[Libreoffice-commits] core.git: Branch 'libreoffice-6-1' - download.lst external/poppler
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Wed Mar 13 15:58:19 UTC 2019
download.lst | 4 -
external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 | 27 ++++++++++
external/poppler/UnpackedTarball_poppler.mk | 1
external/poppler/poppler-config.patch.1 | 12 ++--
4 files changed, 36 insertions(+), 8 deletions(-)
New commits:
commit 5ed02ae1d3437473d48e9b421e496216e4f3dd76
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Mar 12 12:57:20 2019 +0100
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Wed Mar 13 16:57:53 2019 +0100
poppler: upgrade to release 0.74.0
Fixes CVE-2019-7310.
Add patch to fix CVE-2019-9200 too.
CVE-2018-20662 looks irrelevant because we don't build pdfunite tool.
Reviewed-on: https://gerrit.libreoffice.org/69094
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
(cherry picked from commit f9b354784faf65ecc8024cf6d7d7aaf589f6d91f)
Change-Id: I5e7ddabbb341f6bfefb376d552b50c4006f41906
Reviewed-on: https://gerrit.libreoffice.org/69119
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/download.lst b/download.lst
index e9941ccc1725..d1c494eddecf 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM := 2f1e960d92ce3b3abd03d06dfec9637dfbd22febf107a536b44f7a47c60659f6
export LIBPNG_TARBALL := libpng-1.6.34.tar.xz
-export POPPLER_SHA256SUM := e44b5543903128884ba4538c2a97d3bcc8889e97ffacc4636112101f0238db03
-export POPPLER_TARBALL := poppler-0.73.0.tar.xz
+export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82ea9fb0076b2f
+export POPPLER_TARBALL := poppler-0.74.0.tar.xz
export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461
export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2
export PYTHON_SHA256SUM := f55cde04f521f273c7cba08912921cc5642cfc15ca7b22d5829f0aff4371155f
diff --git a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
new file mode 100644
index 000000000000..b459a0a0bef7
--- /dev/null
+++ b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1
@@ -0,0 +1,27 @@
+From f4136a6353162db249f63ddb0f20611622ab61b4 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Wed, 27 Feb 2019 19:43:22 +0100
+Subject: [PATCH] ImageStream::getLine: fix crash on broken files
+
+Fixes #728
+---
+ poppler/Stream.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/poppler/Stream.cc b/poppler/Stream.cc
+index 33537b0e..a41435ab 100644
+--- a/poppler/Stream.cc
++++ b/poppler/Stream.cc
+@@ -496,6 +496,9 @@ unsigned char *ImageStream::getLine() {
+ }
+
+ int readChars = str->doGetChars(inputLineSize, inputLine);
++ if (unlikely(readChars == -1)) {
++ readChars = 0;
++ }
+ for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF;
+ if (nBits == 1) {
+ unsigned char *p = inputLine;
+--
+2.20.1
+
diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk
index 5b91e1628ba6..151fa5d0444f 100644
--- a/external/poppler/UnpackedTarball_poppler.mk
+++ b/external/poppler/UnpackedTarball_poppler.mk
@@ -14,6 +14,7 @@ $(eval $(call gb_UnpackedTarball_set_tarball,poppler,$(POPPLER_TARBALL),,poppler
$(eval $(call gb_UnpackedTarball_add_patches,poppler,\
external/poppler/poppler-config.patch.1 \
external/poppler/poppler-c++11.patch.1 \
+ external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 \
))
# std::make_unique is only available in C++14
diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1
index e312573f1ff3..1c68806276f7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -195,7 +195,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.73.0"
++#define PACKAGE_STRING "poppler 0.74.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -204,7 +204,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.73.0"
++#define PACKAGE_VERSION "0.74.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -228,7 +228,7 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "0.73.0"
++#define VERSION "0.74.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -304,7 +304,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.73.0"
++#define POPPLER_VERSION "0.74.0"
+#endif
+
+/* Enable multithreading support. */
@@ -466,9 +466,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "0.73.0"
++#define POPPLER_VERSION "0.74.0"
+#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 73
++#define POPPLER_VERSION_MINOR 74
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
More information about the Libreoffice-commits
mailing list