Add a patch to fix CVE-2016-6265 use after free bug (from upstream) Bump PKGREVISIONdiff -r1.37 -r1.38 pkgsrc/print/mupdf/Makefile
(leot)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.37 2016/07/15 12:32:33 leot Exp $ | 1 | # $NetBSD: Makefile,v 1.38 2016/07/22 15:42:38 leot Exp $ | |
2 | 2 | |||
3 | DISTNAME= mupdf-1.9a-source | 3 | DISTNAME= mupdf-1.9a-source | |
4 | PKGNAME= ${DISTNAME:S/-source//} | 4 | PKGNAME= ${DISTNAME:S/-source//} | |
5 | PKGREVISION= 1 | 5 | PKGREVISION= 2 | |
6 | CATEGORIES= print | 6 | CATEGORIES= print | |
7 | MASTER_SITES= http://mupdf.com/downloads/archive/ | 7 | MASTER_SITES= http://mupdf.com/downloads/archive/ | |
8 | 8 | |||
9 | MAINTAINER= leot@NetBSD.org | 9 | MAINTAINER= leot@NetBSD.org | |
10 | HOMEPAGE= http://mupdf.com/ | 10 | HOMEPAGE= http://mupdf.com/ | |
11 | COMMENT= Lightweight PDF viewer and toolkit | 11 | COMMENT= Lightweight PDF viewer and toolkit | |
12 | LICENSE= gnu-agpl-v3 | 12 | LICENSE= gnu-agpl-v3 | |
13 | 13 | |||
14 | USE_LANGUAGES= c99 | 14 | USE_LANGUAGES= c99 | |
15 | USE_LIBTOOL= yes | 15 | USE_LIBTOOL= yes | |
16 | USE_TOOLS+= pkg-config gmake | 16 | USE_TOOLS+= pkg-config gmake | |
17 | 17 | |||
18 | INSTALLATION_DIRS+= bin include lib/pkgconfig | 18 | INSTALLATION_DIRS+= bin include lib/pkgconfig |
@@ -1,12 +1,13 @@ | @@ -1,12 +1,13 @@ | |||
1 | $NetBSD: distinfo,v 1.25 2016/07/15 12:32:33 leot Exp $ | 1 | $NetBSD: distinfo,v 1.26 2016/07/22 15:42:38 leot Exp $ | |
2 | 2 | |||
3 | SHA1 (mupdf-1.9a-source.tar.gz) = f2b3c21e5060d6ec56ea0d0c32b0feac7eac0e5f | 3 | SHA1 (mupdf-1.9a-source.tar.gz) = f2b3c21e5060d6ec56ea0d0c32b0feac7eac0e5f | |
4 | RMD160 (mupdf-1.9a-source.tar.gz) = 0cb0d098c603b16be217e42299052a928d95c3fc | 4 | RMD160 (mupdf-1.9a-source.tar.gz) = 0cb0d098c603b16be217e42299052a928d95c3fc | |
5 | SHA512 (mupdf-1.9a-source.tar.gz) = 9f804fd65c2dc6b7a3bd73961b1f1a8bf93d52903cccf6302acd6982dfa433125a3b8e77b808984921aee097877280fa21aafb87468cd0a8e4cfa900284a262b | 5 | SHA512 (mupdf-1.9a-source.tar.gz) = 9f804fd65c2dc6b7a3bd73961b1f1a8bf93d52903cccf6302acd6982dfa433125a3b8e77b808984921aee097877280fa21aafb87468cd0a8e4cfa900284a262b | |
6 | Size (mupdf-1.9a-source.tar.gz) = 20493793 bytes | 6 | Size (mupdf-1.9a-source.tar.gz) = 20493793 bytes | |
7 | SHA1 (patch-Makethird) = 0a5951d543755c42053013f03b1c573b5da9c82c | 7 | SHA1 (patch-Makethird) = 0a5951d543755c42053013f03b1c573b5da9c82c | |
8 | SHA1 (patch-ab) = c1ee4dd0b79aa0d905c0a0b634fbd016c063cd64 | 8 | SHA1 (patch-ab) = c1ee4dd0b79aa0d905c0a0b634fbd016c063cd64 | |
9 | SHA1 (patch-ac) = 51b62ef8ff3e6c44ad954b2405bd982f9d682d37 | 9 | SHA1 (patch-ac) = 51b62ef8ff3e6c44ad954b2405bd982f9d682d37 | |
10 | SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede | 10 | SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede | |
11 | SHA1 (patch-source_fitz_load-jpx.c) = cb33828a6ca638c1b61ff017708a41cc586d1b0e | 11 | SHA1 (patch-source_fitz_load-jpx.c) = cb33828a6ca638c1b61ff017708a41cc586d1b0e | |
12 | SHA1 (patch-source_pdf_pdf-xref.c) = 406c7a664b7171eb5ca7c5a09aac6be549a8fbb5 | |||
12 | SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34 | 13 | SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34 |
$NetBSD: patch-source_pdf_pdf-xref.c,v 1.1 2016/07/22 15:42:38 leot Exp $
Fix for CVE-2016-6265 use after free (via upstream bug 696941).
--- source/pdf/pdf-xref.c.orig 2016-04-21 11:14:32.000000000 +0000
+++ source/pdf/pdf-xref.c
@@ -1191,8 +1191,14 @@ pdf_load_xref(fz_context *ctx, pdf_docum
fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i);
}
if (entry->type == 'o')
- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n')
- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i);
+ {
+ /* Read this into a local variable here, because pdf_get_xref_entry
+ * may solidify the xref, hence invalidating "entry", meaning we
+ * need a stashed value for the throw. */
+ fz_off_t ofs = entry->ofs;
+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n')
+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i);
+ }
}
}