rev 5314 - in branches/etch/packages/kdegraphics/debian: . patches
Ana Beatriz Guerrero López
ana at alioth.debian.org
Mon Jan 15 20:03:35 CET 2007
Author: ana
Date: 2007-01-15 20:03:34 +0100 (Mon, 15 Jan 2007)
New Revision: 5314
Added:
branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff
Modified:
branches/etch/packages/kdegraphics/debian/changelog
branches/etch/packages/kdegraphics/debian/control
Log:
Adding patch for CVE-2007-0104.
Modified: branches/etch/packages/kdegraphics/debian/changelog
===================================================================
--- branches/etch/packages/kdegraphics/debian/changelog 2007-01-15 18:31:57 UTC (rev 5313)
+++ branches/etch/packages/kdegraphics/debian/changelog 2007-01-15 19:03:34 UTC (rev 5314)
@@ -1,10 +1,18 @@
-kdegraphics (4:3.5.5-3) UNRELEASED; urgency=low
+kdegraphics (4:3.5.5-3) unstable; urgency=high
- * Make kdegraphics-dbg depend on kdelibs-dbg to get useful backtraces when
- debugging.
+ +++ Changes by Sune Vuorela:
+
+ * Make kdegraphics-dbg depend on kdelibs-dbg to get useful backtraces
+ when debugging.
* Correct kooka url in debian/control (Closes: #406555)
+
+ +++ Changes by Ana Beatriz Guerrero Lopez:
+
+ * Update Uploaders.
+ * Add patch 12_kpdf-CVE-2007-0104.diff to fix denial of service
+ vulnerability. CVE-2007-0104.
- -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Thu, 11 Jan 2007 22:13:49 +0100
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 15 Jan 2007 19:01:52 +0100
kdegraphics (4:3.5.5-2) unstable; urgency=low
Modified: branches/etch/packages/kdegraphics/debian/control
===================================================================
--- branches/etch/packages/kdegraphics/debian/control 2007-01-15 18:31:57 UTC (rev 5313)
+++ branches/etch/packages/kdegraphics/debian/control 2007-01-15 19:03:34 UTC (rev 5314)
@@ -2,7 +2,7 @@
Section: kde
Priority: optional
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
-Uploaders: Isaac Clerencia <isaac at debian.org>, Pierre Habouzit <madcoder at debian.org>, Christopher Martin <chrsmrtn at debian.org>, Adeodato Simó <dato at net.com.org.es>, Josh Metzler <joshdeb at metzlers.org>
+Uploaders: Isaac Clerencia <isaac at debian.org>, Pierre Habouzit <madcoder at debian.org>, Christopher Martin <chrsmrtn at debian.org>, Adeodato Simó <dato at net.com.org.es>, Josh Metzler <joshdeb at metzlers.org>, Ana Beatriz Guerrero Lopez <ana at debian.org>, Sune Vuorela <debian at pusling.com>
Build-Depends: cdbs (>= 0.4.39-0.1), debhelper (>= 5.0.31), autotools-dev, gawk, gettext, imlib11-dev, kdelibs4-dev (>= 4:3.5.5), libexif-dev (>= 0.6.9-1), libfribidi-dev, freeglut3-dev, libgphoto2-2-dev, libltdl3-dev, libopenexr-dev (>= 1.2.1), libpaper-dev, libpoppler-qt-dev, libsane-dev (>> 1.0.15), libtiff4-dev, libtiff-tools, libusb-dev, sharutils, tetex-bin, texinfo, libxxf86vm-dev
Standards-Version: 3.7.2
Added: branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff
===================================================================
--- branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff 2007-01-15 18:31:57 UTC (rev 5313)
+++ branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff 2007-01-15 19:03:34 UTC (rev 5314)
@@ -0,0 +1,61 @@
+--- kpdf/xpdf/xpdf/Catalog.cc
++++ kpdf/xpdf/xpdf/Catalog.cc
+@@ -26,6 +26,12 @@
+ #include "UGString.h"
+ #include "Catalog.h"
+
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
+ pageRefs[i].num = -1;
+ pageRefs[i].gen = -1;
+ }
+- numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+ if (numPages != numPages0) {
+ error(-1, "Page count in top-level pages object is incorrect");
+ }
+@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
+ return s;
+ }
+
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+ Object kids;
+ Object kid;
+ Object kidRef;
+@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
+ // This should really be isDict("Pages"), but I've seen at least one
+ // PDF file where the /Type entry is missing.
+ } else if (kid.isDict()) {
+- if ((start = readPageTree(kid.getDict(), attrs1, start))
+- < 0)
+- goto err2;
++ if (callDepth > MAX_CALL_DEPTH) {
++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++ } else {
++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++ < 0)
++ goto err2;
++ }
+ } else {
+ error(-1, "Kid object (page %d) is wrong type (%s)",
+ start+1, kid.getTypeName());
+--- kpdf/xpdf/xpdf/Catalog.h
++++ kpdf/xpdf/xpdf/Catalog.h
+@@ -128,7 +128,7 @@ private:
+ Object acroForm; // AcroForm dictionary
+ GBool ok; // true if catalog is valid
+
+- int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+ Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+
More information about the pkg-kde-commits
mailing list