From c0c777991022d79e028dc3c85c138bd11f0b8efc Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Wed, 20 Nov 2019 13:11:59 +0100 Subject: poppler: upgrade to release 0.82.0 fixes CVE-2019-9903 CVE-2019-9631 CVE-2019-9545 CVE-2019-9543 CVE-2019-14494 CVE-2019-12293 CVE-2019-11026 CVE-2019-10873 CVE-2019-10872 CVE-2019-10871 CVE-2019-10018 remove obsolete 0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 Change-Id: I72b3bf89b294ed3e24157c7e75fd58d4f68d9f35 Reviewed-on: https://gerrit.libreoffice.org/83308 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit 28e52c49452320ac76489d0f93ca5692456e5331) Reviewed-on: https://gerrit.libreoffice.org/83335 Reviewed-by: Thorsten Behrens --- download.lst | 4 ++-- ...tream-getLine-fix-crash-on-broken-files.patch.1 | 27 ---------------------- external/poppler/StaticLibrary_poppler.mk | 1 - external/poppler/UnpackedTarball_poppler.mk | 1 - external/poppler/poppler-config.patch.1 | 19 +++++++++------ 5 files changed, 14 insertions(+), 38 deletions(-) delete mode 100644 external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 diff --git a/download.lst b/download.lst index c67bbf0bc5f8..df853ad67db0 100644 --- a/download.lst +++ b/download.lst @@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3 export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca export LIBPNG_TARBALL := libpng-1.6.37.tar.xz -export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82ea9fb0076b2f -export POPPLER_TARBALL := poppler-0.74.0.tar.xz +export POPPLER_SHA256SUM := 234f8e573ea57fb6a008e7c1e56bfae1af5d1adf0e65f47555e1ae103874e4df +export POPPLER_TARBALL := poppler-0.82.0.tar.xz export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2 export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 diff --git a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 b/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 deleted file mode 100644 index b459a0a0bef7..000000000000 --- a/external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 +++ /dev/null @@ -1,27 +0,0 @@ -From f4136a6353162db249f63ddb0f20611622ab61b4 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid -Date: Wed, 27 Feb 2019 19:43:22 +0100 -Subject: [PATCH] ImageStream::getLine: fix crash on broken files - -Fixes #728 ---- - poppler/Stream.cc | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/poppler/Stream.cc b/poppler/Stream.cc -index 33537b0e..a41435ab 100644 ---- a/poppler/Stream.cc -+++ b/poppler/Stream.cc -@@ -496,6 +496,9 @@ unsigned char *ImageStream::getLine() { - } - - int readChars = str->doGetChars(inputLineSize, inputLine); -+ if (unlikely(readChars == -1)) { -+ readChars = 0; -+ } - for ( ; readChars < inputLineSize; readChars++) inputLine[readChars] = EOF; - if (nBits == 1) { - unsigned char *p = inputLine; --- -2.20.1 - diff --git a/external/poppler/StaticLibrary_poppler.mk b/external/poppler/StaticLibrary_poppler.mk index bdb51ad115da..8bf9f528ee9e 100644 --- a/external/poppler/StaticLibrary_poppler.mk +++ b/external/poppler/StaticLibrary_poppler.mk @@ -39,7 +39,6 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\ UnpackedTarball/poppler/goo/gfile \ UnpackedTarball/poppler/goo/GooTimer \ UnpackedTarball/poppler/goo/GooString \ - UnpackedTarball/poppler/goo/FixedPoint \ UnpackedTarball/poppler/goo/NetPBMWriter \ UnpackedTarball/poppler/goo/PNGWriter \ UnpackedTarball/poppler/goo/TiffWriter \ diff --git a/external/poppler/UnpackedTarball_poppler.mk b/external/poppler/UnpackedTarball_poppler.mk index aaad243fbf0a..68fd06d9403b 100644 --- a/external/poppler/UnpackedTarball_poppler.mk +++ b/external/poppler/UnpackedTarball_poppler.mk @@ -13,7 +13,6 @@ $(eval $(call gb_UnpackedTarball_set_tarball,poppler,$(POPPLER_TARBALL),,poppler $(eval $(call gb_UnpackedTarball_add_patches,poppler,\ external/poppler/poppler-config.patch.1 \ - external/poppler/0001-ImageStream-getLine-fix-crash-on-broken-files.patch.1 \ )) # vim: set noet sw=4 ts=4: diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1 index 1c68806276f7..cb74cd66fb5e 100644 --- a/external/poppler/poppler-config.patch.1 +++ b/external/poppler/poppler-config.patch.1 @@ -195,7 +195,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_NAME "poppler" + +/* Define to the full name and version of this package. */ -+#define PACKAGE_STRING "poppler 0.74.0" ++#define PACKAGE_STRING "poppler 0.82.0" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "poppler" @@ -204,7 +204,7 @@ index 0fbd336a..451213f8 100644 +#define PACKAGE_URL "" + +/* Define to the version of this package. */ -+#define PACKAGE_VERSION "0.74.0" ++#define PACKAGE_VERSION "0.82.0" + +/* Poppler data dir */ +#define POPPLER_DATADIR "/usr/local/share/poppler" @@ -228,7 +228,7 @@ index 0fbd336a..451213f8 100644 +/* #undef USE_FLOAT */ + +/* Version number of package */ -+#define VERSION "0.74.0" ++#define VERSION "0.82.0" + +#if defined(__APPLE__) +#elif defined (_WIN32) @@ -268,7 +268,7 @@ new file mode 100644 index 0fbd336a..451213f8 100644 --- /dev/null +++ b/poppler/poppler-config.h -@@ -0,0 +1,168 @@ +@@ -0,0 +1,173 @@ +//================================================= -*- mode: c++ -*- ==== +// +// poppler-config.h @@ -304,7 +304,7 @@ index 0fbd336a..451213f8 100644 + +/* Defines the poppler version. */ +#ifndef POPPLER_VERSION -+#define POPPLER_VERSION "0.74.0" ++#define POPPLER_VERSION "0.82.0" +#endif + +/* Enable multithreading support. */ @@ -396,6 +396,11 @@ index 0fbd336a..451213f8 100644 +/* #undef USE_CMS */ +#endif + ++/* Use header-only classes from Boost in the Splash backend */ ++#ifndef USE_BOOST_HEADERS ++/* #undef USE_BOOST_HEADERS */ ++#endif ++ +// Also, there are preprocessor symbols in the header files +// that are used but never defined when building poppler using configure +// or cmake: DISABLE_OUTLINE, DEBUG_MEM, @@ -466,9 +471,9 @@ index 0fbd336a..451213f8 100644 + +#include "poppler-global.h" + -+#define POPPLER_VERSION "0.74.0" ++#define POPPLER_VERSION "0.82.0" +#define POPPLER_VERSION_MAJOR 0 -+#define POPPLER_VERSION_MINOR 74 ++#define POPPLER_VERSION_MINOR 82 +#define POPPLER_VERSION_MICRO 0 + +namespace poppler -- cgit