Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 4B9B07A272
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed,  3 Aug 2016 08:50:19 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id BA3DF85E2B; Wed,  3 Aug 2016 08:50:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 4B90384CF0
	for <pkgsrc-changes@NetBSD.org>; Wed,  3 Aug 2016 08:50:18 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id NhwBX3zMSCCV for <pkgsrc-changes@netbsd.org>;
	Wed,  3 Aug 2016 08:50:17 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id C626B84C6C
	for <pkgsrc-changes@NetBSD.org>; Wed,  3 Aug 2016 08:50:17 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id C1175FBB5; Wed,  3 Aug 2016 08:50:17 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1470214217158140"
MIME-Version: 1.0
Date: Wed, 3 Aug 2016 08:50:17 +0000
From: "Leonardo Taccari" <leot@netbsd.org>
Subject: CVS commit: pkgsrc/print/mupdf
To: pkgsrc-changes@NetBSD.org
Reply-To: leot@netbsd.org
X-Mailer: log_accum
Message-Id: <20160803085017.C1175FBB5@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1470214217158140
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	leot
Date:		Wed Aug  3 08:50:17 UTC 2016

Modified Files:
	pkgsrc/print/mupdf: Makefile distinfo
Added Files:
	pkgsrc/print/mupdf/patches: patch-source_pdf_pdf-shade.c

Log Message:
Fix possible heap corruption (via upstream bug 696954).

Bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/print/mupdf/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/print/mupdf/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/print/mupdf/patches/patch-source_pdf_pdf-shade.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1470214217158140
Content-Disposition: inline
Content-Length: 2570
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/print/mupdf/Makefile
diff -u pkgsrc/print/mupdf/Makefile:1.38 pkgsrc/print/mupdf/Makefile:1.39
--- pkgsrc/print/mupdf/Makefile:1.38	Fri Jul 22 15:42:38 2016
+++ pkgsrc/print/mupdf/Makefile	Wed Aug  3 08:50:17 2016
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.38 2016/07/22 15:42:38 leot Exp $
+# $NetBSD: Makefile,v 1.39 2016/08/03 08:50:17 leot Exp $
 
 DISTNAME=	mupdf-1.9a-source
 PKGNAME=	${DISTNAME:S/-source//}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	print
 MASTER_SITES=	http://mupdf.com/downloads/archive/
 

Index: pkgsrc/print/mupdf/distinfo
diff -u pkgsrc/print/mupdf/distinfo:1.26 pkgsrc/print/mupdf/distinfo:1.27
--- pkgsrc/print/mupdf/distinfo:1.26	Fri Jul 22 15:42:38 2016
+++ pkgsrc/print/mupdf/distinfo	Wed Aug  3 08:50:17 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26 2016/07/22 15:42:38 leot Exp $
+$NetBSD: distinfo,v 1.27 2016/08/03 08:50:17 leot Exp $
 
 SHA1 (mupdf-1.9a-source.tar.gz) = f2b3c21e5060d6ec56ea0d0c32b0feac7eac0e5f
 RMD160 (mupdf-1.9a-source.tar.gz) = 0cb0d098c603b16be217e42299052a928d95c3fc
@@ -9,5 +9,6 @@ SHA1 (patch-ab) = c1ee4dd0b79aa0d905c0a0
 SHA1 (patch-ac) = 51b62ef8ff3e6c44ad954b2405bd982f9d682d37
 SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede
 SHA1 (patch-source_fitz_load-jpx.c) = cb33828a6ca638c1b61ff017708a41cc586d1b0e
+SHA1 (patch-source_pdf_pdf-shade.c) = 9baba48f468e0827b77c25c05b226c763cf4975f
 SHA1 (patch-source_pdf_pdf-xref.c) = 406c7a664b7171eb5ca7c5a09aac6be549a8fbb5
 SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34

Added files:

Index: pkgsrc/print/mupdf/patches/patch-source_pdf_pdf-shade.c
diff -u /dev/null pkgsrc/print/mupdf/patches/patch-source_pdf_pdf-shade.c:1.1
--- /dev/null	Wed Aug  3 08:50:17 2016
+++ pkgsrc/print/mupdf/patches/patch-source_pdf_pdf-shade.c	Wed Aug  3 08:50:17 2016
@@ -0,0 +1,15 @@
+$NetBSD: patch-source_pdf_pdf-shade.c,v 1.1 2016/08/03 08:50:17 leot Exp $
+
+Fix possible heap corruption vulnerability (via upstream bug 696954).
+
+--- source/pdf/pdf-shade.c.orig	2016-04-21 11:14:32.000000000 +0000
++++ source/pdf/pdf-shade.c
+@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pd
+ 	obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode);
+ 	if (pdf_array_len(ctx, obj) >= 6)
+ 	{
+-		n = (pdf_array_len(ctx, obj) - 4) / 2;
++		n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2);
+ 		shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0));
+ 		shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1));
+ 		shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2));


--_----------=_1470214217158140--