[Pkg-kde-commits] rev 366 - in branches/kde-3.3.2/kdegraphics/debian: . patches

[Adeodato Sim??]

Author: dato-guest
Date: 2004-12-23 00:24:17 -0700 (Thu, 23 Dec 2004)
New Revision: 366

Added:
   branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff
Modified:
   branches/kde-3.3.2/kdegraphics/debian/changelog
   branches/kde-3.3.2/kdegraphics/debian/control
Log:
3.3.2-0pre2 for experimental:

  * Upload to fix security vulnerability "kpdf Buffer Overflow Vulnerability".
    As per CAN-2004-1125, the xpdf codebase contains a buffer overflow that
    can be triggered by a specially crafted PDF file, and remotely supplied
    pdf files could be used to execute arbitrary code on the client machine.

  * Update package description for several packages, provided by Jes?\195?\186s
    Roncero, thanks! These are: kolourpaint, kgamma, kooka, kpovmodeler,
    kuickshow. (Closes: #286891, #286892, #286893, #286894, #286895, #286881)



Modified: branches/kde-3.3.2/kdegraphics/debian/changelog
===================================================================
--- branches/kde-3.3.2/kdegraphics/debian/changelog	2004-12-22 02:31:01 UTC (rev 365)
+++ branches/kde-3.3.2/kdegraphics/debian/changelog	2004-12-23 07:24:17 UTC (rev 366)
@@ -1,3 +1,16 @@
+kdegraphics (4:3.3.2-0pre2) experimental; urgency=high
+
+  * Upload to fix security vulnerability "kpdf Buffer Overflow Vulnerability".
+    As per CAN-2004-1125, the xpdf codebase contains a buffer overflow that
+    can be triggered by a specially crafted PDF file, and remotely supplied
+    pdf files could be used to execute arbitrary code on the client machine.
+
+  * Update package description for several packages, provided by Jesús
+    Roncero, thanks! These are: kolourpaint, kgamma, kooka, kpovmodeler,
+    kuickshow. (Closes: #286891, #286892, #286893, #286894, #286895, #286881)
+
+ -- Adeodato Simó <asp16@alu.ua.es>  Thu, 23 Dec 2004 08:17:32 +0100
+
 kdegraphics (4:3.3.2-0pre1) experimental; urgency=low
 
   * New upstream release.

Modified: branches/kde-3.3.2/kdegraphics/debian/control
===================================================================
--- branches/kde-3.3.2/kdegraphics/debian/control	2004-12-22 02:31:01 UTC (rev 365)
+++ branches/kde-3.3.2/kdegraphics/debian/control	2004-12-23 07:24:17 UTC (rev 366)
@@ -148,13 +148,11 @@
 Depends: ${shlibs:Depends}
 Suggests: khelpcenter
 Description: Gamma correction KControl module
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KGamma is a KDE Control Center module for gamma calibration/correction
+ of XFree86. With proper gamma settings, your display (websites, images,
+ etc.) will look the same on your monitor as on other monitors.
  .
- KGamma is a control center module for gamma correction
- of the X11 display.
+ Homepage: http://kgamma.berlios.de/index2.php
  .
  This package is part of the official KDE graphics module.
 
@@ -217,13 +215,20 @@
 Depends: ${shlibs:Depends}
 Suggests: khelpcenter
 Description: A Simple Paint Program for KDE
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KolourPaint is a very simple paint program for KDE. It aims to be
+ conceptually simple to understand; providing a level of functionality
+ targeted towards the average user. It's designed for daily tasks like:
  .
- KolourPaint is a very simple paint program for KDE.
+  * Painting - drawing diagrams and "finger painting" 
+  * Image Manipulation - editing screenshots and photos; applying effects 
+  * Icon Editing - drawing clipart and logos with transparency 
  .
+ It's not an unusable and monolithic program where simple tasks like
+ drawing lines become near impossible. Nor is it so simple that it lacks
+ essential features like Undo/Redo.
+ .
+ Homepage: http://kolourpaint.sourceforge.net
+ .
  This package is part of the official KDE graphics module.
 
 Package: kooka
@@ -233,13 +238,17 @@
 Recommends: gocr
 Suggests: khelpcenter
 Description: Scanner program for KDE
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ Kooka is an intuitive, easy to use open source GNU/Linux scan program
+ based on SANE and KScan library.
  .
- Kooka is a scanner program based on SANE and KScan library.
+ Kooka helps you to handle the most important scan parameters, find the
+ correct image file format to save and manage your scanned images. It
+ offers support for different OCR modules. Libkscan, a autonomous part
+ of Kooka, provides a scan service for easy and consistent use to all
+ KDE applications.
  .
+ Homepage: http://www.kde.org/apps/kooka
+ .
  This package is part of the official KDE graphics module.
 
 Package: kpdf
@@ -267,13 +276,18 @@
 Depends: ${shlibs:Depends}
 Suggests: khelpcenter, povray
 Description: A graphical editor for povray scenes
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KPovmodeler is a graphical editor for povray scenes. KPovModeler is a
+ modeling and composition program for creating POV-Ray(TM) scenes in
+ KDE.
  .
- KPovmodeler is a graphical editor for povray scenes.
+ For most of the modelers, POV-Ray is nothing but a rendering engine and
+ they bring a lot of limitations to the innate possibilities of POV-Ray
+ scripted language. This is not the case for KPovModeler which allows
+ you to use all the features of POV-Ray through the translation of
+ POV-Ray language into a graphical tree. 
  .
+ Homepage: http://www.kpovmodeler.org
+ .
  This package is part of the official KDE graphics module.
 
 Package: kruler
@@ -330,12 +344,14 @@
 Depends: ${shlibs:Depends}
 Suggests: khelpcenter
 Description: KDE image/slideshow viewer
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KuickShow is an image browser/viewer with a nice filebrowser to select
+ images to be shown, slideshow support and the ability to display the
+ following image formats: jpg, gif, tiff, png, bmp, psd, xpm, xbm, pbm
+ and eim. Images can be displayed either in their own window, as large
+ as the image, or fullscreen (which shrinks images too large to
+ display). KuickShow also has a slideshow mode. 
  .
- KDE image/slideshow viewer
+ Homepage: http://kuickshow.sourceforge.net
  .
  This package is part of the official KDE graphics module.
 

Added: branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff
===================================================================
--- branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff	2004-12-22 02:31:01 UTC (rev 365)
+++ branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff	2004-12-23 07:24:17 UTC (rev 366)
@@ -0,0 +1,38 @@
+diff -b -p -u -r1.4.4.1 -r1.4.4.2
+--- kdegraphics-orig/kpdf/xpdf/Gfx.cc	2 Sep 2004 21:30:18 -0000	1.4.4.1
++++ kdegraphics-patched/kpdf/xpdf/Gfx.cc	22 Dec 2004 12:05:50 -0000	1.4.4.2
+@@ -2654,7 +2654,9 @@ void Gfx::doImage(Object *ref, Stream *s
+     haveMask = gFalse;
+     dict->lookup("Mask", &maskObj);
+     if (maskObj.isArray()) {
+-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++      for (i = 0;
++	   i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++	   ++i) {
+ 	maskObj.arrayGet(i, &obj1);
+ 	maskColors[i] = obj1.getInt();
+ 	obj1.free();
+diff -b -p -u -r1.3.4.1 -r1.3.4.2
+--- kdegraphics-orig/kpdf/xpdf/GfxState.cc	2 Sep 2004 21:30:18 -0000	1.3.4.1
++++ kdegraphics-patched/kpdf/xpdf/GfxState.cc	22 Dec 2004 12:05:50 -0000	1.3.4.2
+@@ -708,6 +708,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
+   }
+   nCompsA = obj2.getInt();
+   obj2.free();
++  if (nCompsA > gfxColorMaxComps) {
++    error(-1, "ICCBased color space with too many (%d > %d) components",
++	  nCompsA, gfxColorMaxComps);
++    nCompsA = gfxColorMaxComps;
++  }
+   if (dict->lookup("Alternate", &obj2)->isNull() ||
+       !(altA = GfxColorSpace::parse(&obj2))) {
+     switch (nCompsA) {
+@@ -1054,7 +1059,7 @@ GfxColorSpace *GfxDeviceNColorSpace::par
+   }
+   nCompsA = obj1.arrayGetLength();
+   if (nCompsA > gfxColorMaxComps) {
+-    error(-1, "DeviceN color space with more than %d > %d components",
++    error(-1, "DeviceN color space with too many (%d > %d) components",
+ 	  nCompsA, gfxColorMaxComps);
+     nCompsA = gfxColorMaxComps;
+   }