summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2017-11-24 23:55:47 +0100
committerAndreas Sturmlechner <asturm@gentoo.org>2017-11-25 00:06:22 +0100
commitb0f7e72d6950013ea98f65116dc44cedd8923dd5 (patch)
treeb1d1211e7baa39c81496196ea02379cf82680a52 /app-text/poppler
parentapp-text/poppler: Fix CVE-2017-14617 (diff)
downloadgentoo-b0f7e72d6950013ea98f65116dc44cedd8923dd5.tar.gz
gentoo-b0f7e72d6950013ea98f65116dc44cedd8923dd5.tar.bz2
gentoo-b0f7e72d6950013ea98f65116dc44cedd8923dd5.zip
app-text/poppler: Fix CVE-2017-{2820,9083}
Bug: https://bugs.gentoo.org/619558 Bug: https://bugs.gentoo.org/624708 Package-Manager: Portage-2.3.16, Repoman-2.3.6
Diffstat (limited to 'app-text/poppler')
-rw-r--r--app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch25
-rw-r--r--app-text/poppler/poppler-0.57.0-r1.ebuild1
2 files changed, 26 insertions, 0 deletions
diff --git a/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch
new file mode 100644
index 000000000000..faf632128ff7
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch
@@ -0,0 +1,25 @@
+Fix security issue [internal unmaintained JPX decoder] that is caused
+by building without system-jpeg libs. Fedora does not care because they
+always build with system-jpeg, however in Gentoo we allow the user to
+disable both options and poppler's buildsystem is making us believe
+there would be no JPX decoder built in that case, when in reality
+JPXStream.cc is built (even if it may not be used by the code).
+
+
+--- a/CMakeLists.txt 2017-11-24 23:12:41.953450442 +0100
++++ b/CMakeLists.txt 2017-11-24 23:16:09.441030669 +0100
+@@ -506,9 +508,11 @@
+ add_definitions(-DUSE_OPENJPEG2)
+ set(poppler_LIBS ${poppler_LIBS} ${LIBOPENJPEG2_LIBRARIES})
+ else ()
+- set(poppler_SRCS ${poppler_SRCS}
+- poppler/JPXStream.cc
+- )
++ if(NOT WITH_OPENJPEG AND HAVE_JPX_DECODER)
++ set(poppler_SRCS ${poppler_SRCS}
++ poppler/JPXStream.cc
++ )
++ endif()
+ endif()
+ if(USE_CMS)
+ if(LCMS_FOUND)
diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild
index b7a421f73e2c..fafef568109a 100644
--- a/app-text/poppler/poppler-0.57.0-r1.ebuild
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -65,6 +65,7 @@ PATCHES=(
"${FILESDIR}/${PN}-0.53.0-respect-cflags.patch"
"${FILESDIR}/${PN}-0.33.0-openjpeg2.patch"
"${FILESDIR}/${PN}-0.40-FindQt4.patch"
+ "${FILESDIR}/${P}-disable-internal-jpx.patch"
# Fedora backports from upstream
"${FILESDIR}/${P}-CVE-2017-14517.patch"
"${FILESDIR}/${P}-CVE-2017-14518.patch"