[gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/
Date: Fri, 24 Nov 2017 23:08:03 +0000 (UTC)	[thread overview]
Message-ID: <1511564782.b0f7e72d6950013ea98f65116dc44cedd8923dd5.asturm@gentoo> (raw)

commit:     b0f7e72d6950013ea98f65116dc44cedd8923dd5
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 24 22:55:47 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Fri Nov 24 23:06:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0f7e72d

app-text/poppler: Fix CVE-2017-{2820,9083}

Bug: https://bugs.gentoo.org/619558
Bug: https://bugs.gentoo.org/624708
Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../poppler-0.57.0-disable-internal-jpx.patch      | 25 ++++++++++++++++++++++
 app-text/poppler/poppler-0.57.0-r1.ebuild          |  1 +
 2 files changed, 26 insertions(+)

diff --git a/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch
new file mode 100644
index 00000000000..faf632128ff
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch
@@ -0,0 +1,25 @@
+Fix security issue [internal unmaintained JPX decoder] that is caused
+by building without system-jpeg libs. Fedora does not care because they
+always build with system-jpeg, however in Gentoo we allow the user to
+disable both options and poppler's buildsystem is making us believe
+there would be no JPX decoder built in that case, when in reality
+JPXStream.cc is built (even if it may not be used by the code).
+
+
+--- a/CMakeLists.txt	2017-11-24 23:12:41.953450442 +0100
++++ b/CMakeLists.txt	2017-11-24 23:16:09.441030669 +0100
+@@ -506,9 +508,11 @@
+   add_definitions(-DUSE_OPENJPEG2)
+   set(poppler_LIBS ${poppler_LIBS} ${LIBOPENJPEG2_LIBRARIES})
+ else ()
+-  set(poppler_SRCS ${poppler_SRCS}
+-    poppler/JPXStream.cc
+-  )
++  if(NOT WITH_OPENJPEG AND HAVE_JPX_DECODER)
++    set(poppler_SRCS ${poppler_SRCS}
++      poppler/JPXStream.cc
++    )
++  endif()
+ endif()
+ if(USE_CMS)
+   if(LCMS_FOUND)

diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild
index b7a421f73e2..fafef568109 100644
--- a/app-text/poppler/poppler-0.57.0-r1.ebuild
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -65,6 +65,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-0.53.0-respect-cflags.patch"
 	"${FILESDIR}/${PN}-0.33.0-openjpeg2.patch"
 	"${FILESDIR}/${PN}-0.40-FindQt4.patch"
+	"${FILESDIR}/${P}-disable-internal-jpx.patch"
 	# Fedora backports from upstream
 	"${FILESDIR}/${P}-CVE-2017-14517.patch"
 	"${FILESDIR}/${P}-CVE-2017-14518.patch"

next             reply	other threads:[~2017-11-24 23:08 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-24 23:08 Andreas Sturmlechner [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-03-24 18:04 [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/ Andreas Sturmlechner
2024-01-26 20:48 Andreas Sturmlechner
2023-10-08 14:37 Andreas Sturmlechner
2022-08-15 10:43 Andreas Sturmlechner
2022-05-07 21:00 Sam James
2021-12-06 15:42 Andreas Sturmlechner
2021-09-04 21:01 Andreas Sturmlechner
2020-12-11 19:55 Andreas Sturmlechner
2020-11-24 19:59 Andreas Sturmlechner
2020-11-02 14:07 Lars Wendler
2020-09-19 20:40 Andreas Sturmlechner
2019-12-28 16:10 Andreas Sturmlechner
2019-10-26 12:48 Lars Wendler
2019-07-20 19:30 Andreas Sturmlechner
2019-07-15 18:17 Andreas Sturmlechner
2019-06-27  9:30 Lars Wendler
2019-03-02 20:29 Andreas Sturmlechner
2019-01-30 22:31 Andreas Sturmlechner
2019-01-30 21:21 Sergei Trofimovich
2018-04-07 15:36 Andreas Sturmlechner
2017-11-24 23:08 Andreas Sturmlechner
2017-10-06  7:20 Lars Wendler
2017-09-05 21:11 Lars Wendler
2016-07-31 20:51 Andreas Hüttel
2016-01-29 10:53 Michael Palimaka

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:faf632128f dfblob:b7a421f73e dfblob:fafef56810 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1511564782.b0f7e72d6950013ea98f65116dc44cedd8923dd5.asturm@gentoo \
    --to=asturm@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox