[gentoo-commits] repo/gentoo:master commit in: app-text/poppler/, app-text/poppler/files/

Fri, 24 Nov 2017 15:08:37 -0800 

commit:     b0f7e72d6950013ea98f65116dc44cedd8923dd5
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 24 22:55:47 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Fri Nov 24 23:06:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0f7e72d

app-text/poppler: Fix CVE-2017-{2820,9083}

Bug: https://bugs.gentoo.org/619558
Bug: https://bugs.gentoo.org/624708
Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../poppler-0.57.0-disable-internal-jpx.patch      | 25 ++++++++++++++++++++++
 app-text/poppler/poppler-0.57.0-r1.ebuild          |  1 +
 2 files changed, 26 insertions(+)

diff --git a/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch 
b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch
new file mode 100644
index 00000000000..faf632128ff
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-disable-internal-jpx.patch
@@ -0,0 +1,25 @@
+Fix security issue [internal unmaintained JPX decoder] that is caused
+by building without system-jpeg libs. Fedora does not care because they
+always build with system-jpeg, however in Gentoo we allow the user to
+disable both options and poppler's buildsystem is making us believe
+there would be no JPX decoder built in that case, when in reality
+JPXStream.cc is built (even if it may not be used by the code).
+
+
+--- a/CMakeLists.txt   2017-11-24 23:12:41.953450442 +0100
++++ b/CMakeLists.txt   2017-11-24 23:16:09.441030669 +0100
+@@ -506,9 +508,11 @@
+   add_definitions(-DUSE_OPENJPEG2)
+   set(poppler_LIBS ${poppler_LIBS} ${LIBOPENJPEG2_LIBRARIES})
+ else ()
+-  set(poppler_SRCS ${poppler_SRCS}
+-    poppler/JPXStream.cc
+-  )
++  if(NOT WITH_OPENJPEG AND HAVE_JPX_DECODER)
++    set(poppler_SRCS ${poppler_SRCS}
++      poppler/JPXStream.cc
++    )
++  endif()
+ endif()
+ if(USE_CMS)
+   if(LCMS_FOUND)

diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild 
b/app-text/poppler/poppler-0.57.0-r1.ebuild
index b7a421f73e2..fafef568109 100644
--- a/app-text/poppler/poppler-0.57.0-r1.ebuild
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -65,6 +65,7 @@ PATCHES=(
        "${FILESDIR}/${PN}-0.53.0-respect-cflags.patch"
        "${FILESDIR}/${PN}-0.33.0-openjpeg2.patch"
        "${FILESDIR}/${PN}-0.40-FindQt4.patch"
+       "${FILESDIR}/${P}-disable-internal-jpx.patch"
        # Fedora backports from upstream
        "${FILESDIR}/${P}-CVE-2017-14517.patch"
        "${FILESDIR}/${P}-CVE-2017-14518.patch"

Reply via email to