packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upstream version 23.08.0

Browse Source
This commit is contained in:
Jackwike 2023-08-08 16:04:54 +08:00
parent 3635d94c7d
commit f1a6282564
7 changed files with 12 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2022-38784.patch
View File

@ -1,29 +0,0 @@
From d8efdc261ea40e3b3af82ed1d9bc7bcdafa36d67 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid @tsdgeos
Date: Tue, 6 Sep 2022 14:35:28 +0800
Subject: [PATCH] JBIG2Stream: Fix crash on broken file
---
poppler/JBIG2Stream.cc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 9eddaa6..cb5cf2c 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -1968,7 +1968,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
for (i = 0; i < nRefSegs; ++i) {
if ((seg = findSegment(refSegs[i]))) {
if (seg->getType() == jbig2SegSymbolDict) {
- numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
+ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
+ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
+ return;
+ }
} else if (seg->getType() == jbig2SegCodeTable) {
codeTables.push_back(seg);
}
--
2.33.0

68
backport-CVE-2022-27337.patch
View File

@ -1,68 +0,0 @@
From 81044c64b9ed9a10ae82a28bac753060bdfdac74 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 15 Mar 2022 15:14:32 +0100
Subject: [PATCH] Hints::readTables: bail out if we run out of file when
reading
Fixes #1230
Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74
Conflict:NA
---
poppler/Hints.cc | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/poppler/Hints.cc b/poppler/Hints.cc
index 79f040888..4707e1c69 100644
--- a/poppler/Hints.cc
+++ b/poppler/Hints.cc
@@ -5,7 +5,7 @@
// This file is licensed under the GPLv2 or later
//
// Copyright 2010, 2012, 2013 Hib Eris <hib@hiberis.nl>
-// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021, 2022 Albert Astals Cid <aacid@kde.org>
// Copyright 2010, 2013 Pino Toscano <pino@kde.org>
// Copyright 2013 Adrian Johnson <ajohnson@redneon.com>
// Copyright 2014 Fabio D'Urso <fabiodurso@hotmail.it>
@@ -189,21 +189,31 @@ void Hints::readTables(BaseStream *str, Linearization *linearization, XRef *xref
char *p = &buf[0];
if (hintsOffset && hintsLength) {
- Stream *s = str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull));
+ std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull)));
s->reset();
for (unsigned int i = 0; i < hintsLength; i++) {
- *p++ = s->getChar();
+ const int c = s->getChar();
+ if (unlikely(c == EOF)) {
+ error(errSyntaxWarning, -1, "Found EOF while reading hints");
+ ok = false;
+ return;
+ }
+ *p++ = c;
}
- delete s;
}
if (hintsOffset2 && hintsLength2) {
- Stream *s = str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull));
+ std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull)));
s->reset();
for (unsigned int i = 0; i < hintsLength2; i++) {
- *p++ = s->getChar();
+ const int c = s->getChar();
+ if (unlikely(c == EOF)) {
+ error(errSyntaxWarning, -1, "Found EOF while reading hints2");
+ ok = false;
+ return;
+ }
+ *p++ = c;
}
- delete s;
}
MemStream *memStream = new MemStream(&buf[0], 0, bufLength, Object(objNull));
--
GitLab

6
poppler-0.90.0-position-independent-code.patch
View File

@ -1,9 +1,9 @@
--- poppler-0.90.0/CMakeLists.txt --- poppler-0.90.0/CMakeLists.txt
+++ poppler-0.90.0/CMakeLists.txt +++ poppler-0.90.0/CMakeLists.txt
@@ -17,6 +17,9 @@ else() @@ -17,6 +17,9 @@ else()
set(THREADS_PREFER_PTHREAD_FLAG TRUE)
find_package(Threads) include(MacroOptionalFindPackage)
endif() find_package(PkgConfig)
+ +
+set(CMAKE_POSITION_INDEPENDENT_CODE ON) +set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+ +

2
poppler-21.01.0-glib-introspection.patch
View File

@ -6,6 +6,6 @@
set(INTROSPECTION_GIRS) set(INTROSPECTION_GIRS)
- set(INTROSPECTION_SCANNER_ARGS "--add-include-path=${CMAKE_CURRENT_SOURCE_DIR}" "--warn-all") - set(INTROSPECTION_SCANNER_ARGS "--add-include-path=${CMAKE_CURRENT_SOURCE_DIR}" "--warn-all")
+ set(INTROSPECTION_SCANNER_ARGS "--add-include-path=${CMAKE_CURRENT_SOURCE_DIR}" "--warn-all" "--sources-top-dirs=${CMAKE_SOURCE_DIR}" "--sources-top-dirs=${CMAKE_BINARY_DIR}") + set(INTROSPECTION_SCANNER_ARGS "--add-include-path=${CMAKE_CURRENT_SOURCE_DIR}" "--warn-all" "--sources-top-dirs=${CMAKE_SOURCE_DIR}" "--sources-top-dirs=${CMAKE_BINARY_DIR}")
set(INTROSPECTION_COMPILER_ARGS "--includedir=${CMAKE_CURRENT_SOURCE_DIR}") set(INTROSPECTION_COMPILER_ARGS ${INTROSPECTION_COMPILER_ARGS} "--includedir=${CMAKE_CURRENT_SOURCE_DIR}")
# Poppler: Assign package to gir & export keys # Poppler: Assign package to gir & export keys

BIN
poppler-22.01.0.tar.xz
View File

Binary file not shown.

BIN
poppler-23.08.0.tar.xz Normal file
View File

Binary file not shown.

14
poppler.spec
View File

@ -3,8 +3,8 @@
%global qt6 0 %global qt6 0
Name: poppler Name: poppler
Version: 22.01.0 Version: 23.08.0
Release: 3 Release: 1
Summary: PDF rendering library Summary: PDF rendering library
License: GPLv2+ and LGPLv2+ and MIT License: GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/ URL: http://poppler.freedesktop.org/
@ -13,9 +13,6 @@ Source1: %{name}-test-%{test_date}-%{test_sha}.tar.xz
Patch1: poppler-0.90.0-position-independent-code.patch Patch1: poppler-0.90.0-position-independent-code.patch
Patch3: poppler-21.01.0-glib-introspection.patch Patch3: poppler-21.01.0-glib-introspection.patch
Patch4: CVE-2022-38784.patch
patch6000: backport-CVE-2022-27337.patch
BuildRequires: make BuildRequires: make
BuildRequires: cmake BuildRequires: cmake
@ -190,8 +187,9 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
%endif %endif
%files %files
%doc README.md
%license COPYING %license COPYING
%{_libdir}/libpoppler.so.117* %{_libdir}/libpoppler.so.130*
%files devel %files devel
%{_libdir}/pkgconfig/poppler.pc %{_libdir}/pkgconfig/poppler.pc
@ -235,6 +233,7 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
%files utils %files utils
%{_bindir}/pdf* %{_bindir}/pdf*
%{_mandir}/man1/*
%if 0%{?qt6} %if 0%{?qt6}
%files qt6 %files qt6
@ -251,6 +250,9 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Tue Aug 08 2023 yajun<yajun@kylinos.cn> - 23.08.0-1
- update to upstream version 23.08.0
* Tue Mar 14 2023 zhangpan <zhangpan103@h-partners.com> - 22.01.0-3 * Tue Mar 14 2023 zhangpan <zhangpan103@h-partners.com> - 22.01.0-3
- Type:CVE - Type:CVE
- CVE:CVE-2022-27337 - CVE:CVE-2022-27337