Commit f0d180a0 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/poppler: security fix (CVE-2013-1788,CVE-2013-1790)

fixes #1785
parent e732f7b6
......@@ -5,7 +5,7 @@
# So we build gtk support in poppler-gtk
pkgname=poppler
pkgver=0.18.0
pkgrel=0
pkgrel=1
pkgdesc="PDF rendering library based on xpdf 3.0"
url="http://poppler.freedesktop.org/"
arch="all"
......@@ -14,7 +14,19 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
makedepends="jpeg-dev cairo-dev libxml2-dev fontconfig-dev pkgconfig libiconv-dev"
depends=
depends_dev="cairo-dev"
source="http://$pkgname.freedesktop.org/$pkgname-$pkgver.tar.gz"
source="http://$pkgname.freedesktop.org/$pkgname-$pkgver.tar.gz
CVE-2013-1788.patch
CVE-2013-1790.patch
"
prepare() {
cd "$srcdir"/$pkgname-$pkgver
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
build() {
cd "$srcdir"/$pkgname-$pkgver
......@@ -44,4 +56,6 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
md5sums="4cd3bf2a0a13fa8eaf00d31368915f77 poppler-0.18.0.tar.gz"
md5sums="4cd3bf2a0a13fa8eaf00d31368915f77 poppler-0.18.0.tar.gz
3f16bcc4fc0364fbb790260c07269685 CVE-2013-1788.patch
9d402082df4eae246008cd29dda9412e CVE-2013-1790.patch"
--- poppler-0.18.4/poppler/Function.cc
+++ poppler-0.18.4/poppler/Function.cc
@@ -13,7 +13,7 @@
// All changes made under the Poppler project to this file are licensed
// under GPL version 2 or later
//
-// Copyright (C) 2006, 2008-2010 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2006, 2008-2010, 2013 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2006 Jeff Muizelaar <jeff@infidigm.net>
// Copyright (C) 2010 Christian Feuersnger <cfeuersaenger@googlemail.com>
// Copyright (C) 2011 Andrea Canciani <ranma42@gmail.com>
@@ -1002,6 +1002,10 @@ void PSStack::copy(int n) {
error(-1, "Stack underflow in PostScript function");
return;
}
+ if (unlikely(sp - n > psStackSize)) {
+ error(-1, "Stack underflow in PostScript function");
+ return;
+ }
if (!checkOverflow(n)) {
return;
}
--- poppler-0.18.4/poppler/Stream.cc
+++ poppler-0.18.4/poppler/Stream.cc
@@ -2132,7 +2133,8 @@ GBool CCITTFaxStream::isBinary(GBool las
// clip [-256,511] --> [0,255]
#define dctClipOffset 256
-static Guchar dctClip[768];
+#define dctClipLength 768
+static Guchar dctClip[dctClipLength];
static int dctClipInit = 0;
// zig zag decode map
@@ -3078,7 +3080,12 @@ void DCTStream::transformDataUnit(Gushor
// convert to 8-bit integers
for (i = 0; i < 64; ++i) {
- dataOut[i] = dctClip[dctClipOffset + 128 + ((dataIn[i] + 8) >> 4)];
+ const int ix = dctClipOffset + 128 + ((dataIn[i] + 8) >> 4);
+ if (unlikely(ix < 0 || ix >= dctClipLength)) {
+ dataOut[i] = 0;
+ } else {
+ dataOut[i] = dctClip[ix];
+ }
}
}
--- poppler-0.18.4/splash/Splash.cc
+++ poppler-0.18.4/splash/Splash.cc
@@ -14,7 +14,7 @@
// Copyright (C) 2005-2011 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
// Copyright (C) 2010, 2011 Thomas Freitag <Thomas.Freitag@alfa.de>
-// Copyright (C) 2010 Christian Feuersnger <cfeuersaenger@googlemail.com>
+// Copyright (C) 2010 Christian Feuersänger <cfeuersaenger@googlemail.com>
// Copyright (C) 2011 William Bader <williambader@hotmail.com>
//
// To see a description of the changes please see the Changelog file that
@@ -1521,11 +1521,14 @@ SplashPath *Splash::makeDashedPath(Splas
lineDashStartPhase -= (SplashCoord)i * lineDashTotal;
lineDashStartOn = gTrue;
lineDashStartIdx = 0;
- while (lineDashStartPhase >= state->lineDash[lineDashStartIdx]) {
+ while (lineDashStartIdx < state->lineDashLength && lineDashStartPhase >= state->lineDash[lineDashStartIdx]) {
lineDashStartOn = !lineDashStartOn;
lineDashStartPhase -= state->lineDash[lineDashStartIdx];
++lineDashStartIdx;
}
+ if (unlikely(lineDashStartIdx == state->lineDashLength)) {
+ return new SplashPath();
+ }
dPath = new SplashPath();
--- poppler-0.18.4/poppler/Stream.cc
+++ poppler-0.18.4/poppler/Stream.cc
@@ -14,7 +14,7 @@
// under GPL version 2 or later
//
// Copyright (C) 2005 Jeff Muizelaar <jeff@infidigm.net>
-// Copyright (C) 2006-2010 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2006-2010, 2012, 2013 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2007 Krzysztof Kowalczyk <kkowalczyk@gmail.com>
// Copyright (C) 2008 Julien Rebetez <julien@fhtagn.net>
// Copyright (C) 2009 Carlos Garcia Campos <carlosgc@gnome.org>
@@ -1595,8 +1595,9 @@ int CCITTFaxStream::lookChar() {
for (i = 0; codingLine[i] < columns; ++i) {
refLine[i] = codingLine[i];
}
- refLine[i++] = columns;
- refLine[i] = columns;
+ for (; i < columns + 2; ++i) {
+ refLine[i] = columns;
+ }
codingLine[0] = 0;
a0i = 0;
b1i = 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment