From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8B5EB139083 for ; Fri, 24 Nov 2017 23:08:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6F79BE0F38; Fri, 24 Nov 2017 23:08:07 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4F8B3E0F38 for ; Fri, 24 Nov 2017 23:08:07 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5337833BEAC for ; Fri, 24 Nov 2017 23:08:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 68C7DA679 for ; Fri, 24 Nov 2017 23:08:03 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1511564782.b0f7e72d6950013ea98f65116dc44cedd8923dd5.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch app-text/poppler/poppler-0.57.0-r1.ebuild X-VCS-Directories: app-text/poppler/files/ app-text/poppler/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: b0f7e72d6950013ea98f65116dc44cedd8923dd5 X-VCS-Branch: master Date: Fri, 24 Nov 2017 23:08:03 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: be568d54-5de6-4c84-8e0e-0efbaa1eee9d X-Archives-Hash: a27aabccefd94286bf17bc66ecce8c1c commit: b0f7e72d6950013ea98f65116dc44cedd8923dd5 Author: Andreas Sturmlechner gentoo org> AuthorDate: Fri Nov 24 22:55:47 2017 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Fri Nov 24 23:06:22 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0f7e72d app-text/poppler: Fix CVE-2017-{2820,9083} Bug: https://bugs.gentoo.org/619558 Bug: https://bugs.gentoo.org/624708 Package-Manager: Portage-2.3.16, Repoman-2.3.6 .../poppler-0.57.0-disable-internal-jpx.patch | 25 ++++++++++++++++++++++ app-text/poppler/poppler-0.57.0-r1.ebuild | 1 + 2 files changed, 26 insertions(+) diff --git a/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch new file mode 100644 index 00000000000..faf632128ff --- /dev/null +++ b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch @@ -0,0 +1,25 @@ +Fix security issue [internal unmaintained JPX decoder] that is caused +by building without system-jpeg libs. Fedora does not care because they +always build with system-jpeg, however in Gentoo we allow the user to +disable both options and poppler's buildsystem is making us believe +there would be no JPX decoder built in that case, when in reality +JPXStream.cc is built (even if it may not be used by the code). + + +--- a/CMakeLists.txt 2017-11-24 23:12:41.953450442 +0100 ++++ b/CMakeLists.txt 2017-11-24 23:16:09.441030669 +0100 +@@ -506,9 +508,11 @@ + add_definitions(-DUSE_OPENJPEG2) + set(poppler_LIBS ${poppler_LIBS} ${LIBOPENJPEG2_LIBRARIES}) + else () +- set(poppler_SRCS ${poppler_SRCS} +- poppler/JPXStream.cc +- ) ++ if(NOT WITH_OPENJPEG AND HAVE_JPX_DECODER) ++ set(poppler_SRCS ${poppler_SRCS} ++ poppler/JPXStream.cc ++ ) ++ endif() + endif() + if(USE_CMS) + if(LCMS_FOUND) diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild index b7a421f73e2..fafef568109 100644 --- a/app-text/poppler/poppler-0.57.0-r1.ebuild +++ b/app-text/poppler/poppler-0.57.0-r1.ebuild @@ -65,6 +65,7 @@ PATCHES=( "${FILESDIR}/${PN}-0.53.0-respect-cflags.patch" "${FILESDIR}/${PN}-0.33.0-openjpeg2.patch" "${FILESDIR}/${PN}-0.40-FindQt4.patch" + "${FILESDIR}/${P}-disable-internal-jpx.patch" # Fedora backports from upstream "${FILESDIR}/${P}-CVE-2017-14517.patch" "${FILESDIR}/${P}-CVE-2017-14518.patch"