[gentoo-commits] repo/gentoo:master commit in: app-text/poppler/files/, app-text/poppler/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/files/, app-text/poppler/
Date: Fri, 24 Nov 2017 23:08:03 +0000 (UTC)	[thread overview]
Message-ID: <1511564782.ccd22f376de6de2c8160d808451f320dc658565b.asturm@gentoo> (raw)

commit:     ccd22f376de6de2c8160d808451f320dc658565b
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 24 21:31:04 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Fri Nov 24 23:06:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccd22f37

app-text/poppler: Fix CVE-2017-14617

Bug: https://bugs.gentoo.org/631596
Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../files/poppler-0.57.0-CVE-2017-14617.patch      | 31 ++++++++++++++++++++++
 app-text/poppler/poppler-0.57.0-r1.ebuild          |  1 +
 2 files changed, 32 insertions(+)

diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch
new file mode 100644
index 00000000000..27947953612
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14617.patch
@@ -0,0 +1,31 @@
+From 939465c40902d72e0c05d4f3a27ee67e4a007ed7 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 19 Sep 2017 21:19:03 +0200
+Subject: [PATCH] Fix crash in broken files
+
+Bug #102854
+---
+ poppler/Stream.cc | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/poppler/Stream.cc b/poppler/Stream.cc
+index f4eda85b..0ad602c7 100644
+--- a/poppler/Stream.cc
++++ b/poppler/Stream.cc
+@@ -454,11 +454,10 @@ ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
+     } else {
+       imgLineSize = nVals;
+     }
+-    if (width > INT_MAX / nComps) {
+-      // force a call to gmallocn(-1,...), which will throw an exception
++    if (nComps <= 0 || width > INT_MAX / nComps) {
+       imgLineSize = -1;
+     }
+-    imgLine = (Guchar *)gmallocn(imgLineSize, sizeof(Guchar));
++    imgLine = (Guchar *)gmallocn_checkoverflow(imgLineSize, sizeof(Guchar));
+   }
+   imgIdx = nVals;
+ }
+-- 
+2.14.1
+

diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild
index a19b815e595..b7a421f73e2 100644
--- a/app-text/poppler/poppler-0.57.0-r1.ebuild
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -70,6 +70,7 @@ PATCHES=(
 	"${FILESDIR}/${P}-CVE-2017-14518.patch"
 	"${FILESDIR}/${P}-CVE-2017-14519.patch"
 	"${FILESDIR}/${P}-CVE-2017-14520.patch"
+	"${FILESDIR}/${P}-CVE-2017-14617.patch"
 	"${FILESDIR}/${P}-CVE-2017-14926.patch"
 	"${FILESDIR}/${P}-CVE-2017-14927.patch"
 	"${FILESDIR}/${P}-CVE-2017-14928.patch"

next             reply	other threads:[~2017-11-24 23:08 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-24 23:08 Andreas Sturmlechner [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-11-13 22:45 [gentoo-commits] repo/gentoo:master commit in: app-text/poppler/files/, app-text/poppler/ Andreas Sturmlechner
2024-01-18 16:45 Andreas Sturmlechner
2023-06-18 14:35 Andreas Sturmlechner
2022-02-05 20:46 Andreas Sturmlechner
2021-12-12 18:48 Sam James
2021-09-01 21:26 Sam James
2021-04-21 13:10 Lars Wendler
2021-04-06 11:06 Andreas Sturmlechner
2020-12-02 10:02 Lars Wendler
2020-05-14 17:21 Andreas Sturmlechner
2019-09-01 20:43 Andreas Sturmlechner
2018-11-03 21:46 Andreas Sturmlechner
2018-01-09 10:15 Andreas Sturmlechner
2017-12-27 23:26 Andreas Sturmlechner
2017-12-04 14:29 Lars Wendler
2017-11-24 23:08 Andreas Sturmlechner
2017-11-24 23:08 Andreas Sturmlechner
2017-11-13 10:23 Lars Wendler
2017-11-07 15:07 Lars Wendler
2017-11-06 15:29 Lars Wendler
2017-05-30 19:47 Andreas Hüttel
2017-05-10 15:12 Lars Wendler
2016-12-21 17:11 Johannes Huber

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2794795361 dfblob:a19b815e59 dfblob:b7a421f73e )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: app-text/poppler/files/, app-text/poppler/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1511564782.ccd22f376de6de2c8160d808451f320dc658565b.asturm@gentoo \
    --to=asturm@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox