rpms/poppler/F-10 poppler.spec,1.80,1.81

Sun Oct 25 22:38:42 UTC 2009

Author: rdieter

Update of /cvs/pkgs/rpms/poppler/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7241

Modified Files:
	poppler.spec 
Log Message:
* Sun Oct 25 2009 Rex Dieter <rdieter at fedoraproject.org> - 0.8.8-7
- CVE-2009-3603 xpdf/popppler: SplashBitmap::SplashBitmap
  integer overflow (#526915)
- CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow
  and missing allocation return value check(#526911)
- CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep
  integer overflow (#526877)
- CVE-2009-3607 poppler: create_surface_from_thumbnail_data
  integer overflow (#526924)
- CVE-2009-3608 xpdf/poppler: integer overflow in
  ObjectStream::ObjectStream (#526637)
- CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream
  integer overflow (#526893)



Index: poppler.spec
===================================================================
RCS file: /cvs/pkgs/rpms/poppler/F-10/poppler.spec,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -p -r1.80 -r1.81

--- poppler.spec	23 Jun 2009 19:52:00 -0000	1.80
+++ poppler.spec	25 Oct 2009 22:38:42 -0000	1.81
@@ -3,7 +3,7 @@
 Summary: PDF rendering library
 Name: poppler
 Version: 0.8.7
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2 and Redistributable, no modification permitted
 # the code is GPLv2
 # the charmap data in /usr/share/poppler is redistributable
@@ -11,6 +11,7 @@ Group: Development/Libraries
 URL:     http://poppler.freedesktop.org/
 Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.gz
 Source1: http://poppler.freedesktop.org/poppler-data-%{dataversion}.tar.gz
+
 Patch0: poppler-ObjStream.patch
 # fix from upstream
 Patch1: pdftops-large-image.patch
@@ -20,6 +21,12 @@ BuildRoot: %{_tmppath}/%{name}-%{version
 
 # borrowed from debian/ubuntu
 Patch50: 64_security_jbig2.patch
+# gmalloc hardening fixes
+Patch60: poppler-0.8.7-gmallocn.patch
+# security fixes from xpdf 3.02pl4 / 1082e1671a
+Patch61: poppler-0.8.7-CVE-2009-360x.patch
+# CVE-2009-3607 / c839b70609
+Patch62: poppler-0.8.7-CVE-2009-3607.patch
 
 BuildRequires: automake libtool
 BuildRequires: cairo-devel
@@ -117,6 +124,9 @@ pushd %{name}-%{version}
 %patch1 -p1 -b .large-image
 %patch2 -p1 -b .qt4psprint
 %patch50 -p1 -b .jbig2_security
+%patch60 -p1 -b .gmallocn
+%patch61 -p1 -b .CVE-2009-360x
+%patch62 -p1 -b .CVE-2009-3607
 # hammer to nuke rpaths, recheck on new releases
 autoreconf -i -f
 popd
@@ -226,8 +236,22 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sun Oct 25 2009 Rex Dieter <rdieter at fedoraproject.org> - 0.8.8-7
+- CVE-2009-3603 xpdf/popppler: SplashBitmap::SplashBitmap
+  integer overflow (#526915)
+- CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow
+  and missing allocation return value check(#526911)
+- CVE-2009-3606 xpdf/poppler: PSOutputDev::doImageL1Sep
+  integer overflow (#526877)
+- CVE-2009-3607 poppler: create_surface_from_thumbnail_data
+  integer overflow (#526924)
+- CVE-2009-3608 xpdf/poppler: integer overflow in
+  ObjectStream::ObjectStream (#526637)
+- CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream
+  integer overflow (#526893)
+
 * Tue Jan 23 2009 Rex Dieter <rdieter at fedoraproject.org> - 0.8.7-6
-- use backported jbig2_security patch from debian/ubuntu
+- use backported jbig2_security patch from debian/ubuntu (#496942)
 - poppler-data-0.2.1
 - --enable-libjpeg (speed)
 - track sonames


