From 021bf6af182099dbb0178e19a2f461aeb0eef686 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 13 Nov 2018 10:33:27 -0500 Subject: gnu: Poppler: Fix CVE-2018-19149. * gnu/packages/patches/poppler-CVE-2018-19149.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (poppler)[replacement]: New field. (poppler/fixed): New variable. (poppler-qt4, poppler-qt5): Use package/inherit. --- gnu/local.mk | 1 + gnu/packages/patches/poppler-CVE-2018-19149.patch | 80 +++++++++++++++++++++++ gnu/packages/pdf.scm | 13 +++- 3 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/poppler-CVE-2018-19149.patch diff --git a/gnu/local.mk b/gnu/local.mk index 48ee438a6e..23a6cb34b5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1046,6 +1046,7 @@ dist_patch_DATA = \ %D%/packages/patches/plink-1.07-unclobber-i.patch \ %D%/packages/patches/plink-endian-detection.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ + %D%/packages/patches/poppler-CVE-2018-19149.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/potrace-tests.patch \ diff --git a/gnu/packages/patches/poppler-CVE-2018-19149.patch b/gnu/packages/patches/poppler-CVE-2018-19149.patch new file mode 100644 index 0000000000..3641f5f078 --- /dev/null +++ b/gnu/packages/patches/poppler-CVE-2018-19149.patch @@ -0,0 +1,80 @@ +Fix CVE-2018-19149: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149 +https://gitlab.freedesktop.org/poppler/poppler/issues/664 + +Patch copied from upstream source repository: + +https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 + +From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001 +From: Marek Kasik +Date: Fri, 20 Apr 2018 11:38:13 +0200 +Subject: [PATCH] Fix crash on missing embedded file + +Check whether an embedded file is actually present in the PDF +and show warning in that case. + +https://bugs.freedesktop.org/show_bug.cgi?id=106137 +https://gitlab.freedesktop.org/poppler/poppler/issues/236 +--- + glib/poppler-attachment.cc | 26 +++++++++++++++++--------- + glib/poppler-document.cc | 3 ++- + 2 files changed, 19 insertions(+), 10 deletions(-) + +diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc +index c6502e9d..11ba5bb5 100644 +--- a/glib/poppler-attachment.cc ++++ b/glib/poppler-attachment.cc +@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file) + attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ()); + + embFile = emb_file->getEmbeddedFile(); +- attachment->size = embFile->size (); ++ if (embFile != NULL && embFile->streamObject()->isStream()) ++ { ++ attachment->size = embFile->size (); + +- if (embFile->createDate ()) +- _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime); +- if (embFile->modDate ()) +- _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime); ++ if (embFile->createDate ()) ++ _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime); ++ if (embFile->modDate ()) ++ _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime); + +- if (embFile->checksum () && embFile->checksum ()->getLength () > 0) +- attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (), +- embFile->checksum ()->getLength ()); +- priv->obj_stream = embFile->streamObject()->copy(); ++ if (embFile->checksum () && embFile->checksum ()->getLength () > 0) ++ attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (), ++ embFile->checksum ()->getLength ()); ++ priv->obj_stream = embFile->streamObject()->copy(); ++ } ++ else ++ { ++ g_warning ("Missing stream object for embedded file"); ++ g_clear_object (&attachment); ++ } + + return attachment; + } +diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc +index 83f6aea6..ea319344 100644 +--- a/glib/poppler-document.cc ++++ b/glib/poppler-document.cc +@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document) + attachment = _poppler_attachment_new (emb_file); + delete emb_file; + +- retval = g_list_prepend (retval, attachment); ++ if (attachment != NULL) ++ retval = g_list_prepend (retval, attachment); + } + return g_list_reverse (retval); + } +-- +2.19.1 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index dc966b64d8..9ffc5cb9bb 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -82,6 +82,7 @@ (define-public poppler (package (name "poppler") + (replacement poppler/fixed) (version "0.63.0") (source (origin (method url-fetch) @@ -127,6 +128,14 @@ (license license:gpl2+) (home-page "https://poppler.freedesktop.org/"))) +(define poppler/fixed + (package + (inherit poppler) + (source (origin + (inherit (package-source poppler)) + (patches (append (origin-patches (package-source poppler)) + (search-patches "poppler-CVE-2018-19149.patch"))))))) + (define-public poppler-data (package (name "poppler-data") @@ -158,14 +167,14 @@ When present, Poppler is able to correctly render CJK and Cyrillic text.") license:gpl2)))) (define-public poppler-qt4 - (package (inherit poppler) + (package/inherit poppler (name "poppler-qt4") (inputs `(("qt-4" ,qt-4) ,@(package-inputs poppler))) (synopsis "Qt4 frontend for the Poppler PDF rendering library"))) (define-public poppler-qt5 - (package (inherit poppler) + (package/inherit poppler (name "poppler-qt5") (inputs `(("qtbase" ,qtbase) ,@(package-inputs poppler))) -- cgit 1.4.1