From 3e693179444b08f481d63658e0b8c8b6197c68d6 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sun, 25 Oct 2009 22:09:40 +0000 Subject: [PATCH] - CVE-2009-3607 (#530890) --- poppler-0.12.1-CVE-2009-3607.patch | 54 ++++++++++++++++++++++++++++++ poppler.spec | 11 +++++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 poppler-0.12.1-CVE-2009-3607.patch diff --git a/poppler-0.12.1-CVE-2009-3607.patch b/poppler-0.12.1-CVE-2009-3607.patch new file mode 100644 index 0000000..a3af9a6 --- /dev/null +++ b/poppler-0.12.1-CVE-2009-3607.patch @@ -0,0 +1,54 @@ +http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b70609 + +CVE-2009-3607 + +diff -pruN poppler-0.12.1.orig/glib/poppler-page.cc poppler-0.12.1/glib/poppler-page.cc +--- poppler-0.12.1.orig/glib/poppler-page.cc 2009-09-09 23:22:31.000000000 +0200 ++++ poppler-0.12.1/glib/poppler-page.cc 2009-10-25 18:54:30.000000000 +0100 +@@ -609,28 +609,28 @@ create_surface_from_thumbnail_data (guch + gint rowstride) + { + guchar *cairo_pixels; ++ gint cairo_stride; + cairo_surface_t *surface; +- static cairo_user_data_key_t key; + int j; + +- cairo_pixels = (guchar *)g_malloc (4 * width * height); +- surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, +- CAIRO_FORMAT_RGB24, +- width, height, 4 * width); +- cairo_surface_set_user_data (surface, &key, +- cairo_pixels, (cairo_destroy_func_t)g_free); ++ surface = cairo_image_surface_create (CAIRO_FORMAT_RGB24, width, height); ++ if (cairo_surface_status (surface)) ++ return NULL; ++ ++ cairo_pixels = cairo_image_surface_get_data (surface); ++ cairo_stride = cairo_image_surface_get_stride (surface); + + for (j = height; j; j--) { + guchar *p = data; + guchar *q = cairo_pixels; + guchar *end = p + 3 * width; +- ++ + while (p < end) { + #if G_BYTE_ORDER == G_LITTLE_ENDIAN + q[0] = p[2]; + q[1] = p[1]; + q[2] = p[0]; +-#else ++#else + q[1] = p[0]; + q[2] = p[1]; + q[3] = p[2]; +@@ -640,7 +640,7 @@ create_surface_from_thumbnail_data (guch + } + + data += rowstride; +- cairo_pixels += 4 * width; ++ cairo_pixels += cairo_stride; + } + + return surface; diff --git a/poppler.spec b/poppler.spec index 6b2c798..268a8bd 100644 --- a/poppler.spec +++ b/poppler.spec @@ -2,7 +2,7 @@ Summary: PDF rendering library Name: poppler Version: 0.12.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Development/Libraries URL: http://poppler.freedesktop.org/ @@ -10,9 +10,14 @@ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) ## upstreamable patches + +## upstream patches # for texlive/pdftex, make ObjStream class public Patch100: poppler-0.12.1-objstream.patch +# CVE-2009-3607 / c839b70609 +Patch162: poppler-0.12.1-CVE-2009-3607.patch + BuildRequires: automake libtool BuildRequires: cairo-devel >= 1.8.4 BuildRequires: gtk2-devel @@ -116,6 +121,7 @@ converting PDF files to a number of other formats. %setup -q %patch100 -p1 -b .objstream +%patch162 -p1 -b .CVE-2009-3607 # hammer to nuke rpaths, recheck on new releases autoreconf -i -f @@ -214,6 +220,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun Oct 25 2009 Rex Dieter - 0.12.1-2 +- CVE-2009-3607 (#530890) + * Mon Oct 19 2009 Rex Dieter - 0.12.1-1 - poppler-0.12.1 - deprecate xpdf/pdftohtml Conflicts/Obsoletes