[meego-commits] 9879: Changes to MeeGo:1.0:Core:Update:Testing/poppler

Fri Nov 26 04:24:05 UTC 2010

Hi,
I have made the following changes to poppler in project MeeGo:1.0:Core:Update:Testing. Please review and accept ASAP.

Thank You,
Zhang Qiang

[This message was auto-generated]

---

Request #9879:

  submit:   home:xiaoqiang:branches:MeeGo:1.0:Core:Update:Testing/poppler(r4)(cleanup) -> MeeGo:1.0:Core:Update:Testing/poppler


Message:
    Add three upstream patch to fix three CVE bugs. Fix BMC#9992, #9991, #9990.

State:   new          2010-11-25T20:24:04 xiaoqiang
Comment: None



changes files:
--------------

--- poppler.changes
+++ poppler.changes
@@ -0,0 +1,4 @@
+* Fri Nov 26 2010 Qiang Zhang <qiang.z.zhang at intel.com>
+- Add three upstream patch to fix three CVE bugs.
+  Fix BMC#9992, #9991, #9990.
+

new:
----
  poppler-0.12.1-CVE-2010-3702.patch
  poppler-0.12.1-CVE-2010-3703.patch
  poppler-0.12.1-CVE-2010-3704.patch
  poppler-0.12.1-add-GooLikely-h.patch

spec files:
-----------
--- poppler.spec
+++ poppler.spec
@@ -12,6 +12,10 @@
 Patch0: poppler-0.12.1-objstream.patch
 Patch1: poppler-0.12.1-CVE-2009-3607.patch
 Patch2: poppler-0.12.1-CVE-2009-3938.patch
+Patch3: poppler-0.12.1-CVE-2010-3702.patch
+Patch4: poppler-0.12.1-CVE-2010-3703.patch
+Patch5: poppler-0.12.1-CVE-2010-3704.patch
+Patch6: poppler-0.12.1-add-GooLikely-h.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 
@@ -119,6 +123,10 @@
 %patch0 -p1 -b .objstream
 %patch1 -p1 -b .CVE-2009-3607
 %patch2 -p1 -b .CVE-2009-3938
+%patch3 -p1 -b .CVE-2010-3702
+%patch4 -p1 -b .CVE-2010-3703
+%patch5 -p1 -b .CVE-2010-3704
+%patch6 -p1 -b .poppler-0.12.1-add-GooLikely-h
 # hammer to nuke rpaths, recheck on new releases
 
 

other changes:
--------------

++++++ poppler-0.12.1-CVE-2010-3702.patch (new)
--- poppler-0.12.1-CVE-2010-3702.patch
+++ poppler-0.12.1-CVE-2010-3702.patch
+From e853106b58d6b4b0467dbd6436c9bb1cfbd372cf Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Tue, 21 Sep 2010 18:01:36 +0000
+Subject: Properly initialize parser
+
+Fixes crash in broken pdf provided by Joel Voss of Leviathan Security Group
+---
+diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
+index fc004b8..919086e 100644
+--- a/poppler/Gfx.cc
++++ b/poppler/Gfx.cc
+@@ -536,6 +536,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, int pageNum, Dict *resDict, Catalog *cata
+   drawText = gFalse;
+   maskHaveCSPattern = gFalse;
+   mcStack = NULL;
++  parser = NULL;
+ 
+   // start the resource stack
+   res = new GfxResources(xref, resDict, NULL);
+@@ -590,6 +591,7 @@ Gfx::Gfx(XRef *xrefA, OutputDev *outA, Dict *resDict, Catalog *catalogA,
+   drawText = gFalse;
+   maskHaveCSPattern = gFalse;
+   mcStack = NULL;
++  parser = NULL;
+ 
+   // start the resource stack
+   res = new GfxResources(xref, resDict, NULL);
+--
+cgit v0.8.3-6-g21f6

++++++ poppler-0.12.1-CVE-2010-3703.patch (new)
--- poppler-0.12.1-CVE-2010-3703.patch
+++ poppler-0.12.1-CVE-2010-3703.patch
+From bf2055088a3a2d3bb3d3c37d464954ec1a25771f Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Tue, 21 Sep 2010 18:03:19 +0000
+Subject: Properly initialize stack
+
+Fixes crash in broken pdf provided by Joel Voss of Leviathan Security Group
+---
+diff --git a/poppler/Function.cc b/poppler/Function.cc
+index b7c23fe..b28ee3d 100644
+--- a/poppler/Function.cc
++++ b/poppler/Function.cc
+@@ -1108,6 +1108,7 @@ PostScriptFunction::PostScriptFunction(Object *funcObj, Dict *dict) {
+   code = NULL;
+   codeString = NULL;
+   codeSize = 0;
++  stack = NULL;
+   ok = gFalse;
+   cache = new PopplerCache(5);
+ 
+--
+cgit v0.8.3-6-g21f6

++++++ poppler-0.12.1-CVE-2010-3704.patch (new)
--- poppler-0.12.1-CVE-2010-3704.patch
+++ poppler-0.12.1-CVE-2010-3704.patch
+From 39d140bfc0b8239bdd96d6a55842034ae5c05473 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid at kde.org>
+Date: Tue, 21 Sep 2010 17:54:31 +0000
+Subject: Fix crash in broken pdf (code < 0)
+
+Found thanks to PDF provided by Joel Voss of Leviathan Security Group
+---
+diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
+index 25bdc0e..3fe7f4f 100644
+--- a/fofi/FoFiType1.cc
++++ b/fofi/FoFiType1.cc
+@@ -13,7 +13,7 @@
+ // All changes made under the Poppler project to this file are licensed
+ // under GPL version 2 or later
+ //
+-// Copyright (C) 2005, 2008 Albert Astals Cid <aacid at kde.org>
++// Copyright (C) 2005, 2008, 2010 Albert Astals Cid <aacid at kde.org>
+ // Copyright (C) 2005 Kristian Høgsberg <krh at redhat.com>
+ // Copyright (C) 2010 Jakub Wilk <ubanus at users.sf.net>
+ //
+@@ -31,6 +31,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include "goo/gmem.h"
++#include "goo/GooLikely.h"
+ #include "FoFiEncodings.h"
+ #include "FoFiType1.h"
+ #include "poppler/Error.h"
+@@ -243,7 +244,7 @@ void FoFiType1::parse() {
+ 		code = code * 8 + (*p2 - '0');
+ 	      }
+ 	    }
+-	    if (code < 256) {
++	    if (likely(code < 256 && code >= 0)) {
+ 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
+ 	      if (*p == '/') {
+ 		++p;
+--
+cgit v0.8.3-6-g21f6

++++++ poppler-0.12.1-add-GooLikely-h.patch (new)
--- poppler-0.12.1-add-GooLikely-h.patch
+++ poppler-0.12.1-add-GooLikely-h.patch
+diff -uNr poppler-0.12.1/goo/GooLikely.h poppler-0.12.1.new/goo/GooLikely.h
+--- poppler-0.12.1/goo/GooLikely.h	1970-01-01 08:00:00.000000000 +0800
++++ poppler-0.12.1.new/goo/GooLikely.h	2010-11-22 14:38:22.309459483 +0800
+@@ -0,0 +1,22 @@
++//========================================================================
++//
++// GooLikely.h
++//
++// This file is licensed under the GPLv2 or later
++//
++// Copyright (C) 2008 Kees Cook <kees at outflux.net>
++//
++//========================================================================
++
++#ifndef GOOLIKELY_H
++#define GOOLIKELY_H
++
++#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
++# define likely(x)      __builtin_expect((x), 1)
++# define unlikely(x)    __builtin_expect((x), 0)
++#else
++# define likely(x)      (x)
++# define unlikely(x)    (x)
++#endif
++
++#endif


