Hi,
I'm running into problems building kdegraphics for stable-security. The
build fails with the following:
/bin/sh ../libtool --mode=install /usr/bin/install -c -p 'libksvg.la'
'/home/jmm/xpdf/kdegraphics-3.5.5/debian/tmp//usr/lib/libksvg.la'
libtool: install: warning: relinking `libksvg.la'
(cd /home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg; /bin/sh
../libtool --tag=CXX --mode=relink g++ -Wno-long-long -Wundef -ansi
-D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts
-Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -g -Wall -O2 -Wformat-security
-Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new
-fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT
-DQT_NO_TRANSLATION -o libksvg.la -rpath /usr/lib -version-info 0:1:0
-no-undefined -L/usr/share/qt3/lib -L/usr/lib dummy.lo dom/libksvgdom.la
impl/libksvgdomimpl.la core/libksvgcore.la ecma/libksvgecma.la -llcms
impl/libs/xrgbrender/libksvgxrgbrender.la
impl/libs/libtext2path/src/libtext2path.la impl/libs/art_support/libksvgart.la
-lkjs -lkhtml -L/usr/lib -lart_lgpl_2 -lm -lfreetype -lz -lfontconfig -lm
-inst-prefix-dir /home/jmm/xpdf/kdegraphics-3.5.5/debian/tmp/)
--> g++ -shared -nostdlib
/usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../lib/crti.o
/usr/lib/gcc/i486-linux-gnu/4.1.2/crtbeginS.o .libs/dummy.o
-Wl,--whole-archive dom/.libs/libksvgdom.a impl/.libs/libksvgdomimpl.a
core/.libs/libksvgcore.a ecma/.libs/libksvgecma.a
impl/libs/xrgbrender/.libs/libksvgxrgbrender.a
impl/libs/art_support/.libs/libksvgart.a -Wl,--no-whole-archive
-L/usr/share/qt3/lib -L/usr/lib
-L/home/jmm/xpdf/kdegraphics-3.5.5/debian/tmp//usr/lib -llcms -ltext2path -lkjs
-lkhtml -lart_lgpl_2 -lfreetype -lz -lfontconfig
-L/usr/lib/gcc/i486-linux-gnu/4.1.2
-L/usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../lib -L/lib/../lib
-L/usr/lib/../lib -lstdc++ -lm -lc -lgcc_s
/usr/lib/gcc/i486-linux-gnu/4.1.2/crtendS.o
/usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../lib/crtn.o -Wl,-soname
-Wl,libksvg.so.0 -o .libs/libksvg.so.0.0.1
collect2: ld returned 1 exit status
libtool: install: error: relink `libksvg.la' with the above command before
installing it
make[4]: *** [install-libLTLIBRARIES] Error 1
make[4]: Leaving directory
`/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory
`/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory
`/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu'
make: *** [common-install-impl] Error 2
[EMAIL PROTECTED]:~/xpdf/kdegraphics-3.5.5$
The step, which I have marked with "-->" takes really long (at least 5 minutes
on my notebook)
and finally bails out with the line starting with "collect2".
Did anyone run into a similar problem building kdegraphics on Etch? Could
anyone please
try a separate build? (I'm building on a plain, up-to-date Etch chroot)
debdiff attached, please CC, I'm not subscribed.
Cheers,
Moritzdiff -Naur kdegraphics-3.5.5.orig/debian/changelog kdegraphics-3.5.5/debian/changelog
--- kdegraphics-3.5.5.orig/debian/changelog 2007-08-03 13:26:27.000000000 +0200
+++ kdegraphics-3.5.5/debian/changelog 2007-08-03 13:38:11.000000000 +0200
@@ -1,3 +1,9 @@
+kdegraphics (4:3.5.5-3etch1) stable-security; urgency=high
+
+ * Fix integer overflow in stream predictor
+
+ -- Moritz Muehlenhoff <[EMAIL PROTECTED]> Fri, 3 Aug 2007 18:37:38 +0200
+
kdegraphics (4:3.5.5-3) unstable; urgency=high
+++ Changes by Sune Vuorela:
diff -Naur kdegraphics-3.5.5.orig/debian/patches/CVE-2007-3387.diff kdegraphics-3.5.5/debian/patches/CVE-2007-3387.diff
--- kdegraphics-3.5.5.orig/debian/patches/CVE-2007-3387.diff 1970-01-01 01:00:00.000000000 +0100
+++ kdegraphics-3.5.5/debian/patches/CVE-2007-3387.diff 2007-08-03 13:37:11.000000000 +0200
@@ -0,0 +1,18 @@
+diff -aur kdegraphics-3.5.5.orig/kpdf/xpdf/xpdf/Stream.cc kdegraphics-3.5.5/kpdf/xpdf/xpdf/Stream.cc
+--- kdegraphics-3.5.5.orig/kpdf/xpdf/xpdf/Stream.cc 2006-01-19 17:38:20.000000000 +0100
++++ kdegraphics-3.5.5/kpdf/xpdf/xpdf/Stream.cc 2007-08-03 13:31:24.000000000 +0200
+@@ -422,8 +422,13 @@
+ return;
+ pixBytes = (nComps * nBits + 7) >> 3;
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+- if (rowBytes < 0)
++
++ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++ nComps > gfxColorMaxComps || nBits > 16 ||
++ width >= INT_MAX / nComps ||
++ nVals >= (INT_MAX - 7) / nBits) {
+ return;
++ }
+
+ predLine = (Guchar *)gmalloc(rowBytes);
+ memset(predLine, 0, rowBytes);
