gnu: Poppler: Fix CVE-2018-19149.

* gnu/packages/patches/poppler-CVE-2018-19149.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler)[replacement]: New field.
(poppler/fixed): New variable.
(poppler-qt4, poppler-qt5): Use package/inherit.
This commit is contained in:
Leo Famulari 2018-11-13 10:33:27 -05:00
parent 8263b9f71f
commit 021bf6af18
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 92 additions and 2 deletions

View File

@ -1046,6 +1046,7 @@ dist_patch_DATA = \
%D%/packages/patches/plink-1.07-unclobber-i.patch \ %D%/packages/patches/plink-1.07-unclobber-i.patch \
%D%/packages/patches/plink-endian-detection.patch \ %D%/packages/patches/plink-endian-detection.patch \
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \
%D%/packages/patches/poppler-CVE-2018-19149.patch \
%D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \
%D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/potrace-tests.patch \ %D%/packages/patches/potrace-tests.patch \

View File

@ -0,0 +1,80 @@
Fix CVE-2018-19149:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149
https://gitlab.freedesktop.org/poppler/poppler/issues/664
Patch copied from upstream source repository:
https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Fri, 20 Apr 2018 11:38:13 +0200
Subject: [PATCH] Fix crash on missing embedded file
Check whether an embedded file is actually present in the PDF
and show warning in that case.
https://bugs.freedesktop.org/show_bug.cgi?id=106137
https://gitlab.freedesktop.org/poppler/poppler/issues/236
---
glib/poppler-attachment.cc | 26 +++++++++++++++++---------
glib/poppler-document.cc | 3 ++-
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc
index c6502e9d..11ba5bb5 100644
--- a/glib/poppler-attachment.cc
+++ b/glib/poppler-attachment.cc
@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file)
attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ());
embFile = emb_file->getEmbeddedFile();
- attachment->size = embFile->size ();
+ if (embFile != NULL && embFile->streamObject()->isStream())
+ {
+ attachment->size = embFile->size ();
- if (embFile->createDate ())
- _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
- if (embFile->modDate ())
- _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
+ if (embFile->createDate ())
+ _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
+ if (embFile->modDate ())
+ _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
- if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
- attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
- embFile->checksum ()->getLength ());
- priv->obj_stream = embFile->streamObject()->copy();
+ if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
+ attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
+ embFile->checksum ()->getLength ());
+ priv->obj_stream = embFile->streamObject()->copy();
+ }
+ else
+ {
+ g_warning ("Missing stream object for embedded file");
+ g_clear_object (&attachment);
+ }
return attachment;
}
diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc
index 83f6aea6..ea319344 100644
--- a/glib/poppler-document.cc
+++ b/glib/poppler-document.cc
@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document)
attachment = _poppler_attachment_new (emb_file);
delete emb_file;
- retval = g_list_prepend (retval, attachment);
+ if (attachment != NULL)
+ retval = g_list_prepend (retval, attachment);
}
return g_list_reverse (retval);
}
--
2.19.1

View File

@ -82,6 +82,7 @@
(define-public poppler (define-public poppler
(package (package
(name "poppler") (name "poppler")
(replacement poppler/fixed)
(version "0.63.0") (version "0.63.0")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
@ -127,6 +128,14 @@
(license license:gpl2+) (license license:gpl2+)
(home-page "https://poppler.freedesktop.org/"))) (home-page "https://poppler.freedesktop.org/")))
(define poppler/fixed
(package
(inherit poppler)
(source (origin
(inherit (package-source poppler))
(patches (append (origin-patches (package-source poppler))
(search-patches "poppler-CVE-2018-19149.patch")))))))
(define-public poppler-data (define-public poppler-data
(package (package
(name "poppler-data") (name "poppler-data")
@ -158,14 +167,14 @@ When present, Poppler is able to correctly render CJK and Cyrillic text.")
license:gpl2)))) license:gpl2))))
(define-public poppler-qt4 (define-public poppler-qt4
(package (inherit poppler) (package/inherit poppler
(name "poppler-qt4") (name "poppler-qt4")
(inputs `(("qt-4" ,qt-4) (inputs `(("qt-4" ,qt-4)
,@(package-inputs poppler))) ,@(package-inputs poppler)))
(synopsis "Qt4 frontend for the Poppler PDF rendering library"))) (synopsis "Qt4 frontend for the Poppler PDF rendering library")))
(define-public poppler-qt5 (define-public poppler-qt5
(package (inherit poppler) (package/inherit poppler
(name "poppler-qt5") (name "poppler-qt5")
(inputs `(("qtbase" ,qtbase) (inputs `(("qtbase" ,qtbase)
,@(package-inputs poppler))) ,@(package-inputs poppler)))