New revisions, not using the poppler patch. Add patch for security bug in 3.5.5-r2 too.

Package-Manager: portage-2.1.2-r8
author: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-02-07 18:26:13 +0000
committer: Diego Elio Pettenò <flameeyes@gentoo.org> 2007-02-07 18:26:13 +0000
commit: 6daab020d207a59ffe9b3bd3242029660cea2325 (patch)
tree: 798665b28099cb150194205a1dcc4c4004b6d1c2 /kde-base
parent: Missing configure patch. Bug #165739 (diff)
download: historical-6daab020d207a59ffe9b3bd3242029660cea2325.tar.gz
historical-6daab020d207a59ffe9b3bd3242029660cea2325.tar.bz2
historical-6daab020d207a59ffe9b3bd3242029660cea2325.zip
7 files changed, 244 insertions, 5 deletions
diff --git a/kde-base/kdegraphics/ChangeLog b/kde-base/kdegraphics/ChangeLog
index b8298b2e12c5..f4e783badb01 100644
--- a/kde-base/kdegraphics/ChangeLog
+++ b/kde-base/kdegraphics/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for kde-base/kdegraphics
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.293 2007/02/04 17:56:05 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/ChangeLog,v 1.294 2007/02/07 18:26:13 flameeyes Exp $
+
+*kdegraphics-3.5.6-r1 (07 Feb 2007)
+*kdegraphics-3.5.5-r2 (07 Feb 2007)
+
+  07 Feb 2007; Diego Pettenò <flameeyes@gentoo.org>
+  +files/post-3.5.5-kdegraphics-CVE-2007-0104.diff,
+  +kdegraphics-3.5.5-r2.ebuild, +kdegraphics-3.5.6-r1.ebuild:
+  New revisions, not using the poppler patch. Add patch for security bug in
+  3.5.5-r2 too.
 
   04 Feb 2007; Jeroen Roovers <jer@gentoo.org> kdegraphics-3.5.6.ebuild:
   Marked ~hppa.
diff --git a/kde-base/kdegraphics/Manifest b/kde-base/kdegraphics/Manifest
index bd71ff535467..ecd2c783066e 100644
--- a/kde-base/kdegraphics/Manifest
+++ b/kde-base/kdegraphics/Manifest
@@ -1,3 +1,10 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366 RMD160 27d47660b189b5956f70baf0666ce0ec563e22ea SHA1 885eee20b7afe720e59276ae155f7804f5cd1d55 SHA256 3bfaba3c19087ab94e1a719e4ca0332bb807a019a97f3b2886721390917e3daa
+MD5 a690ce46117257609c2b43485ea4d0d7 files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366
+RMD160 27d47660b189b5956f70baf0666ce0ec563e22ea files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366
+SHA256 3bfaba3c19087ab94e1a719e4ca0332bb807a019a97f3b2886721390917e3daa files/post-3.5.5-kdegraphics-CVE-2007-0104.diff 2366
 AUX post-3.5.5-kdegraphics.diff 5324 RMD160 e67762766b9a77d855e189012c5eff526a9716fc SHA1 f48513bd60956c67aa877f52dd1daa25b41d43bb SHA256 45fabc5f38aef16c17456346a3423e996b5c025fef00f6b3e96eb21f3cfb105d
 MD5 1ce5fb77aff8f97ed21da046c1385000 files/post-3.5.5-kdegraphics.diff 5324
 RMD160 e67762766b9a77d855e189012c5eff526a9716fc files/post-3.5.5-kdegraphics.diff 5324
@@ -10,18 +17,26 @@ EBUILD kdegraphics-3.5.5-r1.ebuild 2288 RMD160 e742a0b1b1b42da599fdaf1dc28b7115f
 MD5 e61338fd5e89584c8d59d429a13d2a03 kdegraphics-3.5.5-r1.ebuild 2288
 RMD160 e742a0b1b1b42da599fdaf1dc28b7115f0d69c46 kdegraphics-3.5.5-r1.ebuild 2288
 SHA256 bc6adbc176adc29a101d5265af0a5367753368c125854fa496d42ac7fa92dd8d kdegraphics-3.5.5-r1.ebuild 2288
+EBUILD kdegraphics-3.5.5-r2.ebuild 2238 RMD160 04a89323e9e24698a508d59fbe62e6f9a0e30742 SHA1 cf2db57233277145bcf2368d7fc392e9f80a4e97 SHA256 9bf2de2118081bc628d9c6401835a55d20b48982b0de1cd778a8998aff226268
+MD5 7b9df6ae629224074c7f2988dd3c83f7 kdegraphics-3.5.5-r2.ebuild 2238
+RMD160 04a89323e9e24698a508d59fbe62e6f9a0e30742 kdegraphics-3.5.5-r2.ebuild 2238
+SHA256 9bf2de2118081bc628d9c6401835a55d20b48982b0de1cd778a8998aff226268 kdegraphics-3.5.5-r2.ebuild 2238
 EBUILD kdegraphics-3.5.5.ebuild 2245 RMD160 787daed2c955c1d636d063d76912ea7a0080907a SHA1 9b641f31a472a2e09f5efda59eaa5c5a66023fe0 SHA256 d36b0a6d54b7cdcf398f0e9ace74612f92a79b9ece501b4c149f99830428ee50
 MD5 6ecd6b4fa4b6d8717afc7aabe8d71f15 kdegraphics-3.5.5.ebuild 2245
 RMD160 787daed2c955c1d636d063d76912ea7a0080907a kdegraphics-3.5.5.ebuild 2245
 SHA256 d36b0a6d54b7cdcf398f0e9ace74612f92a79b9ece501b4c149f99830428ee50 kdegraphics-3.5.5.ebuild 2245
+EBUILD kdegraphics-3.5.6-r1.ebuild 2128 RMD160 aa7631bf9d279beac53ab929791d7690089b99f3 SHA1 1a2fdec2cbcd0c7b720e36627577a4f3ee8e8c0a SHA256 5b2274faa38c5f737c30273b8939d4f7169a5cf3b8ffc64a1a8fa7b4b390d8a5
+MD5 eee47efa4d8aad59a6d8c8f6f1a7ab2c kdegraphics-3.5.6-r1.ebuild 2128
+RMD160 aa7631bf9d279beac53ab929791d7690089b99f3 kdegraphics-3.5.6-r1.ebuild 2128
+SHA256 5b2274faa38c5f737c30273b8939d4f7169a5cf3b8ffc64a1a8fa7b4b390d8a5 kdegraphics-3.5.6-r1.ebuild 2128
 EBUILD kdegraphics-3.5.6.ebuild 2238 RMD160 c7664779cadd27732f7c63be6333c1b4dc3a7d01 SHA1 624d799eece6fc84eb78338c636a84df00cbe1d4 SHA256 c4c7034c3ad1ce61388627c429e64cbcb5c8ad4958373de2c91724c0e532b11a
 MD5 c416f9c09ca10e56e9589d6470afde26 kdegraphics-3.5.6.ebuild 2238
 RMD160 c7664779cadd27732f7c63be6333c1b4dc3a7d01 kdegraphics-3.5.6.ebuild 2238
 SHA256 c4c7034c3ad1ce61388627c429e64cbcb5c8ad4958373de2c91724c0e532b11a kdegraphics-3.5.6.ebuild 2238
-MISC ChangeLog 42162 RMD160 f5537a28836e4c53c57e0b2980860b485a4e0a68 SHA1 6fda9588e9a90b0b756e62f11b61d88a9c222356 SHA256 44d87dae03b2c1af39ad8f3ecec86dbc444433c1f123c042ff79d88e13494878
-MD5 28ea46468dc99abfca792aff97283995 ChangeLog 42162
-RMD160 f5537a28836e4c53c57e0b2980860b485a4e0a68 ChangeLog 42162
-SHA256 44d87dae03b2c1af39ad8f3ecec86dbc444433c1f123c042ff79d88e13494878 ChangeLog 42162
+MISC ChangeLog 42501 RMD160 fd24f66105b2a61591c38f897e7d3d9da2d582a6 SHA1 4484418658f19b65e1c56294c9b8318ae2311e0b SHA256 2cf162abc87efb868587bf3a2c62247212c61c899f5edd5703bbaeb45497c219
+MD5 41270ace9566f3288a7ad3422e862a6a ChangeLog 42501
+RMD160 fd24f66105b2a61591c38f897e7d3d9da2d582a6 ChangeLog 42501
+SHA256 2cf162abc87efb868587bf3a2c62247212c61c899f5edd5703bbaeb45497c219 ChangeLog 42501
 MISC metadata.xml 156 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 SHA1 b64f7c0b4e5db816d82ad19848f72118af129d35 SHA256 2f4da28506b9d4185f320f67a6191d30c7a921217ed4447ed46ea0bc4aefc79a
 MD5 acc03a4b12bb0433a57e95bd253b9501 metadata.xml 156
 RMD160 ecce3b981f150c45ae1e84e2d208e678d6124259 metadata.xml 156
@@ -32,6 +47,19 @@ SHA256 39bcb2efbd35d5482ca8b69fa95e68b60e0b8e6cef77e41f219ec52670ffe996 files/di
 MD5 3b9cbd63f909e817f24fa89232add1bb files/digest-kdegraphics-3.5.5-r1 530
 RMD160 5de1c169b2eb3719321a551cbedce3dfebb548d9 files/digest-kdegraphics-3.5.5-r1 530
 SHA256 39bcb2efbd35d5482ca8b69fa95e68b60e0b8e6cef77e41f219ec52670ffe996 files/digest-kdegraphics-3.5.5-r1 530
+MD5 a3aaa0343f00484f85258058e8ac348c files/digest-kdegraphics-3.5.5-r2 259
+RMD160 2a9a22c3f7376170cd8d44cb1979ef76636fb43d files/digest-kdegraphics-3.5.5-r2 259
+SHA256 5f1d4470a3e6814d9f1f1ccbaaa1dc86001c6d16985f48f21c1063a2b5968686 files/digest-kdegraphics-3.5.5-r2 259
 MD5 aa4615eef496feeffffb91753c8c1d77 files/digest-kdegraphics-3.5.6 518
 RMD160 cf0ab5c2f07e9a15318dcc5bfcc4a2c9442f64c3 files/digest-kdegraphics-3.5.6 518
 SHA256 69d3b3856ba4a44987bcab7a4722f2b59798078a6681170753b41180ea1a3c96 files/digest-kdegraphics-3.5.6 518
+MD5 84871ccbdb3c5b89fdc0bb1c1175faa6 files/digest-kdegraphics-3.5.6-r1 259
+RMD160 b68729ada6badaf6558bafcbb091a3701068fcc7 files/digest-kdegraphics-3.5.6-r1 259
+SHA256 585aa29db716746963d4e4383f027d3afd88cc73550bdb8010fd688152b7afd8 files/digest-kdegraphics-3.5.6-r1 259
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.2 (GNU/Linux)
+
+iD8DBQFFyhnPAiZjviIA2XgRAgfjAJ9Z8bRDgqBgnTOqGztEEac1EncYogCg1UYG
+HIY24l3pSj+f6Jn+FpJeeTw=
+=wOpl
+-----END PGP SIGNATURE-----
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2
new file mode 100644
index 000000000000..7dbb38b9a877
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2
@@ -0,0 +1,3 @@
+MD5 cdbe15afc01c5da7af9557e803bbb7e6 kdegraphics-3.5.5.tar.bz2 7334117
+RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f kdegraphics-3.5.5.tar.bz2 7334117
+SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16 kdegraphics-3.5.5.tar.bz2 7334117
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1
new file mode 100644
index 000000000000..de24125a93ab
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1
@@ -0,0 +1,3 @@
+MD5 79a1ffb7ae89bede1410411a30be3210 kdegraphics-3.5.6.tar.bz2 7332938
+RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 kdegraphics-3.5.6.tar.bz2 7332938
+SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f kdegraphics-3.5.6.tar.bz2 7332938
diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
new file mode 100644
index 000000000000..092cf67f360b
--- /dev/null
+++ b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
@@ -0,0 +1,61 @@
+--- kpdf/xpdf/xpdf/Catalog.cc
++++ kpdf/xpdf/xpdf/Catalog.cc
+@@ -26,6 +26,12 @@
+ #include "UGString.h"
+ #include "Catalog.h"
+ 
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
+     pageRefs[i].num = -1;
+     pageRefs[i].gen = -1;
+   }
+-  numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++  numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+   if (numPages != numPages0) {
+     error(-1, "Page count in top-level pages object is incorrect");
+   }
+@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
+   return s;
+ }
+ 
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+   Object kids;
+   Object kid;
+   Object kidRef;
+@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
+     // This should really be isDict("Pages"), but I've seen at least one
+     // PDF file where the /Type entry is missing.
+     } else if (kid.isDict()) {
+-      if ((start = readPageTree(kid.getDict(), attrs1, start))
+-	  < 0)
+-	goto err2;
++      if (callDepth > MAX_CALL_DEPTH) {
++        error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++      } else {
++        if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++	    < 0)
++	  goto err2;
++      }
+     } else {
+       error(-1, "Kid object (page %d) is wrong type (%s)",
+ 	    start+1, kid.getTypeName());
+--- kpdf/xpdf/xpdf/Catalog.h
++++ kpdf/xpdf/xpdf/Catalog.h
+@@ -128,7 +128,7 @@ private:
+   Object acroForm;		// AcroForm dictionary
+   GBool ok;			// true if catalog is valid
+ 
+-  int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++  int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+   Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+ 
diff --git a/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild b/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild
new file mode 100644
index 000000000000..00d6ef3f7ef4
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.5.5-r2.ebuild,v 1.1 2007/02/07 18:26:13 flameeyes Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gphoto2 imlib openexr opengl pdf povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )
+	pdf? ( >=app-text/poppler-0.5.1
+		>=app-text/poppler-bindings-0.5.1 )"
+
+RDEPEND="${DEPEND}
+	tetex? (
+	|| ( >=app-text/tetex-2
+		 app-text/ptex
+		 app-text/cstetex
+		 app-text/dvipdfm ) )"
+
+DEPEND="${DEPEND}
+	dev-util/pkgconfig"
+
+PATCHES="${FILESDIR}/post-3.5.5-kdegraphics.diff
+	${FILESDIR}/post-3.5.5-kdegraphics-CVE-2007-0104.diff"
+
+pkg_setup() {
+	kde_pkg_setup
+	for ghostscript in app-text/ghostscript-{gnu,esp,afpl}; do
+		if has_version ${ghostscript} && ! built_with_use ${ghostscript} X; then
+			eerror "This package requires ${ghostscript} compiled with X11 support."
+			eerror "Please reemerge ${ghostscript} with USE=\"X\"."
+			die "Please reemerge ${ghostscript} with USE=\"X\"."
+		fi
+	done
+	if use pdf && ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="$(use_with openexr) $(use_with pdf poppler)
+				  $(use_with gphoto2 kamera)"
+
+	use imlib || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kuickshow"
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+	use pdf || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpdf"
+
+	rm -f ${S}/configure # ask rebuilding
+	kde_src_compile
+}
diff --git a/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild b/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild
new file mode 100644
index 000000000000..5789ec4943e6
--- /dev/null
+++ b/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdegraphics/kdegraphics-3.5.6-r1.ebuild,v 1.1 2007/02/07 18:26:13 flameeyes Exp $
+
+inherit kde-dist eutils
+
+DESCRIPTION="KDE graphics-related apps"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gphoto2 imlib openexr opengl pdf povray scanner tetex"
+
+DEPEND="~kde-base/kdebase-${PV}
+	>=media-libs/freetype-2
+	media-libs/fontconfig
+	gphoto2? ( media-libs/libgphoto2 )
+	scanner? ( media-gfx/sane-backends )
+	media-libs/libart_lgpl
+	media-libs/lcms
+	dev-libs/fribidi
+	imlib? ( media-libs/imlib )
+	virtual/ghostscript
+	media-libs/tiff
+	openexr? ( >=media-libs/openexr-1.2 )
+	povray? ( media-gfx/povray
+		  virtual/opengl )
+	pdf? ( >=app-text/poppler-0.5.1
+		>=app-text/poppler-bindings-0.5.1 )"
+
+RDEPEND="${DEPEND}
+	tetex? (
+	|| ( >=app-text/tetex-2
+		 app-text/ptex
+		 app-text/cstetex
+		 app-text/dvipdfm ) )"
+
+DEPEND="${DEPEND}
+	dev-util/pkgconfig"
+
+pkg_setup() {
+	kde_pkg_setup
+	for ghostscript in app-text/ghostscript-{gnu,esp,afpl}; do
+		if has_version ${ghostscript} && ! built_with_use ${ghostscript} X; then
+			eerror "This package requires ${ghostscript} compiled with X11 support."
+			eerror "Please reemerge ${ghostscript} with USE=\"X\"."
+			die "Please reemerge ${ghostscript} with USE=\"X\"."
+		fi
+	done
+	if use pdf && ! built_with_use app-text/poppler-bindings qt3; then
+		eerror "This package requires app-text/poppler-bindings compiled with Qt 3.x support."
+		eerror "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+		die "Please reemerge app-text/poppler-bindings with USE=\"qt3\"."
+	fi
+}
+
+src_compile() {
+	local myconf="$(use_with openexr) $(use_with pdf poppler)
+				  $(use_with gphoto2 kamera)"
+
+	use imlib || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kuickshow"
+	use scanner || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kooka libkscan"
+	use povray || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpovmodeler"
+	use pdf || export DO_NOT_COMPILE="${DO_NOT_COMPILE} kpdf"
+
+	rm -f "${S}/configure" # ask rebuilding
+	kde_src_compile
+}
author	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-02-07 18:26:13 +0000
committer	Diego Elio Pettenò <flameeyes@gentoo.org>	2007-02-07 18:26:13 +0000
commit	6daab020d207a59ffe9b3bd3242029660cea2325 (patch)
tree	798665b28099cb150194205a1dcc4c4004b6d1c2 /kde-base
parent	Missing configure patch. Bug #165739 (diff)
download	historical-6daab020d207a59ffe9b3bd3242029660cea2325.tar.gz historical-6daab020d207a59ffe9b3bd3242029660cea2325.tar.bz2 historical-6daab020d207a59ffe9b3bd3242029660cea2325.zip