diff --git a/podofo.spec b/podofo.spec index e511315..41b7e7b 100644 --- a/podofo.spec +++ b/podofo.spec @@ -1,6 +1,6 @@ Name: podofo Version: 0.9.6 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Tools and libraries to work with the PDF file format # The library is licensed under the LGPL. @@ -47,6 +47,10 @@ Patch18: podofo_CVE-2019-9199.patch # https://sourceforge.net/p/podofo/code/1969 Patch19: podofo_CVE-2019-9687.patch +# Downstream patch for CVE-2019-20093 +# https://sourceforge.net/p/podofo/tickets/75/ +Patch20: podofo_CVE-2019-20093.patch + BuildRequires: gcc-c++ %if %{?el7:1}%{!?el7:0} BuildRequires: cmake3 @@ -157,6 +161,9 @@ find doc/html -exec touch -r %{SOURCE0} {} \; %changelog +* Fri Jan 17 2020 Sandro Mani - 0.9.6-9 +- Add patch for CVE-2019-20093 + * Fri Jul 26 2019 Fedora Release Engineering - 0.9.6-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/podofo_CVE-2019-20093.patch b/podofo_CVE-2019-20093.patch new file mode 100644 index 0000000..3529000 --- /dev/null +++ b/podofo_CVE-2019-20093.patch @@ -0,0 +1,15 @@ +diff -wrupN podofo-0.9.6/tools/podofoimgextract/ImageExtractor.cpp podofo-0.9.6-new/tools/podofoimgextract/ImageExtractor.cpp +--- podofo-0.9.6/tools/podofoimgextract/ImageExtractor.cpp 2018-02-25 12:48:38.000000000 +0100 ++++ podofo-0.9.6-new/tools/podofoimgextract/ImageExtractor.cpp 2020-01-17 19:43:48.619699851 +0100 +@@ -117,6 +117,11 @@ void ImageExtractor::ExtractImage( PdfOb + //long lBitsPerComponent = pObject->GetDictionary().GetKey( PdfName("BitsPerComponent" ) )->GetNumber(); + // TODO: Handle colorspaces + ++ if ( !pObject->GetDictionary().HasKey( PdfName("Width" ) ) || !pObject->GetDictionary().HasKey( PdfName("Height" ) ) ) ++ { ++ PODOFO_RAISE_ERROR( ePdfError_BrokenFile ); ++ } ++ + // Create a ppm image + const char* pszPpmHeader = "P6\n# Image extracted by PoDoFo\n%" PDF_FORMAT_INT64 " %" PDF_FORMAT_INT64 "\n%li\n"; +