aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-09-24 14:09:13 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-09-24 14:13:30 +0000
commita88d7a223d3ec1b5f5c1719bc91a9b0eb102b3cd (patch)
treea292cf7f3dfb8c46786973db70bc4b2fcd9b195e
parentf8aaee8bb88596131af189a58b1e5a210c085584 (diff)
downloadaports-a88d7a223d3ec1b5f5c1719bc91a9b0eb102b3cd.tar.gz
aports-a88d7a223d3ec1b5f5c1719bc91a9b0eb102b3cd.tar.bz2
aports-a88d7a223d3ec1b5f5c1719bc91a9b0eb102b3cd.tar.xz
main/poppler: security fix (CVE-2019-9959)
ref #10811
-rw-r--r--main/poppler/APKBUILD15
-rw-r--r--main/poppler/CVE-2019-9959.patch13
2 files changed, 24 insertions, 4 deletions
diff --git a/main/poppler/APKBUILD b/main/poppler/APKBUILD
index 2f1c8ea75d..9a2c3bc308 100644
--- a/main/poppler/APKBUILD
+++ b/main/poppler/APKBUILD
@@ -5,7 +5,7 @@
# So we build qt support in separate package poppler-qt4
pkgname=poppler
pkgver=0.56.0
-pkgrel=1
+pkgrel=2
pkgdesc="PDF rendering library based on xpdf 3.0"
url="https://poppler.freedesktop.org/"
arch="all"
@@ -18,10 +18,15 @@ makedepends="$depends_dev libjpeg-turbo-dev cairo-dev libxml2-dev
openjpeg-dev libpng-dev tiff-dev zlib-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils $pkgname-glib
"
-source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz"
-
+source="https://poppler.freedesktop.org/poppler-$pkgver.tar.xz
+ CVE-2019-9959.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+# 0.56.0-r2:
+# - CVE-2019-9959
+
prepare() {
local _linked_pkg=poppler-qt4
local _linked_apkbuild="$startdir"/../$_linked_pkg/APKBUILD
@@ -33,6 +38,7 @@ prepare() {
return 1
fi
fi
+ default_prepare
}
build() {
@@ -80,4 +86,5 @@ _cpp() {
"$subpkgdir"/usr/lib/
}
-sha512sums="74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528 poppler-0.56.0.tar.xz"
+sha512sums="74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528 poppler-0.56.0.tar.xz
+c647bf98ee1ec86270d942d256d9ae4264537f9bbfe2b2adc1f31c9cf27604682ba780943cbc6059451dc67228cf923fb1626e24da2635c7728fe1da2613a929 CVE-2019-9959.patch"
diff --git a/main/poppler/CVE-2019-9959.patch b/main/poppler/CVE-2019-9959.patch
new file mode 100644
index 0000000000..d417a698b2
--- /dev/null
+++ b/main/poppler/CVE-2019-9959.patch
@@ -0,0 +1,13 @@
+diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
+index 7daa23d..714d814 100644
+--- a/poppler/JPEG2000Stream.cc
++++ b/poppler/JPEG2000Stream.cc
+@@ -368,7 +368,7 @@ void JPXStream::init()
+ if (getDict()) getDict()->lookup("SMaskInData", &smaskInData);
+
+ int bufSize = BUFFER_INITIAL_SIZE;
+- if (oLen.isInt()) bufSize = oLen.getInt();
++ if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();
+ oLen.free();
+
+ if (cspace.isArray() && cspace.arrayGetLength() > 0) {