aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/poppler-CVE-2018-19149.patch80
1 files changed, 80 insertions, 0 deletions
diff --git a/gnu/packages/patches/poppler-CVE-2018-19149.patch b/gnu/packages/patches/poppler-CVE-2018-19149.patch
new file mode 100644
index 0000000000..3641f5f078
--- /dev/null
+++ b/gnu/packages/patches/poppler-CVE-2018-19149.patch
@@ -0,0 +1,80 @@
+Fix CVE-2018-19149:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149
+https://gitlab.freedesktop.org/poppler/poppler/issues/664
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
+
+From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001
+From: Marek Kasik <mkasik@redhat.com>
+Date: Fri, 20 Apr 2018 11:38:13 +0200
+Subject: [PATCH] Fix crash on missing embedded file
+
+Check whether an embedded file is actually present in the PDF
+and show warning in that case.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=106137
+https://gitlab.freedesktop.org/poppler/poppler/issues/236
+---
+ glib/poppler-attachment.cc | 26 +++++++++++++++++---------
+ glib/poppler-document.cc | 3 ++-
+ 2 files changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc
+index c6502e9d..11ba5bb5 100644
+--- a/glib/poppler-attachment.cc
++++ b/glib/poppler-attachment.cc
+@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file)
+ attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ());
+
+ embFile = emb_file->getEmbeddedFile();
+- attachment->size = embFile->size ();
++ if (embFile != NULL && embFile->streamObject()->isStream())
++ {
++ attachment->size = embFile->size ();
+
+- if (embFile->createDate ())
+- _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
+- if (embFile->modDate ())
+- _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
++ if (embFile->createDate ())
++ _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
++ if (embFile->modDate ())
++ _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
+
+- if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
+- attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
+- embFile->checksum ()->getLength ());
+- priv->obj_stream = embFile->streamObject()->copy();
++ if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
++ attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
++ embFile->checksum ()->getLength ());
++ priv->obj_stream = embFile->streamObject()->copy();
++ }
++ else
++ {
++ g_warning ("Missing stream object for embedded file");
++ g_clear_object (&attachment);
++ }
+
+ return attachment;
+ }
+diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc
+index 83f6aea6..ea319344 100644
+--- a/glib/poppler-document.cc
++++ b/glib/poppler-document.cc
+@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document)
+ attachment = _poppler_attachment_new (emb_file);
+ delete emb_file;
+
+- retval = g_list_prepend (retval, attachment);
++ if (attachment != NULL)
++ retval = g_list_prepend (retval, attachment);
+ }
+ return g_list_reverse (retval);
+ }
+--
+2.19.1
+