictor != 1) {
+     pred = new StreamPredictor(this, predictor, columns, colors, bits);
++    if (!pred->isOk()) {
++      delete pred;
++      pred = NULL;
++    }
+   } else {
+     pred = NULL;
+   }
diff --git a/app-office/kword/kword-1.4.2-r2.ebuild b/app-office/kword/kword-1.4.2-r2.ebuild
new file mode 100644
index 000000000000..1dd8253d22f6
--- /dev/null
+++ b/app-office/kword/kword-1.4.2-r2.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.4.2-r2.ebuild,v 1.1 2005/12/06 02:01:05 carlo Exp $
+
+KMNAME=koffice
+MAXKOFFICEVER=${PV}
+inherit kde-meta eutils
+
+DESCRIPTION="KOffice word processor."
+HOMEPAGE="http://www.koffice.org/"
+LICENSE="GPL-2 LGPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+
+RDEPEND="$(deprange $PV $MAXKOFFICEVER app-office/koffice-libs)
+	$(deprange $PV $MAXKOFFICEVER app-office/kspread)
+	>=app-text/wv2-0.1.8
+	>=media-gfx/imagemagick-5.5.2"
+
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig"
+
+KMCOPYLIB="
+	libkformula lib/kformula
+	libkofficecore lib/kofficecore
+	libkofficeui lib/kofficeui
+	libkopainter lib/kopainter
+	libkoscript lib/koscript
+	libkotext lib/kotext
+	libkwmf lib/kwmf
+	libkowmf lib/kwmf
+	libkstore lib/store
+	libkspreadcommon kspread"
+
+KMEXTRACTONLY="
+	lib/
+	kspread/"
+
+KMCOMPILEONLY="filters/liboofilter"
+
+KMEXTRA="filters/kword"
+
+need-kde 3.3
+
+PATCHES="${FILESDIR}/kword-1.4.2-CAN-2005-3193.patch"
+
+src_unpack() {
+	kde-meta_src_unpack unpack
+
+	# We need to compile liboofilter first
+	echo "SUBDIRS = liboofilter kword" > $S/filters/Makefile.am
+
+	kde-meta_src_unpack makefiles
+}
diff --git a/app-office/kword/kword-1.4.2-r1.ebuild b/app-office/kword/kword-1.4.2-r3.ebuild
index bca041bee538..0149d0c76d1f 100644
--- a/app-office/kword/kword-1.4.2-r1.ebuild
+++ b/app-office/kword/kword-1.4.2-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.4.2-r1.ebuild,v 1.1 2005/12/03 19:45:46 carlo Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-office/kword/kword-1.4.2-r3.ebuild,v 1.1 2005/12/06 02:01:05 carlo Exp $
 
 KMNAME=koffice
 MAXKOFFICEVER=${PV}
@@ -45,7 +45,7 @@ KMEXTRA="filters/kword"
 
 need-kde 3.3
 
-PATCHES="${FILESDIR}/kspread-1.4.2-gcc41.patch"
+PATCHES="${FILESDIR}/kspread-1.4.2-gcc41.patch ${FILESDIR}/kword-1.4.2-CAN-2005-3193.patch"
 
 src_unpack() {
 	kde-meta_src_unpack unpack
author	Carsten Lohrke <carlo@gentoo.org>	2005-12-06 02:01:05 +0000
committer	Carsten Lohrke <carlo@gentoo.org>	2005-12-06 02:01:05 +0000
commit	033ab5697c89de6cd37691ba25c1164b2612bfd4 (patch)
tree	4e0ecc82f2bca759d9ad1a927276234668609657 /app-office/kword
parent	whitespace fix (diff)
download	historical-033ab5697c89de6cd37691ba25c1164b2612bfd4.tar.gz historical-033ab5697c89de6cd37691ba25c1164b2612bfd4.tar.bz2 historical-033ab5697c89de6cd37691ba25c1164b2612bfd4.zip