8.1.0

2018-06-25 10:50:31 +02:00 · 2018-06-25 10:50:31 +02:00 · 7456f0b54e
commit 7456f0b54e
parent 43e2b4ad68
4 changed files with 8 additions and 97 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,3 +17,4 @@
 /qpdf-8.0.0.tar.gz
 /qpdf-8.0.1.tar.gz
 /qpdf-8.0.2.tar.gz
+/qpdf-8.1.0.tar.gz
--- a/qpdf-CVE-2018-9918.patch
+++ b/qpdf-CVE-2018-9918.patch
@ -1,90 +0,0 @@
-From b4d6cf6836ce025ba1811b7bbec52680c7204223 Mon Sep 17 00:00:00 2001
-From: Jay Berkenbilt <ejb@ql.org>
-Date: Sun, 15 Apr 2018 16:11:22 -0400
-Subject: [PATCH] Limit depth of nesting in direct objects (fixes #202)
-
-This fixes CVE-2018-9918.
---
- ChangeLog                     |   5 +++++
- libqpdf/QPDFObjectHandle.cc   |  26 ++++++++++++++++++++------
- qpdf/qpdf.testcov             |   1 +
- qpdf/qtest/qpdf.test          |   1 +
- qpdf/qtest/qpdf/issue-146.out |   4 +---
- qpdf/qtest/qpdf/issue-202.out |   5 +++++
- 4 files changed, 27 insertions(+), 9 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 3a88135..17c7a1c 100644
--- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,8 @@
-+2018-04-15  Jay Berkenbilt  <ejb@ql.org>
-+
-+	* Arbitrarily limit the depth of data structures represented by
-+	direct object. This is CVE-2018-9918. Fixes #202.
-+
- 2018-03-06  Jay Berkenbilt  <ejb@ql.org>
- 
- 	* 8.0.2: release
-diff --git a/libqpdf/QPDFObjectHandle.cc b/libqpdf/QPDFObjectHandle.cc
-index c178a49..149668e 100644
--- a/libqpdf/QPDFObjectHandle.cc
-+++ b/libqpdf/QPDFObjectHandle.cc
-@@ -1487,12 +1487,26 @@ QPDFObjectHandle::parseInternal(PointerHolder<InputSource> input,
- 
- 	  case QPDFTokenizer::tt_array_open:
- 	  case QPDFTokenizer::tt_dict_open:
-            olist_stack.push_back(std::vector<QPDFObjectHandle>());
-            state = st_start;
-            offset_stack.push_back(input->tell());
-            state_stack.push_back(
-                (token.getType() == QPDFTokenizer::tt_array_open) ?
-                st_array : st_dictionary);
-+            if (olist_stack.size() > 500)
-+            {
-+		QTC::TC("qpdf", "QPDFObjectHandle too deep");
-+                warn(context,
-+                     QPDFExc(qpdf_e_damaged_pdf, input->getName(),
-+                             object_description,
-+                             input->getLastOffset(),
-+                             "ignoring excessively deeply nested data structure"));
-+                object = newNull();
-+                state = st_top;
-+            }
-+            else
-+            {
-+                olist_stack.push_back(std::vector<QPDFObjectHandle>());
-+                state = st_start;
-+                offset_stack.push_back(input->tell());
-+                state_stack.push_back(
-+                    (token.getType() == QPDFTokenizer::tt_array_open) ?
-+                    st_array : st_dictionary);
-+            }
- 	    break;
- 
- 	  case QPDFTokenizer::tt_bool:
-diff --git a/qpdf/qpdf.testcov b/qpdf/qpdf.testcov
-index 5374302..3f055a8 100644
--- a/qpdf/qpdf.testcov
-+++ b/qpdf/qpdf.testcov
-@@ -335,3 +335,4 @@ QPDFObjectHandle numeric non-numeric 0
- QPDFObjectHandle erase array bounds 0
- qpdf-c called qpdf_check_pdf 0
- QPDF xref loop 0
-+QPDFObjectHandle too deep 0
-diff --git a/qpdf/qtest/qpdf/issue-146.out b/qpdf/qtest/qpdf/issue-146.out
-index 79bb811..a275957 100644
--- a/qpdf/qtest/qpdf/issue-146.out
-+++ b/qpdf/qtest/qpdf/issue-146.out
-@@ -1,7 +1,5 @@
- WARNING: issue-146.pdf: file is damaged
- WARNING: issue-146.pdf: can't find startxref
- WARNING: issue-146.pdf: Attempting to reconstruct cross-reference table
-WARNING: issue-146.pdf (trailer, offset 20728): unknown token while reading object; treating as string
-WARNING: issue-146.pdf (trailer, offset 20732): unexpected EOF
-WARNING: issue-146.pdf (trailer, offset 20732): parse error while reading object
-+WARNING: issue-146.pdf (trailer, offset 695): ignoring excessively deeply nested data structure
- issue-146.pdf: unable to find trailer dictionary while recovering damaged file
-- 
-2.14.3
-
--- a/qpdf.spec
+++ b/qpdf.spec
@ -1,14 +1,13 @@
 Summary: Command-line tools and library for transforming PDF files
 Name:    qpdf
-Version: 8.0.2
-Release: 3%{?dist}
+Version: 8.1.0
+Release: 1%{?dist}
 # MIT: e.g. libqpdf/sha2.c
 License: Artistic 2.0
 URL:     http://qpdf.sourceforge.net/
 Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.gz

 Patch0:  qpdf-doc.patch
-Patch1:  qpdf-CVE-2018-9918.patch
 # zlib has optimalization for aarch64 now, which gives different output after
 # compression - patch erases 3 tests with generated object stream which were failing
 Patch2:  qpdf-erase-tests-with-generated-object-stream.patch
@ -71,8 +70,6 @@ QPDF Manual

 # fix 'complete manual location' note in man pages
 %patch0 -p1 -b .doc
-#  CVE-2018-9918 qpdf: stack exhaustion in QPDFObjectHandle and QPDF_Dictionary classes in libqpdf.a [fedora-all]
-%patch1 -p1 -b .CVE-2018-9918
 %ifarch aarch64
 %patch2 -p1 -b .erase-tests-with-generated-object-stream
 %endif
@ -108,7 +105,7 @@ make check
 %doc README.md TODO ChangeLog
 %license Artistic-2.0
 %{_libdir}/libqpdf.so.21
-%{_libdir}/libqpdf.so.21.0.2
+%{_libdir}/libqpdf.so.21.1.0

 %files devel
 %doc examples/*.cc examples/*.c
@ -121,6 +118,9 @@ make check


 %changelog
+* Mon Jun 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.1.0-1
+- 8.1.0
+
 * Fri May 25 2018 Zdenek Dohnal <zdohnal@redhat.com> - 8.0.2-3
 - erase failing tests for aarch64 because of zlib optimization

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (qpdf-8.0.2.tar.gz) = f6d062f011d87f3f1df44e96e5dec0cd4b1b5f800dc6c088bf1313b2c96922d2f3c1b6eb1109a6ef00c558144b85dc20aeb85f937b73a3b594633aa67104f5e3
+SHA512 (qpdf-8.1.0.tar.gz) = 1831bcaaed87dae268db5d61805d1483ec5c101f6ce594be660664c119597ae67cf011c2b50092964d785a814d5f6c780935127a89401fe37a1026ae4d3af15c