Hello community, here is the log from the commit of package poppler for openSUSE:Factory checked in at 2017-11-14 14:04:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/poppler (Old) and /work/SRC/openSUSE:Factory/.poppler.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "poppler" Tue Nov 14 14:04:52 2017 rev:143 rq:534289 version:0.59.0 Changes: -------- --- /work/SRC/openSUSE:Factory/poppler/poppler-qt.changes 2017-09-27 16:59:24.424848086 +0200 +++ /work/SRC/openSUSE:Factory/.poppler.new/poppler-qt.changes 2017-11-14 14:05:01.118325606 +0100 @@ -1,0 +2,76 @@ +Mon Oct 9 16:48:34 UTC 2017 - jengelh@inai.de + +- Update package summaries and RPM categorizations. +- Drop some idempotent %if..%endif markers whose presence has + no effect on the files being output. + +------------------------------------------------------------------- +Mon Oct 9 12:33:22 UTC 2017 - psimons@suse.com + +- Apply CVE-2017-14517.patch from upstream to fix a NULL pointer + dereference in the XRef::parseEntry() function that may have lead + to potential denial-of-service attack when handling malicious PDF + files. [CVE-2017-14517, bsc#1059066] + +------------------------------------------------------------------- +Mon Sep 18 10:27:48 UTC 2017 - psimons@suse.com + +- Apply CVE-2017-14518.patch to remedy a floating point exception + in Splash.cc that could have been exploited using a specially + crafted PDF document. [CVE-2017-14518, bsc#1059101] + +------------------------------------------------------------------- +Thu Sep 7 10:34:49 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.59.0: + + core: Fix infinite recursion in NameTree parsing in broken + files. + + utils: + - pdfunite: Fix API porting error that caused abort in some + cases. + - pdfinfo: + . Fix crashes and memory leaks when using -dests. + . Use GooString.append instead of sprintf/strcat. + - pdfimages: Fix warning when compiling with cygwin. + + build system: + - Fix cygwin 32-bit compile. + - Cmake tweaks. +- Bump soversion following upstream changes. + +------------------------------------------------------------------- +Sun Sep 3 10:21:49 UTC 2017 - zaitor@opensuse.org + +- Update to version 0.58.0: + + core: + - CairoOutputDev: cairo 1.14 now has high quality downscaling. + - Signature related improvements (fdo#99271). + - Tweak which cmap we use (fdo#101855). + - Memory leak fixes. + - Substantial rework of the internals. + - win32: call ANSI functions directly (fdo#100312). + - Add some documentation. + + qt5: + - Expose signature information. + - ArthurOutputDev: initialize the image with the paper color + (fdo#102129). + - Fix copy'n'paste bugs: Qt4 -> Qt5. + - ArthurOutputDev: Properly set the QPainter transformation. + - ArthurOutputDev: Use Qt::SvgMiterJoin instead of + Qt::MiterJoin (fdo#102356). + + utils: + - pdfinfo: add -dests option to print named destinations + (fdo#97262). + - pdftocairo: add -jpegopt for setting jpeg compression + parameters (fdo#45727). + - pdftoppm: add -jpegopt for setting jpeg compression + parameters (fdo#45727). + - pdfimages: support listing/extracting inline images + (fdo#25625). + + build system: + - cmake: Various Windows fixes. + - cmake: Use -std=c++11 instead of -std=gnu++11. + + cpp: Fix page.text() not taking page orientation into account + (fdo#94517). +- Bump soversion following upstream changes. + +------------------------------------------------------------------- poppler-qt5.changes: same change poppler.changes: same change Old: ---- poppler-0.57.0.tar.xz New: ---- CVE-2017-14517.patch CVE-2017-14518.patch poppler-0.59.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ poppler-qt.spec ++++++ --- /var/tmp/diff_new_pack.wZSM6N/_old 2017-11-14 14:05:02.626270582 +0100 +++ /var/tmp/diff_new_pack.wZSM6N/_new 2017-11-14 14:05:02.630270436 +0100 @@ -21,11 +21,11 @@ Name: poppler-qt %define _name poppler -Version: 0.57.0 +Version: 0.59.0 Release: 0 # Actual version of poppler-data: %define poppler_data_version 0.4.6 -%define poppler_sover 68 +%define poppler_sover 70 %define poppler_cpp_sover 0 %define poppler_glib_sover 8 %define poppler_qt4_sover 4 @@ -35,9 +35,11 @@ Url: http://poppler.freedesktop.org/ Summary: PDF Rendering Library License: GPL-2.0 or GPL-3.0 -Group: System/Libraries +Group: Development/Libraries/C and C++ Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +Patch1: CVE-2017-14517.patch +Patch2: CVE-2017-14518.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -90,7 +92,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-cpp%{poppler_cpp_sover} -Summary: PDF Rendering Library +Summary: C++ API of the Poppler PDF rendering library Group: System/Libraries %description -n libpoppler-cpp%{poppler_cpp_sover} @@ -98,7 +100,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-glib%{poppler_glib_sover} -Summary: PDF Rendering Library - GLib Wrapper +Summary: Glib wrapper for the poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} # Last appeared in OpenSUSE 10.3: @@ -110,7 +112,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n typelib-1_0-Poppler-%{poppler_apipkg} -Summary: PDF Rendering Library - Introspection bindings +Summary: Introspection bindings for the Poppler PDF rendering library Group: System/Libraries %description -n typelib-1_0-Poppler-%{poppler_apipkg} @@ -119,10 +121,8 @@ This package provides the GObject Introspection bindings for Poppler. -%if %build_qt - %package -n libpoppler-qt4-%{poppler_qt4_sover} -Summary: PDF Rendering Library - Qt4 Wrapper +Summary: Qt4 wrapper for the Poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} # Last appeared in OpenSUSE 10.3: @@ -132,19 +132,15 @@ %description -n libpoppler-qt4-%{poppler_qt4_sover} Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif - -%if %build_qt5 %package -n libpoppler-qt5-%{poppler_qt5_sover} -Summary: PDF Rendering Library - Qt5 Wrapper +Summary: Qt5 wrapper for the Poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} %description -n libpoppler-qt5-%{poppler_qt5_sover} Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif %package tools Summary: PDF Rendering Library Tools @@ -160,7 +156,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-devel -Summary: PDF rendering library +Summary: Development files for the Poppler PDF rendering library Group: Development/Libraries/C and C++ Requires: libpoppler%{poppler_sover} = %{version} Requires: libpoppler-cpp%{poppler_cpp_sover} = %{version} @@ -174,7 +170,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-glib-devel -Summary: PDF rendering library - GLib Wrapper +Summary: Development files for the Poppler Glib wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-glib%{poppler_glib_sover} = %{version} Requires: typelib-1_0-Poppler-%{poppler_apipkg} = %{version} @@ -191,10 +187,8 @@ Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%if %build_qt - %package -n libpoppler-qt4-devel -Summary: PDF rendering library - Qt4 Wrapper +Summary: Development files for the Poppler Qt4 wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-devel = %{version} Requires: libpoppler-qt4-%{poppler_qt4_sover} = %{version} @@ -205,12 +199,9 @@ %description -n libpoppler-qt4-devel Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif - -%if %build_qt5 %package -n libpoppler-qt5-devel -Summary: PDF rendering library - Qt5 Wrapper +Summary: Development files for the Poppler Qt5 wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-devel = %{version} Requires: libpoppler-qt5-%{poppler_qt5_sover} = %{version} @@ -222,10 +213,11 @@ %description -n libpoppler-qt5-devel Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif %prep %setup -q -n poppler-%{version} +%patch1 -p1 +%patch2 -p1 %build %if %build_qt5 @@ -254,7 +246,7 @@ make %{?_smp_mflags} %install -%makeinstall +%make_install rm %{buildroot}%{_libdir}/*.la %if %build_qt || %build_qt5 cd %{buildroot} && find . -type f -o -type l | grep -v qt | xargs rm -v @@ -277,15 +269,9 @@ %post -n libpoppler-glib%{poppler_glib_sover} -p /sbin/ldconfig -%if %build_qt - %post -n libpoppler-qt4-%{poppler_qt4_sover} -p /sbin/ldconfig -%endif - -%if %build_qt5 %post -n libpoppler-qt5-%{poppler_qt5_sover} -p /sbin/ldconfig -%endif %postun -n libpoppler%{poppler_sover} -p /sbin/ldconfig @@ -295,15 +281,9 @@ %postun -n libpoppler-cpp%{poppler_cpp_sover} -p /sbin/ldconfig -%if %build_qt - %postun -n libpoppler-qt4-%{poppler_qt4_sover} -p /sbin/ldconfig -%endif - -%if %build_qt5 %postun -n libpoppler-qt5-%{poppler_qt5_sover} -p /sbin/ldconfig -%endif %if %build_qt ++++++ poppler-qt5.spec ++++++ --- /var/tmp/diff_new_pack.wZSM6N/_old 2017-11-14 14:05:02.658269414 +0100 +++ /var/tmp/diff_new_pack.wZSM6N/_new 2017-11-14 14:05:02.662269268 +0100 @@ -21,11 +21,11 @@ Name: poppler-qt5 %define _name poppler -Version: 0.57.0 +Version: 0.59.0 Release: 0 # Actual version of poppler-data: %define poppler_data_version 0.4.6 -%define poppler_sover 68 +%define poppler_sover 70 %define poppler_cpp_sover 0 %define poppler_glib_sover 8 %define poppler_qt4_sover 4 @@ -35,9 +35,11 @@ Url: http://poppler.freedesktop.org/ Summary: PDF Rendering Library License: GPL-2.0 or GPL-3.0 -Group: System/Libraries +Group: Development/Libraries/C and C++ Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +Patch1: CVE-2017-14517.patch +Patch2: CVE-2017-14518.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -90,7 +92,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-cpp%{poppler_cpp_sover} -Summary: PDF Rendering Library +Summary: C++ API of the Poppler PDF rendering library Group: System/Libraries %description -n libpoppler-cpp%{poppler_cpp_sover} @@ -98,7 +100,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-glib%{poppler_glib_sover} -Summary: PDF Rendering Library - GLib Wrapper +Summary: Glib wrapper for the poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} # Last appeared in OpenSUSE 10.3: @@ -110,7 +112,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n typelib-1_0-Poppler-%{poppler_apipkg} -Summary: PDF Rendering Library - Introspection bindings +Summary: Introspection bindings for the Poppler PDF rendering library Group: System/Libraries %description -n typelib-1_0-Poppler-%{poppler_apipkg} @@ -119,10 +121,8 @@ This package provides the GObject Introspection bindings for Poppler. -%if %build_qt - %package -n libpoppler-qt4-%{poppler_qt4_sover} -Summary: PDF Rendering Library - Qt4 Wrapper +Summary: Qt4 wrapper for the Poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} # Last appeared in OpenSUSE 10.3: @@ -132,19 +132,15 @@ %description -n libpoppler-qt4-%{poppler_qt4_sover} Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif - -%if %build_qt5 %package -n libpoppler-qt5-%{poppler_qt5_sover} -Summary: PDF Rendering Library - Qt5 Wrapper +Summary: Qt5 wrapper for the Poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} %description -n libpoppler-qt5-%{poppler_qt5_sover} Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif %package tools Summary: PDF Rendering Library Tools @@ -160,7 +156,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-devel -Summary: PDF rendering library +Summary: Development files for the Poppler PDF rendering library Group: Development/Libraries/C and C++ Requires: libpoppler%{poppler_sover} = %{version} Requires: libpoppler-cpp%{poppler_cpp_sover} = %{version} @@ -174,7 +170,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-glib-devel -Summary: PDF rendering library - GLib Wrapper +Summary: Development files for the Poppler Glib wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-glib%{poppler_glib_sover} = %{version} Requires: typelib-1_0-Poppler-%{poppler_apipkg} = %{version} @@ -191,10 +187,8 @@ Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%if %build_qt - %package -n libpoppler-qt4-devel -Summary: PDF rendering library - Qt4 Wrapper +Summary: Development files for the Poppler Qt4 wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-devel = %{version} Requires: libpoppler-qt4-%{poppler_qt4_sover} = %{version} @@ -205,12 +199,9 @@ %description -n libpoppler-qt4-devel Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif - -%if %build_qt5 %package -n libpoppler-qt5-devel -Summary: PDF rendering library - Qt5 Wrapper +Summary: Development files for the Poppler Qt5 wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-devel = %{version} Requires: libpoppler-qt5-%{poppler_qt5_sover} = %{version} @@ -222,10 +213,11 @@ %description -n libpoppler-qt5-devel Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif %prep %setup -q -n poppler-%{version} +%patch1 -p1 +%patch2 -p1 %build %if %build_qt5 @@ -254,7 +246,7 @@ make %{?_smp_mflags} %install -%makeinstall +%make_install rm %{buildroot}%{_libdir}/*.la %if %build_qt || %build_qt5 cd %{buildroot} && find . -type f -o -type l | grep -v qt | xargs rm -v @@ -277,15 +269,9 @@ %post -n libpoppler-glib%{poppler_glib_sover} -p /sbin/ldconfig -%if %build_qt - %post -n libpoppler-qt4-%{poppler_qt4_sover} -p /sbin/ldconfig -%endif - -%if %build_qt5 %post -n libpoppler-qt5-%{poppler_qt5_sover} -p /sbin/ldconfig -%endif %postun -n libpoppler%{poppler_sover} -p /sbin/ldconfig @@ -295,15 +281,9 @@ %postun -n libpoppler-cpp%{poppler_cpp_sover} -p /sbin/ldconfig -%if %build_qt - %postun -n libpoppler-qt4-%{poppler_qt4_sover} -p /sbin/ldconfig -%endif - -%if %build_qt5 %postun -n libpoppler-qt5-%{poppler_qt5_sover} -p /sbin/ldconfig -%endif %if %build_qt ++++++ poppler.spec ++++++ --- /var/tmp/diff_new_pack.wZSM6N/_old 2017-11-14 14:05:02.682268538 +0100 +++ /var/tmp/diff_new_pack.wZSM6N/_new 2017-11-14 14:05:02.686268392 +0100 @@ -21,11 +21,11 @@ Name: poppler %define _name poppler -Version: 0.57.0 +Version: 0.59.0 Release: 0 # Actual version of poppler-data: %define poppler_data_version 0.4.6 -%define poppler_sover 68 +%define poppler_sover 70 %define poppler_cpp_sover 0 %define poppler_glib_sover 8 %define poppler_qt4_sover 4 @@ -35,9 +35,11 @@ Url: http://poppler.freedesktop.org/ Summary: PDF Rendering Library License: GPL-2.0 or GPL-3.0 -Group: System/Libraries +Group: Development/Libraries/C and C++ Source: http://poppler.freedesktop.org/%{_name}-%{version}.tar.xz Source99: baselibs.conf +Patch1: CVE-2017-14517.patch +Patch2: CVE-2017-14518.patch BuildRequires: gcc-c++ BuildRequires: gobject-introspection-devel BuildRequires: libjpeg-devel @@ -90,7 +92,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-cpp%{poppler_cpp_sover} -Summary: PDF Rendering Library +Summary: C++ API of the Poppler PDF rendering library Group: System/Libraries %description -n libpoppler-cpp%{poppler_cpp_sover} @@ -98,7 +100,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-glib%{poppler_glib_sover} -Summary: PDF Rendering Library - GLib Wrapper +Summary: Glib wrapper for the poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} # Last appeared in OpenSUSE 10.3: @@ -110,7 +112,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n typelib-1_0-Poppler-%{poppler_apipkg} -Summary: PDF Rendering Library - Introspection bindings +Summary: Introspection bindings for the Poppler PDF rendering library Group: System/Libraries %description -n typelib-1_0-Poppler-%{poppler_apipkg} @@ -119,10 +121,8 @@ This package provides the GObject Introspection bindings for Poppler. -%if %build_qt - %package -n libpoppler-qt4-%{poppler_qt4_sover} -Summary: PDF Rendering Library - Qt4 Wrapper +Summary: Qt4 wrapper for the Poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} # Last appeared in OpenSUSE 10.3: @@ -132,19 +132,15 @@ %description -n libpoppler-qt4-%{poppler_qt4_sover} Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif - -%if %build_qt5 %package -n libpoppler-qt5-%{poppler_qt5_sover} -Summary: PDF Rendering Library - Qt5 Wrapper +Summary: Qt5 wrapper for the Poppler PDF rendering library Group: System/Libraries Requires: libpoppler%{poppler_sover} >= %{version} %description -n libpoppler-qt5-%{poppler_qt5_sover} Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif %package tools Summary: PDF Rendering Library Tools @@ -160,7 +156,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-devel -Summary: PDF rendering library +Summary: Development files for the Poppler PDF rendering library Group: Development/Libraries/C and C++ Requires: libpoppler%{poppler_sover} = %{version} Requires: libpoppler-cpp%{poppler_cpp_sover} = %{version} @@ -174,7 +170,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC. %package -n libpoppler-glib-devel -Summary: PDF rendering library - GLib Wrapper +Summary: Development files for the Poppler Glib wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-glib%{poppler_glib_sover} = %{version} Requires: typelib-1_0-Poppler-%{poppler_apipkg} = %{version} @@ -191,10 +187,8 @@ Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%if %build_qt - %package -n libpoppler-qt4-devel -Summary: PDF rendering library - Qt4 Wrapper +Summary: Development files for the Poppler Qt4 wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-devel = %{version} Requires: libpoppler-qt4-%{poppler_qt4_sover} = %{version} @@ -205,12 +199,9 @@ %description -n libpoppler-qt4-devel Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif - -%if %build_qt5 %package -n libpoppler-qt5-devel -Summary: PDF rendering library - Qt5 Wrapper +Summary: Development files for the Poppler Qt5 wrapper library Group: Development/Libraries/C and C++ Requires: libpoppler-devel = %{version} Requires: libpoppler-qt5-%{poppler_qt5_sover} = %{version} @@ -222,10 +213,11 @@ %description -n libpoppler-qt5-devel Poppler is a PDF rendering library, forked from the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. -%endif %prep %setup -q -n poppler-%{version} +%patch1 -p1 +%patch2 -p1 %build %if %build_qt5 @@ -254,7 +246,7 @@ make %{?_smp_mflags} %install -%makeinstall +%make_install rm %{buildroot}%{_libdir}/*.la %if %build_qt || %build_qt5 cd %{buildroot} && find . -type f -o -type l | grep -v qt | xargs rm -v @@ -277,15 +269,9 @@ %post -n libpoppler-glib%{poppler_glib_sover} -p /sbin/ldconfig -%if %build_qt - %post -n libpoppler-qt4-%{poppler_qt4_sover} -p /sbin/ldconfig -%endif - -%if %build_qt5 %post -n libpoppler-qt5-%{poppler_qt5_sover} -p /sbin/ldconfig -%endif %postun -n libpoppler%{poppler_sover} -p /sbin/ldconfig @@ -295,15 +281,9 @@ %postun -n libpoppler-cpp%{poppler_cpp_sover} -p /sbin/ldconfig -%if %build_qt - %postun -n libpoppler-qt4-%{poppler_qt4_sover} -p /sbin/ldconfig -%endif - -%if %build_qt5 %postun -n libpoppler-qt5-%{poppler_qt5_sover} -p /sbin/ldconfig -%endif %if %build_qt ++++++ CVE-2017-14517.patch ++++++
From 476394e7a025e02e4897da2e765df2c895d0708f Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aacid@kde.org> Date: Wed, 13 Sep 2017 22:58:14 +0200 Subject: [PATCH] XRef::parseEntry: Fix crash in broken file
Bug #102687 --- poppler/XRef.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/poppler/XRef.cc b/poppler/XRef.cc index eca2dc70..f3b88ec0 100644 --- a/poppler/XRef.cc +++ b/poppler/XRef.cc @@ -1526,6 +1526,9 @@ GBool XRef::parseEntry(Goffset offset, XRefEntry *entry) { GBool r; + if (unlikely(entry == nullptr)) + return gFalse; + Parser parser(NULL, new Lexer(NULL, str->makeSubStream(offset, gFalse, 20, Object(objNull))), gTrue); -- 2.14.2 ++++++ CVE-2017-14518.patch ++++++
From 80f9819b6233f9f9b5fd44f0e4cad026e5d048c2 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aacid@kde.org> Date: Wed, 13 Sep 2017 23:09:45 +0200 Subject: isImageInterpolationRequired: Fix divide by 0 on broken documents
Bug #102688 diff --git a/splash/Splash.cc b/splash/Splash.cc index 46b8ce2..39fc7d6 100644 --- a/splash/Splash.cc +++ b/splash/Splash.cc @@ -4134,7 +4134,7 @@ SplashError Splash::arbitraryTransformImage(SplashImageSource src, SplashICCTran static GBool isImageInterpolationRequired(int srcWidth, int srcHeight, int scaledWidth, int scaledHeight, GBool interpolate) { - if (interpolate) + if (interpolate || srcWidth == 0 || srcHeight == 0) return gTrue; /* When scale factor is >= 400% we don't interpolate. See bugs #25268, #9860 */ -- cgit v0.10.2 ++++++ poppler-0.57.0.tar.xz -> poppler-0.59.0.tar.xz ++++++ ++++ 29482 lines of diff (skipped)