summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2017-11-24 22:12:10 +0100
committerAndreas Sturmlechner <asturm@gentoo.org>2017-11-25 00:06:21 +0100
commit2822a0cd48e39c110535322754120681a3cfe8f1 (patch)
tree913691c6dfc05a2819f479d5544b5c9ecc392850
parentdev-util/kdevelop: Drop 5.2.0 (diff)
downloadgentoo-2822a0cd48e39c110535322754120681a3cfe8f1.tar.gz
gentoo-2822a0cd48e39c110535322754120681a3cfe8f1.tar.bz2
gentoo-2822a0cd48e39c110535322754120681a3cfe8f1.zip
app-text/poppler: Fix CVE-2017-14517
Bug: https://bugs.gentoo.org/631290 Package-Manager: Portage-2.3.16, Repoman-2.3.6
-rw-r--r--app-text/poppler/files/poppler-0.57.0-CVE-2017-14517.patch27
-rw-r--r--app-text/poppler/poppler-0.57.0-r1.ebuild148
2 files changed, 175 insertions, 0 deletions
diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14517.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14517.patch
new file mode 100644
index 000000000000..6a0812cdbe81
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14517.patch
@@ -0,0 +1,27 @@
+From b524efeffa8d192c2597f4612ca961adc30286f6 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Wed, 13 Sep 2017 22:58:14 +0200
+Subject: [PATCH 1/4] XRef::parseEntry: Fix crash in broken file
+
+Bug #102687
+---
+ poppler/XRef.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/poppler/XRef.cc b/poppler/XRef.cc
+index 6ea0fbb6..c74f2f60 100644
+--- a/poppler/XRef.cc
++++ b/poppler/XRef.cc
+@@ -1603,6 +1603,9 @@ GBool XRef::parseEntry(Goffset offset, XRefEntry *entry)
+ {
+ GBool r;
+
++ if (unlikely(entry == nullptr))
++ return gFalse;
++
+ Object obj;
+ obj.initNull();
+ Parser parser = Parser(NULL, new Lexer(NULL,
+--
+2.14.1
+
diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild
new file mode 100644
index 000000000000..7cf2072c3af4
--- /dev/null
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -0,0 +1,148 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-utils toolchain-funcs xdg-utils
+
+if [[ "${PV}" == "9999" ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="git://git.freedesktop.org/git/${PN}/${PN}"
+ SLOT="0/9999"
+else
+ SRC_URI="https://poppler.freedesktop.org/${P}.tar.xz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+ SLOT="0/68" # CHECK THIS WHEN BUMPING!!! SUBSLOT IS libpoppler.so SOVERSION
+fi
+
+DESCRIPTION="PDF rendering library based on the xpdf-3.0 code base"
+HOMEPAGE="https://poppler.freedesktop.org/"
+
+LICENSE="GPL-2"
+IUSE="cairo cjk curl cxx debug doc +introspection +jpeg +jpeg2k +lcms nss png qt4 qt5 tiff +utils"
+
+# No test data provided
+RESTRICT="test"
+
+COMMON_DEPEND="
+ >=media-libs/fontconfig-2.6.0
+ >=media-libs/freetype-2.3.9
+ sys-libs/zlib
+ cairo? (
+ dev-libs/glib:2
+ >=x11-libs/cairo-1.10.0
+ introspection? ( >=dev-libs/gobject-introspection-1.32.1:= )
+ )
+ curl? ( net-misc/curl )
+ jpeg? ( virtual/jpeg:0 )
+ jpeg2k? ( media-libs/openjpeg:2= )
+ lcms? ( media-libs/lcms:2 )
+ nss? ( >=dev-libs/nss-3.19:0 )
+ png? ( media-libs/libpng:0= )
+ qt4? (
+ dev-qt/qtcore:4
+ dev-qt/qtgui:4
+ )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtxml:5
+ )
+ tiff? ( media-libs/tiff:0 )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig
+"
+RDEPEND="${COMMON_DEPEND}
+ cjk? ( >=app-text/poppler-data-0.4.7 )
+"
+
+DOCS=(AUTHORS NEWS README README-XPDF TODO)
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.26.0-qt5-dependencies.patch"
+ "${FILESDIR}/${PN}-0.28.1-fix-multilib-configuration.patch"
+ "${FILESDIR}/${PN}-0.53.0-respect-cflags.patch"
+ "${FILESDIR}/${PN}-0.33.0-openjpeg2.patch"
+ "${FILESDIR}/${PN}-0.40-FindQt4.patch"
+ # Fedora backports from upstream
+ "${FILESDIR}/${P}-CVE-2017-14517.patch"
+)
+
+src_prepare() {
+ cmake-utils_src_prepare
+
+ # Clang doesn't grok this flag, the configure nicely tests that, but
+ # cmake just uses it, so remove it if we use clang
+ if [[ ${CC} == clang ]] ; then
+ sed -i -e 's/-fno-check-new//' cmake/modules/PopplerMacros.cmake || die
+ fi
+
+ if ! grep -Fq 'cmake_policy(SET CMP0002 OLD)' CMakeLists.txt ; then
+ sed '/^cmake_minimum_required/acmake_policy(SET CMP0002 OLD)' \
+ -i CMakeLists.txt || die
+ else
+ einfo "policy(SET CMP0002 OLD) - workaround can be removed"
+ fi
+
+ if tc-is-clang && [[ ${CHOST} == *-darwin* ]] ; then
+ # we need to up the C++ version, bug #622526
+ export CXX="$(tc-getCXX) -std=c++11"
+ fi
+}
+
+src_configure() {
+ xdg_environment_reset
+ local mycmakeargs=(
+ -DBUILD_GTK_TESTS=OFF
+ -DBUILD_QT4_TESTS=OFF
+ -DBUILD_QT5_TESTS=OFF
+ -DBUILD_CPP_TESTS=OFF
+ -DENABLE_SPLASH=ON
+ -DENABLE_ZLIB=ON
+ -DENABLE_ZLIB_UNCOMPRESS=OFF
+ -DENABLE_XPDF_HEADERS=ON
+ -DENABLE_LIBCURL="$(usex curl)"
+ -DENABLE_CPP="$(usex cxx)"
+ -DENABLE_UTILS="$(usex utils)"
+ -DSPLASH_CMYK=OFF
+ -DUSE_FIXEDPOINT=OFF
+ -DUSE_FLOAT=OFF
+ -DWITH_Cairo="$(usex cairo)"
+ -DWITH_GObjectIntrospection="$(usex introspection)"
+ -DWITH_JPEG="$(usex jpeg)"
+ -DWITH_NSS3="$(usex nss)"
+ -DWITH_PNG="$(usex png)"
+ -DWITH_Qt4="$(usex qt4)"
+ $(cmake-utils_use_find_package qt5 Qt5Core)
+ -DWITH_TIFF="$(usex tiff)"
+ )
+ if use jpeg; then
+ mycmakeargs+=(-DENABLE_DCTDECODER=libjpeg)
+ else
+ mycmakeargs+=(-DENABLE_DCTDECODER=none)
+ fi
+ if use jpeg2k; then
+ mycmakeargs+=(-DENABLE_LIBOPENJPEG=openjpeg2)
+ else
+ mycmakeargs+=(-DENABLE_LIBOPENJPEG=none)
+ fi
+ if use lcms; then
+ mycmakeargs+=(-DENABLE_CMS=lcms2)
+ else
+ mycmakeargs+=(-DENABLE_CMS=)
+ fi
+
+ cmake-utils_src_configure
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ # live version doesn't provide html documentation
+ if use cairo && use doc && [[ ${PV} != 9999 ]]; then
+ # For now install gtk-doc there
+ insinto /usr/share/gtk-doc/html/poppler
+ doins -r "${S}"/glib/reference/html/*
+ fi
+}