From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-985916-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A24301396D9
	for <garchives@archives.gentoo.org>; Fri, 24 Nov 2017 23:08:09 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 4789DE0F31;
	Fri, 24 Nov 2017 23:08:07 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 22F02E0F28
	for <gentoo-commits@lists.gentoo.org>; Fri, 24 Nov 2017 23:08:07 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 2EC1F341656
	for <gentoo-commits@lists.gentoo.org>; Fri, 24 Nov 2017 23:08:06 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 55EEFA678
	for <gentoo-commits@lists.gentoo.org>; Fri, 24 Nov 2017 23:08:03 +0000 (UTC)
From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" <asturm@gentoo.org>
Message-ID: <1511564782.ccd22f376de6de2c8160d808451f320dc658565b.asturm@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/files/, app-text/poppler/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch app-text/poppler/poppler-0.57.0-r1.ebuild
X-VCS-Directories: app-text/poppler/files/ app-text/poppler/
X-VCS-Committer: asturm
X-VCS-Committer-Name: Andreas Sturmlechner
X-VCS-Revision: ccd22f376de6de2c8160d808451f320dc658565b
X-VCS-Branch: master
Date: Fri, 24 Nov 2017 23:08:03 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: dd7d169d-ccba-43b9-8d43-05a6dd5bc485
X-Archives-Hash: 04671e6bfa4ff4e7b3b8947af2d04265

commit:     ccd22f376de6de2c8160d808451f320dc658565b
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 24 21:31:04 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Fri Nov 24 23:06:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccd22f37

app-text/poppler: Fix CVE-2017-14617

Bug: https://bugs.gentoo.org/631596
Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../files/poppler-0.57.0-CVE-2017-14617.patch      | 31 ++++++++++++++++++++++
 app-text/poppler/poppler-0.57.0-r1.ebuild          |  1 +
 2 files changed, 32 insertions(+)

diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch
new file mode 100644
index 00000000000..27947953612
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch
@@ -0,0 +1,31 @@
+From 939465c40902d72e0c05d4f3a27ee67e4a007ed7 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 19 Sep 2017 21:19:03 +0200
+Subject: [PATCH] Fix crash in broken files
+
+Bug #102854
+---
+ poppler/Stream.cc | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/poppler/Stream.cc b/poppler/Stream.cc
+index f4eda85b..0ad602c7 100644
+--- a/poppler/Stream.cc
++++ b/poppler/Stream.cc
+@@ -454,11 +454,10 @@ ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
+     } else {
+       imgLineSize = nVals;
+     }
+-    if (width > INT_MAX / nComps) {
+-      // force a call to gmallocn(-1,...), which will throw an exception
++    if (nComps <= 0 || width > INT_MAX / nComps) {
+       imgLineSize = -1;
+     }
+-    imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar));
++    imgLine = (Guchar *)gmallocn_checkoverflow(imgLineSize, sizeof(Guchar));
+   }
+   imgIdx = nVals;
+ }
+-- 
+2.14.1
+

diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild
index a19b815e595..b7a421f73e2 100644
--- a/app-text/poppler/poppler-0.57.0-r1.ebuild
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -70,6 +70,7 @@ PATCHES=(
 	"${FILESDIR}/${P}-CVE-2017-14518.patch"
 	"${FILESDIR}/${P}-CVE-2017-14519.patch"
 	"${FILESDIR}/${P}-CVE-2017-14520.patch"
+	"${FILESDIR}/${P}-CVE-2017-14617.patch"
 	"${FILESDIR}/${P}-CVE-2017-14926.patch"
 	"${FILESDIR}/${P}-CVE-2017-14927.patch"
 	"${FILESDIR}/${P}-CVE-2017-14928.patch"