Backport security patch thanks to steev, bug 188863

(Portage version: 2.1.3.6)

2 files changed, 35 insertions, 0 deletions

diff --git a/app-text/poppler/files/digest-poppler-0.5.4-r2 b/app-text/poppler/files/digest-poppler-0.5.4-r2
new file mode 100644
index 000000000000..3cf1476067e6
--- /dev/null
+++ b/app-text/poppler/files/digest-poppler-0.5.4-r2
@@ -0,0 +1,3 @@
+MD5 053fdfd70533ecce1a06353fa945f061 poppler-0.5.4.tar.gz 1062401
+RMD160 f28c89b03388757067505df3c60a1d878626b0dd poppler-0.5.4.tar.gz 1062401
+SHA256 ca0f880a4ff07391e99b443f0e7c9860241df6a6aaa327b9d811b358d94a29c9 poppler-0.5.4.tar.gz 1062401
diff --git a/app-text/poppler/files/poppler-cve-2007-3387.patch b/app-text/poppler/files/poppler-cve-2007-3387.patch
new file mode 100644
index 000000000000..2e174e1c0063
--- /dev/null
+++ b/app-text/poppler/files/poppler-cve-2007-3387.patch
@@ -0,0 +1,32 @@
+diff -Nur poppler-0.5.4/poppler/Stream.cc poppler-0.5.4.new/poppler/Stream.cc
+--- poppler-0.5.4/poppler/Stream.cc	2006-07-28 11:07:41.000000000 -0700
++++ poppler-0.5.4.new/poppler/Stream.cc	2007-08-07 11:29:59.854631893 -0700
+@@ -422,21 +422,14 @@
+   ok = gFalse;
+ 
+   nVals = width * nComps;
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX/nBits ||
+-      width >= INT_MAX/nComps/nBits ||
+-      nVals * nBits + 7 < 0) {
+-    return;
+-  }
+-  totalBits = nVals * nBits;
+-  if (totalBits == 0 ||
+-      (totalBits / nBits) / nComps != width ||
+-      totalBits + 7 < 0) {
+-    return;
+-  }
+   pixBytes = (nComps * nBits + 7) >> 3;
+-  rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0) {
++  rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++      nComps > gfxColorMaxComps ||
++      nBits > 16 ||
++      nVals <= 0 ||
++      nVals * nBits + 7 <= 0 ||
++      rowBytes <= 0) {
+     return;
+   }
+   predLine = (Guchar *)gmalloc(rowBytes);