Build problem for stable-security/kpdf

To: debian-qt-kde@lists.debian.org
Subject: Build problem for stable-security/kpdf
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 8 Aug 2007 22:40:16 +0200
Message-id: <[🔎] 20070808204016.GA4326@galadriel.inutil.org>

Hi,
I'm running into problems building kdegraphics for stable-security. The
build fails with the following:

 /bin/sh ../libtool --mode=install /usr/bin/install -c -p  'libksvg.la' '/home/jmm/xpdf/kdegraphics-3.5.5/debian/tmp//usr/lib/libksvg.la'
libtool: install: warning: relinking `libksvg.la'
(cd /home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg; /bin/sh ../libtool  --tag=CXX --mode=relink g++ -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -g -Wall -O2 -Wformat-security -Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT -DQT_NO_TRANSLATION -o libksvg.la -rpath /usr/lib -version-info 0:1:0 -no-undefined -L/usr/share/qt3/lib -L/usr/lib dummy.lo dom/libksvgdom.la impl/libksvgdomimpl.la core/libksvgcore.la ecma/libksvgecma.la -llcms impl/libs/xrgbrender/libksvgxrgbrender.la impl/libs/libtext2path/src/libtext2path.la impl/libs/art_support/libksvgart.la -lkjs -lkhtml -L/usr/lib -lart_lgpl_2 -lm -lfreetype -lz -lfontconfig -lm -inst-prefix-dir /home/jmm/xpdf/kdegraphics-3.5.5/debian/tmp/)
-->  g++ -shared -nostdlib /usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../lib/crti.o /usr/lib/gcc/i486-linux-gnu/4.1.2/crtbeginS.o  .libs/dummy.o -Wl,--whole-archive dom/.libs/libksvgdom.a impl/.libs/libksvgdomimpl.a core/.libs/libksvgcore.a ecma/.libs/libksvgecma.a impl/libs/xrgbrender/.libs/libksvgxrgbrender.a impl/libs/art_support/.libs/libksvgart.a -Wl,--no-whole-archive  -L/usr/share/qt3/lib -L/usr/lib -L/home/jmm/xpdf/kdegraphics-3.5.5/debian/tmp//usr/lib -llcms -ltext2path -lkjs -lkhtml -lart_lgpl_2 -lfreetype -lz -lfontconfig -L/usr/lib/gcc/i486-linux-gnu/4.1.2 -L/usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../lib -L/lib/../lib -L/usr/lib/../lib -lstdc++ -lm -lc -lgcc_s /usr/lib/gcc/i486-linux-gnu/4.1.2/crtendS.o /usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../lib/crtn.o  -Wl,-soname -Wl,libksvg.so.0 -o .libs/libksvg.so.0.0.1
collect2: ld returned 1 exit status
libtool: install: error: relink `libksvg.la' with the above command before installing it
make[4]: *** [install-libLTLIBRARIES] Error 1
make[4]: Leaving directory `/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu/ksvg'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/jmm/xpdf/kdegraphics-3.5.5/obj-i486-linux-gnu'
make: *** [common-install-impl] Error 2
jmm@galadriel:~/xpdf/kdegraphics-3.5.5$ 

The step, which I have marked with "-->" takes really long (at least 5 minutes on my notebook)
and finally bails out with the line starting with "collect2".

Did anyone run into a similar problem building kdegraphics on Etch? Could anyone please 
try a separate build? (I'm building on a plain, up-to-date Etch chroot)
debdiff attached, please CC, I'm not subscribed.

Cheers,
        Moritz

diff -Naur kdegraphics-3.5.5.orig/debian/changelog kdegraphics-3.5.5/debian/changelog
--- kdegraphics-3.5.5.orig/debian/changelog	2007-08-03 13:26:27.000000000 +0200
+++ kdegraphics-3.5.5/debian/changelog	2007-08-03 13:38:11.000000000 +0200
@@ -1,3 +1,9 @@
+kdegraphics (4:3.5.5-3etch1) stable-security; urgency=high
+
+  * Fix integer overflow in stream predictor
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Fri,  3 Aug 2007 18:37:38 +0200
+
 kdegraphics (4:3.5.5-3) unstable; urgency=high
 
   +++ Changes by Sune Vuorela:
diff -Naur kdegraphics-3.5.5.orig/debian/patches/CVE-2007-3387.diff kdegraphics-3.5.5/debian/patches/CVE-2007-3387.diff
--- kdegraphics-3.5.5.orig/debian/patches/CVE-2007-3387.diff	1970-01-01 01:00:00.000000000 +0100
+++ kdegraphics-3.5.5/debian/patches/CVE-2007-3387.diff	2007-08-03 13:37:11.000000000 +0200
@@ -0,0 +1,18 @@
+diff -aur kdegraphics-3.5.5.orig/kpdf/xpdf/xpdf/Stream.cc kdegraphics-3.5.5/kpdf/xpdf/xpdf/Stream.cc
+--- kdegraphics-3.5.5.orig/kpdf/xpdf/xpdf/Stream.cc	2006-01-19 17:38:20.000000000 +0100
++++ kdegraphics-3.5.5/kpdf/xpdf/xpdf/Stream.cc	2007-08-03 13:31:24.000000000 +0200
+@@ -422,8 +422,13 @@
+     return;
+   pixBytes = (nComps * nBits + 7) >> 3;
+   rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0)
++
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps > gfxColorMaxComps || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits) {
+     return;
++  }
+ 
+   predLine = (Guchar *)gmalloc(rowBytes);
+   memset(predLine, 0, rowBytes);

Reply to:

Follow-Ups:
- Re: Build problem for stable-security/kpdf
  - From: Ana Guerrero <ana@debian.org>

Prev by Date: [bts-link] source package kdegraphics
Next by Date: soprano 0.9.0~snapshot20070728-1 MIGRATED to testing
Previous by thread: [bts-link] source package kdegraphics
Next by thread: Re: Build problem for stable-security/kpdf
Index(es):
- Date
- Thread