add CVE-12293.patch CVE-27778.patch

2021-09-28 22:37:40 +08:00 · 2021-09-28 22:37:40 +08:00 · 3d1854e1a7
commit 3d1854e1a7
parent 2503e68fe5
3 changed files with 76 additions and 1 deletions
--- a/backport-CVE-2019-12293.patch
+++ b/backport-CVE-2019-12293.patch
@ -0,0 +1,41 @@
+From 89a5367d49b2556a2635dbb6d48d6a6b182a2c6c Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 23 May 2019 00:54:29 +0200
+Subject: [PATCH] JPEG2000Stream: fail gracefully if not all components have
+ the same WxH
+
+I think this is just a mistake, or at least the only file we have with
+this scenario is a fuzzed one
+---
+ poppler/JPEG2000Stream.cc | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
+index e388ed3..2d7c5e0 100644
+--- a/poppler/JPEG2000Stream.cc
+++ b/poppler/JPEG2000Stream.cc
+@@ -4,7 +4,7 @@
+ //
+ // A JPX stream decoder using OpenJPEG
+ //
+-// Copyright 2008-2010, 2012, 2017, 2018 Albert Astals Cid <aacid@kde.org>
+// Copyright 2008-2010, 2012, 2017-2019 Albert Astals Cid <aacid@kde.org>
+ // Copyright 2011 Daniel Glöckner <daniel-gl@gmx.net>
+ // Copyright 2014, 2016 Thomas Freitag <Thomas.Freitag@alfa.de>
+ // Copyright 2013, 2014 Adrian Johnson <ajohnson@redneon.com>
+@@ -253,6 +253,12 @@ void JPXStream::init()
+         close();
+         break;
+       }
+      const int componentPixels = priv->image->comps[component].w * priv->image->comps[component].h;
+      if (componentPixels != priv->npixels) {
+        error(errSyntaxWarning, -1, "Component {0:d} has different WxH than component 0", component);
+        close();
+        break;
+      }
+       unsigned char *cdata = (unsigned char *)priv->image->comps[component].data;
+       int adjust = 0;
+       int depth = priv->image->comps[component].prec;
+-- 
+2.27.0
+
--- a/backport-CVE-2020-27778.patch
+++ b/backport-CVE-2020-27778.patch
@ -0,0 +1,26 @@
+From 30c731b487190c02afff3f036736a392eb60cd9a Mon Sep 17 00:00:00 2001
+From: Adam Reichold <adam.reichold@t-online.de>
+Date: Fri, 22 Mar 2019 19:12:47 +0100
+Subject: [PATCH] Properly initialize HtmlOutputDev::page to avoid SIGSEGV upon
+ error exit.
+
+Closes #742
+---
+ utils/HtmlOutputDev.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/utils/HtmlOutputDev.cc b/utils/HtmlOutputDev.cc
+index ace303b..090631b 100644
+--- a/utils/HtmlOutputDev.cc
+++ b/utils/HtmlOutputDev.cc
+@@ -1102,6 +1102,7 @@ HtmlOutputDev::HtmlOutputDev(Catalog *catalogA, char *fileName, char *title,
+ {
+   catalog = catalogA;
+   fContentsFrame = nullptr;
+  page = nullptr;
+   docTitle = new GooString(title);
+   pages = nullptr;
+   dumpJPEG=gTrue;
+-- 
+2.27.0
+
--- a/poppler.spec
+++ b/poppler.spec
@ -3,7 +3,7 @@
 
 Name:           poppler
 Version:        0.67.0
-Release:        8
+Release:        9
 Summary:        Poppler is a PDF rendering library based on the xpdf-3.0 code base
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            https://poppler.freedesktop.org/
@ -16,6 +16,8 @@ Patch4:         poppler-0.63.0-python3.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1557355
 Patch6:         poppler-0.63.0-tiling-patterns.patch
 Patch7:         poppler-0.67.0-qt4-const.patch
+Patch8:         backport-CVE-2019-12293.patch
+Patch9:         backport-CVE-2020-27778.patch

 Patch6000:      poppler-CVE-2018-19149.patch
 Patch6001:      poppler_0.26.5_CVE-2019-9200.patch
@ -244,6 +246,12 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*

 %changelog
+* Tue Sep 28 2021 hanhuihui <hanhuihui5@huawei.com> - 0.67.0-9
+- Type:cves
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2019-12293 CVE-2020-27778
+
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 0.67.0-8
 - DESC: delete -S git from %autosetup, and delete BuildRequires git