diff --git a/poppler-0.67.0-valid-embedded-file-name.patch b/poppler-0.67.0-valid-embedded-file-name.patch new file mode 100644 index 0000000..6f0a841 --- /dev/null +++ b/poppler-0.67.0-valid-embedded-file-name.patch @@ -0,0 +1,81 @@ +From d2f5d424ba8752f9a9e9dad410546ec1b46caa0a Mon Sep 17 00:00:00 2001 +From: Adam Reichold +Date: Tue, 6 Nov 2018 09:08:06 +0100 +Subject: [PATCH] pdfdetach: Check for valid file name of embedded file before + using it to determine save path. + +Closes #660 +--- + utils/pdfdetach.cc | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/utils/pdfdetach.cc b/utils/pdfdetach.cc +index a8720c64..71fa8608 100644 +--- a/utils/pdfdetach.cc ++++ b/utils/pdfdetach.cc +@@ -191,14 +191,18 @@ int main(int argc, char *argv[]) { + fileSpec = static_cast(embeddedFiles->get(i)); + printf("%d: ", i+1); + s1 = fileSpec->getFileName(); +- if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) { ++ if (!s1) { ++ exitCode = 3; ++ goto err2; ++ } ++ if (s1->hasUnicodeMarker()) { + isUnicode = gTrue; + j = 2; + } else { + isUnicode = gFalse; + j = 0; + } +- while (j < fileSpec->getFileName()->getLength()) { ++ while (j < s1->getLength()) { + if (isUnicode) { + u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff); + j += 2; +@@ -228,14 +232,18 @@ int main(int argc, char *argv[]) { + p = path; + } + s1 = fileSpec->getFileName(); +- if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) { ++ if (!s1) { ++ exitCode = 3; ++ goto err2; ++ } ++ if (s1->hasUnicodeMarker()) { + isUnicode = gTrue; + j = 2; + } else { + isUnicode = gFalse; + j = 0; + } +- while (j < fileSpec->getFileName()->getLength()) { ++ while (j < s1->getLength()) { + if (isUnicode) { + u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff); + j += 2; +@@ -276,14 +284,18 @@ int main(int argc, char *argv[]) { + } else { + p = path; + s1 = fileSpec->getFileName(); +- if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) { ++ if (!s1) { ++ exitCode = 3; ++ goto err2; ++ } ++ if (s1->hasUnicodeMarker()) { + isUnicode = gTrue; + j = 2; + } else { + isUnicode = gFalse; + j = 0; + } +- while (j < fileSpec->getFileName()->getLength()) { ++ while (j < s1->getLength()) { + if (isUnicode) { + u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff); + j += 2; +-- +2.19.1 + diff --git a/poppler.spec b/poppler.spec index c76748c..314b2a8 100644 --- a/poppler.spec +++ b/poppler.spec @@ -4,7 +4,7 @@ Summary: PDF rendering library Name: poppler Version: 0.67.0 -Release: 5%{?dist} +Release: 6%{?dist} License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT URL: http://poppler.freedesktop.org/ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz @@ -34,6 +34,9 @@ Patch10: poppler-0.67.0-stream-check.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1649440 Patch11: poppler-0.67.0-valid-embedded-file.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1649450 +Patch12: poppler-0.67.0-valid-embedded-file-name.patch + BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: gettext-devel @@ -264,6 +267,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}" %{_mandir}/man1/* %changelog +* Thu Nov 15 2018 Marek Kasik - 0.67.0-6 +- Check for valid file name of embedded file +- Resolves: #1649451 + * Thu Nov 15 2018 Marek Kasik - 0.67.0-5 - Check for valid embedded file before trying to save it - Resolves: #1649441