diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-17 09:17:43 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-17 09:17:43 +0000 |
commit | 1598e4619346fb0511d0812de35a5b537a2a0fa8 (patch) | |
tree | 3568181ddcd86ea4456702d21a7ee96534790855 | |
parent | d3000ca276c8bfbf8c074afed284de427aae83b9 (diff) | |
download | aports-1598e4619346fb0511d0812de35a5b537a2a0fa8.tar.bz2 aports-1598e4619346fb0511d0812de35a5b537a2a0fa8.tar.xz |
main/poppler: security fix (CVE-2013-1788,CVE-2013-1790)
fixes #1784
-rw-r--r-- | main/poppler/APKBUILD | 20 | ||||
-rw-r--r-- | main/poppler/CVE-2013-1788.patch | 75 | ||||
-rw-r--r-- | main/poppler/CVE-2013-1790.patch | 23 |
3 files changed, 115 insertions, 3 deletions
diff --git a/main/poppler/APKBUILD b/main/poppler/APKBUILD index 9c47ff21c..9eab7bee6 100644 --- a/main/poppler/APKBUILD +++ b/main/poppler/APKBUILD @@ -5,7 +5,7 @@ # So we build gtk support in poppler-gtk pkgname=poppler pkgver=0.18.4 -pkgrel=0 +pkgrel=1 pkgdesc="PDF rendering library based on xpdf 3.0" url="http://poppler.freedesktop.org/" arch="all" @@ -14,7 +14,19 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" makedepends="jpeg-dev cairo-dev libxml2-dev fontconfig-dev pkgconfig libiconv-dev" depends= depends_dev="cairo-dev" -source="http://$pkgname.freedesktop.org/$pkgname-$pkgver.tar.gz" +source="http://$pkgname.freedesktop.org/$pkgname-$pkgver.tar.gz + CVE-2013-1788.patch + CVE-2013-1790.patch + " + +prepare() { + cd "$srcdir"/$pkgname-$pkgver + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} build() { cd "$srcdir"/$pkgname-$pkgver @@ -44,4 +56,6 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="12658f3308597e57f3faff538cc73baf poppler-0.18.4.tar.gz" +md5sums="12658f3308597e57f3faff538cc73baf poppler-0.18.4.tar.gz +3f16bcc4fc0364fbb790260c07269685 CVE-2013-1788.patch +9d402082df4eae246008cd29dda9412e CVE-2013-1790.patch" diff --git a/main/poppler/CVE-2013-1788.patch b/main/poppler/CVE-2013-1788.patch new file mode 100644 index 000000000..4691d3de9 --- /dev/null +++ b/main/poppler/CVE-2013-1788.patch @@ -0,0 +1,75 @@ +--- poppler-0.18.4/poppler/Function.cc ++++ poppler-0.18.4/poppler/Function.cc +@@ -13,7 +13,7 @@ + // All changes made under the Poppler project to this file are licensed + // under GPL version 2 or later + // +-// Copyright (C) 2006, 2008-2010 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2006, 2008-2010, 2013 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2006 Jeff Muizelaar <jeff@infidigm.net> + // Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com> + // Copyright (C) 2011 Andrea Canciani <ranma42@gmail.com> +@@ -1002,6 +1002,10 @@ void PSStack::copy(int n) { + error(-1, "Stack underflow in PostScript function"); + return; + } ++ if (unlikely(sp - n > psStackSize)) { ++ error(-1, "Stack underflow in PostScript function"); ++ return; ++ } + if (!checkOverflow(n)) { + return; + } +--- poppler-0.18.4/poppler/Stream.cc ++++ poppler-0.18.4/poppler/Stream.cc +@@ -2132,7 +2133,8 @@ GBool CCITTFaxStream::isBinary(GBool las + + // clip [-256,511] --> [0,255] + #define dctClipOffset 256 +-static Guchar dctClip[768]; ++#define dctClipLength 768 ++static Guchar dctClip[dctClipLength]; + static int dctClipInit = 0; + + // zig zag decode map +@@ -3078,7 +3080,12 @@ void DCTStream::transformDataUnit(Gushor + + // convert to 8-bit integers + for (i = 0; i < 64; ++i) { +- dataOut[i] = dctClip[dctClipOffset + 128 + ((dataIn[i] + 8) >> 4)]; ++ const int ix = dctClipOffset + 128 + ((dataIn[i] + 8) >> 4); ++ if (unlikely(ix < 0 || ix >= dctClipLength)) { ++ dataOut[i] = 0; ++ } else { ++ dataOut[i] = dctClip[ix]; ++ } + } + } + +--- poppler-0.18.4/splash/Splash.cc ++++ poppler-0.18.4/splash/Splash.cc +@@ -14,7 +14,7 @@ + // Copyright (C) 2005-2011 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com> + // Copyright (C) 2010, 2011 Thomas Freitag <Thomas.Freitag@alfa.de> +-// Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com> ++// Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com> + // Copyright (C) 2011 William Bader <williambader@hotmail.com> + // + // To see a description of the changes please see the Changelog file that +@@ -1521,11 +1521,14 @@ SplashPath *Splash::makeDashedPath(Splas + lineDashStartPhase -= (SplashCoord)i * lineDashTotal; + lineDashStartOn = gTrue; + lineDashStartIdx = 0; +- while (lineDashStartPhase >= state->lineDash[lineDashStartIdx]) { ++ while (lineDashStartIdx < state->lineDashLength && lineDashStartPhase >= state->lineDash[lineDashStartIdx]) { + lineDashStartOn = !lineDashStartOn; + lineDashStartPhase -= state->lineDash[lineDashStartIdx]; + ++lineDashStartIdx; + } ++ if (unlikely(lineDashStartIdx == state->lineDashLength)) { ++ return new SplashPath(); ++ } + + dPath = new SplashPath(); + diff --git a/main/poppler/CVE-2013-1790.patch b/main/poppler/CVE-2013-1790.patch new file mode 100644 index 000000000..00f8b3865 --- /dev/null +++ b/main/poppler/CVE-2013-1790.patch @@ -0,0 +1,23 @@ +--- poppler-0.18.4/poppler/Stream.cc ++++ poppler-0.18.4/poppler/Stream.cc +@@ -14,7 +14,7 @@ + // under GPL version 2 or later + // + // Copyright (C) 2005 Jeff Muizelaar <jeff@infidigm.net> +-// Copyright (C) 2006-2010 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2006-2010, 2012, 2013 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2007 Krzysztof Kowalczyk <kkowalczyk@gmail.com> + // Copyright (C) 2008 Julien Rebetez <julien@fhtagn.net> + // Copyright (C) 2009 Carlos Garcia Campos <carlosgc@gnome.org> +@@ -1595,8 +1595,9 @@ int CCITTFaxStream::lookChar() { + for (i = 0; codingLine[i] < columns; ++i) { + refLine[i] = codingLine[i]; + } +- refLine[i++] = columns; +- refLine[i] = columns; ++ for (; i < columns + 2; ++i) { ++ refLine[i] = columns; ++ } + codingLine[0] = 0; + a0i = 0; + b1i = 0; |