diff options
author | Leo Famulari <leo@famulari.name> | 2016-04-29 03:31:41 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-04-30 16:14:38 -0400 |
commit | e411ce186021540770c389ec13b7b5b42252c4bb (patch) | |
tree | 62264de11a87c1c3e9579d8647d4189be394fd82 /gnu | |
parent | c7794307f1bb99a68d93840a74fda7a64189a381 (diff) |
gnu: poppler: Fix CVE-2015-8868.
* gnu/packages/pdf.scm (poppler)[replacement]: New field.
(poppler/fixed): New variable.
* gnu/packages/patches/poppler-CVE-2015-8868.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/poppler-CVE-2015-8868.patch | 30 | ||||
-rw-r--r-- | gnu/packages/pdf.scm | 8 |
3 files changed, 39 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 7556fa76e8..e45405fe0e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -681,6 +681,7 @@ dist_patch_DATA = \ gnu/packages/patches/plink-1.07-unclobber-i.patch \ gnu/packages/patches/plotutils-libpng-jmpbuf.patch \ gnu/packages/patches/polkit-drop-test.patch \ + gnu/packages/patches/poppler-CVE-2015-8868.patch \ gnu/packages/patches/portaudio-audacity-compat.patch \ gnu/packages/patches/procmail-ambiguous-getline-debian.patch \ gnu/packages/patches/pt-scotch-build-parallelism.patch \ diff --git a/gnu/packages/patches/poppler-CVE-2015-8868.patch b/gnu/packages/patches/poppler-CVE-2015-8868.patch new file mode 100644 index 0000000000..ac78d32ffa --- /dev/null +++ b/gnu/packages/patches/poppler-CVE-2015-8868.patch @@ -0,0 +1,30 @@ +Fixes CVE-2015-8868 (heap overflow). + +Upstream source: +https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 + +From b3425dd3261679958cd56c0f71995c15d2124433 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Tue, 22 Dec 2015 22:50:33 +0100 +Subject: Do not crash on invalid files + +Bug #93476 + +diff --git a/poppler/Function.cc b/poppler/Function.cc +index 67283df..ee5afc1 100644 +--- a/poppler/Function.cc ++++ b/poppler/Function.cc +@@ -577,6 +577,10 @@ ExponentialFunction::ExponentialFunction(Object *funcObj, Dict *dict) { + goto err2; + } + n = obj1.arrayGetLength(); ++ if (unlikely(n > funcMaxOutputs)) { ++ error(errSyntaxError, -1, "Function's C0 array is wrong length"); ++ n = funcMaxOutputs; ++ } + for (i = 0; i < n; ++i) { + obj1.arrayGet(i, &obj2); + if (!obj2.isNum()) { +-- +cgit v0.10.2 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 1d33be85d5..8f9f5dd503 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -53,6 +53,7 @@ (package (name "poppler") (version "0.37.0") + (replacement poppler/fixed) (source (origin (method url-fetch) (uri (string-append "https://poppler.freedesktop.org/poppler-" @@ -104,6 +105,13 @@ (license license:gpl2+) (home-page "http://poppler.freedesktop.org/"))) +(define poppler/fixed + (package + (inherit poppler) + (source (origin + (inherit (package-source poppler)) + (patches (search-patches "poppler-CVE-2015-8868.patch")))))) + (define-public poppler-qt4 (package (inherit poppler) (name "poppler-qt4") |