import qpdf-7.1.1-10.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
ab68b2a147
commit
52282b0b32
1142
SOURCES/qpdf-gnutls-crypto.patch
Normal file
1142
SOURCES/qpdf-gnutls-crypto.patch
Normal file
File diff suppressed because it is too large
Load Diff
158
SOURCES/qpdf-relax.patch
Normal file
158
SOURCES/qpdf-relax.patch
Normal file
@ -0,0 +1,158 @@
|
||||
diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
|
||||
index 3475afe..f93ba0d 100644
|
||||
--- a/libqpdf/QPDF.cc
|
||||
+++ b/libqpdf/QPDF.cc
|
||||
@@ -19,6 +19,10 @@
|
||||
#include <qpdf/QPDF_Null.hh>
|
||||
#include <qpdf/QPDF_Dictionary.hh>
|
||||
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+# include <gnutls/crypto.h>
|
||||
+#endif
|
||||
+
|
||||
std::string QPDF::qpdf_version = "7.1.1";
|
||||
|
||||
static char const* EMPTY_PDF =
|
||||
@@ -139,7 +143,13 @@ QPDF::processFile(char const* filename, char const* password)
|
||||
{
|
||||
FileInputSource* fi = new FileInputSource();
|
||||
fi->setFilename(filename);
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
||||
+#endif
|
||||
processInputSource(fi, password);
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@@ -148,7 +158,13 @@ QPDF::processFile(char const* description, FILE* filep,
|
||||
{
|
||||
FileInputSource* fi = new FileInputSource();
|
||||
fi->setFile(description, filep, close_file);
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
||||
+#endif
|
||||
processInputSource(fi, password);
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
|
||||
index 0544640..48fe50d 100644
|
||||
--- a/libqpdf/QPDFWriter.cc
|
||||
+++ b/libqpdf/QPDFWriter.cc
|
||||
@@ -23,6 +23,10 @@
|
||||
#include <algorithm>
|
||||
#include <stdlib.h>
|
||||
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+#include <gnutls/crypto.h>
|
||||
+#endif
|
||||
+
|
||||
QPDFWriter::Members::Members(QPDF& pdf) :
|
||||
pdf(pdf),
|
||||
filename(0),
|
||||
@@ -323,6 +327,13 @@ void
|
||||
QPDFWriter::setDeterministicID(bool val)
|
||||
{
|
||||
this->m->deterministic_id = val;
|
||||
+
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ if (val)
|
||||
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
||||
+ else
|
||||
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@@ -344,6 +355,13 @@ void
|
||||
QPDFWriter::setPreserveEncryption(bool val)
|
||||
{
|
||||
this->m->preserve_encryption = val;
|
||||
+
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ if (val)
|
||||
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
||||
+ else
|
||||
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc
|
||||
index fd717c3..9b38914 100644
|
||||
--- a/libqpdf/QPDF_encryption.cc
|
||||
+++ b/libqpdf/QPDF_encryption.cc
|
||||
@@ -1,6 +1,8 @@
|
||||
// This file implements methods from the QPDF class that involve
|
||||
// encryption.
|
||||
|
||||
+#include <qpdf/qpdf-config.h>
|
||||
+
|
||||
#include <qpdf/QPDF.hh>
|
||||
|
||||
#include <qpdf/QPDFExc.hh>
|
||||
@@ -18,6 +20,10 @@
|
||||
#include <assert.h>
|
||||
#include <string.h>
|
||||
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+# include <gnutls/crypto.h>
|
||||
+#endif
|
||||
+
|
||||
static unsigned char const padding_string[] = {
|
||||
0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
|
||||
0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
|
||||
@@ -1084,6 +1090,12 @@ QPDF::getKeyForObject(int objid, int generation, bool use_aes)
|
||||
void
|
||||
QPDF::decryptString(std::string& str, int objid, int generation)
|
||||
{
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
||||
+
|
||||
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
||||
+#endif
|
||||
+
|
||||
if (objid == 0)
|
||||
{
|
||||
return;
|
||||
@@ -1162,6 +1174,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
|
||||
QUtil::int_to_string(objid) + " " +
|
||||
QUtil::int_to_string(generation) + ": " + e.what());
|
||||
}
|
||||
+
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@@ -1169,6 +1185,12 @@ QPDF::decryptStream(Pipeline*& pipeline, int objid, int generation,
|
||||
QPDFObjectHandle& stream_dict,
|
||||
std::vector<PointerHolder<Pipeline> >& heap)
|
||||
{
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
||||
+
|
||||
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
||||
+#endif
|
||||
+
|
||||
std::string type;
|
||||
if (stream_dict.getKey("/Type").isName())
|
||||
{
|
||||
@@ -1297,6 +1319,10 @@ QPDF::decryptStream(Pipeline*& pipeline, int objid, int generation,
|
||||
key.length());
|
||||
}
|
||||
heap.push_back(pipeline);
|
||||
+
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Command-line tools and library for transforming PDF files
|
||||
Name: qpdf
|
||||
Version: 7.1.1
|
||||
Release: 7%{?dist}
|
||||
Release: 10%{?dist}
|
||||
# MIT: e.g. libqpdf/sha2.c
|
||||
# upstream uses ASL 2.0 now, but he allowed others to distribute qpdf under
|
||||
# old license (see README)
|
||||
@ -11,6 +11,8 @@ Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.g
|
||||
|
||||
Patch0: qpdf-doc.patch
|
||||
Patch1: qpdf-CVE-2018-9918.patch
|
||||
Patch2: qpdf-gnutls-crypto.patch
|
||||
Patch3: qpdf-relax.patch
|
||||
|
||||
# gcc and gcc-c++ are no longer in buildroot by default
|
||||
# gcc is needed for qpdf-ctest.c
|
||||
@ -32,6 +34,10 @@ BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
|
||||
# for crypto by gnutls
|
||||
BuildRequires: gnutls-devel
|
||||
BuildRequires: pkgconf-pkg-config
|
||||
|
||||
Requires: qpdf-libs%{?_isa} = %{version}-%{release}
|
||||
|
||||
%package libs
|
||||
@ -72,6 +78,10 @@ QPDF Manual
|
||||
%patch0 -p1 -b .doc
|
||||
# CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]
|
||||
%patch1 -p1 -b .CVE-2018-9918
|
||||
# 1605101 - qpdf: should not re-implement crypto
|
||||
%patch2 -p1 -b .gnutls-crypto
|
||||
# 1605101 - downstream patch for relaxing crypto for deterministic id and decrypt
|
||||
%patch3 -p1 -b .relax
|
||||
|
||||
sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
|
||||
|
||||
@ -80,7 +90,8 @@ sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
|
||||
autoreconf --verbose --force --install
|
||||
|
||||
%configure --disable-static \
|
||||
--enable-show-failed-test-output
|
||||
--enable-show-failed-test-output \
|
||||
--enable-gnutls
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
@ -118,6 +129,15 @@ make check
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-10
|
||||
- used bad define in previous commit
|
||||
|
||||
* Tue Sep 10 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-9
|
||||
- 1605101 - qpdf: should not re-implement crypto - episode II - relaxing crypto for decrypt
|
||||
|
||||
* Thu Sep 05 2019 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-8
|
||||
- 1605101 - qpdf: should not re-implement crypto
|
||||
|
||||
* Tue Jul 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 7.1.1-7
|
||||
- correcting license
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user