From dd9e8caa54c07e8302dabe275e52587f46524b55 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Oct 02 2017 11:25:32 +0000 Subject: Add patch for CVE-2017-14520 (#1494584) --- diff --git a/mingw-poppler.spec b/mingw-poppler.spec index a20cde7..5eeb10c 100644 --- a/mingw-poppler.spec +++ b/mingw-poppler.spec @@ -4,7 +4,7 @@ Name: mingw-%{pkgname} Version: 0.59.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: MinGW Windows Poppler library License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT @@ -14,6 +14,8 @@ Source0: http://poppler.freedesktop.org/%{pkgname}-%{version}.tar.xz # Fix CVE-2017-9083 (#1453200) Patch0: poppler_CVE-2017-9083.patch +# Fix CVE-2017-14520 (#1494584) +Patch1: poppler_CVE-2017-14520.patch BuildRequires: gettext-devel BuildRequires: perl(File::Temp) @@ -357,6 +359,9 @@ rm -f %{buildroot}%{mingw64_bindir}/*.exe %changelog +* Mon Oct 02 2017 Sandro Mani - 0.59.0-2 +- Add patch for CVE-2017-14520 (#1494584) + * Fri Sep 08 2017 Sandro Mani - 0.59.0-1 - Update to 0.59.0 diff --git a/poppler_CVE-2017-14520.patch b/poppler_CVE-2017-14520.patch new file mode 100644 index 0000000..f71ff53 --- /dev/null +++ b/poppler_CVE-2017-14520.patch @@ -0,0 +1,24 @@ +From 504b3590182175390f474657a372e78fb1508262 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Thu, 14 Sep 2017 19:14:23 +0200 +Subject: Splash::scaleImage: Do not try to scale if srcHeight or srcWidth are + < 1 + +Bug #102719 + +diff --git a/splash/Splash.cc b/splash/Splash.cc +index 39fc7d6..aba7814 100644 +--- a/splash/Splash.cc ++++ b/splash/Splash.cc +@@ -4152,7 +4152,7 @@ SplashBitmap *Splash::scaleImage(SplashImageSource src, void *srcData, + SplashBitmap *dest; + + dest = new SplashBitmap(scaledWidth, scaledHeight, 1, srcMode, srcAlpha, gTrue, bitmap->getSeparationList()); +- if (dest->getDataPtr() != NULL) { ++ if (dest->getDataPtr() != NULL && srcHeight > 0 && srcWidth > 0) { + if (scaledHeight < srcHeight) { + if (scaledWidth < srcWidth) { + scaleImageYdXd(src, srcData, srcMode, nComps, srcAlpha, +-- +cgit v0.10.2 +