From 71d4b72c48b4287892294836bb2d73eddd2fd328 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 02:45:03 -0500 Subject: user/poppler: [CVE] bump to 0.80.0 (#128) --- user/poppler/APKBUILD | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user/poppler/APKBUILD b/user/poppler/APKBUILD index 9c3385c8d..462c23333 100644 --- a/user/poppler/APKBUILD +++ b/user/poppler/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: pkgname=poppler -pkgver=0.77.0 +pkgver=0.80.0 pkgrel=0 pkgdesc="PDF rendering library based on xpdf 3.0" url="https://poppler.freedesktop.org/" @@ -25,6 +25,9 @@ builddir="$srcdir"/$pkgname-$pkgver/build # - CVE-2019-10873 # - CVE-2019-11026 # - CVE-2019-12293 +# 0.80.0-r0: +# - CVE-2019-9959 +# - CVE-2019-14494 prepare() { default_prepare @@ -60,4 +63,4 @@ glib() { "$subpkgdir"/usr/lib/ } -sha512sums="7c82cf584541fcbfa7cecdb06be9c4ba6d03479fc248377b874afeab561eac24015915eee566edc35fafe785b9f381f492c1789c070e67a2c1b344879c156040 poppler-0.77.0.tar.xz" +sha512sums="0a0d68168ba4d560941de31cb9e32c6cd7b44025e93cd84ace863ffab5b9ff0356524626cb16fb99c29a897738f2ac5862480fc54d42f8aecd2e3457f11c642f poppler-0.80.0.tar.xz" -- cgit v1.2.3-70-g09d2 From 749c024371245eb18137b71c9c2cb92d06659632 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 02:56:57 -0500 Subject: user/poppler-qt5: [CVE] bump to 0.80.0 (#128) --- user/poppler-qt5/APKBUILD | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/user/poppler-qt5/APKBUILD b/user/poppler-qt5/APKBUILD index 5c0bbf4c8..ac680fc9a 100644 --- a/user/poppler-qt5/APKBUILD +++ b/user/poppler-qt5/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox pkgname=poppler-qt5 _realname=poppler -pkgver=0.77.0 +pkgver=0.80.0 pkgrel=0 _testver=01c92874 pkgdesc="PDF rendering library based on xpdf 3.0 (Qt 5 bindings)" @@ -26,6 +26,9 @@ builddir="$srcdir"/$_realname-$pkgver/build # - CVE-2019-10873 # - CVE-2019-11026 # - CVE-2019-12293 +# 0.80.0-r0: +# - CVE-2019-9959 +# - CVE-2019-14494 prepare() { default_prepare @@ -43,7 +46,7 @@ build() { } check() { - # check_qt5_annotations: fails on ppc64 and x86_64 as of 0.77.0-r0 + # check_qt5_annotations: fails on ppc64 and x86_64 as of 0.80.0-r0 # FAIL! : TestAnnotations::checkFontSizeAndColor() Compared values are not the same # Actual (textAnnot->contents()): "\u00C3\u00BE\u00C3\u00BF\u0000f\u0000o\u0000o\u0000b\u0000a\u0000r" # Expected (contents) : "foobar" @@ -58,5 +61,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="7c82cf584541fcbfa7cecdb06be9c4ba6d03479fc248377b874afeab561eac24015915eee566edc35fafe785b9f381f492c1789c070e67a2c1b344879c156040 poppler-0.77.0.tar.xz +sha512sums="0a0d68168ba4d560941de31cb9e32c6cd7b44025e93cd84ace863ffab5b9ff0356524626cb16fb99c29a897738f2ac5862480fc54d42f8aecd2e3457f11c642f poppler-0.80.0.tar.xz 5275541ffa0fef9c55a0c02411947c610b2e7eb621f0a0fa9529810f8b09e2b0194c1da4b64eb9641b2c3af7b099e6bb7d1212b9087a21cf3af893090a10506b poppler-test-01c92874.tar.gz" -- cgit v1.2.3-70-g09d2 From cca88ac9d025aa517208599dd7877e87548289d3 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 03:20:12 -0500 Subject: user/cups-filters: bump to 1.25.5 --- user/cups-filters/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/cups-filters/APKBUILD b/user/cups-filters/APKBUILD index dcb700b90..d46268780 100644 --- a/user/cups-filters/APKBUILD +++ b/user/cups-filters/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Max Rees pkgname=cups-filters -pkgver=1.25.2 +pkgver=1.25.5 pkgrel=0 pkgdesc="OpenPrinting CUPS filters and backends" url="https://wiki.linuxfoundation.org/openprinting/cups-filters" @@ -59,4 +59,4 @@ libs() { mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/ } -sha512sums="e616a3a356ea7ad7d61e50242c1c0fd899911a8a293e721a89b425fb6a5d6d98388bbd4c02df407d9b66219b99f7c41a457b1436af6b9d8e979f0fd4e392ef3e cups-filters-1.25.2.tar.xz" +sha512sums="4e7126f4c439cb7392484dd3531023da5a1c885c7a6c7377260e7cccc2f3f51e3d0aa879965ecdb2625217d6f9ee1ca9c860c4fc05a7959697cd269696f10f59 cups-filters-1.25.5.tar.xz" -- cgit v1.2.3-70-g09d2 From 94981d3fd78388a8d75ab142fb91c70859e72de7 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 03:43:28 -0500 Subject: user/atril: [CVE] patch CVE-2019-11459 (#148) Also, add secfixes comment and use upstream patch for CVE-2019-1010006 (#178) --- user/atril/APKBUILD | 17 ++++++---- user/atril/CVE-2019-1010006.patch | 40 +++++++++++------------ user/atril/CVE-2019-11459.patch | 69 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 99 insertions(+), 27 deletions(-) create mode 100644 user/atril/CVE-2019-11459.patch diff --git a/user/atril/APKBUILD b/user/atril/APKBUILD index d9f1127a9..52f26e4a0 100644 --- a/user/atril/APKBUILD +++ b/user/atril/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Kiyoshi Aman pkgname=atril pkgver=1.22.1 -pkgrel=1 +pkgrel=2 pkgdesc="Document viewer for the MATE desktop environment" url="https://mate-desktop.org" arch="all" @@ -14,10 +14,16 @@ makedepends="caja-dev djvulibre-dev gobject-introspection-dev gtk+3.0-dev libxml2-dev libxml2-utils poppler-dev python3 tiff-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz - CVE-2019-1010006.patch" + CVE-2019-1010006.patch + CVE-2019-11459.patch" + +# secfixes: +# 1.22.1-r1: +# - CVE-2019-1010006 +# 1.22.1-r2: +# - CVE-2019-11459 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,14 +39,13 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d atril-1.22.1.tar.xz -ea6db09fe033a8ddf6d90f080858057fad5452a23801e0f41f7a90ec352b71344e8b596a0913deabca333ff24dc5023628eab7c18bc526c0a7f8fb0d680acdf7 CVE-2019-1010006.patch" +38ea99130fba5ce174eb4351a8c5b2c4dd9591a81aff72876fa17581be8960f75592184e18d3653fa3286035d9e4899ca1b53e830328a64fc15d0bb4b8176b39 CVE-2019-1010006.patch +ba4ec4b0e10d87f44f189a16cfe2419906e3776edc9bc14f7da9356a8953683e3f7efc441691df131497b08b892d3b291aab416310f259ee6bc0706cc4f02880 CVE-2019-11459.patch" diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch index ce107d193..913e40312 100644 --- a/user/atril/CVE-2019-1010006.patch +++ b/user/atril/CVE-2019-1010006.patch @@ -1,22 +1,18 @@ -From e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 Mon Sep 17 00:00:00 2001 -From: Jason Crain -Date: Sat, 2 Dec 2017 20:24:33 -0600 -Subject: [PATCH] Fix overflow checks in tiff backend +From aa8c51c24a3d716986ace9a4104a9632436ccff5 Mon Sep 17 00:00:00 2001 +From: lukefromdc +Date: Sat, 27 Jul 2019 15:07:13 -0400 +Subject: [PATCH] Fix buffer overflow in backend/tiff-document.c -The overflow checks in tiff_document_render and -tiff_document_get_thumbnail don't work when optimizations are enabled. -Change the checks so they don't rely on undefined behavior. - -https://bugzilla.gnome.org/show_bug.cgi?id=788980 + Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 --- - backend/tiff/tiff-document.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) + backend/tiff/tiff-document.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c -index 8f40934e..7bf95c2b 100644 +index 0aa31cb6..94adc400 100644 --- a/backend/tiff/tiff-document.c +++ b/backend/tiff/tiff-document.c -@@ -284,12 +284,12 @@ tiff_document_render (EvDocument *document, +@@ -268,13 +268,14 @@ tiff_document_render (EvDocument *document, return NULL; } @@ -27,11 +23,13 @@ index 8f40934e..7bf95c2b 100644 /* overflow */ return NULL; } -+ bytes = height * rowstride; ++ bytes = height * rowstride; ++ pixels = g_try_malloc (bytes); if (!pixels) { -@@ -374,15 +374,15 @@ tiff_document_get_thumbnail (EvDocument *document, + g_warning("Failed to allocate memory for rendering."); +@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument *document, if (width <= 0 || height <= 0) return NULL; @@ -40,17 +38,17 @@ index 8f40934e..7bf95c2b 100644 + if (width >= INT_MAX / 4) /* overflow */ return NULL; -+ rowstride = width * 4; - bytes = height * rowstride; - if (bytes / rowstride != height) ++ rowstride = width * 4; ++ + if (height >= INT_MAX / rowstride) /* overflow */ - return NULL; -+ bytes = height * rowstride; +- return NULL; ++ return NULL; ++ ++ bytes = height * rowstride; pixels = g_try_malloc (bytes); if (!pixels) --- -2.21.0 - diff --git a/user/atril/CVE-2019-11459.patch b/user/atril/CVE-2019-11459.patch new file mode 100644 index 000000000..a826cbd29 --- /dev/null +++ b/user/atril/CVE-2019-11459.patch @@ -0,0 +1,69 @@ +Backport of the following, since it did not apply due to whitespace / +formatting + +From bd4ce9171fef52720e74ffeeeeca3b0c5b5d4808 Mon Sep 17 00:00:00 2001 +From: Victor Kareh +Date: Sun, 11 Aug 2019 05:20:09 +0300 +Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented + +The TIFFReadRGBAImageOriented function returns zero if it was unable to +read the image. Return NULL in this case instead of displaying +uninitialized memory. + +This addresses CVE-2019-11459 + +upstream commit: +https://gitlab.gnome.org/GNOME/evince/commit/234f034a4 +--- + +--- atril-1.22.1/backend/tiff/tiff-document.c ++++ atril-1.22.1/backend/tiff/tiff-document.c +@@ -282,17 +282,21 @@ tiff_document_render (EvDocument *d + return NULL; + } + ++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff, ++ width, height, ++ (uint32 *)pixels, ++ orientation, 0)) { ++ g_warning ("Failed to read TIFF image."); ++ g_free (pixels); ++ return NULL; ++ } ++ + surface = cairo_image_surface_create_for_data (pixels, + CAIRO_FORMAT_RGB24, + width, height, + rowstride); + cairo_surface_set_user_data (surface, &key, + pixels, (cairo_destroy_func_t)g_free); +- +- TIFFReadRGBAImageOriented (tiff_document->tiff, +- width, height, +- (uint32 *)pixels, +- orientation, 0); + pop_handlers (); + + /* Convert the format returned by libtiff to +@@ -373,13 +377,17 @@ tiff_document_render_pixbuf (EvDocument + if (!pixels) + return NULL; + ++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff, ++ width, height, ++ (uint32 *)pixels, ++ ORIENTATION_TOPLEFT, 0)) { ++ g_free (pixels); ++ return NULL; ++ } ++ + pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8, + width, height, rowstride, + (GdkPixbufDestroyNotify) g_free, NULL); +- TIFFReadRGBAImageOriented (tiff_document->tiff, +- width, height, +- (uint32 *)pixels, +- ORIENTATION_TOPLEFT, 0); + pop_handlers (); + + scaled_pixbuf = gdk_pixbuf_scale_simple (pixbuf, -- cgit v1.2.3-70-g09d2 From 6715f997836e8fc8205c8ee6657dcb6084bca1e1 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 03:52:20 -0500 Subject: user/evince: [CVE] patch CVE-2019-11459 (#148) --- user/evince/APKBUILD | 15 +++++---- user/evince/CVE-2019-11459.patch | 72 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 6 deletions(-) create mode 100644 user/evince/CVE-2019-11459.patch diff --git a/user/evince/APKBUILD b/user/evince/APKBUILD index a98bf2cf9..ea6b66231 100644 --- a/user/evince/APKBUILD +++ b/user/evince/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=evince pkgver=3.32.0 -pkgrel=1 +pkgrel=2 pkgdesc="GNOME document viewer" url="https://wiki.gnome.org/Apps/Evince" arch="all" @@ -14,10 +14,14 @@ makedepends="djvulibre-dev glib-dev gobject-introspection-dev libsecret-dev libspectre-dev libxml2-dev libxml2-utils poppler-dev tiff-dev zlib-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" -source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz" +source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz + CVE-2019-11459.patch" + +# secfixes: +# 3.32.0-r2: +# - CVE-2019-11459 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -65,13 +69,12 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz" +sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz +ebb8e2e0b2754d4634c99fda7669171e97b583dfbcd383682b70eb36ce816f1bcf1c2cb81b4ffbfac86db891d9f63bd0c2d90ff9ca3838c64a258b6a0002f7c4 CVE-2019-11459.patch" diff --git a/user/evince/CVE-2019-11459.patch b/user/evince/CVE-2019-11459.patch new file mode 100644 index 000000000..b331a0c30 --- /dev/null +++ b/user/evince/CVE-2019-11459.patch @@ -0,0 +1,72 @@ +From 234f034a4d15cd46dd556f4945f99fbd57ef5f15 Mon Sep 17 00:00:00 2001 +From: Jason Crain +Date: Mon, 15 Apr 2019 23:06:36 -0600 +Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented + +The TIFFReadRGBAImageOriented function returns zero if it was unable to +read the image. Return NULL in this case instead of displaying +uninitialized memory. + +Fixes #1129 +--- + backend/tiff/tiff-document.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c +index 7715031b..38bb3bd8 100644 +--- a/backend/tiff/tiff-document.c ++++ b/backend/tiff/tiff-document.c +@@ -292,18 +292,22 @@ tiff_document_render (EvDocument *document, + g_warning("Failed to allocate memory for rendering."); + return NULL; + } +- ++ ++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff, ++ width, height, ++ (uint32 *)pixels, ++ orientation, 0)) { ++ g_warning ("Failed to read TIFF image."); ++ g_free (pixels); ++ return NULL; ++ } ++ + surface = cairo_image_surface_create_for_data (pixels, + CAIRO_FORMAT_RGB24, + width, height, + rowstride); + cairo_surface_set_user_data (surface, &key, + pixels, (cairo_destroy_func_t)g_free); +- +- TIFFReadRGBAImageOriented (tiff_document->tiff, +- width, height, +- (uint32 *)pixels, +- orientation, 0); + pop_handlers (); + + /* Convert the format returned by libtiff to +@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument *document, + if (!pixels) + return NULL; + ++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff, ++ width, height, ++ (uint32 *)pixels, ++ ORIENTATION_TOPLEFT, 0)) { ++ g_free (pixels); ++ return NULL; ++ } ++ + pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8, + width, height, rowstride, + (GdkPixbufDestroyNotify) g_free, NULL); +- TIFFReadRGBAImageOriented (tiff_document->tiff, +- width, height, +- (uint32 *)pixels, +- ORIENTATION_TOPLEFT, 0); + pop_handlers (); + + ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res), +-- +2.21.0 + -- cgit v1.2.3-70-g09d2 From e86d3327de5e2ad9ad920184b1a9d2d492860a18 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 03:57:46 -0500 Subject: user/qpdfview: rebuild for poppler --- user/qpdfview/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/qpdfview/APKBUILD b/user/qpdfview/APKBUILD index e4d16e50d..6bafa639b 100644 --- a/user/qpdfview/APKBUILD +++ b/user/qpdfview/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Max Rees pkgname=qpdfview pkgver=0.4.18 -pkgrel=0 +pkgrel=1 pkgdesc="A tabbed document viewer" url="https://launchpad.net/qpdfview" arch="all" -- cgit v1.2.3-70-g09d2 From cdbfba0126ff6e238ea9b7efb8e9909b8af731b5 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 05:04:29 -0500 Subject: user/calligra: rebuild for poppler --- user/calligra/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/calligra/APKBUILD b/user/calligra/APKBUILD index 306299ae0..fdaf6e4fe 100644 --- a/user/calligra/APKBUILD +++ b/user/calligra/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=calligra pkgver=3.1.0 -pkgrel=2 +pkgrel=3 pkgdesc="KDE Office suite" url="https://www.calligra.org/" arch="all" -- cgit v1.2.3-70-g09d2 From 912c5b9e673d1df647779d859ac24ad9ff38c650 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 06:33:13 -0500 Subject: user/tellico: rebuild for poppler --- user/tellico/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/tellico/APKBUILD b/user/tellico/APKBUILD index 3fb5df741..f697dd5b5 100644 --- a/user/tellico/APKBUILD +++ b/user/tellico/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=tellico pkgver=3.2.1 -pkgrel=0 +pkgrel=1 pkgdesc="Collection manager" url="http://tellico-project.org/" arch="all" -- cgit v1.2.3-70-g09d2 From 915860fbb6b95634ce381443aa9d15d88d0819e3 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 13 Sep 2019 06:34:14 -0500 Subject: user/tumbler: rebuild for poppler --- user/tumbler/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/tumbler/APKBUILD b/user/tumbler/APKBUILD index 06612e754..98adfba5d 100644 --- a/user/tumbler/APKBUILD +++ b/user/tumbler/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Kiyoshi Aman pkgname=tumbler pkgver=0.2.7 -pkgrel=0 +pkgrel=1 pkgdesc="Thumbnail generation service for the XFCE desktop environment" url="https://xfce.org" arch="all" -- cgit v1.2.3-70-g09d2