Backport security patch thanks to steev, bug 188863

Package-Manager: portage-2.1.3.6
author: Stefan Schweizer <genstef@gentoo.org> 2007-08-23 19:05:59 +0000
committer: Stefan Schweizer <genstef@gentoo.org> 2007-08-23 19:05:59 +0000
commit: be6e8e9106760eeef890c90056b3b2ba3e8d9a56 (patch)
tree: 386ba6b74687e122d62882f728825afd59467fb3
parent: revision bump, thanks to bug #189944 (diff)
download: historical-be6e8e9106760eeef890c90056b3b2ba3e8d9a56.tar.gz
historical-be6e8e9106760eeef890c90056b3b2ba3e8d9a56.tar.bz2
historical-be6e8e9106760eeef890c90056b3b2ba3e8d9a56.zip
5 files changed, 107 insertions, 5 deletions
diff --git a/app-text/poppler/ChangeLog b/app-text/poppler/ChangeLog
index 2942e970eab6..aaec913f15d0 100644
--- a/app-text/poppler/ChangeLog
+++ b/app-text/poppler/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-text/poppler
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/poppler/ChangeLog,v 1.129 2007/08/23 18:21:09 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/poppler/ChangeLog,v 1.130 2007/08/23 19:05:59 genstef Exp $
+
+*poppler-0.5.4-r2 (23 Aug 2007)
+
+  23 Aug 2007; Stefan Schweizer <genstef@gentoo.org>
+  +files/poppler-cve-2007-3387.patch, +poppler-0.5.4-r2.ebuild:
+  Backport security patch thanks to steev, bug 188863
 
   23 Aug 2007; Jeroen Roovers <jer@gentoo.org> poppler-0.5.91.ebuild:
   Stable for HPPA (bug #188863).
diff --git a/app-text/poppler/Manifest b/app-text/poppler/Manifest
index 82d4eb728fbb..de83f46974ba 100644
--- a/app-text/poppler/Manifest
+++ b/app-text/poppler/Manifest
@@ -6,6 +6,10 @@ AUX poppler-0.5.9-header.patch 2264 RMD160 38c71762143f4a4e696a67f63e888c4c8bf2b
 MD5 0d83ad0368c55eb6b3c1a2f785ca0bc1 files/poppler-0.5.9-header.patch 2264
 RMD160 38c71762143f4a4e696a67f63e888c4c8bf2b73b files/poppler-0.5.9-header.patch 2264
 SHA256 6955bbb45227aa6c21675ef4ac71df9163190808567031c52de994ee00047118 files/poppler-0.5.9-header.patch 2264
+AUX poppler-cve-2007-3387.patch 1028 RMD160 48b0007fe1779304e926634de123aaca01496dc0 SHA1 7179b5d4b0240e528150a471e54c219446dfc012 SHA256 883e08847dc9161d7065dc7725b293e3452fc45a9575017c0aa1eb1779ddc7d0
+MD5 38672c5b0ef6a876a44a06376817a220 files/poppler-cve-2007-3387.patch 1028
+RMD160 48b0007fe1779304e926634de123aaca01496dc0 files/poppler-cve-2007-3387.patch 1028
+SHA256 883e08847dc9161d7065dc7725b293e3452fc45a9575017c0aa1eb1779ddc7d0 files/poppler-cve-2007-3387.patch 1028
 DIST poppler-0.5.3.tar.gz 1049900 RMD160 3456de23955fc4001842c76d32deba308bd7f968 SHA1 e197f5cf56f0676b5ca313577dd6456a393c46ec SHA256 5cfabff39670610fa8f5c33da7b9b0ae89d445445be6d6c245cdce8bf3f24190
 DIST poppler-0.5.4.tar.gz 1062401 RMD160 f28c89b03388757067505df3c60a1d878626b0dd SHA1 edf4e4ff17ef86a7f60f097949ad7db53fa2c3b1 SHA256 ca0f880a4ff07391e99b443f0e7c9860241df6a6aaa327b9d811b358d94a29c9
 DIST poppler-0.5.9.tar.gz 1169002 RMD160 3aab75dfb1f4226048c23ed9b6f08fdb2608feb1 SHA1 8053ede1d7e3d30a3dd934b4d8738334f966004e SHA256 bee251e5149ac9dd8824aac316456b78a82f4e1954eb3c1a94db3625340ef61e
@@ -18,6 +22,10 @@ EBUILD poppler-0.5.4-r1.ebuild 1309 RMD160 66c953134388ad21e19331b4dc6de730bd51e
 MD5 f1cf5feec3fb0ed636bc63c685b83ff0 poppler-0.5.4-r1.ebuild 1309
 RMD160 66c953134388ad21e19331b4dc6de730bd51ecae poppler-0.5.4-r1.ebuild 1309
 SHA256 235711311f3e8336c11cceca872b5120d48041b32fe4103dc32313d56e3e23cc poppler-0.5.4-r1.ebuild 1309
+EBUILD poppler-0.5.4-r2.ebuild 1355 RMD160 bcb81c243403344cedb1aa11f7641a6fe4a76098 SHA1 1b9fd3bc1c8fdeca39d1a30f3487b43debc5edf7 SHA256 61bf5a7f6025e0875f029573c1c383396b59a8832b947517f3be4e571b9bc712
+MD5 7ec4c5b458319765d68a306063f241b4 poppler-0.5.4-r2.ebuild 1355
+RMD160 bcb81c243403344cedb1aa11f7641a6fe4a76098 poppler-0.5.4-r2.ebuild 1355
+SHA256 61bf5a7f6025e0875f029573c1c383396b59a8832b947517f3be4e571b9bc712 poppler-0.5.4-r2.ebuild 1355
 EBUILD poppler-0.5.4.ebuild 1255 RMD160 4047503bb1d510d50aeecd540ed555bf87232f02 SHA1 2b7997b29d10c0172b23076bb9a1a40f9ee51929 SHA256 0f53a585937a5c486304027cd99a0b000ca41ed93f00711cca1d65cf6ff02377
 MD5 317c6ca65935b24513e3b1f4b6be38a7 poppler-0.5.4.ebuild 1255
 RMD160 4047503bb1d510d50aeecd540ed555bf87232f02 poppler-0.5.4.ebuild 1255
@@ -30,10 +38,10 @@ EBUILD poppler-0.5.91.ebuild 1224 RMD160 11d4d8b05ad90f4d1c75078daae3bb41c578c30
 MD5 3bbad6a72a06df03f10ca8f3610c097c poppler-0.5.91.ebuild 1224
 RMD160 11d4d8b05ad90f4d1c75078daae3bb41c578c308 poppler-0.5.91.ebuild 1224
 SHA256 b141a5ea01382d9db86a50eb92bbef9b13647a428b0df2f3202149eda8a59bbe poppler-0.5.91.ebuild 1224
-MISC ChangeLog 17477 RMD160 ece6683aea11625e439ac3729c3c645a9b3481d2 SHA1 9b16b3b92ad0e4408abe7bba6c5135330dbfb923 SHA256 c7b6ab2a0324fd3e525725d404cb07bbe6ab47cb2adf9c160c4088c31f67ce60
-MD5 025552cca4e13d2f309902d1e898d12d ChangeLog 17477
-RMD160 ece6683aea11625e439ac3729c3c645a9b3481d2 ChangeLog 17477
-SHA256 c7b6ab2a0324fd3e525725d404cb07bbe6ab47cb2adf9c160c4088c31f67ce60 ChangeLog 17477
+MISC ChangeLog 17686 RMD160 6e7f07c63017ddfd14ef801e17212fe776a9e020 SHA1 c6edb3b4d339473b6e9e98ae0fddda8ead26c042 SHA256 7ffeb4de8404b8220682bb8a872f927c8c0c9feeae601472056626f12ae19065
+MD5 64e0388165fe532b34e35452f7f0d597 ChangeLog 17686
+RMD160 6e7f07c63017ddfd14ef801e17212fe776a9e020 ChangeLog 17686
+SHA256 7ffeb4de8404b8220682bb8a872f927c8c0c9feeae601472056626f12ae19065 ChangeLog 17686
 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76
 MD5 26b4b081d538c195dc39bcb2ec8e6f3a metadata.xml 161
 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 metadata.xml 161
@@ -47,6 +55,9 @@ SHA256 e98abc83422dd85e19f4a3bfccbaa25079f6a78c1f326f7a0f2fbec61cb9bb3d files/di
 MD5 a1e0228078c7c35fece8606abf60e755 files/digest-poppler-0.5.4-r1 244
 RMD160 fc23315deb3d8d4c5c66c228e721ca49d9b6bf59 files/digest-poppler-0.5.4-r1 244
 SHA256 e98abc83422dd85e19f4a3bfccbaa25079f6a78c1f326f7a0f2fbec61cb9bb3d files/digest-poppler-0.5.4-r1 244
+MD5 a1e0228078c7c35fece8606abf60e755 files/digest-poppler-0.5.4-r2 244
+RMD160 fc23315deb3d8d4c5c66c228e721ca49d9b6bf59 files/digest-poppler-0.5.4-r2 244
+SHA256 e98abc83422dd85e19f4a3bfccbaa25079f6a78c1f326f7a0f2fbec61cb9bb3d files/digest-poppler-0.5.4-r2 244
 MD5 e86666f32aad9ab69642e968318e0fe3 files/digest-poppler-0.5.9-r1 244
 RMD160 4df3072152cee76f0fe857a4303b1329fa76e292 files/digest-poppler-0.5.9-r1 244
 SHA256 a6f8eeeffe559868d621659014edd8595b0f92e4f28369fc0504faf3651e0b41 files/digest-poppler-0.5.9-r1 244
diff --git a/app-text/poppler/files/digest-poppler-0.5.4-r2 b/app-text/poppler/files/digest-poppler-0.5.4-r2
new file mode 100644
index 000000000000..3cf1476067e6
--- /dev/null
+++ b/app-text/poppler/files/digest-poppler-0.5.4-r2
@@ -0,0 +1,3 @@
+MD5 053fdfd70533ecce1a06353fa945f061 poppler-0.5.4.tar.gz 1062401
+RMD160 f28c89b03388757067505df3c60a1d878626b0dd poppler-0.5.4.tar.gz 1062401
+SHA256 ca0f880a4ff07391e99b443f0e7c9860241df6a6aaa327b9d811b358d94a29c9 poppler-0.5.4.tar.gz 1062401
diff --git a/app-text/poppler/files/poppler-cve-2007-3387.patch b/app-text/poppler/files/poppler-cve-2007-3387.patch
new file mode 100644
index 000000000000..2e174e1c0063
--- /dev/null
+++ b/app-text/poppler/files/poppler-cve-2007-3387.patch
@@ -0,0 +1,32 @@
+diff -Nur poppler-0.5.4/poppler/Stream.cc poppler-0.5.4.new/poppler/Stream.cc
+--- poppler-0.5.4/poppler/Stream.cc	2006-07-28 11:07:41.000000000 -0700
++++ poppler-0.5.4.new/poppler/Stream.cc	2007-08-07 11:29:59.854631893 -0700
+@@ -422,21 +422,14 @@
+   ok = gFalse;
+ 
+   nVals = width * nComps;
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX/nBits ||
+-      width >= INT_MAX/nComps/nBits ||
+-      nVals * nBits + 7 < 0) {
+-    return;
+-  }
+-  totalBits = nVals * nBits;
+-  if (totalBits == 0 ||
+-      (totalBits / nBits) / nComps != width ||
+-      totalBits + 7 < 0) {
+-    return;
+-  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+-  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0) {
++  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps > gfxColorMaxComps ||
++      nBits > 16 ||
++      nVals <= 0 ||
++      nVals * nBits + 7 <= 0 ||
++      rowBytes <= 0) {
+     return;
+   }
+   predLine = (Guchar *)gmalloc(rowBytes);
diff --git a/app-text/poppler/poppler-0.5.4-r2.ebuild b/app-text/poppler/poppler-0.5.4-r2.ebuild
new file mode 100644
index 000000000000..813f7c9295d7
--- /dev/null
+++ b/app-text/poppler/poppler-0.5.4-r2.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/poppler/poppler-0.5.4-r2.ebuild,v 1.1 2007/08/23 19:05:59 genstef Exp $
+
+inherit libtool eutils
+
+DESCRIPTION="PDF rendering library based on the xpdf-3.0 code base"
+HOMEPAGE="http://poppler.freedesktop.org/"
+SRC_URI="http://poppler.freedesktop.org/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE="cjk jpeg zlib"
+
+RDEPEND=">=media-libs/freetype-2.1.8
+	media-libs/fontconfig
+	cjk? ( app-text/poppler-data )
+	jpeg? ( >=media-libs/jpeg-6b )
+	!app-text/pdftohtml"
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch ${FILESDIR}/004_CVE-2007-0104.patch
+	epatch ${FILESDIR}/poppler-cve-2007-3387.patch
+	elibtoolize
+}
+
+src_compile() {
+	econf \
+		--disable-poppler-qt4 \
+		--disable-poppler-glib \
+		--disable-poppler-qt \
+		--disable-gtk-test \
+		--enable-opi \
+		--disable-cairo-output \
+		--enable-xpdf-headers \
+		$(use_enable jpeg libjpeg) \
+		$(use_enable zlib) \
+		|| die "configuration failed"
+	emake || die "compilation failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "make install failed"
+	dodoc README AUTHORS ChangeLog NEWS README-XPDF TODO pdf2xml.dtd
+}
author	Stefan Schweizer <genstef@gentoo.org>	2007-08-23 19:05:59 +0000
committer	Stefan Schweizer <genstef@gentoo.org>	2007-08-23 19:05:59 +0000
commit	be6e8e9106760eeef890c90056b3b2ba3e8d9a56 (patch)
tree	386ba6b74687e122d62882f728825afd59467fb3
parent	revision bump, thanks to bug #189944 (diff)
download	historical-be6e8e9106760eeef890c90056b3b2ba3e8d9a56.tar.gz historical-be6e8e9106760eeef890c90056b3b2ba3e8d9a56.tar.bz2 historical-be6e8e9106760eeef890c90056b3b2ba3e8d9a56.zip