aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-09-24 14:09:13 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-09-24 14:12:39 +0000
commit40640b4440e2770526a04fbb0eff7c4feb5d7732 (patch)
treecea41e1c559e880bf25c63c780edfe7e7477c7c0
parentba468f0a8ebb9c1099194f173c88b753939858c1 (diff)
main/poppler: security fix (CVE-2019-9959)
fixes #10811
-rw-r--r--main/poppler/APKBUILD15
-rw-r--r--main/poppler/CVE-2019-9959.patch13
2 files changed, 24 insertions, 4 deletions
diff --git a/main/poppler/APKBUILD b/main/poppler/APKBUILD
index c224a6571c3..6fced481681 100644
--- a/main/poppler/APKBUILD
+++ b/main/poppler/APKBUILD
@@ -5,7 +5,7 @@
# So we build qt support in separate package poppler-qt4
pkgname=poppler
pkgver=0.56.0
-pkgrel=0
+pkgrel=1
pkgdesc="PDF rendering library based on xpdf 3.0"
url="https://poppler.freedesktop.org/"
arch="all"
@@ -17,10 +17,15 @@ makedepends="$depends_dev libjpeg-turbo-dev cairo-dev libxml2-dev
openjpeg-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils $pkgname-glib
"
-source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz"
-
+source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz
+ CVE-2019-9959.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+# 0.56.0-r1:
+# - CVE-2019-9959
+
prepare() {
local _linked_pkg=poppler-qt4
local _linked_apkbuild="$startdir"/../$_linked_pkg/APKBUILD
@@ -32,6 +37,7 @@ prepare() {
return 1
fi
fi
+ default_prepare
}
build() {
@@ -80,4 +86,5 @@ _cpp() {
"$subpkgdir"/usr/lib/ || return 1
}
-sha512sums="74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528 poppler-0.56.0.tar.xz"
+sha512sums="74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528 poppler-0.56.0.tar.xz
+c647bf98ee1ec86270d942d256d9ae4264537f9bbfe2b2adc1f31c9cf27604682ba780943cbc6059451dc67228cf923fb1626e24da2635c7728fe1da2613a929 CVE-2019-9959.patch"
diff --git a/main/poppler/CVE-2019-9959.patch b/main/poppler/CVE-2019-9959.patch
new file mode 100644
index 00000000000..d417a698b2b
--- /dev/null
+++ b/main/poppler/CVE-2019-9959.patch
@@ -0,0 +1,13 @@
+diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
+index 7daa23d..714d814 100644
+--- a/poppler/JPEG2000Stream.cc
++++ b/poppler/JPEG2000Stream.cc
+@@ -368,7 +368,7 @@ void JPXStream::init()
+ if (getDict()) getDict()->lookup("SMaskInData", &smaskInData);
+
+ int bufSize = BUFFER_INITIAL_SIZE;
+- if (oLen.isInt()) bufSize = oLen.getInt();
++ if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();
+ oLen.free();
+
+ if (cspace.isArray() && cspace.arrayGetLength() > 0) {