[arch-commits] Commit in kdegraphics/trunk (CVE-2010-2575.patch PKGBUILD)

Pierre Schmitz pierre at archlinux.org
Tue Aug 24 14:37:01 EDT 2010


    Date: Tuesday, August 24, 2010 @ 14:37:00
  Author: pierre
Revision: 88744

security update CVE-2010-2575

Added:
  kdegraphics/trunk/CVE-2010-2575.patch
Modified:
  kdegraphics/trunk/PKGBUILD

---------------------+
 CVE-2010-2575.patch |   28 ++++++++++++++++++++++++++++
 PKGBUILD            |   13 +++++++++----
 2 files changed, 37 insertions(+), 4 deletions(-)

Added: CVE-2010-2575.patch
===================================================================
--- CVE-2010-2575.patch	                        (rev 0)
+++ CVE-2010-2575.patch	2010-08-24 18:37:00 UTC (rev 88744)
@@ -0,0 +1,28 @@
+--- okular/generators/plucker/unpluck/image.cpp	(revision 1162413)
++++ okular/generators/plucker/unpluck/image.cpp	(working copy)
+@@ -289,8 +289,23 @@
+             for (j = 0; j < bytes_per_row;) {
+                 incount = *palm_ptr++;
+                 inval = *palm_ptr++;
+-                memset (rowbuf + j, inval, incount);
+-                j += incount;
++                if (incount + j <= bytes_per_row  * width)
++                {
++                    memset (rowbuf + j, inval, incount);
++                    j += incount;
++                }
++                else
++                {
++                    free (rowbuf);
++                    free (lastrow);
++                    free (jpeg_row);
++
++                    jpeg_destroy_compress (&cinfo);
++
++                    fclose( outfile );
++
++                    return false;
++                }
+             }
+         }
+         else if ((flags & PALM_IS_COMPRESSED_FLAG)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-08-24 17:39:37 UTC (rev 88743)
+++ PKGBUILD	2010-08-24 18:37:00 UTC (rev 88744)
@@ -13,7 +13,7 @@
          'kdegraphics-libs'
          'kdegraphics-okular')
 pkgver=4.5.0
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url='http://www.kde.org'
 license=('GPL' 'LGPL' 'FDL')
@@ -21,10 +21,15 @@
 makedepends=('pkgconfig' 'cmake' 'automoc4' 'kdebase-runtime' 'poppler-qt'
 	'libspectre' 'sane' 'chmlib' 'libdjvu' 'lcms' 'qimageblitz' 'ebook-tools'
 	'libxxf86vm' 'docbook-xsl')
-source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2")
-sha1sums=('fe30125c0e04139c74a55c09b64301174fc7e8ad')                                                                                                                                              
+source=("http://download.kde.org/stable/${pkgver}/src/${pkgbase}-${pkgver}.tar.bz2"
+        'CVE-2010-2575.patch')
+sha1sums=('fe30125c0e04139c74a55c09b64301174fc7e8ad'
+          '50ac5bc79007b1bb613d6f382841528107fed2d9')
+
 build() {
-	cd ${srcdir}
+	cd ${srcdir}/${pkgbase}-${pkgver}
+	patch -p0 -i ${srcdir}/CVE-2010-2575.patch
+	cd ..
 	mkdir build
 	cd build
 	cmake ../${pkgbase}-${pkgver} \



More information about the arch-commits mailing list