summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Savchenko <bircoph@gentoo.org>2020-03-01 23:03:46 +0300
committerAndrew Savchenko <bircoph@gentoo.org>2020-03-01 23:06:21 +0300
commit6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18 (patch)
treeb27ec0c626cfe06c9b424f6f1ac475a2a9ee0b6f /app-text
parentdev-lang/erlang: bump up to 22.2.8 (diff)
downloadgentoo-6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18.tar.gz
gentoo-6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18.tar.bz2
gentoo-6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18.zip
app-text/xpdf: fix CVE-2019-17064
Fix NULL pointer dereference by initializing field before use. https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890#p42672 Bug: https://bugs.gentoo.org/711146 Package-Manager: Portage-2.3.82, Repoman-2.3.20 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>
Diffstat (limited to 'app-text')
-rw-r--r--app-text/xpdf/files/xpdf-CVE-2019-17064.patch24
-rw-r--r--app-text/xpdf/xpdf-4.02-r2.ebuild141
2 files changed, 165 insertions, 0 deletions
diff --git a/app-text/xpdf/files/xpdf-CVE-2019-17064.patch b/app-text/xpdf/files/xpdf-CVE-2019-17064.patch
new file mode 100644
index 000000000000..c4f84a4604c0
--- /dev/null
+++ b/app-text/xpdf/files/xpdf-CVE-2019-17064.patch
@@ -0,0 +1,24 @@
+Fix CVE-2019-17064
+
+Fix NULL pointer dereference by initializing field before use.
+https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890#p42672
+
+diff '--color=auto' -Naurd xpdf-4.02.orig/xpdf/Catalog.cc xpdf-4.02/xpdf/Catalog.cc
+--- xpdf-4.02.orig/xpdf/Catalog.cc 2019-09-25 22:54:33.000000000 +0300
++++ xpdf-4.02/xpdf/Catalog.cc 2020-03-01 12:05:43.235486706 +0300
+@@ -159,6 +159,7 @@
+ baseURI = NULL;
+ form = NULL;
+ embeddedFiles = NULL;
++ pageLabels = NULL;
+ #if MULTITHREADED
+ gInitMutex(&pageMutex);
+ #endif
+@@ -241,7 +242,6 @@
+ // get the ViewerPreferences object
+ catDict.dictLookupNF("ViewerPreferences", &viewerPrefs);
+
+- pageLabels = NULL;
+ if (catDict.dictLookup("PageLabels", &obj)->isDict()) {
+ readPageLabelTree(&obj);
+ }
diff --git a/app-text/xpdf/xpdf-4.02-r2.ebuild b/app-text/xpdf/xpdf-4.02-r2.ebuild
new file mode 100644
index 000000000000..96d625e1826c
--- /dev/null
+++ b/app-text/xpdf/xpdf-4.02-r2.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake-utils desktop xdg
+
+DESCRIPTION="The PDF viewer and tools"
+HOMEPAGE="https://www.xpdfreader.com"
+SRC_URI="https://xpdfreader-dl.s3.amazonaws.com/${P}.tar.gz
+ i18n? (
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-arabic.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-chinese-simplified.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-chinese-traditional.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-cyrillic.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-greek.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-hebrew.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-japanese.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-korean.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-latin2.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-thai.tar.gz
+ https://xpdfreader-dl.s3.amazonaws.com/xpdf-turkish.tar.gz
+ )"
+
+LICENSE="GPL-2 GPL-3 i18n? ( BSD )"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="cmyk cups i18n icons +libpaper metric opi png +textselect utils"
+
+BDEPEND="
+ icons? ( media-gfx/inkscape )
+"
+DEPEND="
+ cups? (
+ dev-qt/qtprintsupport:5
+ net-print/cups
+ )
+ libpaper? ( app-text/libpaper )
+ utils? ( png? ( media-libs/libpng:0 ) )
+ dev-qt/qtnetwork:5
+ dev-qt/qtwidgets:5
+ media-libs/freetype
+ sys-libs/zlib
+"
+RDEPEND="${DEPEND}
+ media-fonts/urw-fonts
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-automagic.patch
+ "${FILESDIR}"/${PN}-visibility.patch
+ "${FILESDIR}"/${PN}-shared-libs.patch
+ "${FILESDIR}"/${PN}-CVE-2019-17064.patch
+)
+
+src_prepare() {
+ sed -i \
+ "s|/usr/local/etc|${EPREFIX}/etc|;
+ s|/usr/local|${EPREFIX}/usr|" \
+ doc/sample-xpdfrc || die
+
+ if use i18n; then
+ sed -i "s|/usr/local|${EPREFIX}/usr|" "${WORKDIR}"/*/add-to-xpdfrc || die
+ fi
+
+ cmake-utils_src_prepare
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DA4_PAPER=$(usex metric)
+ -DNO_TEXT_SELECT=$(usex textselect off on)
+ -DOPI_SUPPORT=$(usex opi)
+ -DSPLASH_CMYK=$(usex cmyk)
+ -DWITH_LIBPAPER=$(usex libpaper)
+ -DWITH_LIBPNG=$(usex png)
+ -DXPDFWIDGET_PRINTING=$(usex cups)
+ -DSYSTEM_XPDFRC="${EPREFIX}/etc/xpdfrc"
+ )
+ cmake-utils_src_configure
+}
+
+src_compile() {
+ cmake-utils_src_compile
+
+ if use icons; then
+ sizes="16 22 24 32 36 48 64 72 96 128 192 256 512"
+ cd xpdf-qt
+ mkdir $sizes
+ local i
+ for i in $sizes; do
+ inkscape xpdf-icon.svg -w $i -h $i -e $i/xpdf.png
+ done
+ fi
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ domenu "${FILESDIR}/xpdf.desktop"
+ newicon -s scalable xpdf-qt/xpdf-icon.svg xpdf.svg
+ if use icons; then
+ local i
+ for i in $sizes; do
+ doicon -s $i xpdf-qt/$i/xpdf.png
+ done
+ unset sizes
+ fi
+
+ insinto /etc
+ newins doc/sample-xpdfrc xpdfrc
+
+ local d i
+ if use utils; then
+ for d in "bin" "share/man/man1"; do
+ pushd "${ED}/usr/${d}" || die
+ for i in pdf*; do
+ mv "${i}" "x${i}" || die
+ done
+ popd || die
+ done
+
+ einfo "PDF utilities were renamed from pdf* to xpdf* to avoid file collisions"
+ einfo "with other packages"
+ else
+ rm -rf "${ED}"/usr/bin/pdf* \
+ "${ED}"/usr/share/man/man1/pdf* \
+ "${ED}"/usr/$(get_libdir) || die
+ fi
+
+ if use i18n; then
+ for i in arabic chinese-simplified chinese-traditional cyrillic greek \
+ hebrew japanese korean latin2 thai turkish; do
+ insinto "/usr/share/xpdf/${i}"
+ doins -r $(find -O3 "${WORKDIR}/xpdf-${i}" -maxdepth 1 -mindepth 1 \
+ ! -name README ! -name add-to-xpdfrc || die)
+
+ cat "${WORKDIR}/xpdf-${i}/add-to-xpdfrc" >> "${ED}/etc/xpdfrc" || die
+ done
+ fi
+}