Package: libpodofo / 0.9.6+dfsg-5
Metadata
Package | Version | Patches format |
---|---|---|
libpodofo | 0.9.6+dfsg-5 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
non_existing_directory.patch | (download) |
test/TokenizerTest/CMakeLists.txt |
7 0 + 7 - 0 ! |
before cmake 3.12, trying to copy a non-existing dir didn't fail |
pkg config.patch | (download) |
src/CMakeLists.txt |
4 2 + 2 - 0 ! |
fix pkg-config to actually work with the way podofo is installed |
fix link with visibility hidden.patch | (download) |
src/base/PdfXRefStreamParserObject.h |
2 1 + 1 - 0 ! |
workaround bug that makes impossible to link the test with -fvisibility=hidden This is a workaround, this class is *not* meant to be public. It doesn't change the status quo from the 0.9.5 version as there we didn't build libpodofo with -fvisibility=hidden, so this was exposed anyway, and I consider this solution better than enabling global symbol visibility again. |
fix test non linux.patch | (download) |
test/unit/ParserTest.cpp |
2 1 + 1 - 0 ! |
fix compilation failure on !linux |
CVE 2018 5783.patch | (download) |
src/base/PdfCompilerCompat.h |
3 3 + 0 - 0 ! |
fix cve-2018-5783 by introducing singleton limit for indirect objects The limit is the standard one of 8,388,607 but can be changed by a newly introduced inline method (also a getter is provided). This also introduced a new define PODOFO_SIZE_FORMAT for formatting size_t values portably in printf()-like methods of PdfError etc. Please also cf. issue #4 in the issue tracker. |
CVE 2018 11254.patch | (download) |
src/doc/PdfPagesTree.cpp |
176 35 + 141 - 0 ! |
fix bugs in pdfpagestree The patch includes: 1) A real fix of CVE-2017-8054 (not really fixed up to r1937!) for handling of cyclic trees, see testCyclicTree() 2) A fix for handling of subtrees with /Kids [] and /Count 0 which is completely valid according to the PDF spec, see testEmptyKidsTree() 3) A changed behavior for trees with nested kids array which are not valid according to the PDF spec and now yield an NULL ptr, see testNestedArrayTree() This patch actually drops the symbols PdfPagesTree::GetPageNodeFromArray, but it wasn't used by nothing. |
CVE 2018 11256.patch | (download) |
src/doc/PdfDocument.cpp |
6 6 + 0 - 0 ! |
fix cve-2018-11256: pdferror info gives not-found page 0-based (and says that) |
CVE 2018 12982.patch | (download) |
src/base/PdfDictionary.h |
26 26 + 0 - 0 ! |
fix cve-2018-12982 implementing inline pdfdictionary::mustgetkey() That new method throws, therefore it makes NULL checks in the calling places unnecessary. That it's inline means that it doesn't change the ABI or API (AFAIK). It's called from the library itself therefore no recompile of applications is necessary. Please also cf. issue #22 in the issue tracker. |
CVE 2018 14320.patch | (download) |
src/base/PdfEncoding.cpp |
12 12 + 0 - 0 ! |
cve-2018-14320 - possible undefined behaviour in pdfencoding::parsetounicode() There is undefined behaviour in PdfEncoding::ParseToUnicode() if the first token in the parsed stream is 'beginbfrange' or 'beginbfchar'. In both cases stkToken.top() is called when stkToken.size() == 0, which results in the undefined behaviour. |
CVE 2018 19532.patch | (download) |
tools/podofoimpose/pdftranslator.cpp |
8 7 + 1 - 0 ! |
cve-2018-19532: null pointer dereference in pdftranslator::settarget() This is in podofoimpose and fixed there (pdftranslator.cpp) directly. |
CVE 2018 20751.patch | (download) |
tools/podofocrop/podofocrop.cpp |
5 5 + 0 - 0 ! |
cve-2018-20751: null-pointer dereference in crop_page() of tools/podofocrop/podofocrop.cpp |
CVE 2019 9199.patch | (download) |
tools/podofoimpose/pdftranslator.cpp |
7 6 + 1 - 0 ! |
cve-2019-9199 - null pointer dereference |
CVE 2019 9687.patch | (download) |
src/base/PdfString.cpp |
29 25 + 4 - 0 ! |
cve-2019-9687 - heap-based buffer overflow in pdfstring::convertutf16toutf8 |