From 4e89ffcd0ea93570ab08f5e4c151586d6f46635a Mon Sep 17 00:00:00 2001
From: Sandro Mani <manisandro@gmail.com>
Date: Thu, 2 Jul 2020 10:28:37 +0200
Subject: [PATCH] Backport proposed patch for CVE-2018-12983

---
 podofo.spec                |  8 +++++++-
 podofo_CVE-2018-12983.diff | 16 ++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 podofo_CVE-2018-12983.diff

diff --git a/podofo.spec b/podofo.spec
index 7134dc5..adc0010 100644
--- a/podofo.spec
+++ b/podofo.spec
@@ -1,6 +1,6 @@
 Name:           podofo
 Version:        0.9.6
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        Tools and libraries to work with the PDF file format
 
 # The library is licensed under the LGPL.
@@ -50,6 +50,9 @@ Patch19:        podofo_CVE-2019-9687.patch
 # Downstream patch for CVE-2019-20093
 # https://sourceforge.net/p/podofo/tickets/75/
 Patch20:        podofo_CVE-2019-20093.patch
+# Proposed patch for CVE-2018-12983
+# https://sourceforge.net/p/podofo/tickets/23/
+Patch21:        podofo_CVE-2018-12983.diff
 
 BuildRequires:  gcc-c++
 %if %{?el7:1}%{!?el7:0}
@@ -161,6 +164,9 @@ find doc/html -exec touch -r %{SOURCE0} {} \;
 
 
 %changelog
+* Thu Jul 02 2020 Sandro Mani <manisandro@gmail.com> - 0.9.6-11
+- Backport proposed patch for CVE-2018-12983
+
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
diff --git a/podofo_CVE-2018-12983.diff b/podofo_CVE-2018-12983.diff
new file mode 100644
index 0000000..7bfa3e5
--- /dev/null
+++ b/podofo_CVE-2018-12983.diff
@@ -0,0 +1,16 @@
+diff -rupN --no-dereference podofo-0.9.6/src/base/PdfEncrypt.cpp podofo-0.9.6-new/src/base/PdfEncrypt.cpp
+--- podofo-0.9.6/src/base/PdfEncrypt.cpp	2020-07-02 10:27:57.484446311 +0200
++++ podofo-0.9.6-new/src/base/PdfEncrypt.cpp	2020-07-02 10:27:57.694448247 +0200
+@@ -607,6 +607,12 @@ PdfEncrypt* PdfEncrypt::CreatePdfEncrypt
+             && PdfEncrypt::IsEncryptionEnabled( ePdfEncryptAlgorithm_RC4V2 ) ) 
+     {
+         // [Alexey] - lLength is pdf_int64. Please make changes in encryption algorithms
++        // [mabri] - Fix CVE-2018-12983: Check key length lLength here
++        // to prevent stack-based buffer over-read in line 867 of this file
++        if (lLength > MD5_DIGEST_LENGTH * 8) // lLength in bits, md5 in bytes 
++        {
++            PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "Given key length too large for MD5." );
++        }
+         pdfEncrypt = new PdfEncryptRC4(oValue, uValue, pValue, rValue, ePdfEncryptAlgorithm_RC4V2, static_cast<int>(lLength), encryptMetadata);
+     }
+     else