On Thursday 19 February 2009, Michael K. Johnson wrote: > On Fri, Feb 13, 2009 at 11:20:40AM +0200, Pinar Yanardag wrote: > > 1) An uninitialised memory access error in the > > "FormWidgetChoice::loadDefaults()" function can be exploited to > > cause a crash via a specially crafted PDF document. > > This is changeset 1fc342eadcbbb41302f190b215c5daf23c9ec9b1 in > poppler's git and is associated with poppler bug 19790 > > > 2) An error in the "JBIG2Stream::readSymbolDictSeg()" function can > > be exploited to cause a crash via a specially crafted PDF document. > > This is changeset d3f04f537fb3e963c149a7e2d8d83c7cb19da8c0 in > poppler's git and is associated with poppler bug 19702 > > These bugs were reported fixed in poppler-0.10.4.tar.gz, released on > February 10, 2009
http://bugs.freedesktop.org/show_bug.cgi?id=19790 http://bugs.freedesktop.org/show_bug.cgi?id=19702
I've just bumped 0.10.4, it should be good to mark stable.
Arches, please test and mark stable: =app-text/poppler-0.10.4 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
... and =app-text/poppler-bindings-0.10.4 Be sure to get the newest version from CVS or it will fail with libtool-1.5
amd64/x86 stable
(In reply to comment #4) > ... and =app-text/poppler-bindings-0.10.4 > Be sure to get the newest version from CVS or it will fail with libtool-1.5 It's possible I've been bitten by this bug. Emerge of poppler-bindings-0.10.4 fails during "Configuring source in /var/tmp/portage/app-text/poppler-bindings-0.10.4/work/poppler-0.10.4" with these messages: checking for Qt headers... no checking for Qt libraries... no configure: error: in `/var/tmp/portage/app-text/poppler-bindings-0.10.4/work/poppler-0.10.4': configure: error: Qt development libraries not found Here's what I've got installed for libtool: [I--] [ ] sys-devel/libtool-1.5.26 (1.5) and for qt: [I--] [ ] x11-libs/qt-3.3.8b-r1 (3) [I--] [ ] x11-libs/qt-4.4.2 (4) [I--] [ ] x11-libs/qt-assistant-4.4.2-r1 (4) [I--] [ ] x11-libs/qt-core-4.4.2 (4) [I--] [ ] x11-libs/qt-dbus-4.4.2 (4) [I--] [ ] x11-libs/qt-gui-4.4.2-r1 (4) [I--] [ ] x11-libs/qt-opengl-4.4.2 (4) [I--] [ ] x11-libs/qt-qt3support-4.4.2 (4) [I--] [ ] x11-libs/qt-script-4.4.2 (4) [I--] [ ] x11-libs/qt-sql-4.4.2 (4) [I--] [ ] x11-libs/qt-svg-4.4.2 (4) [I--] [ ] x11-libs/qt-test-4.4.2 (4) [I--] [ ] x11-libs/qt-webkit-4.4.2 (4) [I--] [ ] x11-libs/qt-xmlpatterns-4.4.2 (4) so, of course, Qt is installed. Applicable USE flags for emerging poppler-bindings are: U I + + cairo : Enable support for the cairo graphics library + + gtk : Adds support for x11-libs/gtk+ (The GIMP Toolkit) + + qt3 : Adds support for the Qt GUI/Application Toolkit version 3.x + + qt4 : Adds support for the Qt GUI/Application Toolkit version 4.x HTH. Clemmitt
(In reply to comment #6) > (In reply to comment #4) > > ... and =app-text/poppler-bindings-0.10.4 > > Be sure to get the newest version from CVS or it will fail with libtool-1.5 > > It's possible I've been bitten by this bug. Emerge of poppler-bindings-0.10.4 > fails during "Configuring source in > /var/tmp/portage/app-text/poppler-bindings-0.10.4/work/poppler-0.10.4" with > these messages: QTDIR is probably unset. Try with a fresh root-shell. I've just made the ebuild inherit qt3 so a sane value is set even if you've not yet sourced /etc/env.d/50qtdir3 . If that doesn't work, file a new bug and CC me.
I have done poppler for ppc64. poppler-bindings fails tests like: PASS: check_permissions ********* Start testing of TestPageMode ********* Config: Using QTest library 4.4.2, Qt 4.4.2 PASS : TestPageMode::initTestCase() PASS : TestPageMode::checkNone() PASS : TestPageMode::checkFullScreen() PASS : TestPageMode::checkAttachments() PASS : TestPageMode::checkThumbs() PASS : TestPageMode::checkOC() PASS : TestPageMode::cleanupTestCase() Totals: 7 passed, 0 failed, 0 skipped ********* Finished testing of TestPageMode ********* PASS: check_pagemode ********* Start testing of TestPassword ********* Config: Using QTest library 4.4.2, Qt 4.4.2 PASS : TestPassword::initTestCase() Error: Couldn't open file '../../../test/unittestcases/Gday garon - open.pdf' FAIL! : TestPassword::password1() 'doc' returned FALSE. () Loc: [check_password.cpp(23)] QDEBUG : TestPassword::password1a() Error: Couldn't open file '../../../test/unittestcases/Gday garon - open.pdf' FAIL! : TestPassword::password1a() 'doc' returned FALSE. () Loc: [check_password.cpp(34)] QDEBUG : TestPassword::password2() Error: Couldn't open file '../../../test/unittestcases/Gday garon - owner.pdf' FAIL! : TestPassword::password2() 'doc' returned FALSE. () Loc: [check_password.cpp(46)] QDEBUG : TestPassword::password2a() Error: Couldn't open file '../../../test/unittestcases/Gday garon - owner.pdf' FAIL! : TestPassword::password2a() 'doc' returned FALSE. () Loc: [check_password.cpp(56)] QDEBUG : TestPassword::password2b() Error: Couldn't open file '../../../test/unittestcases/Gday garon - owner.pdf' FAIL! : TestPassword::password2b() 'doc' returned FALSE. () Loc: [check_password.cpp(66)] PASS : TestPassword::password3() PASS : TestPassword::cleanupTestCase() Totals: 3 passed, 5 failed, 0 skipped ********* Finished testing of TestPassword ********* FAIL: check_password ********* Start testing of TestPageLayout ********* Config: Using QTest library 4.4.2, Qt 4.4.2 PASS : TestPageLayout::initTestCase() PASS : TestPageLayout::checkNone() PASS : TestPageLayout::checkSingle() PASS : TestPageLayout::checkFacing() PASS : TestPageLayout::cleanupTestCase() Totals: 5 passed, 0 failed, 0 skipped ********* Finished testing of TestPageLayout ********* PASS: check_pagelayout ********* Start testing of TestSearch ********* Config: Using QTest library 4.4.2, Qt 4.4.2 PASS : TestSearch::initTestCase() PASS : TestSearch::bug7063() PASS : TestSearch::cleanupTestCase() Totals: 3 passed, 0 failed, 0 skipped ********* Finished testing of TestSearch ********* PASS: check_search ==================== 1 of 11 tests failed ==================== make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/var/tmp/portage/app-text/poppler-bindings-0.10.4/work/poppler-0.10.4/qt4/tests' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/var/tmp/portage/app-text/poppler-bindings-0.10.4/work/poppler-0.10.4/qt4/tests' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/app-text/poppler-bindings-0.10.4/work/poppler-0.10.4/qt4' make: *** [check-recursive] Error 1
(In reply to comment #8) > I have done poppler for ppc64. poppler-bindings fails tests like: [...] > Error: Couldn't open file '../../../test/unittestcases/Gday garon - open.pdf' > FAIL! : TestPassword::password1() 'doc' returned FALSE. () > Loc: [check_password.cpp(23)] bug 239556 It's safe to ignore that failure for now. Or make it pass by setting a UTF-8 locale.
ppc64 done
Stable for HPPA.
(In reply to comment #7) > QTDIR is probably unset. Try with a fresh root-shell. I've just made the ebuild > inherit qt3 so a sane value is set even if you've not yet sourced > /etc/env.d/50qtdir3 . If that doesn't work, file a new bug and CC me. Wow, hugely helpful! Fixed. Thank you very much! The end conclusion is I didn't think the problem through very well. I had recently changed QTDIR so that Qt4 could be used to compile the Qt version of WebKit. With QTDIR as defined in /etc/env.d/50qtdir3 the WebKit Qt build barfed. Thanks again :^) Clemmitt
alpha/arm/ia64/s390/sh/sparc stable
CVE-2009-0755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0755): The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. CVE-2009-0756 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0756): The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
ppc stable
Ready for vote, I vote YES.
I vote NO, as it's just DOS which only crashes the application (if I didn't get it wrong).
NO as well, closing.
