fix cves

2020-01-20 11:12:00 +08:00 · 2020-01-20 11:12:00 +08:00 · f9803c1fd2
commit f9803c1fd2
parent 5b65b20017
5 changed files with 156 additions and 1 deletions
--- a/CVE-2018-19058.patch
+++ b/CVE-2018-19058.patch
@ -0,0 +1,28 @@
+From 6912e06d9ab19ba28991b5cab3319d61d856bd6d Mon Sep 17 00:00:00 2001
+From: Adam Reichold <adam.reichold@t-online.de>
+Date: Tue, 6 Nov 2018 09:00:02 +0100
+Subject: [PATCH] Check for stream before calling stream methods when saving an
+ embedded file.
+
+Closes #659
+---
+ poppler/FileSpec.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/poppler/FileSpec.cc b/poppler/FileSpec.cc
+index 7479c2d2..d5543041 100644
+--- a/poppler/FileSpec.cc
+++ b/poppler/FileSpec.cc
+@@ -93,6 +93,9 @@ bool EmbFile::save(const char *path) {
+ GBool EmbFile::save2(FILE *f) {
+   int c;
+ 
+  if (unlikely(!m_objStr.isStream()))
+    return false;
+
+   m_objStr.streamReset();
+   while ((c = m_objStr.streamGetChar()) != EOF) {
+     fputc(c, f);
+-- 
+2.24.1
+
--- a/CVE-2018-19059.patch
+++ b/CVE-2018-19059.patch
@ -0,0 +1,46 @@
+From 77a30e94d96220d7e22dff5b3f0a7f296f01b118 Mon Sep 17 00:00:00 2001
+From: Adam Reichold <adam.reichold@t-online.de>
+Date: Tue, 6 Nov 2018 09:13:41 +0100
+Subject: [PATCH] pdfdetach: Check for valid embedded file before trying to
+ save it.
+
+Closes #661
+---
+ utils/pdfdetach.cc | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/utils/pdfdetach.cc b/utils/pdfdetach.cc
+index 846584a4..a8720c64 100644
+--- a/utils/pdfdetach.cc
+++ b/utils/pdfdetach.cc
+@@ -250,7 +250,12 @@ int main(int argc, char *argv[]) {
+       }
+       *p = '\0';
+ 
+-      if (!fileSpec->getEmbeddedFile()->save(path)) {
+      auto *embFile = fileSpec->getEmbeddedFile();
+      if (!embFile || !embFile->isOk()) {
+       exitCode = 3;
+       goto err2;
+      }
+      if (!embFile->save(path)) {
+        error(errIO, -1, "Error saving embedded file as '{0:s}'", p);
+        exitCode = 2;
+        goto err2;
+@@ -295,7 +300,12 @@ int main(int argc, char *argv[]) {
+       p = path;
+     }
+ 
+-    if (!fileSpec->getEmbeddedFile()->save(p)) {
+    auto *embFile = fileSpec->getEmbeddedFile();
+    if (!embFile || !embFile->isOk()) {
+      exitCode = 3;
+      goto err2;
+    }
+    if (!embFile->save(p)) {
+       error(errIO, -1, "Error saving embedded file as '{0:s}'", p);
+       exitCode = 2;
+       goto err2;
+-- 
+2.24.1
+
--- a/CVE-2018-20650.patch
+++ b/CVE-2018-20650.patch
@ -0,0 +1,35 @@
+From de0c0b8324e776f0b851485e0fc9622fc35695b7 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Sat, 29 Dec 2018 01:25:17 +0100
+Subject: [PATCH] FileSpec: Move the fileSpec.dictLookup call inside
+ fileSpec.isDict if
+
+Fixes #704
+---
+ poppler/FileSpec.cc | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/poppler/FileSpec.cc b/poppler/FileSpec.cc
+index 8a8b9e7e..7c12da63 100644
+--- a/poppler/FileSpec.cc
+++ b/poppler/FileSpec.cc
+@@ -132,11 +132,12 @@ FileSpec::FileSpec(const Object *fileSpecA)
+         return;
+       }
+     }
+-  }
+ 
+-  obj1 = fileSpec.dictLookup("Desc");
+-  if (obj1.isString())
+-    desc = obj1.getString()->copy();
+    obj1 = fileSpec.dictLookup("Desc");
+    if (obj1.isString()) {
+      desc = obj1.getString()->copy();
+    }
+  }
+ }
+ 
+ FileSpec::~FileSpec()
+-- 
+2.24.1
+
--- a/CVE-2019-11026.patch
+++ b/CVE-2019-11026.patch
@ -0,0 +1,35 @@
+From 8051f678b3b43326e5fdfd7c03f39de21059f426 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Apr 2019 16:34:48 +0200
+Subject: [PATCH] FontInfoScanner::scanFonts Fix infinite loop in broken files
+ 
+Fixes #752
+---
+ poppler/FontInfo.cc | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+ 
+diff --git a/poppler/FontInfo.cc b/poppler/FontInfo.cc
+index 2c3be4c6..cd335771 100644
+--- a/poppler/FontInfo.cc
+++ b/poppler/FontInfo.cc
+@@ -144,7 +144,17 @@ void FontInfoScanner::scanFonts(XRef *xrefA, Dict *resDict, std::vector<FontInfo
+ 
+         Object obj2 = obj1.fetch(xrefA);
+         if (obj2.isStream()) {
+-          Object resObj = obj2.streamGetDict()->lookup("Resources");
+          Ref resourcesRef;
+          const Object resObj = obj2.streamGetDict()->lookup("Resources");
+
+          if (resourcesRef.num != -1) {
+            if (visitedObjects.find(resourcesRef.num) != visitedObjects.end()) {
+              continue;
+            }
+
+            visitedObjects.insert(resourcesRef.num);
+          }
+
+           if (resObj.isDict() && resObj.getDict() != resDict) {
+             scanFonts(xrefA, resObj.getDict(), fontsList);
+           }
+-- 
+2.20.1
--- a/poppler.spec
+++ b/poppler.spec
@ -3,7 +3,7 @@
 
 Name:           poppler
 Version:        0.67.0
-Release:        3
+Release:        4
 Summary:        Poppler is a PDF rendering library based on the xpdf-3.0 code base
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            https://poppler.freedesktop.org/
@ -25,6 +25,11 @@ Patch6004:      CVE-2019-9903.patch
 Patch6005:      CVE-2019-9631-1.patch
 Patch6006:      CVE-2019-9631-2.patch
 Patch6007:      CVE-2019-9959.patch
+Patch6008:      CVE-2019-11026.patch
+Patch6009:      CVE-2018-19058.patch
+Patch6010:      CVE-2018-19059.patch
+Patch6011:      CVE-2018-20650.patch
+

 BuildRequires:  cmake gcc-c++ gettext-devel qt5-qtbase-devel qt-devel cairo-devel fontconfig-devel 
 BuildRequires:  freetype-devel gdk-pixbuf2-devel glib2-devel gobject-introspection-devel gtk3-devel
@ -233,6 +238,12 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*

 %changelog
+* Mon Jan 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.67.0-4
+- Type:cve
+- Id:NA
+- SUG:NA
+- DESC:fix cves
+
 * Mon Oct 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.67.0-3
 - Type:enhancement
 - Id:NA