package/poppler: security bump to version 22.10.0

- Fix CVE-2022-38784: Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. - Drop patch (already in version) https://gitlab.freedesktop.org/poppler/poppler/-/blob/poppler-22.10.0/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-10-19 22:00:51 +02:00 · 2022-10-19 22:00:51 +02:00 · bd35c0f363
commit bd35c0f363
parent c5b1a0b34a
3 changed files with 2 additions and 29 deletions
--- a/package/poppler/0001-Include-setjmp-h-when-WITH_JPEG-yes-and-WITH_PNG-no.patch
+++ b/package/poppler/0001-Include-setjmp-h-when-WITH_JPEG-yes-and-WITH_PNG-no.patch
@ -1,27 +0,0 @@
-From 3ea6bca90d87d3f91556205c4e58ca425c6ac437 Mon Sep 17 00:00:00 2001
-From: Marco Genasci <fedeliallalinea@gmail.com>
-Date: Sun, 12 Dec 2021 10:23:37 +0100
-Subject: [PATCH] Include setjmp.h when WITH_JPEG=yes and WITH_PNG=no
-
-[Retrieved from:
-https://gitlab.freedesktop.org/poppler/poppler/-/commit/3ea6bca90d87d3f91556205c4e58ca425c6ac437]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
- poppler/ImageEmbeddingUtils.cc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/poppler/ImageEmbeddingUtils.cc b/poppler/ImageEmbeddingUtils.cc
-index 5c50f1269..c26b9eb2a 100644
--- a/poppler/ImageEmbeddingUtils.cc
-+++ b/poppler/ImageEmbeddingUtils.cc
-@@ -16,6 +16,7 @@
- extern "C" {
- #    include <jpeglib.h>
- }
-+#    include <csetjmp>
- #endif
- #ifdef ENABLE_LIBPNG
- #    include <png.h>
-- 
-GitLab
-
--- a/package/poppler/poppler.hash
+++ b/package/poppler/poppler.hash
@ -1,3 +1,3 @@
 # Locally calculated
-sha256  acb840c2c1ec07d07e53c57c4b3a1ff3e3ee2d888d44e1e9f2f01aaf16814de7  poppler-21.12.0.tar.xz
+sha256  04e40fad924a6de62e63017a6fd4c04696c1f526dedc2ba5ef275cedf646292a  poppler-22.10.0.tar.xz
 sha256  ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6  COPYING
--- a/package/poppler/poppler.mk
+++ b/package/poppler/poppler.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-POPPLER_VERSION = 21.12.0
+POPPLER_VERSION = 22.10.0
 POPPLER_SOURCE = poppler-$(POPPLER_VERSION).tar.xz
 POPPLER_SITE = https://poppler.freedesktop.org
 POPPLER_DEPENDENCIES = fontconfig host-pkgconf