[Pkg-kde-commits] rev 366 - in branches/kde-3.3.2/kdegraphics/debian: . patches
Adeodato Sim??
dato-guest@haydn.debian.org
Thu, 23 Dec 2004 00:25:07 -0700
Author: dato-guest
Date: 2004-12-23 00:24:17 -0700 (Thu, 23 Dec 2004)
New Revision: 366
Added:
branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff
Modified:
branches/kde-3.3.2/kdegraphics/debian/changelog
branches/kde-3.3.2/kdegraphics/debian/control
Log:
3.3.2-0pre2 for experimental:
* Upload to fix security vulnerability "kpdf Buffer Overflow Vulnerability".
As per CAN-2004-1125, the xpdf codebase contains a buffer overflow that
can be triggered by a specially crafted PDF file, and remotely supplied
pdf files could be used to execute arbitrary code on the client machine.
* Update package description for several packages, provided by Jes?\195?\186s
Roncero, thanks! These are: kolourpaint, kgamma, kooka, kpovmodeler,
kuickshow. (Closes: #286891, #286892, #286893, #286894, #286895, #286881)
Modified: branches/kde-3.3.2/kdegraphics/debian/changelog
===================================================================
--- branches/kde-3.3.2/kdegraphics/debian/changelog 2004-12-22 02:31:01 UTC (rev 365)
+++ branches/kde-3.3.2/kdegraphics/debian/changelog 2004-12-23 07:24:17 UTC (rev 366)
@@ -1,3 +1,16 @@
+kdegraphics (4:3.3.2-0pre2) experimental; urgency=high
+
+ * Upload to fix security vulnerability "kpdf Buffer Overflow Vulnerability".
+ As per CAN-2004-1125, the xpdf codebase contains a buffer overflow that
+ can be triggered by a specially crafted PDF file, and remotely supplied
+ pdf files could be used to execute arbitrary code on the client machine.
+
+ * Update package description for several packages, provided by Jesús
+ Roncero, thanks! These are: kolourpaint, kgamma, kooka, kpovmodeler,
+ kuickshow. (Closes: #286891, #286892, #286893, #286894, #286895, #286881)
+
+ -- Adeodato Simó <asp16@alu.ua.es> Thu, 23 Dec 2004 08:17:32 +0100
+
kdegraphics (4:3.3.2-0pre1) experimental; urgency=low
* New upstream release.
Modified: branches/kde-3.3.2/kdegraphics/debian/control
===================================================================
--- branches/kde-3.3.2/kdegraphics/debian/control 2004-12-22 02:31:01 UTC (rev 365)
+++ branches/kde-3.3.2/kdegraphics/debian/control 2004-12-23 07:24:17 UTC (rev 366)
@@ -148,13 +148,11 @@
Depends: ${shlibs:Depends}
Suggests: khelpcenter
Description: Gamma correction KControl module
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KGamma is a KDE Control Center module for gamma calibration/correction
+ of XFree86. With proper gamma settings, your display (websites, images,
+ etc.) will look the same on your monitor as on other monitors.
.
- KGamma is a control center module for gamma correction
- of the X11 display.
+ Homepage: http://kgamma.berlios.de/index2.php
.
This package is part of the official KDE graphics module.
@@ -217,13 +215,20 @@
Depends: ${shlibs:Depends}
Suggests: khelpcenter
Description: A Simple Paint Program for KDE
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KolourPaint is a very simple paint program for KDE. It aims to be
+ conceptually simple to understand; providing a level of functionality
+ targeted towards the average user. It's designed for daily tasks like:
.
- KolourPaint is a very simple paint program for KDE.
+ * Painting - drawing diagrams and "finger painting"
+ * Image Manipulation - editing screenshots and photos; applying effects
+ * Icon Editing - drawing clipart and logos with transparency
.
+ It's not an unusable and monolithic program where simple tasks like
+ drawing lines become near impossible. Nor is it so simple that it lacks
+ essential features like Undo/Redo.
+ .
+ Homepage: http://kolourpaint.sourceforge.net
+ .
This package is part of the official KDE graphics module.
Package: kooka
@@ -233,13 +238,17 @@
Recommends: gocr
Suggests: khelpcenter
Description: Scanner program for KDE
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ Kooka is an intuitive, easy to use open source GNU/Linux scan program
+ based on SANE and KScan library.
.
- Kooka is a scanner program based on SANE and KScan library.
+ Kooka helps you to handle the most important scan parameters, find the
+ correct image file format to save and manage your scanned images. It
+ offers support for different OCR modules. Libkscan, a autonomous part
+ of Kooka, provides a scan service for easy and consistent use to all
+ KDE applications.
.
+ Homepage: http://www.kde.org/apps/kooka
+ .
This package is part of the official KDE graphics module.
Package: kpdf
@@ -267,13 +276,18 @@
Depends: ${shlibs:Depends}
Suggests: khelpcenter, povray
Description: A graphical editor for povray scenes
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KPovmodeler is a graphical editor for povray scenes. KPovModeler is a
+ modeling and composition program for creating POV-Ray(TM) scenes in
+ KDE.
.
- KPovmodeler is a graphical editor for povray scenes.
+ For most of the modelers, POV-Ray is nothing but a rendering engine and
+ they bring a lot of limitations to the innate possibilities of POV-Ray
+ scripted language. This is not the case for KPovModeler which allows
+ you to use all the features of POV-Ray through the translation of
+ POV-Ray language into a graphical tree.
.
+ Homepage: http://www.kpovmodeler.org
+ .
This package is part of the official KDE graphics module.
Package: kruler
@@ -330,12 +344,14 @@
Depends: ${shlibs:Depends}
Suggests: khelpcenter
Description: KDE image/slideshow viewer
- KDE is a powerful Open Source graphical desktop environment
- for Unix workstations. It combines ease of use, contemporary
- functionality, and outstanding graphical design with the
- technological superiority of the Unix operating system.
+ KuickShow is an image browser/viewer with a nice filebrowser to select
+ images to be shown, slideshow support and the ability to display the
+ following image formats: jpg, gif, tiff, png, bmp, psd, xpm, xbm, pbm
+ and eim. Images can be displayed either in their own window, as large
+ as the image, or fullscreen (which shrinks images too large to
+ display). KuickShow also has a slideshow mode.
.
- KDE image/slideshow viewer
+ Homepage: http://kuickshow.sourceforge.net
.
This package is part of the official KDE graphics module.
Added: branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff
===================================================================
--- branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff 2004-12-22 02:31:01 UTC (rev 365)
+++ branches/kde-3.3.2/kdegraphics/debian/patches/12_fix-CAN-2004-1125.diff 2004-12-23 07:24:17 UTC (rev 366)
@@ -0,0 +1,38 @@
+diff -b -p -u -r1.4.4.1 -r1.4.4.2
+--- kdegraphics-orig/kpdf/xpdf/Gfx.cc 2 Sep 2004 21:30:18 -0000 1.4.4.1
++++ kdegraphics-patched/kpdf/xpdf/Gfx.cc 22 Dec 2004 12:05:50 -0000 1.4.4.2
+@@ -2654,7 +2654,9 @@ void Gfx::doImage(Object *ref, Stream *s
+ haveMask = gFalse;
+ dict->lookup("Mask", &maskObj);
+ if (maskObj.isArray()) {
+- for (i = 0; i < maskObj.arrayGetLength(); ++i) {
++ for (i = 0;
++ i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps;
++ ++i) {
+ maskObj.arrayGet(i, &obj1);
+ maskColors[i] = obj1.getInt();
+ obj1.free();
+diff -b -p -u -r1.3.4.1 -r1.3.4.2
+--- kdegraphics-orig/kpdf/xpdf/GfxState.cc 2 Sep 2004 21:30:18 -0000 1.3.4.1
++++ kdegraphics-patched/kpdf/xpdf/GfxState.cc 22 Dec 2004 12:05:50 -0000 1.3.4.2
+@@ -708,6 +708,11 @@ GfxColorSpace *GfxICCBasedColorSpace::pa
+ }
+ nCompsA = obj2.getInt();
+ obj2.free();
++ if (nCompsA > gfxColorMaxComps) {
++ error(-1, "ICCBased color space with too many (%d > %d) components",
++ nCompsA, gfxColorMaxComps);
++ nCompsA = gfxColorMaxComps;
++ }
+ if (dict->lookup("Alternate", &obj2)->isNull() ||
+ !(altA = GfxColorSpace::parse(&obj2))) {
+ switch (nCompsA) {
+@@ -1054,7 +1059,7 @@ GfxColorSpace *GfxDeviceNColorSpace::par
+ }
+ nCompsA = obj1.arrayGetLength();
+ if (nCompsA > gfxColorMaxComps) {
+- error(-1, "DeviceN color space with more than %d > %d components",
++ error(-1, "DeviceN color space with too many (%d > %d) components",
+ nCompsA, gfxColorMaxComps);
+ nCompsA = gfxColorMaxComps;
+ }