diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-09-24 14:09:13 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-09-24 14:13:30 +0000 |
commit | a88d7a223d3ec1b5f5c1719bc91a9b0eb102b3cd (patch) | |
tree | a292cf7f3dfb8c46786973db70bc4b2fcd9b195e | |
parent | f8aaee8bb88596131af189a58b1e5a210c085584 (diff) |
main/poppler: security fix (CVE-2019-9959)
ref #10811
-rw-r--r-- | main/poppler/APKBUILD | 15 | ||||
-rw-r--r-- | main/poppler/CVE-2019-9959.patch | 13 |
2 files changed, 24 insertions, 4 deletions
diff --git a/main/poppler/APKBUILD b/main/poppler/APKBUILD index 2f1c8ea75d0..9a2c3bc308d 100644 --- a/main/poppler/APKBUILD +++ b/main/poppler/APKBUILD @@ -5,7 +5,7 @@ # So we build qt support in separate package poppler-qt4 pkgname=poppler pkgver=0.56.0 -pkgrel=1 +pkgrel=2 pkgdesc="PDF rendering library based on xpdf 3.0" url="https://poppler.freedesktop.org/" arch="all" @@ -18,10 +18,15 @@ makedepends="$depends_dev libjpeg-turbo-dev cairo-dev libxml2-dev openjpeg-dev libpng-dev tiff-dev zlib-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-utils $pkgname-glib " -source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz" - +source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz + CVE-2019-9959.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 0.56.0-r2: +# - CVE-2019-9959 + prepare() { local _linked_pkg=poppler-qt4 local _linked_apkbuild="$startdir"/../$_linked_pkg/APKBUILD @@ -33,6 +38,7 @@ prepare() { return 1 fi fi + default_prepare } build() { @@ -80,4 +86,5 @@ _cpp() { "$subpkgdir"/usr/lib/ } -sha512sums="74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528 poppler-0.56.0.tar.xz" +sha512sums="74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528 poppler-0.56.0.tar.xz +c647bf98ee1ec86270d942d256d9ae4264537f9bbfe2b2adc1f31c9cf27604682ba780943cbc6059451dc67228cf923fb1626e24da2635c7728fe1da2613a929 CVE-2019-9959.patch" diff --git a/main/poppler/CVE-2019-9959.patch b/main/poppler/CVE-2019-9959.patch new file mode 100644 index 00000000000..d417a698b2b --- /dev/null +++ b/main/poppler/CVE-2019-9959.patch @@ -0,0 +1,13 @@ +diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc +index 7daa23d..714d814 100644 +--- a/poppler/JPEG2000Stream.cc ++++ b/poppler/JPEG2000Stream.cc +@@ -368,7 +368,7 @@ void JPXStream::init() + if (getDict()) getDict()->lookup("SMaskInData", &smaskInData); + + int bufSize = BUFFER_INITIAL_SIZE; +- if (oLen.isInt()) bufSize = oLen.getInt(); ++ if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt(); + oLen.free(); + + if (cspace.isArray() && cspace.arrayGetLength() > 0) { |