diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-09-24 12:47:30 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-09-24 12:47:30 +0000 |
| commit | 14226b276f668d5f0526a7c87e9d0d83b1e8da8e (patch) | |
| tree | abd560e43ad1867cd23b8adc801523e9f06d3c36 | |
| parent | dce219bf646e039b45d81cec9e0f8016306c8bfd (diff) | |
main/poppler: security fix (CVE-2019-9959)
ref #10811
| -rw-r--r-- | main/poppler/APKBUILD | 22 | ||||
| -rw-r--r-- | main/poppler/CVE-2019-9959.patch | 26 |
2 files changed, 38 insertions, 10 deletions
diff --git a/main/poppler/APKBUILD b/main/poppler/APKBUILD index 95f69f97bdc..597147d4c9e 100644 --- a/main/poppler/APKBUILD +++ b/main/poppler/APKBUILD @@ -1,27 +1,27 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=poppler pkgver=0.71.0 -pkgrel=0 +pkgrel=1 pkgdesc="PDF rendering library based on xpdf 3.0" url="https://poppler.freedesktop.org/" arch="all" options="!check" # No test suite. -license="GPL-2.0+" +license="GPL-2.0-or-later" depends= depends_dev="cairo-dev glib-dev" makedepends="$depends_dev cmake libjpeg-turbo-dev cairo-dev libxml2-dev fontconfig-dev lcms2-dev gobject-introspection-dev openjpeg-dev openjpeg-tools libpng-dev tiff-dev zlib-dev" -subpackages="$pkgname-dev $pkgname-doc $pkgname-utils $pkgname-glib +subpackages="$pkgname-dev $pkgname-doc $pkgname-utils $pkgname-glib" +source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz + CVE-2019-9959.patch " -source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz" -builddir="$srcdir/$pkgname-$pkgver/build" prepare() { local _linked_pkg=poppler-qt4 local _linked_apkbuild="$startdir"/../$_linked_pkg/APKBUILD - mkdir -p "$builddir" - cd "$builddir" + mkdir -p "$builddir/build" + cd "$builddir/build" if [ -f "$_linked_apkbuild" ]; then local _linked_ver=$( . "$_linked_apkbuild"; echo "$pkgver") if [ "$_linked_ver" != "$pkgver" ]; then @@ -29,10 +29,11 @@ prepare() { return 1 fi fi + default_prepare } build() { - cd "$builddir" + cd "$builddir/build" # JPEG2000Stream.cc:20:10: fatal error: openjpeg.h: No such file sed -e "/^#include/s/openjpeg\.h/openjpeg-2.3\/openjpeg.h/" -i ../poppler/JPEG2000Stream.cc @@ -47,7 +48,7 @@ build() { } package() { - cd "$builddir" + cd "$builddir/build" make DESTDIR="$pkgdir" install } @@ -73,4 +74,5 @@ _cpp() { "$subpkgdir"/usr/lib/ } -sha512sums="8e0ce95e7b58c37761c36a20f1282e63373a9557bf9f746ce2936562f12648506043d9559cf816944aa238814fc1b3f3a3c0a6cb002fd214b067e399bcc6ab1e poppler-0.71.0.tar.xz" +sha512sums="8e0ce95e7b58c37761c36a20f1282e63373a9557bf9f746ce2936562f12648506043d9559cf816944aa238814fc1b3f3a3c0a6cb002fd214b067e399bcc6ab1e poppler-0.71.0.tar.xz +66ba4e941717a27bc2915cb7ea850617a7e05715c7597cbbc03eafccb5f533f5df57135f9f72108632f098d43ef0b843bd64cc593a08340243655bd0c033655a CVE-2019-9959.patch" diff --git a/main/poppler/CVE-2019-9959.patch b/main/poppler/CVE-2019-9959.patch new file mode 100644 index 00000000000..a7388fae74b --- /dev/null +++ b/main/poppler/CVE-2019-9959.patch @@ -0,0 +1,26 @@ +From 68ef84e5968a4249c2162b839ca6d7975048a557 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Mon, 15 Jul 2019 23:24:22 +0200 +Subject: [PATCH] JPXStream::init: ignore dict Length if clearly broken + +Fixes issue #805 +--- + poppler/JPEG2000Stream.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc +index 0eea3a2d..8e6902f4 100644 +--- a/poppler/JPEG2000Stream.cc ++++ b/poppler/JPEG2000Stream.cc +@@ -219,7 +219,7 @@ void JPXStream::init() + } + + int bufSize = BUFFER_INITIAL_SIZE; +- if (oLen.isInt()) bufSize = oLen.getInt(); ++ if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt(); + + bool indexed = false; + if (cspace.isArray() && cspace.arrayGetLength() > 0) { +-- +2.22.0 + |