From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 615DF139083 for ; Fri, 24 Nov 2017 23:08:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A69E9E0F3C; Fri, 24 Nov 2017 23:08:07 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 738DAE0F3B for ; Fri, 24 Nov 2017 23:08:07 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0D419341646 for ; Fri, 24 Nov 2017 23:08:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4302DA677 for ; Fri, 24 Nov 2017 23:08:03 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1511564782.f3537c5c4ed62c425068d9a3d3f226fe53cbf9ba.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-text/poppler/files/poppler-0.57.0-CVE-2017-14518.patch app-text/poppler/files/poppler-0.57.0-CVE-2017-14519.patch app-text/poppler/files/poppler-0.57.0-CVE-2017-14520.patch app-text/poppler/poppler-0.57.0-r1.ebuild X-VCS-Directories: app-text/poppler/ app-text/poppler/files/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: f3537c5c4ed62c425068d9a3d3f226fe53cbf9ba X-VCS-Branch: master Date: Fri, 24 Nov 2017 23:08:03 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 25408e88-e3e6-4f75-b7d0-38fbeebed250 X-Archives-Hash: ad23fd6b460b87d489a7dc6032bcb4ef commit: f3537c5c4ed62c425068d9a3d3f226fe53cbf9ba Author: Andreas Sturmlechner gentoo org> AuthorDate: Fri Nov 24 21:29:00 2017 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Fri Nov 24 23:06:22 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3537c5c app-text/poppler: Fix CVE-2017-145{18,19,20} Bug: https://bugs.gentoo.org/631292 Package-Manager: Portage-2.3.16, Repoman-2.3.6 .../files/poppler-0.57.0-CVE-2017-14518.patch | 27 ++++++ .../files/poppler-0.57.0-CVE-2017-14519.patch | 100 +++++++++++++++++++++ .../files/poppler-0.57.0-CVE-2017-14520.patch | 24 +++++ app-text/poppler/poppler-0.57.0-r1.ebuild | 3 + 4 files changed, 154 insertions(+) diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14518.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14518.patch new file mode 100644 index 00000000000..9e8f4bfe624 --- /dev/null +++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14518.patch @@ -0,0 +1,27 @@ +From 6ba3bba6447897260bf4117e191e09d89d91ff62 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 13 Sep 2017 23:09:45 +0200 +Subject: [PATCH 2/4] isImageInterpolationRequired: Fix divide by 0 on broken + documents + +Bug #102688 +--- + splash/Splash.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/splash/Splash.cc b/splash/Splash.cc +index 46b8ce29..39fc7d64 100644 +--- a/splash/Splash.cc ++++ b/splash/Splash.cc +@@ -4134,7 +4134,7 @@ SplashError Splash::arbitraryTransformImage(SplashImageSource src, SplashICCTran + static GBool isImageInterpolationRequired(int srcWidth, int srcHeight, + int scaledWidth, int scaledHeight, + GBool interpolate) { +- if (interpolate) ++ if (interpolate || srcWidth == 0 || srcHeight == 0) + return gTrue; + + /* When scale factor is >= 400% we don't interpolate. See bugs #25268, #9860 */ +-- +2.14.1 + diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14519.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14519.patch new file mode 100644 index 00000000000..bd84e96fba3 --- /dev/null +++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14519.patch @@ -0,0 +1,100 @@ +From 778180c0c09002f6adfc272eba6b0d0e4401c4cc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 13 Sep 2017 23:01:03 +0200 +Subject: [PATCH 3/4] Gfx::doShowText: Fix infinite recursion on broken files + +Bug #102701 +--- + poppler/Gfx.cc | 25 +++++++++++++++++++++++-- + poppler/Gfx.h | 1 + + poppler/GfxFont.cc | 9 +++++++++ + poppler/GfxFont.h | 1 + + 4 files changed, 34 insertions(+), 2 deletions(-) + +diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc +index 37220280..9feac54c 100644 +--- a/poppler/Gfx.cc ++++ b/poppler/Gfx.cc +@@ -4031,12 +4031,33 @@ void Gfx::doShowText(GooString *s) { + state->transformDelta(dx, dy, &ddx, &ddy); + if (!out->beginType3Char(state, curX + riseX, curY + riseY, ddx, ddy, + code, u, uLen)) { +- ((Gfx8BitFont *)font)->getCharProc(code, &charProc); ++ ((Gfx8BitFont *)font)->getCharProcNF(code, &charProc); ++ int refNum = -1; ++ if (charProc.isRef()) { ++ refNum = charProc.getRef().num; ++ charProc.fetch(((Gfx8BitFont *)font)->getCharProcs()->getXRef(), &charProc); ++ } + if ((resDict = ((Gfx8BitFont *)font)->getResources())) { + pushResources(resDict); + } + if (charProc.isStream()) { +- display(&charProc, gFalse); ++ std::set::iterator charProcDrawingIt; ++ bool displayCharProc = true; ++ if (refNum != -1) { ++ if (charProcDrawing.find(refNum) == charProcDrawing.end()) { ++ charProcDrawingIt = charProcDrawing.insert(refNum).first; ++ } else { ++ displayCharProc = false; ++ error(errSyntaxError, -1, "CharProc wants to draw a CharProc that is already beign drawn"); ++ } ++ } ++ if (displayCharProc) { ++ display(&charProc, gFalse); ++ ++ if (refNum != -1) { ++ charProcDrawing.erase(charProcDrawingIt); ++ } ++ } + } else { + error(errSyntaxError, getPos(), "Missing or bad Type3 CharProc entry"); + } +diff --git a/poppler/Gfx.h b/poppler/Gfx.h +index a82f9f4a..44adaed5 100644 +--- a/poppler/Gfx.h ++++ b/poppler/Gfx.h +@@ -228,6 +228,7 @@ private: + Parser *parser; // parser for page content stream(s) + + std::set formsDrawing; // the forms that are being drawn ++ std::set charProcDrawing; // the charProc that are being drawn + + GBool // callback to check for an abort + (*abortCheckCbk)(void *data); +diff --git a/poppler/GfxFont.cc b/poppler/GfxFont.cc +index b59ec06c..bb87c5a0 100644 +--- a/poppler/GfxFont.cc ++++ b/poppler/GfxFont.cc +@@ -1818,6 +1818,15 @@ Object *Gfx8BitFont::getCharProc(int code, Object *proc) { + return proc; + } + ++Object *Gfx8BitFont::getCharProcNF(int code, Object *proc) { ++ if (enc[code] && charProcs.isDict()) { ++ charProcs.dictLookupNF(enc[code], proc); ++ } else { ++ proc->initNull(); ++ } ++ return proc; ++} ++ + Dict *Gfx8BitFont::getResources() { + return resources.isDict() ? resources.getDict() : (Dict *)NULL; + } +diff --git a/poppler/GfxFont.h b/poppler/GfxFont.h +index de7a7464..89a0ca0d 100644 +--- a/poppler/GfxFont.h ++++ b/poppler/GfxFont.h +@@ -353,6 +353,7 @@ public: + + // Return the Type 3 CharProc for the character associated with . + Object *getCharProc(int code, Object *proc); ++ Object *getCharProcNF(int code, Object *proc); + + // Return the Type 3 Resources dictionary, or NULL if none. + Dict *getResources(); +-- +2.14.1 + diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14520.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14520.patch new file mode 100644 index 00000000000..f71ff53f61a --- /dev/null +++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14520.patch @@ -0,0 +1,24 @@ +From 504b3590182175390f474657a372e78fb1508262 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Thu, 14 Sep 2017 19:14:23 +0200 +Subject: Splash::scaleImage: Do not try to scale if srcHeight or srcWidth are + < 1 + +Bug #102719 + +diff --git a/splash/Splash.cc b/splash/Splash.cc +index 39fc7d6..aba7814 100644 +--- a/splash/Splash.cc ++++ b/splash/Splash.cc +@@ -4152,7 +4152,7 @@ SplashBitmap *Splash::scaleImage(SplashImageSource src, void *srcData, + SplashBitmap *dest; + + dest = new SplashBitmap(scaledWidth, scaledHeight, 1, srcMode, srcAlpha, gTrue, bitmap->getSeparationList()); +- if (dest->getDataPtr() != NULL) { ++ if (dest->getDataPtr() != NULL && srcHeight > 0 && srcWidth > 0) { + if (scaledHeight < srcHeight) { + if (scaledWidth < srcWidth) { + scaleImageYdXd(src, srcData, srcMode, nComps, srcAlpha, +-- +cgit v0.10.2 + diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild index fe3bf2027de..a19b815e595 100644 --- a/app-text/poppler/poppler-0.57.0-r1.ebuild +++ b/app-text/poppler/poppler-0.57.0-r1.ebuild @@ -67,6 +67,9 @@ PATCHES=( "${FILESDIR}/${PN}-0.40-FindQt4.patch" # Fedora backports from upstream "${FILESDIR}/${P}-CVE-2017-14517.patch" + "${FILESDIR}/${P}-CVE-2017-14518.patch" + "${FILESDIR}/${P}-CVE-2017-14519.patch" + "${FILESDIR}/${P}-CVE-2017-14520.patch" "${FILESDIR}/${P}-CVE-2017-14926.patch" "${FILESDIR}/${P}-CVE-2017-14927.patch" "${FILESDIR}/${P}-CVE-2017-14928.patch"