[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - download.lst external/poppler

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Wed Mar 13 15:58:19 UTC 2019


 download.lst                                                                |    4 -
 external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 |   27 ++++++++++
 external/poppler/UnpackedTarball_poppler.mk                                 |    1 
 external/poppler/poppler-config.patch.1                                     |   12 ++--
 4 files changed, 36 insertions(+), 8 deletions(-)

New commits:
commit 5ed02ae1d3437473d48e9b421e496216e4f3dd76
Author:     Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Mar 12 12:57:20 2019 +0100
Commit:     Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Wed Mar 13 16:57:53 2019 +0100

    poppler: upgrade to release 0.74.0
    
    Fixes CVE-2019-7310.
    
    Add patch to fix CVE-2019-9200 too.
    
    CVE-2018-20662 looks irrelevant because we don't build pdfunite tool.
    
    Reviewed-on: https://gerrit.libreoffice.org/69094
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
    (cherry picked from commit f9b354784faf65ecc8024cf6d7d7aaf589f6d91f)
    
    Change-Id: I5e7ddabbb341f6bfefb376d552b50c4006f41906
    Reviewed-on: https://gerrit.libreoffice.org/69119
    Tested-by: Jenkins
    Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>

diff --git a/download.lst b/download.lst
index e9941ccc1725..d1c494eddecf 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
 export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
 export LIBPNG_SHA256SUM := 2f1e960d92ce3b3abd03d06dfec9637dfbd22febf107a536b44f7a47c60659f6
 export LIBPNG_TARBALL := libpng-1.6.34.tar.xz
-export POPPLER_SHA256SUM := e44b5543903128884ba4538c2a97d3bcc8889e97ffacc4636112101f0238db03
-export POPPLER_TARBALL := poppler-0.73.0.tar.xz
+export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82ea9fb0076b2f
+export POPPLER_TARBALL := poppler-0.74.0.tar.xz
 export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461
 export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2
 export PYTHON_SHA256SUM := f55cde04f521f273c7cba08912921cc5642cfc15ca7b22d5829f0aff4371155f
diff --git a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
new file mode 100644
index 000000000000..b459a0a0bef7
--- /dev/null
+++ b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
@@ -0,0 +1,27 @@
+From f4136a6353162db249f63ddb0f20611622ab61b4 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Wed, 27 Feb 2019 19:43:22 +0100
+Subject: [PATCH] ImageStream::getLine: fix crash on broken files
+
+Fixes #728
+---
+ poppler/Stream.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/poppler/Stream.cc b/poppler/Stream.cc
+index 33537b0e..a41435ab 100644
+--- a/poppler/Stream.cc
++++ b/poppler/Stream.cc
+@@ -496,6 +496,9 @@ unsigned char *ImageStream::getLine() {
+   }
+  
+   int readChars = str->doGetChars(inputLineSize, inputLine);
++  if (unlikely(readChars == -1)) {
++      readChars = 0;
++  }
+   for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF;
+   if (nBits == 1) {
+     unsigned char *p = inputLine;
+-- 
+2.20.1
+
diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk
index 5b91e1628ba6..151fa5d0444f 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -14,6 +14,7 @@ $(eval $(call gb_UnpackedTarball_set_tarball,poppler,$(POPPLER_TARBALL),,poppler
 $(eval $(call gb_UnpackedTarball_add_patches,poppler,\
 	external/poppler/poppler-config.patch.1 \
 	external/poppler/poppler-c++11.patch.1 \
+	external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 \
 ))
 
 # std::make_unique is only available in C++14
diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1
index e312573f1ff3..1c68806276f7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -195,7 +195,7 @@ index 0fbd336a..451213f8 100644
 +#define PACKAGE_NAME "poppler"
 +
 +/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.73.0"
++#define PACKAGE_STRING "poppler 0.74.0"
 +
 +/* Define to the one symbol short name of this package. */
 +#define PACKAGE_TARNAME "poppler"
@@ -204,7 +204,7 @@ index 0fbd336a..451213f8 100644
 +#define PACKAGE_URL ""
 +
 +/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.73.0"
++#define PACKAGE_VERSION "0.74.0"
 +
 +/* Poppler data dir */
 +#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -228,7 +228,7 @@ index 0fbd336a..451213f8 100644
 +/* #undef USE_FLOAT */
 +
 +/* Version number of package */
-+#define VERSION "0.73.0"
++#define VERSION "0.74.0"
 +
 +#if defined(__APPLE__)
 +#elif defined (_WIN32)
@@ -304,7 +304,7 @@ index 0fbd336a..451213f8 100644
 +
 +/* Defines the poppler version. */
 +#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.73.0"
++#define POPPLER_VERSION "0.74.0"
 +#endif
 +
 +/* Enable multithreading support. */
@@ -466,9 +466,9 @@ index 0fbd336a..451213f8 100644
 +
 +#include "poppler-global.h"
 +
-+#define POPPLER_VERSION "0.73.0"
++#define POPPLER_VERSION "0.74.0"
 +#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 73
++#define POPPLER_VERSION_MINOR 74
 +#define POPPLER_VERSION_MICRO 0
 +
 +namespace poppler


More information about the Libreoffice-commits mailing list