Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, I would like to upload poppler 0.18.4-4 with the following two changes: - backport an upstream commit to fix #693817 (wrong string manipulation in some cases, leads to xpdf bug #649047) - b-d on libcairo2-doc to fix cross-references to cairo methods in the poppler-glib apidox Attached the current diff out of the packaging repo of the changes above. Thanks, -- Pino
diff --git a/debian/changelog b/debian/changelog index f99e452..b0ab017 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +poppler (0.18.4-4) UNRELEASED; urgency=low + + [ Pino Toscano ] + * Backport upstream commit 7ba15d11e56175601104d125d5e4a47619c224bf to fix + GooString::insert; patch upstream_fix-GooString-insert.patch. + (Closes: #693817) + * Add a libcairo2-doc build dependency to fix cross-references to cairo + methods in the poppler-glib apidox. + + -- Pino Toscano <p...@debian.org> Mon, 26 Nov 2012 14:54:05 +0100 + poppler (0.18.4-3) unstable; urgency=low * Finally drop the libfontconfig1-dev dependency from libpoppler-dev, diff --git a/debian/control b/debian/control index 14ea239..4eab85e 100644 --- a/debian/control +++ b/debian/control @@ -24,7 +24,8 @@ Build-Depends: debhelper (>= 9), pkg-config (>= 0.18), libgirepository1.0-dev (>= 1.31.0-2~), gobject-introspection (>= 1.31.0-2~), - libglib2.0-doc + libglib2.0-doc, + libcairo2-doc Standards-Version: 3.9.3 Homepage: http://poppler.freedesktop.org/ Vcs-Git: git://git.debian.org/pkg-freedesktop/poppler.git diff --git a/debian/patches/series b/debian/patches/series index d1150f3..bab73a2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ ltmain-as-needed.diff upstream_cairo-use-correct-userfont-font-bbox.patch upstream_pdfinfo-decode-utf-16-surrogate-pairs.patch upstream_Change-nnnnnn-to-number.patch +upstream_fix-GooString-insert.patch diff --git a/debian/patches/upstream_fix-GooString-insert.patch b/debian/patches/upstream_fix-GooString-insert.patch new file mode 100644 index 0000000..5398863 --- /dev/null +++ b/debian/patches/upstream_fix-GooString-insert.patch @@ -0,0 +1,44 @@ +From 7ba15d11e56175601104d125d5e4a47619c224bf Mon Sep 17 00:00:00 2001 +From: Pino Toscano <p...@kde.org> +Date: Mon, 26 Nov 2012 00:29:35 +0100 +Subject: [PATCH] fix GooString::insert() + +Hi, + +as reported in a Debian bug [1], it seems GooString::insert could lead +to using uninitialized memory. +The case is a simple: + GooString goo; + goo.insert(0, "."); + goo.insert(0, "This is a very long long test string"); +i.e. basically first insert a single character at position 0, and then a +string longer than STR_STATIC_SIZE always at position 0. + +[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693817 +--- + goo/GooString.cc | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/goo/GooString.cc b/goo/GooString.cc +index 451a70e..e52380e 100644 +--- a/goo/GooString.cc ++++ b/goo/GooString.cc +@@ -640,14 +640,12 @@ GooString *GooString::insert(int i, GooString *str) { + } + + GooString *GooString::insert(int i, const char *str, int lengthA) { +- int j; + int prevLen = length; + if (CALC_STRING_LEN == lengthA) + lengthA = strlen(str); + + resize(length + lengthA); +- for (j = prevLen; j >= i; --j) +- s[j+lengthA] = s[j]; ++ memmove(s+i+lengthA, s+i, prevLen); + memcpy(s+i, str, lengthA); + return this; + } +-- +1.7.10.4 +