diff --git a/debian/changelog b/debian/changelog index 7191081..912d958 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,17 @@ -qpdf (9.1.1-ok2) yangtze; urgency=medium - - * Update version. - - -- zhouganqing Mon, 15 Aug 2022 17:00:51 +0800 - -qpdf (9.1.1-ok1) yangtze; urgency=medium - - * Build for openKylin. - - -- openKylinBot Mon, 25 Apr 2022 22:03:04 +0800 +qpdf (9.1.1-ok3) yangtze; urgency=medium + + * omelette-guo CVE-2021-36978 安全更新:当某个下游写操作失败时,QPDF中存在基于堆的缓冲区溢出漏洞 + + -- lichaoheng Tue, 14 Mar 2023 11:06:54 +0800 + +qpdf (9.1.1-ok2) yangtze; urgency=medium + + * Update version. + + -- zhouganqing Mon, 15 Aug 2022 17:00:51 +0800 + +qpdf (9.1.1-ok1) yangtze; urgency=medium + + * Build for openKylin. + + -- openKylinBot Mon, 25 Apr 2022 22:03:04 +0800 diff --git a/debian/patches/0001-CVE-2021-36978-QPDF.patch b/debian/patches/0001-CVE-2021-36978-QPDF.patch new file mode 100644 index 0000000..d6a3e92 --- /dev/null +++ b/debian/patches/0001-CVE-2021-36978-QPDF.patch @@ -0,0 +1,80 @@ +From: lch <32248802@qq.com> +Date: Tue, 14 Mar 2023 11:09:22 +0800 +Subject: =?utf-8?b?Q1ZFLTIwMjEtMzY5Nzgg5a6J5YWo5pu05paw77ya5b2T5p+Q5Liq5LiL?= + =?utf-8?b?5ri45YaZ5pON5L2c5aSx6LSl5pe277yMUVBERuS4reWtmOWcqOWfuuS6juWghg==?= + =?utf-8?b?55qE57yT5Yay5Yy65rqi5Ye65ryP5rSe?= + +--- + libqpdf/Pl_AES_PDF.cc | 2 +- + libqpdf/Pl_ASCII85Decoder.cc | 7 +++++-- + libqpdf/Pl_ASCIIHexDecoder.cc | 6 ++++-- + libqpdf/Pl_Count.cc | 2 +- + 4 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/libqpdf/Pl_AES_PDF.cc b/libqpdf/Pl_AES_PDF.cc +index 18cf3a4..2865f80 100644 +--- a/libqpdf/Pl_AES_PDF.cc ++++ b/libqpdf/Pl_AES_PDF.cc +@@ -238,6 +238,6 @@ Pl_AES_PDF::flush(bool strip_padding) + } + } + } +- getNext()->write(this->outbuf, bytes); + this->offset = 0; ++ getNext()->write(this->outbuf, bytes); + } +diff --git a/libqpdf/Pl_ASCII85Decoder.cc b/libqpdf/Pl_ASCII85Decoder.cc +index b8df3e8..9d9f670 100644 +--- a/libqpdf/Pl_ASCII85Decoder.cc ++++ b/libqpdf/Pl_ASCII85Decoder.cc +@@ -119,10 +119,13 @@ Pl_ASCII85Decoder::flush() + + QTC::TC("libtests", "Pl_ASCII85Decoder partial flush", + (this->pos == 5) ? 0 : 1); +- getNext()->write(outbuf, this->pos - 1); +- ++ // Reset before calling getNext()->write in case that throws an ++ // exception. ++ auto t = this->pos - 1; + this->pos = 0; + memset(this->inbuf, 117, 5); ++ ++ getNext()->write(outbuf, t); + } + + void +diff --git a/libqpdf/Pl_ASCIIHexDecoder.cc b/libqpdf/Pl_ASCIIHexDecoder.cc +index f20a976..7845268 100644 +--- a/libqpdf/Pl_ASCIIHexDecoder.cc ++++ b/libqpdf/Pl_ASCIIHexDecoder.cc +@@ -97,12 +97,14 @@ Pl_ASCIIHexDecoder::flush() + + QTC::TC("libtests", "Pl_ASCIIHexDecoder partial flush", + (this->pos == 2) ? 0 : 1); +- getNext()->write(&ch, 1); +- ++ // Reset before calling getNext()->write in case that throws an ++ // exception. + this->pos = 0; + this->inbuf[0] = '0'; + this->inbuf[1] = '0'; + this->inbuf[2] = '\0'; ++ ++ getNext()->write(&ch, 1); + } + + void +diff --git a/libqpdf/Pl_Count.cc b/libqpdf/Pl_Count.cc +index 8077092..c35619b 100644 +--- a/libqpdf/Pl_Count.cc ++++ b/libqpdf/Pl_Count.cc +@@ -27,8 +27,8 @@ Pl_Count::write(unsigned char* buf, size_t len) + if (len) + { + this->m->count += QIntC::to_offset(len); +- getNext()->write(buf, len); + this->m->last_char = buf[len - 1]; ++ getNext()->write(buf, len); + } + } + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..93ccb3a --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001-CVE-2021-36978-QPDF.patch