poppler: fix CVE-2023-34872stable/mickledore-nut

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Reference: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yogita Urade <yogita.urade@windriver.com> 2023-08-18 11:22:52 +0000
committer: Armin Kuster <akuster808@gmail.com> 2023-09-15 07:22:08 -0400
commit: 361b62f6a0cc44757d8dbaddb1e06ba7bb473310 (patch)
tree: ae80e8477cf1813835521ae60f9b5b92c437cd88
parent: 48b590afc4381cebc477d27a4d1efebed23c32e8 (diff)
download: meta-openembedded-stable/mickledore-nut.tar.gz
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
new file mode 100644
index 000000000..69f164de9
--- /dev/null
+++ b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
@@ -0,0 +1,46 @@
+From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 18 Aug 2023 09:17:07 +0000
+Subject: [PATCH] OutlineItem::open: Fix crash on malformed files
+Fixes #1399
+CVE: CVE-2023-34872
+Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ poppler/Outline.cc | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+diff --git a/poppler/Outline.cc b/poppler/Outline.cc
+index cbb6cb4..4c68be9 100644
+--- a/poppler/Outline.cc
+++ b/poppler/Outline.cc
+@@ -14,7 +14,7 @@
+ // under GPL version 2 or later
+ //
+ // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
+-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
+ // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
+ // Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
+ // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
+@@ -483,8 +483,12 @@ void OutlineItem::open()
+ {
+     if (!kids) {
+         Object itemDict = xref->fetch(ref);
+-        const Object &firstRef = itemDict.dictLookupNF("First");
+-        kids = readItemList(this, &firstRef, xref, doc);
+        if (itemDict.isDict()) {
+            const Object &firstRef = itemDict.dictLookupNF("First");
+            kids = readItemList(this, &firstRef, xref, doc);
+        } else {
+            kids = new std::vector<OutlineItem *>();
+        }
+     }
+ }
+--
+2.35.5
diff --git a/meta-oe/recipes-support/poppler/poppler_23.03.0.bb b/meta-oe/recipes-support/poppler/poppler_23.03.0.bb
index 165e155ec..81e776d8f 100644
--- a/meta-oe/recipes-support/poppler/poppler_23.03.0.bb
+++ b/meta-oe/recipes-support/poppler/poppler_23.03.0.bb
@@ -7,6 +7,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
           file://0001-Do-not-overwrite-all-our-build-flags.patch \
           file://basename-include.patch \
           file://0001-cmake-Do-not-use-isystem.patch \
+           file://CVE-2023-34872.patch \
           "
 SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4"
author	Yogita Urade <yogita.urade@windriver.com>	2023-08-18 11:22:52 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-09-15 07:22:08 -0400
commit	361b62f6a0cc44757d8dbaddb1e06ba7bb473310 (patch)
tree	ae80e8477cf1813835521ae60f9b5b92c437cd88
parent	48b590afc4381cebc477d27a4d1efebed23c32e8 (diff)
download	meta-openembedded-stable/mickledore-nut.tar.gz

diff --git a/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch new file mode 100644 index 000000000..69f164de9 --- /dev/null +++ b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch
@@ -0,0 +1,46 @@
		1	From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Sep 17 00:00:00 2001
		2	From: Albert Astals Cid <aacid@kde.org>
		3	Date: Fri, 18 Aug 2023 09:17:07 +0000
		4	Subject: [PATCH] OutlineItem::open: Fix crash on malformed files
		5
		6	Fixes #1399
		7
		8	CVE: CVE-2023-34872
		9
		10	Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe]
		11
		12	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		13	---
		14	poppler/Outline.cc \| 10 +++++++---
		15	1 file changed, 7 insertions(+), 3 deletions(-)
		16
		17	diff --git a/poppler/Outline.cc b/poppler/Outline.cc
		18	index cbb6cb4..4c68be9 100644
		19	--- a/poppler/Outline.cc
		20	+++ b/poppler/Outline.cc
		21	@@ -14,7 +14,7 @@
		22	// under GPL version 2 or later
		23	//
		24	// Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
		25	-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
		26	+// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
		27	// Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
		28	// Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
		29	// Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
		30	@@ -483,8 +483,12 @@ void OutlineItem::open()
		31	{
		32	if (!kids) {
		33	Object itemDict = xref->fetch(ref);
		34	- const Object &firstRef = itemDict.dictLookupNF("First");
		35	- kids = readItemList(this, &firstRef, xref, doc);
		36	+ if (itemDict.isDict()) {
		37	+ const Object &firstRef = itemDict.dictLookupNF("First");
		38	+ kids = readItemList(this, &firstRef, xref, doc);
		39	+ } else {
		40	+ kids = new std::vector<OutlineItem *>();
		41	+ }
		42	}
		43	}
		44
		45	--
		46	2.35.5


diff --git a/meta-oe/recipes-support/poppler/poppler_23.03.0.bb b/meta-oe/recipes-support/poppler/poppler_23.03.0.bb index 165e155ec..81e776d8f 100644 --- a/meta-oe/recipes-support/poppler/poppler_23.03.0.bb +++ b/meta-oe/recipes-support/poppler/poppler_23.03.0.bb
@@ -7,6 +7,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
7	file://0001-Do-not-overwrite-all-our-build-flags.patch \	7	file://0001-Do-not-overwrite-all-our-build-flags.patch \
8	file://basename-include.patch \	8	file://basename-include.patch \
9	file://0001-cmake-Do-not-use-isystem.patch \	9	file://0001-cmake-Do-not-use-isystem.patch \
		10	file://CVE-2023-34872.patch \
10	"	11	"
11	SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4"	12	SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4"
12		13