new upstream release 0.57.0

.gitignore

@@ -3,3 +3,4 @@
 /poppler-0.53.0.tar.xz
 /poppler-0.55.0.tar.xz
 /poppler-0.56.0.tar.xz
+/poppler-0.57.0.tar.xz

CVE-2017-9865.patch

@@ -1,57 +0,0 @@
-From 559c95f3bf073eafff9b69219b3e8a12cb6b0d57 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
-Date: Wed, 12 Jul 2017 14:12:46 +0100
-Subject: [PATCH] CVE-2017-9865 (fdo#100774) avoid stack buffer overflow
-
-in GfxImageColorMap:getGray
-
-by passing first arg to getGray of maximum possibly required size
-
-and similar in HtmlOutputDev::drawPngImage
----
- utils/HtmlOutputDev.cc  | 5 +++--
- utils/ImageOutputDev.cc | 5 +++--
- 2 files changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/utils/HtmlOutputDev.cc b/utils/HtmlOutputDev.cc
-index 5f5dc9f..f418b3d 100644
---- a/utils/HtmlOutputDev.cc
-+++ b/utils/HtmlOutputDev.cc
-@@ -1433,8 +1433,9 @@ void HtmlOutputDev::drawPngImage(GfxState *state, Stream *str, int width, int he
-     int invert_bits = 0xff;
-     if (colorMap) {
-       GfxGray gray;
--      Guchar zero = 0;
--      colorMap->getGray(&zero, &gray);
-+      Guchar zero[gfxColorMaxComps];
-+      memset(zero, 0, sizeof(zero));
-+      colorMap->getGray(zero, &gray);
-       if (colToByte(gray) == 0)
-         invert_bits = 0x00;
-     }
-diff --git a/utils/ImageOutputDev.cc b/utils/ImageOutputDev.cc
-index 069d821..bc34543 100644
---- a/utils/ImageOutputDev.cc
-+++ b/utils/ImageOutputDev.cc
-@@ -344,7 +344,7 @@ void ImageOutputDev::writeImageFile(ImgWriter *writer, ImageFormat format, const
-   GfxRGB rgb;
-   GfxCMYK cmyk;
-   GfxGray gray;
--  Guchar zero = 0;
-+  Guchar zero[gfxColorMaxComps];
-   int invert_bits;
- 
-   if (writer) {
-@@ -383,7 +383,8 @@ void ImageOutputDev::writeImageFile(ImgWriter *writer, ImageFormat format, const
-   // the mask we leave the data unchanged.
-   invert_bits = 0xff;
-   if (colorMap) {
--    colorMap->getGray(&zero, &gray);
-+    memset(zero, 0, sizeof(zero));
-+    colorMap->getGray(zero, &gray);
-     if (colToByte(gray) == 0)
-       invert_bits = 0x00;
-   }
--- 
-2.9.3
-

poppler.spec

@@ -3,8 +3,8 @@
 
 Summary: PDF rendering library
 Name:    poppler
-Version: 0.56.0
-Release: 4%{?dist}
+Version: 0.57.0
+Release: 1%{?dist}
 License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@@ -13,7 +13,6 @@ Source1: %{name}-test-%{test_date}_%{test_sha}.tar.xz
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1185007
 Patch0:  poppler-0.30.0-rotated-words-selection.patch
-Patch1:  CVE-2017-9865.patch
 
 BuildRequires: gettext-devel
 BuildRequires: pkgconfig(cairo)
@@ -218,7 +217,7 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %files
 %doc README
 %license COPYING
-%{_libdir}/libpoppler.so.67*
+%{_libdir}/libpoppler.so.68*
 
 %files devel
 %{_libdir}/pkgconfig/poppler.pc
@@ -278,6 +277,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_bindir}/poppler-glib-demo
 
 %changelog
+* Thu Aug 03 2017 David Tardon <dtardon@redhat.com> - 0.57.0-1
+- new upstream release
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.56.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 

sources

@@ -1,2 +1,2 @@
-SHA512 (poppler-0.56.0.tar.xz) = 74d2ca63afcb7e155c153b4ddc71621b7f4f2c60d4fcafd873176d5ac59fafedc35b200a22c7af2013d7f75e670a1cc23d6ba878167a02209917f8d30002d528
+SHA512 (poppler-0.57.0.tar.xz) = 197a0bf51e7fd607db83144d771904e48f266ab9e1252c688f9e7700a5bdd239670cf0363e9d77137bafa9c08fb6ddb9d066cc78a74dac7dfd717662b25cac5f
 SHA512 (poppler-test-2009-05-13_0d2bfd4af4c76a3bac27ccaff793d9129df7b57a.tar.xz) = f8ce114357043a893100de2d52ada8bd850148d19f0e8c889988ea97e9a92313f0545c0b88ef32a1ce7f0e9e58edc1a8c9066278c20b7718ca619913fd4bfb3c