[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-5-2+backports' - download.lst external/poppler

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Wed Mar 13 14:52:11 UTC 2019 

 download.lst                                                                |    4 -
 external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 |   27 ++++++++++
 external/poppler/UnpackedTarball_poppler.mk                                 |    1 
 external/poppler/poppler-config.patch.1                                     |   12 ++--
 4 files changed, 36 insertions(+), 8 deletions(-)

New commits:
commit 63a3a84ff9d74a649af7459874b44f1f21ca9378
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Mar 12 12:57:20 2019 +0100
Commit:     Michael Stahl <Michael.Stahl at cib.de>
CommitDate: Wed Mar 13 15:51:46 2019 +0100

    poppler: upgrade to release 0.74.0
    
    Fixes CVE-2019-7310.
    
    Add patch to fix CVE-2019-9200 too.
    
    CVE-2018-20662 looks irrelevant because we don't build pdfunite tool.
    
    Reviewed-on: https://gerrit.libreoffice.org/69094
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
    (cherry picked from commit f9b354784faf65ecc8024cf6d7d7aaf589f6d91f)
    
    Change-Id: I5e7ddabbb341f6bfefb376d552b50c4006f41906
    Reviewed-on: https://gerrit.libreoffice.org/69155
    Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
    Tested-by: Michael Stahl <Michael.Stahl at cib.de>

diff --git a/download.lst b/download.lst
index 0ad1b34c5fe0..1feed3291f40 100644
--- a/download.lst
+++ b/download.lst
@@ -131,8 +131,8 @@ export PAGEMAKER_TARBALL := libpagemaker-0.0.3.tar.bz2
 export PIXMAN_TARBALL := c63f411b3ad147db2bcce1bf262a0e02-pixman-0.24.4.tar.bz2
 export PNG_MD5SUM := 897ccec1ebfb0922e83c2bfaa1be8748
 export PNG_TARBALL := libpng-1.6.28.tar.gz
-export POPPLER_MD5SUM := 1fc64bd358c9f31d0c88a7f2b0d8b23d
-export POPPLER_TARBALL := poppler-0.73.0.tar.xz
+export POPPLER_MD5SUM := 1ce581bde2f23fa55bee13d8c61ac0df
+export POPPLER_TARBALL := poppler-0.74.0.tar.xz
 export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2
 export PYTHON_MD5SUM := f3763edf9824d5d3a15f5f646083b6e0
 export PYTHON_TARBALL := Python-3.5.5.tar.xz
diff --git a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
new file mode 100644
index 000000000000..b459a0a0bef7
--- /dev/null
+++ b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
@@ -0,0 +1,27 @@
+From f4136a6353162db249f63ddb0f20611622ab61b4 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Wed, 27 Feb 2019 19:43:22 +0100
+Subject: [PATCH] ImageStream::getLine: fix crash on broken files
+
+Fixes #728
+---
+ poppler/Stream.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/poppler/Stream.cc b/poppler/Stream.cc
+index 33537b0e..a41435ab 100644
+--- a/poppler/Stream.cc
++++ b/poppler/Stream.cc
+@@ -496,6 +496,9 @@ unsigned char *ImageStream::getLine() {
+   }
+  
+   int readChars = str->doGetChars(inputLineSize, inputLine);
++  if (unlikely(readChars == -1)) {
++      readChars = 0;
++  }
+   for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF;
+   if (nBits == 1) {
+     unsigned char *p = inputLine;
+-- 
+2.20.1
+
diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk
index ee5f6de7cec9..8a38987cab09 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -15,6 +15,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,poppler,\
 	$(if $(filter MSC-120,$(COM)-$(VCVER)),external/poppler/poppler-snprintf.patch.1) \
 	external/poppler/poppler-config.patch.1 \
 	external/poppler/poppler-c++11.patch.1 \
+	external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 \
 ))
 
 # std::make_unique is only available in C++14
diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1
index e312573f1ff3..1c68806276f7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -195,7 +195,7 @@ index 0fbd336a..451213f8 100644
 +#define PACKAGE_NAME "poppler"
 +
 +/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.73.0"
++#define PACKAGE_STRING "poppler 0.74.0"
 +
 +/* Define to the one symbol short name of this package. */
 +#define PACKAGE_TARNAME "poppler"
@@ -204,7 +204,7 @@ index 0fbd336a..451213f8 100644
 +#define PACKAGE_URL ""
 +
 +/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.73.0"
++#define PACKAGE_VERSION "0.74.0"
 +
 +/* Poppler data dir */
 +#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -228,7 +228,7 @@ index 0fbd336a..451213f8 100644
 +/* #undef USE_FLOAT */
 +
 +/* Version number of package */
-+#define VERSION "0.73.0"
++#define VERSION "0.74.0"
 +
 +#if defined(__APPLE__)
 +#elif defined (_WIN32)
@@ -304,7 +304,7 @@ index 0fbd336a..451213f8 100644
 +
 +/* Defines the poppler version. */
 +#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.73.0"
++#define POPPLER_VERSION "0.74.0"
 +#endif
 +
 +/* Enable multithreading support. */
@@ -466,9 +466,9 @@ index 0fbd336a..451213f8 100644
 +
 +#include "poppler-global.h"
 +
-+#define POPPLER_VERSION "0.73.0"
++#define POPPLER_VERSION "0.74.0"
 +#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 73
++#define POPPLER_VERSION_MINOR 74
 +#define POPPLER_VERSION_MICRO 0
 +
 +namespace poppler

More information about the Libreoffice-commits mailing list