Merge branch 'poopler' into 'master'

Bump poppler* and rebuild some of its dependencies See merge request adelie/packages!333
author: A. Wilcox <awilcox@wilcox-tech.com> 2019-09-28 16:42:22 +0000
committer: A. Wilcox <awilcox@wilcox-tech.com> 2019-09-28 16:42:22 +0000
commit: 78267424e8c6115d0bf4ab46356f0474608f4ef4 (patch)
tree: 9e48f02c5d1050d29a05b4301dc55ce3965eef14 /user
parent: b6f94882152d13b024f7b547a766d825e2a4589a (diff)
parent: 915860fbb6b95634ce381443aa9d15d88d0819e3 (diff)
download: packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.gz
packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.bz2
packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.xz
packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.zip
12 files changed, 197 insertions, 44 deletions
diff --git a/user/atril/APKBUILD b/user/atril/APKBUILD
index d9f1127a9..52f26e4a0 100644
--- a/user/atril/APKBUILD
+++ b/user/atril/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
 pkgname=atril
 pkgver=1.22.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Document viewer for the MATE desktop environment"
 url="https://mate-desktop.org"
 arch="all"
@@ -14,10 +14,16 @@ makedepends="caja-dev djvulibre-dev gobject-introspection-dev gtk+3.0-dev
 	libxml2-dev libxml2-utils poppler-dev python3 tiff-dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz
-	CVE-2019-1010006.patch"
+	CVE-2019-1010006.patch
+	CVE-2019-11459.patch"
+
+# secfixes:
+#   1.22.1-r1:
+#     - CVE-2019-1010006
+#   1.22.1-r2:
+#     - CVE-2019-11459
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -33,14 +39,13 @@ build() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
 sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d  atril-1.22.1.tar.xz
-ea6db09fe033a8ddf6d90f080858057fad5452a23801e0f41f7a90ec352b71344e8b596a0913deabca333ff24dc5023628eab7c18bc526c0a7f8fb0d680acdf7  CVE-2019-1010006.patch"
+38ea99130fba5ce174eb4351a8c5b2c4dd9591a81aff72876fa17581be8960f75592184e18d3653fa3286035d9e4899ca1b53e830328a64fc15d0bb4b8176b39  CVE-2019-1010006.patch
+ba4ec4b0e10d87f44f189a16cfe2419906e3776edc9bc14f7da9356a8953683e3f7efc441691df131497b08b892d3b291aab416310f259ee6bc0706cc4f02880  CVE-2019-11459.patch"
diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch
index ce107d193..913e40312 100644
--- a/user/atril/CVE-2019-1010006.patch
+++ b/user/atril/CVE-2019-1010006.patch
@@ -1,22 +1,18 @@
-From e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 Mon Sep 17 00:00:00 2001
-From: Jason Crain <jcrain@src.gnome.org>
-Date: Sat, 2 Dec 2017 20:24:33 -0600
-Subject: [PATCH] Fix overflow checks in tiff backend
+From aa8c51c24a3d716986ace9a4104a9632436ccff5 Mon Sep 17 00:00:00 2001
+From: lukefromdc <lukefromdc@hushmail.com>
+Date: Sat, 27 Jul 2019 15:07:13 -0400
+Subject: [PATCH] Fix buffer overflow in backend/tiff-document.c
 
-The overflow checks in tiff_document_render and
-tiff_document_get_thumbnail don't work when optimizations are enabled.
-Change the checks so they don't rely on undefined behavior.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=788980
+    Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362
 ---
- backend/tiff/tiff-document.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
+ backend/tiff/tiff-document.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
 
 diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
-index 8f40934e..7bf95c2b 100644
+index 0aa31cb6..94adc400 100644
 --- a/backend/tiff/tiff-document.c
 +++ b/backend/tiff/tiff-document.c
-@@ -284,12 +284,12 @@ tiff_document_render (EvDocument      *document,
+@@ -268,13 +268,14 @@ tiff_document_render (EvDocument      *document,
  		return NULL;                
  	}
  	
@@ -27,11 +23,13 @@ index 8f40934e..7bf95c2b 100644
  		/* overflow */
  		return NULL;
  	}
-+	bytes = height * rowstride;
  	
++	bytes = height * rowstride;
++
  	pixels = g_try_malloc (bytes);
  	if (!pixels) {
-@@ -374,15 +374,15 @@ tiff_document_get_thumbnail (EvDocument      *document,
+ 		g_warning("Failed to allocate memory for rendering.");
+@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument      *document,
  	if (width <= 0 || height <= 0)
  		return NULL;                
  
@@ -40,17 +38,17 @@ index 8f40934e..7bf95c2b 100644
 +	if (width >= INT_MAX / 4)
  		/* overflow */
  		return NULL;                
-+	rowstride = width * 4;
          
 -	bytes = height * rowstride;
 -	if (bytes / rowstride != height)
++	rowstride = width * 4;
++
 +	if (height >= INT_MAX / rowstride)
  		/* overflow */
- 		return NULL;                
-+	bytes = height * rowstride;
+-		return NULL;                
++		return NULL; 
++
++	bytes = height * rowstride;               
  	
  	pixels = g_try_malloc (bytes);
  	if (!pixels)
--- 
-2.21.0
-
diff --git a/user/atril/CVE-2019-11459.patch b/user/atril/CVE-2019-11459.patch
new file mode 100644
index 000000000..a826cbd29
--- /dev/null
+++ b/user/atril/CVE-2019-11459.patch
@@ -0,0 +1,69 @@
+Backport of the following, since it did not apply due to whitespace /
+formatting
+
+From bd4ce9171fef52720e74ffeeeeca3b0c5b5d4808 Mon Sep 17 00:00:00 2001
+From: Victor Kareh <vkareh@redhat.com>
+Date: Sun, 11 Aug 2019 05:20:09 +0300
+Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented
+
+The TIFFReadRGBAImageOriented function returns zero if it was unable to
+read the image. Return NULL in this case instead of displaying
+uninitialized memory.
+
+This addresses CVE-2019-11459
+
+upstream commit:
+https://gitlab.gnome.org/GNOME/evince/commit/234f034a4
+---
+
+--- atril-1.22.1/backend/tiff/tiff-document.c
++++ atril-1.22.1/backend/tiff/tiff-document.c
+@@ -282,17 +282,21 @@ tiff_document_render (EvDocument      *d
+ 		return NULL;
+ 	}
+ 	
++	if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
++					width, height,
++					(uint32 *)pixels,
++					orientation, 0)) {
++		g_warning ("Failed to read TIFF image.");
++		g_free (pixels);
++		return NULL;
++	}
++
+ 	surface = cairo_image_surface_create_for_data (pixels,
+ 						       CAIRO_FORMAT_RGB24,
+ 						       width, height,
+ 						       rowstride);
+ 	cairo_surface_set_user_data (surface, &key,
+ 				     pixels, (cairo_destroy_func_t)g_free);
+-
+-	TIFFReadRGBAImageOriented (tiff_document->tiff,
+-				   width, height,
+-				   (uint32 *)pixels,
+-				   orientation, 0);
+ 	pop_handlers ();
+ 
+ 	/* Convert the format returned by libtiff to
+@@ -373,13 +377,17 @@ tiff_document_render_pixbuf (EvDocument
+ 	if (!pixels)
+ 		return NULL;
+ 	
++	if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
++					width, height,
++					(uint32 *)pixels,
++					ORIENTATION_TOPLEFT, 0)) {
++		g_free (pixels);
++		return NULL;
++	}
++
+ 	pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8, 
+ 					   width, height, rowstride,
+ 					   (GdkPixbufDestroyNotify) g_free, NULL);
+-	TIFFReadRGBAImageOriented (tiff_document->tiff,
+-				   width, height,
+-				   (uint32 *)pixels,
+-				   ORIENTATION_TOPLEFT, 0);
+ 	pop_handlers ();
+ 
+ 	scaled_pixbuf = gdk_pixbuf_scale_simple (pixbuf,
diff --git a/user/calligra/APKBUILD b/user/calligra/APKBUILD
index 306299ae0..fdaf6e4fe 100644
--- a/user/calligra/APKBUILD
+++ b/user/calligra/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=calligra
 pkgver=3.1.0
-pkgrel=2
+pkgrel=3
 pkgdesc="KDE Office suite"
 url="https://www.calligra.org/"
 arch="all"
diff --git a/user/cups-filters/APKBUILD b/user/cups-filters/APKBUILD
index dcb700b90..d46268780 100644
--- a/user/cups-filters/APKBUILD
+++ b/user/cups-filters/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Max Rees <maxcrees@me.com>
 pkgname=cups-filters
-pkgver=1.25.2
+pkgver=1.25.5
 pkgrel=0
 pkgdesc="OpenPrinting CUPS filters and backends"
 url="https://wiki.linuxfoundation.org/openprinting/cups-filters"
@@ -59,4 +59,4 @@ libs() {
 	mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="e616a3a356ea7ad7d61e50242c1c0fd899911a8a293e721a89b425fb6a5d6d98388bbd4c02df407d9b66219b99f7c41a457b1436af6b9d8e979f0fd4e392ef3e  cups-filters-1.25.2.tar.xz"
+sha512sums="4e7126f4c439cb7392484dd3531023da5a1c885c7a6c7377260e7cccc2f3f51e3d0aa879965ecdb2625217d6f9ee1ca9c860c4fc05a7959697cd269696f10f59  cups-filters-1.25.5.tar.xz"
diff --git a/user/evince/APKBUILD b/user/evince/APKBUILD
index a98bf2cf9..ea6b66231 100644
--- a/user/evince/APKBUILD
+++ b/user/evince/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=evince
 pkgver=3.32.0
-pkgrel=1
+pkgrel=2
 pkgdesc="GNOME document viewer"
 url="https://wiki.gnome.org/Apps/Evince"
 arch="all"
@@ -14,10 +14,14 @@ makedepends="djvulibre-dev glib-dev gobject-introspection-dev
 	libsecret-dev libspectre-dev libxml2-dev libxml2-utils poppler-dev
 	tiff-dev zlib-dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
-source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz"
+source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz
+	CVE-2019-11459.patch"
+
+# secfixes:
+#   3.32.0-r2:
+#     - CVE-2019-11459
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -65,13 +69,12 @@ build() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658  evince-3.32.0.tar.xz"
+sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658  evince-3.32.0.tar.xz
+ebb8e2e0b2754d4634c99fda7669171e97b583dfbcd383682b70eb36ce816f1bcf1c2cb81b4ffbfac86db891d9f63bd0c2d90ff9ca3838c64a258b6a0002f7c4  CVE-2019-11459.patch"
diff --git a/user/evince/CVE-2019-11459.patch b/user/evince/CVE-2019-11459.patch
new file mode 100644
index 000000000..b331a0c30
--- /dev/null
+++ b/user/evince/CVE-2019-11459.patch
@@ -0,0 +1,72 @@
+From 234f034a4d15cd46dd556f4945f99fbd57ef5f15 Mon Sep 17 00:00:00 2001
+From: Jason Crain <jcrain@src.gnome.org>
+Date: Mon, 15 Apr 2019 23:06:36 -0600
+Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented
+
+The TIFFReadRGBAImageOriented function returns zero if it was unable to
+read the image. Return NULL in this case instead of displaying
+uninitialized memory.
+
+Fixes #1129
+---
+ backend/tiff/tiff-document.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
+index 7715031b..38bb3bd8 100644
+--- a/backend/tiff/tiff-document.c
++++ b/backend/tiff/tiff-document.c
+@@ -292,18 +292,22 @@ tiff_document_render (EvDocument      *document,
+ 		g_warning("Failed to allocate memory for rendering.");
+ 		return NULL;
+ 	}
+-	
++
++	if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
++					width, height,
++					(uint32 *)pixels,
++					orientation, 0)) {
++		g_warning ("Failed to read TIFF image.");
++		g_free (pixels);
++		return NULL;
++	}
++
+ 	surface = cairo_image_surface_create_for_data (pixels,
+ 						       CAIRO_FORMAT_RGB24,
+ 						       width, height,
+ 						       rowstride);
+ 	cairo_surface_set_user_data (surface, &key,
+ 				     pixels, (cairo_destroy_func_t)g_free);
+-
+-	TIFFReadRGBAImageOriented (tiff_document->tiff,
+-				   width, height,
+-				   (uint32 *)pixels,
+-				   orientation, 0);
+ 	pop_handlers ();
+ 
+ 	/* Convert the format returned by libtiff to
+@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument      *document,
+ 	if (!pixels)
+ 		return NULL;
+ 	
++	if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
++					width, height,
++					(uint32 *)pixels,
++					ORIENTATION_TOPLEFT, 0)) {
++		g_free (pixels);
++		return NULL;
++	}
++
+ 	pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8, 
+ 					   width, height, rowstride,
+ 					   (GdkPixbufDestroyNotify) g_free, NULL);
+-	TIFFReadRGBAImageOriented (tiff_document->tiff,
+-				   width, height,
+-				   (uint32 *)pixels,
+-				   ORIENTATION_TOPLEFT, 0);
+ 	pop_handlers ();
+ 
+ 	ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res),
+-- 
+2.21.0
+
diff --git a/user/poppler-qt5/APKBUILD b/user/poppler-qt5/APKBUILD
index 5c0bbf4c8..ac680fc9a 100644
--- a/user/poppler-qt5/APKBUILD
+++ b/user/poppler-qt5/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=poppler-qt5
 _realname=poppler
-pkgver=0.77.0
+pkgver=0.80.0
 pkgrel=0
 _testver=01c92874
 pkgdesc="PDF rendering library based on xpdf 3.0 (Qt 5 bindings)"
@@ -26,6 +26,9 @@ builddir="$srcdir"/$_realname-$pkgver/build
 #     - CVE-2019-10873
 #     - CVE-2019-11026
 #     - CVE-2019-12293
+#   0.80.0-r0:
+#     - CVE-2019-9959
+#     - CVE-2019-14494
 
 prepare() {
 	default_prepare
@@ -43,7 +46,7 @@ build() {
 }
 
 check() {
-	# check_qt5_annotations: fails on ppc64 and x86_64 as of 0.77.0-r0
+	# check_qt5_annotations: fails on ppc64 and x86_64 as of 0.80.0-r0
 	# FAIL!  : TestAnnotations::checkFontSizeAndColor() Compared values are not the same
 	#   Actual   (textAnnot->contents()): "\u00C3\u00BE\u00C3\u00BF\u0000f\u0000o\u0000o\u0000b\u0000a\u0000r"
 	#   Expected (contents)             : "foobar"
@@ -58,5 +61,5 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="7c82cf584541fcbfa7cecdb06be9c4ba6d03479fc248377b874afeab561eac24015915eee566edc35fafe785b9f381f492c1789c070e67a2c1b344879c156040  poppler-0.77.0.tar.xz
+sha512sums="0a0d68168ba4d560941de31cb9e32c6cd7b44025e93cd84ace863ffab5b9ff0356524626cb16fb99c29a897738f2ac5862480fc54d42f8aecd2e3457f11c642f  poppler-0.80.0.tar.xz
 5275541ffa0fef9c55a0c02411947c610b2e7eb621f0a0fa9529810f8b09e2b0194c1da4b64eb9641b2c3af7b099e6bb7d1212b9087a21cf3af893090a10506b  poppler-test-01c92874.tar.gz"
diff --git a/user/poppler/APKBUILD b/user/poppler/APKBUILD
index 9c3385c8d..462c23333 100644
--- a/user/poppler/APKBUILD
+++ b/user/poppler/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: 
 pkgname=poppler
-pkgver=0.77.0
+pkgver=0.80.0
 pkgrel=0
 pkgdesc="PDF rendering library based on xpdf 3.0"
 url="https://poppler.freedesktop.org/"
@@ -25,6 +25,9 @@ builddir="$srcdir"/$pkgname-$pkgver/build
 #     - CVE-2019-10873
 #     - CVE-2019-11026
 #     - CVE-2019-12293
+#   0.80.0-r0:
+#     - CVE-2019-9959
+#     - CVE-2019-14494
 
 prepare() {
 	default_prepare
@@ -60,4 +63,4 @@ glib() {
 		"$subpkgdir"/usr/lib/
 }
 
-sha512sums="7c82cf584541fcbfa7cecdb06be9c4ba6d03479fc248377b874afeab561eac24015915eee566edc35fafe785b9f381f492c1789c070e67a2c1b344879c156040  poppler-0.77.0.tar.xz"
+sha512sums="0a0d68168ba4d560941de31cb9e32c6cd7b44025e93cd84ace863ffab5b9ff0356524626cb16fb99c29a897738f2ac5862480fc54d42f8aecd2e3457f11c642f  poppler-0.80.0.tar.xz"
diff --git a/user/qpdfview/APKBUILD b/user/qpdfview/APKBUILD
index e4d16e50d..6bafa639b 100644
--- a/user/qpdfview/APKBUILD
+++ b/user/qpdfview/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Max Rees <maxcrees@me.com>
 pkgname=qpdfview
 pkgver=0.4.18
-pkgrel=0
+pkgrel=1
 pkgdesc="A tabbed document viewer"
 url="https://launchpad.net/qpdfview"
 arch="all"
diff --git a/user/tellico/APKBUILD b/user/tellico/APKBUILD
index 3fb5df741..f697dd5b5 100644
--- a/user/tellico/APKBUILD
+++ b/user/tellico/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=tellico
 pkgver=3.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="Collection manager"
 url="http://tellico-project.org/"
 arch="all"
diff --git a/user/tumbler/APKBUILD b/user/tumbler/APKBUILD
index 06612e754..98adfba5d 100644
--- a/user/tumbler/APKBUILD
+++ b/user/tumbler/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
 pkgname=tumbler
 pkgver=0.2.7
-pkgrel=0
+pkgrel=1
 pkgdesc="Thumbnail generation service for the XFCE desktop environment"
 url="https://xfce.org"
 arch="all"
author	A. Wilcox <awilcox@wilcox-tech.com>	2019-09-28 16:42:22 +0000
committer	A. Wilcox <awilcox@wilcox-tech.com>	2019-09-28 16:42:22 +0000
commit	78267424e8c6115d0bf4ab46356f0474608f4ef4 (patch)
tree	9e48f02c5d1050d29a05b4301dc55ce3965eef14 /user
parent	b6f94882152d13b024f7b547a766d825e2a4589a (diff)
parent	915860fbb6b95634ce381443aa9d15d88d0819e3 (diff)
download	packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.gz packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.bz2 packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.xz packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.zip