diff --git a/backport-CVE-2019-12293.patch b/backport-CVE-2019-12293.patch new file mode 100644 index 0000000000000000000000000000000000000000..4f983639c1208d85045e452ce608843c8b2f7114 --- /dev/null +++ b/backport-CVE-2019-12293.patch @@ -0,0 +1,41 @@ +From 89a5367d49b2556a2635dbb6d48d6a6b182a2c6c Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Thu, 23 May 2019 00:54:29 +0200 +Subject: [PATCH] JPEG2000Stream: fail gracefully if not all components have + the same WxH + +I think this is just a mistake, or at least the only file we have with +this scenario is a fuzzed one +--- + poppler/JPEG2000Stream.cc | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc +index e388ed3..2d7c5e0 100644 +--- a/poppler/JPEG2000Stream.cc ++++ b/poppler/JPEG2000Stream.cc +@@ -4,7 +4,7 @@ + // + // A JPX stream decoder using OpenJPEG + // +-// Copyright 2008-2010, 2012, 2017, 2018 Albert Astals Cid ++// Copyright 2008-2010, 2012, 2017-2019 Albert Astals Cid + // Copyright 2011 Daniel Glöckner + // Copyright 2014, 2016 Thomas Freitag + // Copyright 2013, 2014 Adrian Johnson +@@ -253,6 +253,12 @@ void JPXStream::init() + close(); + break; + } ++ const int componentPixels = priv->image->comps[component].w * priv->image->comps[component].h; ++ if (componentPixels != priv->npixels) { ++ error(errSyntaxWarning, -1, "Component {0:d} has different WxH than component 0", component); ++ close(); ++ break; ++ } + unsigned char *cdata = (unsigned char *)priv->image->comps[component].data; + int adjust = 0; + int depth = priv->image->comps[component].prec; +-- +2.27.0 + diff --git a/backport-CVE-2020-27778.patch b/backport-CVE-2020-27778.patch new file mode 100644 index 0000000000000000000000000000000000000000..05870252d37a75cb81e834a61f8b31df37aa1de1 --- /dev/null +++ b/backport-CVE-2020-27778.patch @@ -0,0 +1,26 @@ +From 30c731b487190c02afff3f036736a392eb60cd9a Mon Sep 17 00:00:00 2001 +From: Adam Reichold +Date: Fri, 22 Mar 2019 19:12:47 +0100 +Subject: [PATCH] Properly initialize HtmlOutputDev::page to avoid SIGSEGV upon + error exit. + +Closes #742 +--- + utils/HtmlOutputDev.cc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/utils/HtmlOutputDev.cc b/utils/HtmlOutputDev.cc +index ace303b..090631b 100644 +--- a/utils/HtmlOutputDev.cc ++++ b/utils/HtmlOutputDev.cc +@@ -1102,6 +1102,7 @@ HtmlOutputDev::HtmlOutputDev(Catalog *catalogA, char *fileName, char *title, + { + catalog = catalogA; + fContentsFrame = nullptr; ++ page = nullptr; + docTitle = new GooString(title); + pages = nullptr; + dumpJPEG=gTrue; +-- +2.27.0 + diff --git a/poppler.spec b/poppler.spec index 9f8aba1eea0c109a612dd78ae41556ae2f42dad1..0822a94cb71cc0d0a0d36f9209cb7a968a1747d1 100644 --- a/poppler.spec +++ b/poppler.spec @@ -3,7 +3,7 @@ Name: poppler Version: 0.67.0 -Release: 6 +Release: 7 Summary: Poppler is a PDF rendering library based on the xpdf-3.0 code base License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT URL: https://poppler.freedesktop.org/ @@ -16,6 +16,8 @@ Patch4: poppler-0.63.0-python3.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1557355 Patch6: poppler-0.63.0-tiling-patterns.patch Patch7: poppler-0.67.0-qt4-const.patch +Patch8: backport-CVE-2019-12293.patch +Patch9: backport-CVE-2020-27778.patch Patch6000: poppler-CVE-2018-19149.patch Patch6001: poppler_0.26.5_CVE-2019-9200.patch @@ -244,6 +246,12 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}" %{_mandir}/man1/* %changelog +* Tue Sep 28 2021 hanhuihui - 0.67.0-7 +- Type:cves +- Id:NA +- SUG:NA +- DESC:fix CVE-2019-12293 CVE-2020-27778 + * Sat Jan 30 2021 wangye - 0.67.0-6 - Type:cves - Id:NA