mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-19 14:07:01 +01:00
gnu: mupdf: Update to 1.12.0 [fixes CVE-2017-15369].
* gnu/packages/pdf.scm (mupdf): Update to 1.12.0. [source]: Remove obsolete patches. [inputs]: Add freeglut. * gnu/packages/patches/mupdf-CVE-2017-14685.patch, gnu/packages/patches/mupdf-CVE-2017-14686.patch, gnu/packages/patches/mupdf-CVE-2017-14687.patch, gnu/packages/patches/mupdf-CVE-2017-15587.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Update and rename to... * gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch: ... new file.
This commit is contained in:
parent
91213c384b
commit
dab2542f84
7 changed files with 10 additions and 240 deletions
|
@ -897,11 +897,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/mozjs38-tracelogger.patch \
|
||||
%D%/packages/patches/mozjs38-version-detection.patch \
|
||||
%D%/packages/patches/mumps-build-parallelism.patch \
|
||||
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2017-14685.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2017-14686.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2017-14687.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2017-15587.patch \
|
||||
%D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \
|
||||
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
|
||||
%D%/packages/patches/mutt-store-references.patch \
|
||||
%D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
Fix CVE-2017-14685:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
|
||||
|
||||
From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Tue, 19 Sep 2017 15:23:04 +0200
|
||||
Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
|
||||
|
||||
xps_load_links_in_glyphs did not cope with font loading failures.
|
||||
---
|
||||
source/xps/xps-link.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
|
||||
index c07e0d7..c26a8d9 100644
|
||||
--- a/source/xps/xps-link.c
|
||||
+++ b/source/xps/xps-link.c
|
||||
@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
|
||||
bidi_level = atoi(bidi_level_att);
|
||||
|
||||
font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
|
||||
+ if (!font)
|
||||
+ return;
|
||||
text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
|
||||
fz_atof(origin_x_att), fz_atof(origin_y_att),
|
||||
is_sideways, bidi_level, indices_att, unicode_att);
|
||||
--
|
||||
2.9.1
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
Fix CVE-2017-14686:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
|
||||
|
||||
From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Tue, 19 Sep 2017 16:33:38 +0200
|
||||
Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs.
|
||||
|
||||
---
|
||||
source/fitz/unzip.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
|
||||
index f2d4f32..0bcce0f 100644
|
||||
--- a/source/fitz/unzip.c
|
||||
+++ b/source/fitz/unzip.c
|
||||
@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
|
||||
(void) fz_read_int32_le(ctx, file); /* ext file atts */
|
||||
offset = fz_read_int32_le(ctx, file);
|
||||
|
||||
+ if (namesize < 0 || metasize < 0 || commentsize < 0)
|
||||
+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
|
||||
+
|
||||
name = fz_malloc(ctx, namesize + 1);
|
||||
n = fz_read(ctx, file, (unsigned char*)name, namesize);
|
||||
if (n < (size_t)namesize)
|
||||
--
|
||||
2.9.1
|
||||
|
|
@ -1,130 +0,0 @@
|
|||
Fix CVE-2017-14687:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
|
||||
|
||||
From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Tue, 19 Sep 2017 17:17:12 +0200
|
||||
Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.
|
||||
|
||||
Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
|
||||
---
|
||||
source/html/css-apply.c | 2 +-
|
||||
source/svg/svg-run.c | 2 +-
|
||||
source/xps/xps-common.c | 6 +++---
|
||||
source/xps/xps-glyphs.c | 2 +-
|
||||
source/xps/xps-path.c | 4 ++--
|
||||
source/xps/xps-resource.c | 2 +-
|
||||
6 files changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/source/html/css-apply.c b/source/html/css-apply.c
|
||||
index de55490..6a91df0 100644
|
||||
--- a/source/html/css-apply.c
|
||||
+++ b/source/html/css-apply.c
|
||||
@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
|
||||
|
||||
if (sel->name)
|
||||
{
|
||||
- if (strcmp(sel->name, fz_xml_tag(node)))
|
||||
+ if (!fz_xml_is_tag(node, sel->name))
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
|
||||
index f974c67..5302c64 100644
|
||||
--- a/source/svg/svg-run.c
|
||||
+++ b/source/svg/svg-run.c
|
||||
@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
|
||||
fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
|
||||
if (linked)
|
||||
{
|
||||
- if (!strcmp(fz_xml_tag(linked), "symbol"))
|
||||
+ if (fz_xml_is_tag(linked, "symbol"))
|
||||
svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
|
||||
else
|
||||
svg_run_element(ctx, dev, doc, linked, &local_state);
|
||||
diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
|
||||
index cc7fed9..f2f9b93 100644
|
||||
--- a/source/xps/xps-common.c
|
||||
+++ b/source/xps/xps-common.c
|
||||
@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
|
||||
else if (fz_xml_is_tag(node, "RadialGradientBrush"))
|
||||
xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
|
||||
else
|
||||
- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
|
||||
+ fz_warn(ctx, "unknown brush tag");
|
||||
}
|
||||
|
||||
void
|
||||
@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
|
||||
if (opacity_att)
|
||||
opacity = fz_atof(opacity_att);
|
||||
|
||||
- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
|
||||
+ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
|
||||
{
|
||||
char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
|
||||
char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
|
||||
@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
|
||||
|
||||
if (opacity_mask_tag)
|
||||
{
|
||||
- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
|
||||
+ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
|
||||
fz_pop_clip(ctx, dev);
|
||||
}
|
||||
}
|
||||
diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
|
||||
index 29dc5b3..5b26d78 100644
|
||||
--- a/source/xps/xps-glyphs.c
|
||||
+++ b/source/xps/xps-glyphs.c
|
||||
@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
|
||||
|
||||
/* If it's a solid color brush fill/stroke do a simple fill */
|
||||
|
||||
- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
|
||||
+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
|
||||
{
|
||||
fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
|
||||
fill_att = fz_xml_att(fill_tag, "Color");
|
||||
diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
|
||||
index 6faeb0c..021d202 100644
|
||||
--- a/source/xps/xps-path.c
|
||||
+++ b/source/xps/xps-path.c
|
||||
@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
|
||||
if (!data_att && !data_tag)
|
||||
return;
|
||||
|
||||
- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
|
||||
+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
|
||||
{
|
||||
fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
|
||||
fill_att = fz_xml_att(fill_tag, "Color");
|
||||
fill_tag = NULL;
|
||||
}
|
||||
|
||||
- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
|
||||
+ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
|
||||
{
|
||||
stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
|
||||
stroke_att = fz_xml_att(stroke_tag, "Color");
|
||||
diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
|
||||
index c2292e6..8e81ab8 100644
|
||||
--- a/source/xps/xps-resource.c
|
||||
+++ b/source/xps/xps-resource.c
|
||||
@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
|
||||
if (!xml)
|
||||
return NULL;
|
||||
|
||||
- if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
|
||||
+ if (!fz_xml_is_tag(xml, "ResourceDictionary"))
|
||||
{
|
||||
fz_drop_xml(ctx, xml);
|
||||
fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
|
||||
--
|
||||
2.9.1
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
Fix CVE-2017-15587.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
|
||||
https://nandynarwhals.org/CVE-2017-15587/
|
||||
|
||||
This patch is these two upstream commits squashed together:
|
||||
<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
|
||||
<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232>
|
||||
|
||||
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
|
||||
index 66bd0ed8..89499e61 100644
|
||||
--- a/source/pdf/pdf-xref.c
|
||||
+++ b/source/pdf/pdf-xref.c
|
||||
@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
|
||||
pdf_xref_entry *table;
|
||||
int i, n;
|
||||
|
||||
- if (i0 < 0 || i1 < 0)
|
||||
+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
|
||||
fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
|
||||
//if (i0 + i1 > pdf_xref_len(ctx, doc))
|
||||
// fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
|
||||
--
|
||||
2.15.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest
|
||||
Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest
|
||||
release series and contains many important bug fixes.
|
||||
|
||||
Patch adapted from Debian:
|
||||
|
@ -10,16 +10,16 @@ And related to this upstream commit:
|
|||
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da
|
||||
|
||||
diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
|
||||
index 6b92e5c..72dea50 100644
|
||||
index 65699ba..ea84778 100644
|
||||
--- a/source/fitz/load-jpx.c
|
||||
+++ b/source/fitz/load-jpx.c
|
||||
@@ -444,11 +444,6 @@
|
||||
@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
|
||||
|
||||
#else /* HAVE_LURATECH */
|
||||
|
||||
-#define OPJ_STATIC
|
||||
-#define OPJ_HAVE_INTTYPES_H
|
||||
-#if !defined(_WIN32) && !defined(_WIN64)
|
||||
-#if !defined(_MSC_VER) || _MSC_VER >= 1600
|
||||
-#define OPJ_HAVE_STDINT_H
|
||||
-#endif
|
||||
#define USE_JPIP
|
|
@ -567,25 +567,22 @@ (define-public podofo
|
|||
(define-public mupdf
|
||||
(package
|
||||
(name "mupdf")
|
||||
(version "1.11")
|
||||
(version "1.12.0")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://mupdf.com/downloads/archive/"
|
||||
name "-" version "-source.tar.gz"))
|
||||
name "-" version "-source.tar.xz"))
|
||||
(patches (search-patches "mupdf-build-with-latest-openjpeg.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
|
||||
(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
|
||||
"mupdf-CVE-2017-14685.patch"
|
||||
"mupdf-CVE-2017-14686.patch"
|
||||
"mupdf-CVE-2017-14687.patch"
|
||||
"mupdf-CVE-2017-15587.patch"))
|
||||
"0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp"))
|
||||
(modules '((guix build utils)))
|
||||
(snippet '(delete-file-recursively "thirdparty"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs
|
||||
`(("curl" ,curl)
|
||||
("freeglut" ,freeglut)
|
||||
("freetype" ,freetype)
|
||||
("harfbuzz" ,harfbuzz)
|
||||
("jbig2dec" ,jbig2dec)
|
||||
|
|
Loading…
Reference in a new issue