New revisions, not using the poppler patch. Add patch for security bug in 3.5.5-r2 too.

Package-Manager: portage-2.1.2-r8

3 files changed, 67 insertions, 0 deletions

diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2
new file mode 100644
index 000000000000..7dbb38b9a877
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.5-r2
@@ -0,0 +1,3 @@
+MD5 cdbe15afc01c5da7af9557e803bbb7e6 kdegraphics-3.5.5.tar.bz2 7334117
+RMD160 c6febdf8ebd67110be3f27ada4c00e148403217f kdegraphics-3.5.5.tar.bz2 7334117
+SHA256 b6706d37568686e1ca4b4bb2cf1f79c027b94a512f6fe1156b7c7b7f79336f16 kdegraphics-3.5.5.tar.bz2 7334117
diff --git a/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1 b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1
new file mode 100644
index 000000000000..de24125a93ab
--- /dev/null
+++ b/kde-base/kdegraphics/files/digest-kdegraphics-3.5.6-r1
@@ -0,0 +1,3 @@
+MD5 79a1ffb7ae89bede1410411a30be3210 kdegraphics-3.5.6.tar.bz2 7332938
+RMD160 4cb41696ffb1284252009edfe8bd0933ef541800 kdegraphics-3.5.6.tar.bz2 7332938
+SHA256 2c397f3c524b7c465e6d9289944aa8ed2acc43c8bafb983eb3f252aba7a19a1f kdegraphics-3.5.6.tar.bz2 7332938
diff --git a/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
new file mode 100644
index 000000000000..092cf67f360b
--- /dev/null
+++ b/kde-base/kdegraphics/files/post-3.5.5-kdegraphics-CVE-2007-0104.diff
@@ -0,0 +1,61 @@
+--- kpdf/xpdf/xpdf/Catalog.cc
++++ kpdf/xpdf/xpdf/Catalog.cc
+@@ -26,6 +26,12 @@
+ #include "UGString.h"
+ #include "Catalog.h"
+ 
++// This define is used to limit the depth of recursive readPageTree calls
++// This is needed because the page tree nodes can reference their parents
++// leaving us in an infinite loop
++// Most sane pdf documents don't have a call depth higher than 10
++#define MAX_CALL_DEPTH 1000
++
+ //------------------------------------------------------------------------
+ // Catalog
+ //------------------------------------------------------------------------
+@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) {
+     pageRefs[i].num = -1;
+     pageRefs[i].gen = -1;
+   }
+-  numPages = readPageTree(pagesDict.getDict(), NULL, 0);
++  numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0);
+   if (numPages != numPages0) {
+     error(-1, "Page count in top-level pages object is incorrect");
+   }
+@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() {
+   return s;
+ }
+ 
+-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) {
++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) {
+   Object kids;
+   Object kid;
+   Object kidRef;
+@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic
+     // This should really be isDict("Pages"), but I've seen at least one
+     // PDF file where the /Type entry is missing.
+     } else if (kid.isDict()) {
+-      if ((start = readPageTree(kid.getDict(), attrs1, start))
+-	  < 0)
+-	goto err2;
++      if (callDepth > MAX_CALL_DEPTH) {
++        error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH);
++      } else {
++        if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1))
++	    < 0)
++	  goto err2;
++      }
+     } else {
+       error(-1, "Kid object (page %d) is wrong type (%s)",
+ 	    start+1, kid.getTypeName());
+--- kpdf/xpdf/xpdf/Catalog.h
++++ kpdf/xpdf/xpdf/Catalog.h
+@@ -128,7 +128,7 @@ private:
+   Object acroForm;		// AcroForm dictionary
+   GBool ok;			// true if catalog is valid
+ 
+-  int readPageTree(Dict *pages, PageAttrs *attrs, int start);
++  int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth);
+   Object *findDestInTree(Object *tree, GString *name, Object *obj);
+ };
+