rpms/koffice/F-7 koffice-xpdf-CVE-2007-3387.diff, NONE, 1.1 koffice.spec, 1.57, 1.58 koffice-1.6.3-nodisplay.patch, 1.1, NONE
Rex Dieter (rdieter)
fedora-extras-commits at redhat.com
Mon Aug 13 18:48:58 UTC 2007
Author: rdieter
Update of /cvs/pkgs/rpms/koffice/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4224
Modified Files:
koffice.spec
Added Files:
koffice-xpdf-CVE-2007-3387.diff
Removed Files:
koffice-1.6.3-nodisplay.patch
Log Message:
* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
1.6.3-9
- CVE-2007-3387 (#251522, #251524)
* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
1.6.3-8
- License: GPLv2+
- -libs: move libk*common.so.* here
* Sat Jun 24 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
1.6.3-7
- -devel: %%exclude %%_libdir/libkudesignercore.so (#245333)
koffice-xpdf-CVE-2007-3387.diff:
--- NEW FILE koffice-xpdf-CVE-2007-3387.diff ---
--- filters/kword/pdf/xpdf/xpdf/Stream.cc
+++ filters/kword/pdf/xpdf/xpdf/Stream.cc
@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream
predLine = NULL;
ok = gFalse;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits)
- return;
-
nVals = width * nComps;
- if (nVals * nBits + 7 <= 0)
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps >= 4 || nBits > 16 ||
+ width >= INT_MAX / nComps ||
+ nVals >= (INT_MAX - 7) / nBits)
return;
pixBytes = (nComps * nBits + 7) >> 3;
Index: koffice.spec
===================================================================
RCS file: /cvs/pkgs/rpms/koffice/F-7/koffice.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- koffice.spec 21 Jun 2007 20:04:38 -0000 1.57
+++ koffice.spec 13 Aug 2007 18:48:26 -0000 1.58
@@ -1,20 +1,20 @@
Name: koffice
Version: 1.6.3
-Release: 6%{?dist}
+Release: 9%{?dist}
Summary: A free, integrated office suite for KDE
Group: Applications/Productivity
-License: GPL/LGPL
+# apps GPLv2+, libs LGPLv2+
+License: GPLv2+
URL: http://www.koffice.org/
Source0: ftp://ftp.kde.org/pub/kde/stable/koffice-%{version}/src/koffice-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source100: koshell.png
-## http://bugzilla.redhat.com/245061
-Patch1: koffice-1.6.3-nodisplay.patch
-#BuildRequires: automake libtool
+# http://www.kde.org/info/security/advisory-20070730-1.txt
+Patch1: ftp://ftp.kde.org/pub/kde/security_patches/koffice-xpdf-CVE-2007-3387.diff
# BuildRequires: world-devel ;)
BuildRequires: kdebase-devel
@@ -238,9 +238,7 @@
%prep
%setup -q
-## see NoDisplay hack in %%install...
-#patch1 -p1 -b .nodisplay
-#make -f admin/Makefile.common
+%patch1 -p0 -b .CVE-2007-3387
%build
@@ -285,7 +283,8 @@
--delete-original \
$RPM_BUILD_ROOT%{_datadir}/applnk/Office/*.desktop
-## Hack-in NoDisplay=True, until http://bugzilla.redhat.com/245190 is fixed
+## Hack-in NoDisplay=True (http://bugzilla.redhat.com/245061)
+## until http://bugzilla.redhat.com/245190 is fixed
for desktop_file in $RPM_BUILD_ROOT%{_datadir}/applnk/.hidden/*.desktop ; do
grep "^NoDisplay=" ${desktop_file} || \
echo "NoDisplay=True" >> ${desktop_file}
@@ -419,7 +418,10 @@
%files libs
%defattr(-,root,root,-)
-#_libdir/lib*.so.*
+#_libdir/libk*common.so.*
+%{_libdir}/libkarboncommon.so.*
+%{_libdir}/libkiviocommon.so.*
+%{_libdir}/libkspreadcommon.so.*
%{_libdir}/libkdchart.so.*
%{_libdir}/libkochart.so.*
%{_libdir}/libkofficecore.so.*
@@ -441,6 +443,7 @@
%{_includedir}/*
%{_datadir}/doc/HTML/en/koffice-apidocs/
%{_libdir}/lib*.so
+%exclude %{_libdir}/libkudesignercore.so
%exclude %{_libdir}/libkdeinit_*.so
%files kword
@@ -462,7 +465,7 @@
%defattr(-,root,root,-)
%{_bindir}/kspread
%{_libdir}/libkdeinit_kspread.so
-%{_libdir}/libkspreadcommon.so.*
+#{_libdir}/libkspreadcommon.so.*
%{_libdir}/kde3/kspread.*
%{_libdir}/kde3/libkspreadpart.*
%{_libdir}/kde3/kwmailmerge_kspread.*
@@ -503,7 +506,7 @@
%defattr(-,root,root,-)
%{_bindir}/karbon
%{_libdir}/libkdeinit_karbon.so
-%{_libdir}/libkarboncommon.so.*
+#{_libdir}/libkarboncommon.so.*
%{_libdir}/kde3/*karbon*.*
%{_libdir}/kde3/libwmfexport.*
%{_libdir}/kde3/libwmfimport.*
@@ -615,7 +618,7 @@
%defattr(-,root,root,-)
%{_bindir}/kivio
%{_libdir}/libkdeinit_kivio.so
-%{_libdir}/libkiviocommon.so.*
+#{_libdir}/libkiviocommon.so.*
%{_libdir}/kde3/*kivio*.*
%{_libdir}/kde3/straight_connector.*
%{_datadir}/apps/kivio/
@@ -692,21 +695,34 @@
%changelog
+* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
+1.6.3-9
+- CVE-2007-3387 (#251522, #251524)
+
+* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
+1.6.3-8
+- License: GPLv2+
+- -libs: move libk*common.so.* here
+
+* Sat Jun 24 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
+1.6.3-7
+- -devel: %%exclude %%_libdir/libkudesignercore.so (#245333)
+
* Thu Jun 21 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
-1.6.2-6
+1.6.3-6
- use simpler NoDisplay=True hack (workaround #245190)
- disable (kross)ruby on rawhide (for now)
* Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
-1.6.2-5
+1.6.3-5
- mark applnk/.hidden/*.desktop NoDisplay=True instead (#245061)
* Fri Jun 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
-1.6.2-3
+1.6.3-3
- (really) require version of kdelibs used to build against (#244091)
* Fri Jun 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
-1.6.2-2
+1.6.3-2
- Require version of kdelibs used to build against (#244091)
- -suite: use versioned Requires
--- koffice-1.6.3-nodisplay.patch DELETED ---
More information about the fedora-extras-commits
mailing list