gnu: poppler: Use an ABI-compatible replacement to fix CVE-2017-9776.

This is a followup to commit 95bbaa02aa.
See <https://bugs.gnu.org/27621> for more information.

Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not
possible to graft the newer version in place of the older one.

This change leaves CVE-2017-9775 unfixed for now.

* gnu/packages/patches/poppler-CVE-2017-9776.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pdf.scm (poppler-0.56.0): Replace with ...
(poppler/fixed): ... new variable.
(poppler)[replacement]: Replaced with poppler/fixed.
This commit is contained in:
Leo Famulari 2017-07-09 02:11:33 -04:00
parent 447f75825f
commit b3cc304b30
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 39 additions and 9 deletions

View File

@ -913,6 +913,7 @@ dist_patch_DATA = \
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
%D%/packages/patches/polkit-drop-test.patch \
%D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \
%D%/packages/patches/poppler-CVE-2017-9776.patch \
%D%/packages/patches/portaudio-audacity-compat.patch \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \

View File

@ -0,0 +1,34 @@
Fix CVE-2017-9776:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776
https://bugs.freedesktop.org/show_bug.cgi?id=101541
Patch copied from upstream source repository:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 21 Jun 2017 00:55:20 +0200
Subject: [PATCH] Fix crash in malformed documents
---
poppler/JBIG2Stream.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 48535883..d89108c8 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
oneByte = x0 == ((x1 - 1) & ~7);
for (yy = y0; yy < y1; ++yy) {
- if (unlikely(y + yy) >= h)
+ if (unlikely((y + yy >= h) || (y + yy < 0)))
continue;
// one byte per line -- need to mask both left and right side
--
2.13.2

View File

@ -76,7 +76,7 @@
(define-public poppler
(package
(name "poppler")
(replacement poppler-0.56.0)
(replacement poppler/fixed)
(version "0.52.0")
(source (origin
(method url-fetch)
@ -130,17 +130,12 @@
(license license:gpl2+)
(home-page "https://poppler.freedesktop.org/")))
(define poppler-0.56.0
(define poppler/fixed
(package (inherit poppler)
(version "0.56.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://poppler.freedesktop.org/poppler-"
version ".tar.xz"))
(sha256
(base32
"0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6"))))))
(inherit (package-source poppler))
(patches (search-patches "poppler-CVE-2017-9776.patch"))))))
(define-public poppler-qt4
(package/inherit poppler