diff --git a/gnu/local.mk b/gnu/local.mk index 1bcd790f26..20c78af072 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -913,6 +913,7 @@ dist_patch_DATA = \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/polkit-drop-test.patch \ %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ + %D%/packages/patches/poppler-CVE-2017-9776.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ diff --git a/gnu/packages/patches/poppler-CVE-2017-9776.patch b/gnu/packages/patches/poppler-CVE-2017-9776.patch new file mode 100644 index 0000000000..17a2807171 --- /dev/null +++ b/gnu/packages/patches/poppler-CVE-2017-9776.patch @@ -0,0 +1,34 @@ +Fix CVE-2017-9776: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776 +https://bugs.freedesktop.org/show_bug.cgi?id=101541 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc + +From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 21 Jun 2017 00:55:20 +0200 +Subject: [PATCH] Fix crash in malformed documents + +--- + poppler/JBIG2Stream.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index 48535883..d89108c8 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, + oneByte = x0 == ((x1 - 1) & ~7); + + for (yy = y0; yy < y1; ++yy) { +- if (unlikely(y + yy) >= h) ++ if (unlikely((y + yy >= h) || (y + yy < 0))) + continue; + + // one byte per line -- need to mask both left and right side +-- +2.13.2 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index dce02a7b57..ffd7634eab 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -76,7 +76,7 @@ (define-public poppler (package (name "poppler") - (replacement poppler-0.56.0) + (replacement poppler/fixed) (version "0.52.0") (source (origin (method url-fetch) @@ -130,17 +130,12 @@ (license license:gpl2+) (home-page "https://poppler.freedesktop.org/"))) -(define poppler-0.56.0 +(define poppler/fixed (package (inherit poppler) - (version "0.56.0") (source (origin - (method url-fetch) - (uri (string-append "https://poppler.freedesktop.org/poppler-" - version ".tar.xz")) - (sha256 - (base32 - "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6")))))) + (inherit (package-source poppler)) + (patches (search-patches "poppler-CVE-2017-9776.patch")))))) (define-public poppler-qt4 (package/inherit poppler