Hi, Attached is a debdiff of the changes I made for 0.12.2-2.1 2-day NMU.
Cheers, Giuseppe
diff -u poppler-0.12.2/debian/changelog poppler-0.12.2/debian/changelog --- poppler-0.12.2/debian/changelog +++ poppler-0.12.2/debian/changelog @@ -1,3 +1,10 @@ +poppler (0.12.2-2.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-3938 (Closes: #534680) + + -- Giuseppe Iuculano <[email protected]> Tue, 22 Dec 2009 16:11:27 +0100 + poppler (0.12.2-2) unstable; urgency=low * Switch to quilt to manage patches. diff -u poppler-0.12.2/debian/patches/series poppler-0.12.2/debian/patches/series --- poppler-0.12.2/debian/patches/series +++ poppler-0.12.2/debian/patches/series @@ -2,0 +3 @@ +03_CVE-2009-3938.patch only in patch2: unchanged: --- poppler-0.12.2.orig/debian/patches/03_CVE-2009-3938.patch +++ poppler-0.12.2/debian/patches/03_CVE-2009-3938.patch @@ -0,0 +1,134 @@ +Fixed CVE-2009-3938 +--- a/poppler/ABWOutputDev.cc ++++ b/poppler/ABWOutputDev.cc +@@ -20,6 +20,7 @@ + #include <stdarg.h> + #include <stddef.h> + #include <ctype.h> ++#include <float.h> + #include <math.h> + #include "goo/GooString.h" + #include "goo/GooList.h" +@@ -36,6 +37,23 @@ + #include <libxml/xpath.h> + #include <libxml/xpathInternals.h> + ++#define MAX(a, b) (((a) > (b)) ? (a) : (b)) ++ ++// 1: potential - ++// DBL_MAX_10_EXP: 10^x ++// 1: last digit before '.' ++// 1: '.' ++// 6: digits after '.' ++// 1: '\0' at the end ++#define BUFLEN_FOR_DOUBLE (1 + DBL_MAX_10_EXP + 1 + 1 + 6 + 1) ++ ++// potential -, INT_MAX is 2147483647, and the trailing '\0' ++#define BUFLEN_FOR_INT (1 + 10 + 1) ++ ++//I wouldn't know what size this should safely be. I guess 64 bytes should be ++//enough for any unicode character ++#define BUFLEN_FOR_UNICODE_CHAR 64 ++ + + // Inter-character space width which will cause addChar to start a new + // word. +@@ -157,7 +175,7 @@ void ABWOutputDev::splitNodes(float spli + xmlNodePtr N_move, N_cur, N_newH, N_newL; + char * propName; + const char *nodeName; +- char buf[20]; ++ char buf[BUFLEN_FOR_DOUBLE]; + if (direction == HORIZONTAL) { + propName = "Y1"; + nodeName = "horizontal"; +@@ -261,7 +279,7 @@ float ABWOutputDev::getBiggestSeperator( + } + + void ABWOutputDev::updateFont(GfxState *state) { +- char buf[160]; ++ char buf[BUFLEN_FOR_INT]; + xmlNodePtr N_cur; + GfxFont *font; + bool found = false; +@@ -341,9 +359,7 @@ void ABWOutputDev::drawChar(GfxState *st + double originX, double originY, + CharCode code, int nBytes, Unicode *u, int uLen) + { +- //I wouldn't know what size this should safely be. I guess 64 bytes should be +- //enough for any unicode character +- char buf[64]; ++ char buf[BUFLEN_FOR_UNICODE_CHAR]; + int charLen; + x = dx; + y = dy; +@@ -401,7 +417,7 @@ void ABWOutputDev::endString(GfxState *s + } + + void ABWOutputDev::beginWord(GfxState *state, double x, double y){ +- char buf[20]; ++ char buf[MAX(BUFLEN_FOR_INT, BUFLEN_FOR_DOUBLE)]; + // printf("***BREAK!***\n"); + endWord(); + X1 = x; +@@ -421,7 +437,7 @@ void ABWOutputDev::beginWord(GfxState *s + } + + void ABWOutputDev::endWord(){ +- char buf[20]; ++ char buf[BUFLEN_FOR_DOUBLE]; + if (N_word) { + sprintf(buf, "%f", X2); xmlNewProp(N_word, BAD_CAST "X2", BAD_CAST buf); + sprintf(buf, "%f", Y2); xmlNewProp(N_word, BAD_CAST "Y2", BAD_CAST buf); +@@ -618,7 +634,7 @@ void ABWOutputDev::cleanUpNode(xmlNodePt + double tX1=-1, tX2=-1, tY1=-1, tY2=-1; + xmlNodePtr N_cur, N_next; + N_cur = N_parent->children; +- char buf[20]; ++ char buf[MAX(BUFLEN_FOR_INT, BUFLEN_FOR_DOUBLE)]; + int prevStyle = -1; + xmlChar *val; + int styleLength = xmlLsCountNode(N_styleset)+1; +@@ -995,16 +1011,22 @@ void ABWOutputDev::createABW() { + //change styles to abiword format + xmlNodePtr N_cur, N_next; + xmlAttrPtr N_prop; +- char buf[500]; + for (N_cur = N_styleset->children; N_cur; N_cur = N_cur->next){ ++ char *font = (char *)xmlGetProp(N_cur,BAD_CAST "font"); ++ char *bold = (char *)xmlGetProp(N_cur,BAD_CAST "bold"); ++ char *italic = (char *)xmlGetProp(N_cur,BAD_CAST "italic"); ++ char buf[278 + BUFLEN_FOR_INT + 12 + strlen(font) + 1 + 12 + strlen(bold) + 1 + 12 + strlen(italic) + 1]; ++ + sprintf(buf,"margin-top:0pt; color:000000; margin-left:0pt; text-position:normal; widows:2; text-indent:0in; font-variant:normal; margin-right:0pt; lang:nl-NL; line-height:1.0; font-size:%dpt; text-decoration:none; margin-bottom:0pt; bgcolor:transparent; text-align:left; font-stretch:normal;",int(xmlXPathCastStringToNumber(xmlGetProp(N_cur,BAD_CAST "size")))); + strncat(buf,"font-family:",12); +- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "font"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "font"))); ++ strncat(buf,font,strlen(font)); + strncat(buf,";",1); + strncat(buf,"font-weight:",12); +- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "bold"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "bold"))); ++ strncat(buf,bold,strlen(bold)); ++ strncat(buf,";",1); + strncat(buf,"font-style:",12); +- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "italic"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "italic"))); ++ strncat(buf,italic,strlen(italic)); ++ strncat(buf,";",1); + xmlSetProp(N_cur, BAD_CAST "props", BAD_CAST buf); + N_prop = xmlHasProp(N_cur, BAD_CAST "id"); + if (N_prop != NULL) xmlRemoveProp(N_prop); +@@ -1036,7 +1058,6 @@ void ABWOutputDev::createABW() { + } + + void ABWOutputDev::transformPage(xmlNodePtr N_parent){ +- char buf[60]; + xmlNodePtr N_cur, N_curLine, N_curText, N_curWord, text, space; + //translate the nodes into abiword nodes + if (xmlStrcasecmp(N_parent->name,BAD_CAST "page") == 0){ +@@ -1085,6 +1106,7 @@ void ABWOutputDev::transformPage(xmlNode + xmlNewChild(N_text, NULL, BAD_CAST "cbr", NULL); + } + if (xmlStrcasecmp(N_parent->name,BAD_CAST "colset") == 0){ ++ char buf[strlen("columns:") + BUFLEN_FOR_INT]; + //fprintf(stderr,"Found a colset\n"); + //create new section columns: count childNodes of N_cur + //recurse through chunks and create textNodes
signature.asc
Description: OpenPGP digital signature
