gnu: mupdf: Update to 1.12.0 [fixes CVE-2017-15369].

* gnu/packages/pdf.scm (mupdf): Update to 1.12.0.
[source]: Remove obsolete patches.
[inputs]: Add freeglut.
* gnu/packages/patches/mupdf-CVE-2017-14685.patch,
gnu/packages/patches/mupdf-CVE-2017-14686.patch,
gnu/packages/patches/mupdf-CVE-2017-14687.patch,
gnu/packages/patches/mupdf-CVE-2017-15587.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Update and
rename to...
* gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch: ... new file.
This commit is contained in:
Leo Famulari 2017-12-21 01:53:48 -05:00
parent 91213c384b
commit dab2542f84
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
7 changed files with 10 additions and 240 deletions

View file

@ -897,11 +897,7 @@ dist_patch_DATA = \
%D%/packages/patches/mozjs38-tracelogger.patch \
%D%/packages/patches/mozjs38-version-detection.patch \
%D%/packages/patches/mumps-build-parallelism.patch \
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
%D%/packages/patches/mupdf-CVE-2017-14685.patch \
%D%/packages/patches/mupdf-CVE-2017-14686.patch \
%D%/packages/patches/mupdf-CVE-2017-14687.patch \
%D%/packages/patches/mupdf-CVE-2017-15587.patch \
%D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/mutt-store-references.patch \
%D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \

View file

@ -1,34 +0,0 @@
Fix CVE-2017-14685:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 15:23:04 +0200
Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
xps_load_links_in_glyphs did not cope with font loading failures.
---
source/xps/xps-link.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
index c07e0d7..c26a8d9 100644
--- a/source/xps/xps-link.c
+++ b/source/xps/xps-link.c
@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
bidi_level = atoi(bidi_level_att);
font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
+ if (!font)
+ return;
text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
fz_atof(origin_x_att), fz_atof(origin_y_att),
is_sideways, bidi_level, indices_att, unicode_att);
--
2.9.1

View file

@ -1,34 +0,0 @@
Fix CVE-2017-14686:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 16:33:38 +0200
Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs.
---
source/fitz/unzip.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
index f2d4f32..0bcce0f 100644
--- a/source/fitz/unzip.c
+++ b/source/fitz/unzip.c
@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
(void) fz_read_int32_le(ctx, file); /* ext file atts */
offset = fz_read_int32_le(ctx, file);
+ if (namesize < 0 || metasize < 0 || commentsize < 0)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
+
name = fz_malloc(ctx, namesize + 1);
n = fz_read(ctx, file, (unsigned char*)name, namesize);
if (n < (size_t)namesize)
--
2.9.1

View file

@ -1,130 +0,0 @@
Fix CVE-2017-14687:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 17:17:12 +0200
Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.
Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
---
source/html/css-apply.c | 2 +-
source/svg/svg-run.c | 2 +-
source/xps/xps-common.c | 6 +++---
source/xps/xps-glyphs.c | 2 +-
source/xps/xps-path.c | 4 ++--
source/xps/xps-resource.c | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/source/html/css-apply.c b/source/html/css-apply.c
index de55490..6a91df0 100644
--- a/source/html/css-apply.c
+++ b/source/html/css-apply.c
@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
if (sel->name)
{
- if (strcmp(sel->name, fz_xml_tag(node)))
+ if (!fz_xml_is_tag(node, sel->name))
return 0;
}
diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
index f974c67..5302c64 100644
--- a/source/svg/svg-run.c
+++ b/source/svg/svg-run.c
@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
if (linked)
{
- if (!strcmp(fz_xml_tag(linked), "symbol"))
+ if (fz_xml_is_tag(linked, "symbol"))
svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
else
svg_run_element(ctx, dev, doc, linked, &local_state);
diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
index cc7fed9..f2f9b93 100644
--- a/source/xps/xps-common.c
+++ b/source/xps/xps-common.c
@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
else if (fz_xml_is_tag(node, "RadialGradientBrush"))
xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
else
- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
+ fz_warn(ctx, "unknown brush tag");
}
void
@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
if (opacity_att)
opacity = fz_atof(opacity_att);
- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
{
char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
if (opacity_mask_tag)
{
- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
+ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
fz_pop_clip(ctx, dev);
}
}
diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
index 29dc5b3..5b26d78 100644
--- a/source/xps/xps-glyphs.c
+++ b/source/xps/xps-glyphs.c
@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
/* If it's a solid color brush fill/stroke do a simple fill */
- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
{
fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
fill_att = fz_xml_att(fill_tag, "Color");
diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
index 6faeb0c..021d202 100644
--- a/source/xps/xps-path.c
+++ b/source/xps/xps-path.c
@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
if (!data_att && !data_tag)
return;
- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
{
fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
fill_att = fz_xml_att(fill_tag, "Color");
fill_tag = NULL;
}
- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
{
stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
stroke_att = fz_xml_att(stroke_tag, "Color");
diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
index c2292e6..8e81ab8 100644
--- a/source/xps/xps-resource.c
+++ b/source/xps/xps-resource.c
@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
if (!xml)
return NULL;
- if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
+ if (!fz_xml_is_tag(xml, "ResourceDictionary"))
{
fz_drop_xml(ctx, xml);
fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
--
2.9.1

View file

@ -1,25 +0,0 @@
Fix CVE-2017-15587.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
https://nandynarwhals.org/CVE-2017-15587/
This patch is these two upstream commits squashed together:
<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232>
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 66bd0ed8..89499e61 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
pdf_xref_entry *table;
int i, n;
- if (i0 < 0 || i1 < 0)
+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
//if (i0 + i1 > pdf_xref_len(ctx, doc))
// fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
--
2.15.0

View file

@ -1,4 +1,4 @@
Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest
Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest
release series and contains many important bug fixes.
Patch adapted from Debian:
@ -10,16 +10,16 @@ And related to this upstream commit:
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da
diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
index 6b92e5c..72dea50 100644
index 65699ba..ea84778 100644
--- a/source/fitz/load-jpx.c
+++ b/source/fitz/load-jpx.c
@@ -444,11 +444,6 @@
@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
#else /* HAVE_LURATECH */
-#define OPJ_STATIC
-#define OPJ_HAVE_INTTYPES_H
-#if !defined(_WIN32) && !defined(_WIN64)
-#if !defined(_MSC_VER) || _MSC_VER >= 1600
-#define OPJ_HAVE_STDINT_H
-#endif
#define USE_JPIP

View file

@ -567,25 +567,22 @@ (define-public podofo
(define-public mupdf
(package
(name "mupdf")
(version "1.11")
(version "1.12.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://mupdf.com/downloads/archive/"
name "-" version "-source.tar.gz"))
name "-" version "-source.tar.xz"))
(patches (search-patches "mupdf-build-with-latest-openjpeg.patch"))
(sha256
(base32
"02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
"mupdf-CVE-2017-14685.patch"
"mupdf-CVE-2017-14686.patch"
"mupdf-CVE-2017-14687.patch"
"mupdf-CVE-2017-15587.patch"))
"0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp"))
(modules '((guix build utils)))
(snippet '(delete-file-recursively "thirdparty"))))
(build-system gnu-build-system)
(inputs
`(("curl" ,curl)
("freeglut" ,freeglut)
("freetype" ,freetype)
("harfbuzz" ,harfbuzz)
("jbig2dec" ,jbig2dec)