rpms/poppler/F-10 poppler.spec,1.80,1.81
Rex Dieter
rdieter at fedoraproject.org
Sun Oct 25 22:38:42 UTC 2009
- Previous message (by thread): rpms/poppler/F-11 poppler-0.10.7-CVE-2009-3607.patch, NONE, 1.1 poppler-0.10.7-CVE-2009-360x.patch, NONE, 1.1 poppler-0.10.7-gmallocn.patch, NONE, 1.1 poppler.spec, 1.86, 1.87
- Next message (by thread): rpms/poppler/F-10 poppler-0.8.7-CVE-2009-3607.patch, NONE, 1.1 poppler-0.8.7-CVE-2009-360x.patch, NONE, 1.1 poppler-0.8.7-gmallocn.patch, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rdieter
Update of /cvs/pkgs/rpms/poppler/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7241
Modified Files:
poppler.spec
Log Message:
* Sun Oct 25 2009 Rex Dieter <rdieter at fedoraproject.org> - 0.8.8-7
- CVE-2009-3603 xpdf/popppler: SplashBitmap::SplashBitmap
integer overflow (#526915)
- CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow
and missing allocation return value check(#526911)
- CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep
integer overflow (#526877)
- CVE-2009-3607 poppler: create_surface_from_thumbnail_data
integer overflow (#526924)
- CVE-2009-3608 xpdf/poppler: integer overflow in
ObjectStream::ObjectStream (#526637)
- CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream
integer overflow (#526893)
Index: poppler.spec
===================================================================
RCS file: /cvs/pkgs/rpms/poppler/F-10/poppler.spec,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -p -r1.80 -r1.81
--- poppler.spec 23 Jun 2009 19:52:00 -0000 1.80
+++ poppler.spec 25 Oct 2009 22:38:42 -0000 1.81
@@ -3,7 +3,7 @@
Summary: PDF rendering library
Name: poppler
Version: 0.8.7
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2 and Redistributable, no modification permitted
# the code is GPLv2
# the charmap data in /usr/share/poppler is redistributable
@@ -11,6 +11,7 @@ Group: Development/Libraries
URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.gz
Source1: http://poppler.freedesktop.org/poppler-data-%{dataversion}.tar.gz
+
Patch0: poppler-ObjStream.patch
# fix from upstream
Patch1: pdftops-large-image.patch
@@ -20,6 +21,12 @@ BuildRoot: %{_tmppath}/%{name}-%{version
# borrowed from debian/ubuntu
Patch50: 64_security_jbig2.patch
+# gmalloc hardening fixes
+Patch60: poppler-0.8.7-gmallocn.patch
+# security fixes from xpdf 3.02pl4 / 1082e1671a
+Patch61: poppler-0.8.7-CVE-2009-360x.patch
+# CVE-2009-3607 / c839b70609
+Patch62: poppler-0.8.7-CVE-2009-3607.patch
BuildRequires: automake libtool
BuildRequires: cairo-devel
@@ -117,6 +124,9 @@ pushd %{name}-%{version}
%patch1 -p1 -b .large-image
%patch2 -p1 -b .qt4psprint
%patch50 -p1 -b .jbig2_security
+%patch60 -p1 -b .gmallocn
+%patch61 -p1 -b .CVE-2009-360x
+%patch62 -p1 -b .CVE-2009-3607
# hammer to nuke rpaths, recheck on new releases
autoreconf -i -f
popd
@@ -226,8 +236,22 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Sun Oct 25 2009 Rex Dieter <rdieter at fedoraproject.org> - 0.8.8-7
+- CVE-2009-3603 xpdf/popppler: SplashBitmap::SplashBitmap
+ integer overflow (#526915)
+- CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow
+ and missing allocation return value check(#526911)
+- CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep
+ integer overflow (#526877)
+- CVE-2009-3607 poppler: create_surface_from_thumbnail_data
+ integer overflow (#526924)
+- CVE-2009-3608 xpdf/poppler: integer overflow in
+ ObjectStream::ObjectStream (#526637)
+- CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream
+ integer overflow (#526893)
+
* Tue Jan 23 2009 Rex Dieter <rdieter at fedoraproject.org> - 0.8.7-6
-- use backported jbig2_security patch from debian/ubuntu
+- use backported jbig2_security patch from debian/ubuntu (#496942)
- poppler-data-0.2.1
- --enable-libjpeg (speed)
- track sonames
- Previous message (by thread): rpms/poppler/F-11 poppler-0.10.7-CVE-2009-3607.patch, NONE, 1.1 poppler-0.10.7-CVE-2009-360x.patch, NONE, 1.1 poppler-0.10.7-gmallocn.patch, NONE, 1.1 poppler.spec, 1.86, 1.87
- Next message (by thread): rpms/poppler/F-10 poppler-0.8.7-CVE-2009-3607.patch, NONE, 1.1 poppler-0.8.7-CVE-2009-360x.patch, NONE, 1.1 poppler-0.8.7-gmallocn.patch, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list