rev 5314 - in branches/etch/packages/kdegraphics/debian: . patches

Mon Jan 15 20:03:35 CET 2007

Author: ana
Date: 2007-01-15 20:03:34 +0100 (Mon, 15 Jan 2007)
New Revision: 5314

Added:
   branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff
Modified:
   branches/etch/packages/kdegraphics/debian/changelog
   branches/etch/packages/kdegraphics/debian/control
Log:
Adding patch for CVE-2007-0104.



Modified: branches/etch/packages/kdegraphics/debian/changelog
===================================================================

--- branches/etch/packages/kdegraphics/debian/changelog	2007-01-15 18:31:57 UTC (rev 5313)
+++ branches/etch/packages/kdegraphics/debian/changelog	2007-01-15 19:03:34 UTC (rev 5314)
@@ -1,10 +1,18 @@
-kdegraphics (4:3.5.5-3) UNRELEASED; urgency=low
+kdegraphics (4:3.5.5-3) unstable; urgency=high
 
-  * Make kdegraphics-dbg depend on kdelibs-dbg to get useful backtraces when
-    debugging.
+  +++ Changes by Sune Vuorela:
+  
+  * Make kdegraphics-dbg depend on kdelibs-dbg to get useful backtraces 
+    when debugging.
   * Correct kooka url in debian/control (Closes: #406555)
+  
+  +++ Changes by Ana Beatriz Guerrero Lopez:
+  
+  * Update Uploaders.
+  * Add patch 12_kpdf-CVE-2007-0104.diff to fix denial of service 
+    vulnerability. CVE-2007-0104.
 
- -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Thu, 11 Jan 2007 22:13:49 +0100
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Mon, 15 Jan 2007 19:01:52 +0100
 
 kdegraphics (4:3.5.5-2) unstable; urgency=low
 

Modified: branches/etch/packages/kdegraphics/debian/control
===================================================================
--- branches/etch/packages/kdegraphics/debian/control	2007-01-15 18:31:57 UTC (rev 5313)
+++ branches/etch/packages/kdegraphics/debian/control	2007-01-15 19:03:34 UTC (rev 5314)
@@ -2,7 +2,7 @@
 Section: kde
 Priority: optional
 Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
-Uploaders: Isaac Clerencia <isaac at debian.org>, Pierre Habouzit <madcoder at debian.org>, Christopher Martin <chrsmrtn at debian.org>, Adeodato Simó <dato at net.com.org.es>, Josh Metzler <joshdeb at metzlers.org>
+Uploaders: Isaac Clerencia <isaac at debian.org>, Pierre Habouzit <madcoder at debian.org>, Christopher Martin <chrsmrtn at debian.org>, Adeodato Simó <dato at net.com.org.es>, Josh Metzler <joshdeb at metzlers.org>, Ana Beatriz Guerrero Lopez <ana at debian.org>, Sune Vuorela <debian at pusling.com>
 Build-Depends: cdbs (>= 0.4.39-0.1), debhelper (>= 5.0.31), autotools-dev, gawk, gettext, imlib11-dev, kdelibs4-dev (>= 4:3.5.5), libexif-dev (>= 0.6.9-1), libfribidi-dev, freeglut3-dev, libgphoto2-2-dev, libltdl3-dev, libopenexr-dev (>= 1.2.1), libpaper-dev, libpoppler-qt-dev, libsane-dev (>> 1.0.15), libtiff4-dev, libtiff-tools, libusb-dev, sharutils, tetex-bin, texinfo, libxxf86vm-dev
 Standards-Version: 3.7.2
 

Added: branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff
===================================================================
--- branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff	2007-01-15 18:31:57 UTC (rev 5313)
+++ branches/etch/packages/kdegraphics/debian/patches/12_kpdf-CVE-2007-0104.diff	2007-01-15 19:03:34 UTC (rev 5314)
@@ -0,0 +1,61 @@
+--- kpdf/xpdf/xpdf/Catalog.cc
++++ kpdf/xpdf/xpdf/Catalog.cc
+@@ -26,6 +26,12 @@
+ #include "UGString.h"
+ #include "Catalog.h"
+ 
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
+     pageRefs[i].num = -1;
+     pageRefs[i].gen = -1;
+   }
+-  numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++  numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+   if (numPages != numPages0) {
+     error(-1, "Page count in top-level pages object is incorrect");
+   }
+@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
+   return s;
+ }
+ 
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+   Object kids;
+   Object kid;
+   Object kidRef;
+@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
+     // This should really be isDict("Pages"), but I've seen at least one
+     // PDF file where the /Type entry is missing.
+     } else if (kid.isDict()) {
+-      if ((start = readPageTree(kid.getDict(), attrs1, start))
+-	  < 0)
+-	goto err2;
++      if (callDepth > MAX_CALL_DEPTH) {
++        error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++      } else {
++        if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++	    < 0)
++	  goto err2;
++      }
+     } else {
+       error(-1, "Kid object (page %d) is wrong type (%s)",
+ 	    start+1, kid.getTypeName());
+--- kpdf/xpdf/xpdf/Catalog.h
++++ kpdf/xpdf/xpdf/Catalog.h
+@@ -128,7 +128,7 @@ private:
+   Object acroForm;		// AcroForm dictionary
+   GBool ok;			// true if catalog is valid
+ 
+-  int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++  int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+   Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+ 


