summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorUrade, Yogita <Yogita.Urade@windriver.com>2023-02-28 05:19:43 +0000
committerArmin Kuster <akuster808@gmail.com>2023-03-05 07:52:05 -0500
commit4676fa71c616233c05abb59dfc636a0621db3057 (patch)
tree02f04bea8af90c5c0c99eae2211d6982035001fe /meta-oe
parent109b5463077011b099915089039f62e9ffc226c3 (diff)
downloadmeta-openembedded-4676fa71c616233c05abb59dfc636a0621db3057.tar.gz
poppler: fix CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-30860 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch41
-rw-r--r--meta-oe/recipes-support/poppler/poppler_22.04.0.bb1
2 files changed, 42 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
new file mode 100644
index 0000000000..4a8ea233c8
--- /dev/null
+++ b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
@@ -0,0 +1,41 @@
1From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
2From: Albert Astals Cid <aacid@kde.org>
3Date: Thu, 25 Aug 2022 00:14:22 +0200
4Subject: [PATCH] JBIG2Stream: Fix crash on broken file
5
6https://github.com/jeffssh/CVE-2021-30860
7
8Thanks to David Warren for the heads up
9
10CVE: CVE-2021-30860
11
12References:
13https://nvd.nist.gov/vuln/detail/CVE-2021-30860
14
15Upstream-Status: Backport
16[https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52]
17
18Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
19---
20 poppler/JBIG2Stream.cc | 6 +++++-
21 1 file changed, 5 insertions(+), 1 deletion(-)
22
23diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
24index 662276e5..9f70431d 100644
25--- a/poppler/JBIG2Stream.cc
26+++ b/poppler/JBIG2Stream.cc
27@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
28 for (i = 0; i < nRefSegs; ++i) {
29 if ((seg = findSegment(refSegs[i]))) {
30 if (seg->getType() == jbig2SegSymbolDict) {
31- numSyms += ((JBIG2SymbolDict *)seg)->getSize();
32+ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
33+ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
34+ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
35+ return;
36+ }
37 } else if (seg->getType() == jbig2SegCodeTable) {
38 codeTables.push_back(seg);
39 }
40--
412.25.1
diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
index b7cdb4f1be..816c9f1608 100644
--- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
+++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
6SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ 6SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
7 file://0001-Do-not-overwrite-all-our-build-flags.patch \ 7 file://0001-Do-not-overwrite-all-our-build-flags.patch \
8 file://basename-include.patch \ 8 file://basename-include.patch \
9 file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \
9 " 10 "
10SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" 11SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff"
11 12