app-text/poppler: Fix CVE-2017-1792{6,7,8,9}, CVE-2017-15565

Bug: https://bugs.gentoo.org/635364 Package-Manager: Portage-2.3.16, Repoman-2.3.6
author: Andreas Sturmlechner <asturm@gentoo.org> 2017-11-24 22:23:34 +0100
committer: Andreas Sturmlechner <asturm@gentoo.org> 2017-11-25 00:06:21 +0100
commit: 21121c39ac5e0a8fc7481a0223e05c95fa30ee0d (patch)
tree: db2ca659caf2e60ee81a1d248737101904ae2a4f /app-text
parent: app-text/poppler: Fix CVE-2017-14517 (diff)
download: gentoo-21121c39ac5e0a8fc7481a0223e05c95fa30ee0d.tar.gz
gentoo-21121c39ac5e0a8fc7481a0223e05c95fa30ee0d.tar.bz2
gentoo-21121c39ac5e0a8fc7481a0223e05c95fa30ee0d.zip
7 files changed, 423 insertions, 1 deletions
diff --git a/app-text/poppler/Manifest b/app-text/poppler/Manifest
index 4fb1a1ebb5b6..15244e7da338 100644
--- a/app-text/poppler/Manifest
+++ b/app-text/poppler/Manifest
@@ -1,5 +1,5 @@
 DIST poppler-0.57.0.tar.xz 1703300 BLAKE2B e4126dff2e0ee140fa4c5c30d5a57da5aff38d4c1f566e4ace22d3fe625949db3a662a8513881702cd5c5c302845998dd462048b5158abaf1d119650c997c84c SHA512 197a0bf51e7fd607db83144d771904e48f266ab9e1252c688f9e7700a5bdd239670cf0363e9d77137bafa9c08fb6ddb9d066cc78a74dac7dfd717662b25cac5f
-DIST poppler-0.58.0.tar.xz 1710412 SHA256 0e42e46419ae54b02d9f2b527c6475b6011d15816918b9057dfa3aae211af832 SHA512 0675846fc99578925840cbb17083463da6ea54f7de348b946ae7d4480d9d87bd4b5069392b23a8b9bbafe0aafafaf5a200134be52d0832558104cb4aa2497aee WHIRLPOOL 658f7dfbb786c2e09558f7e89ef0832db4ff32eaef08b7360fbf468236db01b44e33374424df6b64c17f018d7b10f61e151c08026652628d387958143a5a3837
+DIST poppler-0.58.0.tar.xz 1710412 BLAKE2B ac2558503f86e8f0729d9ee5e4bc6c59dc9a4abca2e94b4e94b27b139dcb237b608af70b011b6f042a06d18ce83e32593f5b3d28876ee2606d7e63bc9230e51e SHA512 0675846fc99578925840cbb17083463da6ea54f7de348b946ae7d4480d9d87bd4b5069392b23a8b9bbafe0aafafaf5a200134be52d0832558104cb4aa2497aee
 DIST poppler-0.59.0.tar.xz 1712004 SHA256 a3d626b24cd14efa9864e12584b22c9c32f51c46417d7c10ca17651f297c9641 SHA512 23777922dc95feee2a4459281081b37e124a39fc25cd00c2c3fc206f5484c13eb9ac5317f674fbbcb51e384f9a53e38b4cacbf1426c68d2bae21a7cefbc48a0e WHIRLPOOL 82ec203c17e2b2544cc0ac12d0b22bb051abf776114d17e1548f47d5e38ff289dee2e9c4b27dc16e3953b6f5b5ff0e0eeecfba73561dbc396ee0db7c5a4847e2
 DIST poppler-0.60.1.tar.xz 1432712 SHA256 19f185e05c3b59b4a1de2cec8ef39f5446035493d17bbed41d02fb9a77c8a93c SHA512 db73524b7413dddee38d5a049f3926338ee123b8fc4893d80ee9cf5aaae47c8c7b75b112293b156cd375894e548ec68e5fbf4af305e77b43bc3868ad1c966cdc WHIRLPOOL fe1fe7a3f0c0bac57c7503ad183fe2e8e2f0378c4dedc0dadbc6dcfaeaf8044bf387256742a970af5ed9e2704e42c35e996957e765eeff1aca4bedcc427ae6a7
 DIST poppler-0.61.1.tar.xz 1433696 SHA256 1266096343f5163c1a585124e9a6d44474e1345de5cdfe55dc7b47357bcfcda9 SHA512 780ebf07ad757635f3f71c7b1f61ad0849526f99f0dc514c3290c4e8db7000a68dfe50c17253d4c086aec5c5390055102478eba96699088179822f3be5ce278d WHIRLPOOL 9d41a9c2ae551f71a82cdae763a4d9c032977c1140fb89f619b912169f9c48c6b310bba38b0138de16c5af04cb46f0f58c57c60a15a648fefcd92cee8c8583df
diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14926.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14926.patch
new file mode 100644
index 000000000000..882cf0e2b8b5
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14926.patch
@@ -0,0 +1,36 @@
+From 170fe21144d469d3f865eda6e298df440b784499 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 8 Sep 2017 18:28:15 +0200
+Subject: [PATCH 2/3] Annot: Fix crash on broken files
+
+Bug #102601
+
+(cherry picked from commit 2532df6060092e9fab7f041ae9598aff9cdd94bb)
+---
+ poppler/Annot.cc | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/poppler/Annot.cc b/poppler/Annot.cc
+index 27b698db..643ff12c 100644
+--- a/poppler/Annot.cc
++++ b/poppler/Annot.cc
+@@ -6865,13 +6865,13 @@ AnnotRichMedia::Content::Content(Dict *dict) {
+       assets = (Asset **)gmallocn(nAssets, sizeof(Asset *));
+ 
+       int counter = 0;
+-      for (int i = 0; i < obj2.arrayGetLength(); i += 2) {
++      for (int i = 0; i < nAssets; ++i) {
+         Object objKey;
+ 
+         assets[counter] = new AnnotRichMedia::Asset;
+ 
+-        obj2.arrayGet(i, &objKey);
+-        obj2.arrayGet(i + 1, &assets[counter]->fileSpec);
++        obj2.arrayGet(i * 2, &objKey);
++        obj2.arrayGet(i * 2 + 1, &assets[counter]->fileSpec);
+ 
+         assets[counter]->name = new GooString( objKey.getString() );
+         ++counter;
+-- 
+2.14.1
+
diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14927.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14927.patch
new file mode 100644
index 000000000000..3595345800f0
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14927.patch
@@ -0,0 +1,32 @@
+From 876e7f76159e2b12ee7d2d396f327dd2cc90bcb0 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 8 Sep 2017 18:26:05 +0200
+Subject: [PATCH 3/3] SplashOutputDev: Fix crash on broken files
+
+Bug #102604
+
+(cherry picked from commit 6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d)
+---
+ poppler/SplashOutputDev.cc | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
+index 5502be64..46b55a42 100644
+--- a/poppler/SplashOutputDev.cc
++++ b/poppler/SplashOutputDev.cc
+@@ -2714,7 +2714,11 @@ void SplashOutputDev::endType3Char(GfxState *state) {
+ }
+ 
+ void SplashOutputDev::type3D0(GfxState *state, double wx, double wy) {
+-  t3GlyphStack->haveDx = gTrue;
++  if (likely(t3GlyphStack != nullptr)) {
++    t3GlyphStack->haveDx = gTrue;
++  } else {
++    error(errSyntaxWarning, -1, "t3GlyphStack was null in SplashOutputDev::type3D0");
++  }
+ }
+ 
+ void SplashOutputDev::type3D1(GfxState *state, double wx, double wy,
+-- 
+2.14.1
+
diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14928.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14928.patch
new file mode 100644
index 000000000000..bd2af863423b
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14928.patch
@@ -0,0 +1,69 @@
+From 6bf7212c44d0131c8f8227a4a4dadc52a3afebd9 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 8 Sep 2017 18:29:42 +0200
+Subject: [PATCH 1/3] Annot: Fix crash on broken files
+
+Bug #102607
+
+(cherry picked from commit 1316c7a41f4dd7276f404f775ebb5fef2d24ab1c)
+---
+ poppler/Annot.cc | 42 +++++++++++++++++++++++-------------------
+ 1 file changed, 23 insertions(+), 19 deletions(-)
+
+diff --git a/poppler/Annot.cc b/poppler/Annot.cc
+index 974b098b..27b698db 100644
+--- a/poppler/Annot.cc
++++ b/poppler/Annot.cc
+@@ -6982,26 +6982,30 @@ AnnotRichMedia::Configuration::Configuration(Dict *dict)
+     } else if (!strcmp(name, "Video")) {
+       type = typeVideo;
+     } else {
+-      // determine from first instance
++      // determine from first non null instance
++      type = typeFlash; // default in case all instances are null
+       if (instances && nInstances > 0) {
+-        AnnotRichMedia::Instance *instance = instances[0];
+-        switch (instance->getType()) {
+-          case AnnotRichMedia::Instance::type3D:
+-            type = type3D;
+-            break;
+-          case AnnotRichMedia::Instance::typeFlash:
+-            type = typeFlash;
+-            break;
+-          case AnnotRichMedia::Instance::typeSound:
+-            type = typeSound;
+-            break;
+-          case AnnotRichMedia::Instance::typeVideo:
+-            type = typeVideo;
+-            break;
+-          default:
+-            type = typeFlash;
+-            break;
+-        }
++	for (int i = 0; i < nInstances; ++i) {
++	  AnnotRichMedia::Instance *instance = instances[i];
++	  if (instance) {
++	    switch (instance->getType()) {
++	      case AnnotRichMedia::Instance::type3D:
++		type = type3D;
++		break;
++	      case AnnotRichMedia::Instance::typeFlash:
++		type = typeFlash;
++		break;
++	      case AnnotRichMedia::Instance::typeSound:
++		type = typeSound;
++		break;
++	      case AnnotRichMedia::Instance::typeVideo:
++		type = typeVideo;
++		break;
++	    }
++	    // break the loop since we found the first non null instance
++	    break;
++	  }
++	}
+       }
+     }
+   }
+-- 
+2.14.1
+
diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-14929.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14929.patch
new file mode 100644
index 000000000000..11745ca5436d
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-14929.patch
@@ -0,0 +1,252 @@
+From accdc5be215c7ee3223e3ad21dee7708d910ef23 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Mon, 25 Sep 2017 19:33:44 +0200
+Subject: [PATCH 4/4] Fix infinite recursion on broken files
+
+Bug #102969
+---
+ poppler/Gfx.cc      | 46 ++++++++++++++++++++++++++++++++++------------
+ poppler/GfxState.cc | 33 ++++++++++++++++++---------------
+ poppler/GfxState.h  | 15 +++++++++------
+ 3 files changed, 61 insertions(+), 33 deletions(-)
+
+diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
+index 9feac54c..66d0a24c 100644
+--- a/poppler/Gfx.cc
++++ b/poppler/Gfx.cc
+@@ -468,8 +468,14 @@ GfxPattern *GfxResources::lookupPattern(char *name, OutputDev *out, GfxState *st
+ 
+   for (resPtr = this; resPtr; resPtr = resPtr->next) {
+     if (resPtr->patternDict.isDict()) {
+-      if (!resPtr->patternDict.dictLookup(name, &obj)->isNull()) {
+-	pattern = GfxPattern::parse(resPtr, &obj, out, state);
++      if (!resPtr->patternDict.dictLookupNF(name, &obj)->isNull()) {
++	Ref patternRef = { -1, -1 };
++	if (obj.isRef()) {
++	  patternRef = obj.getRef();
++	  obj.fetch(resPtr->patternDict.getDict()->getXRef(), &obj);
++	}
++
++	pattern = GfxPattern::parse(resPtr, &obj, out, state, patternRef.num);
+ 	obj.free();
+ 	return pattern;
+       }
+@@ -2298,18 +2304,34 @@ void Gfx::doTilingPatternFill(GfxTilingPattern *tPat,
+ 		       xi0, yi0, xi1, yi1, xstep, ystep)) {
+     goto restore;
+   } else {
+-    out->updatePatternOpacity(state);
+-    for (yi = yi0; yi < yi1; ++yi) {
+-      for (xi = xi0; xi < xi1; ++xi) {
+-        x = xi * xstep;
+-        y = yi * ystep;
+-        m1[4] = x * m[0] + y * m[2] + m[4];
+-        m1[5] = x * m[1] + y * m[3] + m[5];
+-        drawForm(tPat->getContentStream(), tPat->getResDict(),
+-        	  m1, tPat->getBBox());
++    bool shouldDrawForm = gTrue;
++    std::set<int>::iterator patternRefIt;
++    const int patternRefNum = tPat->getPatternRefNum();
++    if (patternRefNum != -1) {
++      if (formsDrawing.find(patternRefNum) == formsDrawing.end()) {
++	patternRefIt = formsDrawing.insert(patternRefNum).first;
++      } else {
++	shouldDrawForm = gFalse;
++      }
++    }
++
++    if (shouldDrawForm) {
++      out->updatePatternOpacity(state);
++      for (yi = yi0; yi < yi1; ++yi) {
++	for (xi = xi0; xi < xi1; ++xi) {
++	  x = xi * xstep;
++	  y = yi * ystep;
++	  m1[4] = x * m[0] + y * m[2] + m[4];
++	  m1[5] = x * m[1] + y * m[3] + m[5];
++	  drawForm(tPat->getContentStream(), tPat->getResDict(),
++		  m1, tPat->getBBox());
++	}
++      }
++      out->clearPatternOpacity(state);
++      if (patternRefNum != -1) {
++	formsDrawing.erase(patternRefIt);
+       }
+     }
+-    out->clearPatternOpacity(state);
+   }
+ 
+   // restore graphics state
+diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
+index f61f8124..90030b10 100644
+--- a/poppler/GfxState.cc
++++ b/poppler/GfxState.cc
+@@ -3446,14 +3446,17 @@ void GfxPatternColorSpace::getDefaultColor(GfxColor *color) {
+ // Pattern
+ //------------------------------------------------------------------------
+ 
+-GfxPattern::GfxPattern(int typeA) {
+-  type = typeA;
++GfxPattern::GfxPattern(int typeA, int patternRefNumA)
++ : type(typeA)
++ , patternRefNum(patternRefNumA)
++{
++
+ }
+ 
+ GfxPattern::~GfxPattern() {
+ }
+ 
+-GfxPattern *GfxPattern::parse(GfxResources *res, Object *obj, OutputDev *out, GfxState *state) {
++GfxPattern *GfxPattern::parse(GfxResources *res, Object *obj, OutputDev *out, GfxState *state, int patternRefNum) {
+   GfxPattern *pattern;
+   Object obj1;
+ 
+@@ -3466,9 +3469,9 @@ GfxPattern *GfxPattern::parse(GfxResources *res, Object *obj, OutputDev *out, Gf
+   }
+   pattern = NULL;
+   if (obj1.isInt() && obj1.getInt() == 1) {
+-    pattern = GfxTilingPattern::parse(obj);
++    pattern = GfxTilingPattern::parse(obj, patternRefNum);
+   } else if (obj1.isInt() && obj1.getInt() == 2) {
+-    pattern = GfxShadingPattern::parse(res, obj, out, state);
++    pattern = GfxShadingPattern::parse(res, obj, out, state, patternRefNum);
+   }
+   obj1.free();
+   return pattern;
+@@ -3478,7 +3481,7 @@ GfxPattern *GfxPattern::parse(GfxResources *res, Object *obj, OutputDev *out, Gf
+ // GfxTilingPattern
+ //------------------------------------------------------------------------
+ 
+-GfxTilingPattern *GfxTilingPattern::parse(Object *patObj) {
++GfxTilingPattern *GfxTilingPattern::parse(Object *patObj, int patternRefNum) {
+   GfxTilingPattern *pat;
+   Dict *dict;
+   int paintTypeA, tilingTypeA;
+@@ -3555,7 +3558,7 @@ GfxTilingPattern *GfxTilingPattern::parse(Object *patObj) {
+   obj1.free();
+ 
+   pat = new GfxTilingPattern(paintTypeA, tilingTypeA, bboxA, xStepA, yStepA,
+-			     &resDictA, matrixA, patObj);
++			     &resDictA, matrixA, patObj, patternRefNum);
+   resDictA.free();
+   return pat;
+ }
+@@ -3563,8 +3566,8 @@ GfxTilingPattern *GfxTilingPattern::parse(Object *patObj) {
+ GfxTilingPattern::GfxTilingPattern(int paintTypeA, int tilingTypeA,
+ 				   double *bboxA, double xStepA, double yStepA,
+ 				   Object *resDictA, double *matrixA,
+-				   Object *contentStreamA):
+-  GfxPattern(1)
++				   Object *contentStreamA, int patternRefNumA) :
++  GfxPattern(1, patternRefNumA)
+ {
+   int i;
+ 
+@@ -3589,14 +3592,14 @@ GfxTilingPattern::~GfxTilingPattern() {
+ 
+ GfxPattern *GfxTilingPattern::copy() {
+   return new GfxTilingPattern(paintType, tilingType, bbox, xStep, yStep,
+-			      &resDict, matrix, &contentStream);
++			      &resDict, matrix, &contentStream, getPatternRefNum());
+ }
+ 
+ //------------------------------------------------------------------------
+ // GfxShadingPattern
+ //------------------------------------------------------------------------
+ 
+-GfxShadingPattern *GfxShadingPattern::parse(GfxResources *res, Object *patObj, OutputDev *out, GfxState *state) {
++GfxShadingPattern *GfxShadingPattern::parse(GfxResources *res, Object *patObj, OutputDev *out, GfxState *state, int patternRefNum) {
+   Dict *dict;
+   GfxShading *shadingA;
+   double matrixA[6];
+@@ -3629,11 +3632,11 @@ GfxShadingPattern *GfxShadingPattern::parse(GfxResources *res, Object *patObj, O
+   }
+   obj1.free();
+ 
+-  return new GfxShadingPattern(shadingA, matrixA);
++  return new GfxShadingPattern(shadingA, matrixA, patternRefNum);
+ }
+ 
+-GfxShadingPattern::GfxShadingPattern(GfxShading *shadingA, double *matrixA):
+-  GfxPattern(2)
++GfxShadingPattern::GfxShadingPattern(GfxShading *shadingA, double *matrixA, int patternRefNumA):
++  GfxPattern(2, patternRefNumA)
+ {
+   int i;
+ 
+@@ -3648,7 +3651,7 @@ GfxShadingPattern::~GfxShadingPattern() {
+ }
+ 
+ GfxPattern *GfxShadingPattern::copy() {
+-  return new GfxShadingPattern(shading->copy(), matrix);
++  return new GfxShadingPattern(shading->copy(), matrix, getPatternRefNum());
+ }
+ 
+ //------------------------------------------------------------------------
+diff --git a/poppler/GfxState.h b/poppler/GfxState.h
+index 7bcedf2a..4b13fb2a 100644
+--- a/poppler/GfxState.h
++++ b/poppler/GfxState.h
+@@ -762,18 +762,21 @@ private:
+ class GfxPattern {
+ public:
+ 
+-  GfxPattern(int typeA);
++  GfxPattern(int typeA, int patternRefNumA);
+   virtual ~GfxPattern();
+ 
+-  static GfxPattern *parse(GfxResources *res, Object *obj, OutputDev *out, GfxState *state);
++  static GfxPattern *parse(GfxResources *res, Object *obj, OutputDev *out, GfxState *state, int patternRefNum);
+ 
+   virtual GfxPattern *copy() = 0;
+ 
+   int getType() { return type; }
+ 
++  int getPatternRefNum() const { return patternRefNum; }
++
+ private:
+ 
+   int type;
++  int patternRefNum;
+ };
+ 
+ //------------------------------------------------------------------------
+@@ -783,7 +786,7 @@ private:
+ class GfxTilingPattern: public GfxPattern {
+ public:
+ 
+-  static GfxTilingPattern *parse(Object *patObj);
++  static GfxTilingPattern *parse(Object *patObj, int patternRefNum);
+   ~GfxTilingPattern();
+ 
+   GfxPattern *copy() override;
+@@ -803,7 +806,7 @@ private:
+   GfxTilingPattern(int paintTypeA, int tilingTypeA,
+ 		   double *bboxA, double xStepA, double yStepA,
+ 		   Object *resDictA, double *matrixA,
+-		   Object *contentStreamA);
++		   Object *contentStreamA, int patternRefNumA);
+ 
+   int paintType;
+   int tilingType;
+@@ -821,7 +824,7 @@ private:
+ class GfxShadingPattern: public GfxPattern {
+ public:
+ 
+-  static GfxShadingPattern *parse(GfxResources *res, Object *patObj, OutputDev *out, GfxState *state);
++  static GfxShadingPattern *parse(GfxResources *res, Object *patObj, OutputDev *out, GfxState *state, int patternRefNum);
+   ~GfxShadingPattern();
+ 
+   GfxPattern *copy() override;
+@@ -831,7 +834,7 @@ public:
+ 
+ private:
+ 
+-  GfxShadingPattern(GfxShading *shadingA, double *matrixA);
++  GfxShadingPattern(GfxShading *shadingA, double *matrixA, int patternRefNumA);
+ 
+   GfxShading *shading;
+   double matrix[6];
+-- 
+2.14.1
+
diff --git a/app-text/poppler/files/poppler-0.57.0-CVE-2017-15565.patch b/app-text/poppler/files/poppler-0.57.0-CVE-2017-15565.patch
new file mode 100644
index 000000000000..7e4db3f04452
--- /dev/null
+++ b/app-text/poppler/files/poppler-0.57.0-CVE-2017-15565.patch
@@ -0,0 +1,28 @@
+From 19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 13 Oct 2017 00:55:49 +0200
+Subject: [PATCH] CairoOutputDev: Fix crash in broken files
+
+Bug #103016
+---
+ poppler/CairoOutputDev.cc | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/CairoOutputDev.cc b/poppler/CairoOutputDev.cc
+index ffd39ef7..80f7a99e 100644
+--- a/poppler/CairoOutputDev.cc
++++ b/poppler/CairoOutputDev.cc
+@@ -2714,7 +2714,9 @@ void CairoOutputDev::drawSoftMaskedImage(GfxState *state, Object *ref, Stream *s
+   for (y = 0; y < maskHeight; y++) {
+     maskDest = (unsigned char *) (maskBuffer + y * row_stride);
+     pix = maskImgStr->getLine();
+-    maskColorMap->getGrayLine (pix, maskDest, maskWidth);
++    if (likely(pix != nullptr)) {
++        maskColorMap->getGrayLine (pix, maskDest, maskWidth);
++    }
+   }
+ 
+   maskImgStr->close();
+-- 
+2.14.1
+
diff --git a/app-text/poppler/poppler-0.57.0-r1.ebuild b/app-text/poppler/poppler-0.57.0-r1.ebuild
index 7cf2072c3af4..fe3bf2027de9 100644
--- a/app-text/poppler/poppler-0.57.0-r1.ebuild
+++ b/app-text/poppler/poppler-0.57.0-r1.ebuild
@@ -67,6 +67,11 @@ PATCHES=(
 	"${FILESDIR}/${PN}-0.40-FindQt4.patch"
 	# Fedora backports from upstream
 	"${FILESDIR}/${P}-CVE-2017-14517.patch"
+	"${FILESDIR}/${P}-CVE-2017-14926.patch"
+	"${FILESDIR}/${P}-CVE-2017-14927.patch"
+	"${FILESDIR}/${P}-CVE-2017-14928.patch"
+	"${FILESDIR}/${P}-CVE-2017-14929.patch"
+	"${FILESDIR}/${P}-CVE-2017-15565.patch"
 )
 
 src_prepare() {
author	Andreas Sturmlechner <asturm@gentoo.org>	2017-11-24 22:23:34 +0100
committer	Andreas Sturmlechner <asturm@gentoo.org>	2017-11-25 00:06:21 +0100
commit	21121c39ac5e0a8fc7481a0223e05c95fa30ee0d (patch)
tree	db2ca659caf2e60ee81a1d248737101904ae2a4f /app-text
parent	app-text/poppler: Fix CVE-2017-14517 (diff)
download	gentoo-21121c39ac5e0a8fc7481a0223e05c95fa30ee0d.tar.gz gentoo-21121c39ac5e0a8fc7481a0223e05c95fa30ee0d.tar.bz2 gentoo-21121c39ac5e0a8fc7481a0223e05c95fa30ee0d.zip