Sat Feb 11 09:39:05 2017 UTC ()
Backport security fixes for upstream bugs 697514 and 697515 (CVE-2017-5896) to
PKGREVISON++
(leot)
diff -r1.45 -r1.46 pkgsrc/print/mupdf/Makefile
diff -r1.30 -r1.31 pkgsrc/print/mupdf/distinfo
diff -r0 -r1.1 pkgsrc/print/mupdf/patches/patch-source_fitz_pixmap.c
diff -r0 -r1.1 pkgsrc/print/mupdf/patches/patch-source_tools_mudraw.c
--- pkgsrc/print/mupdf/Makefile 2017/02/06 13:54:48 1.45
+++ pkgsrc/print/mupdf/Makefile 2017/02/11 09:39:05 1.46
| @@ -1,18 +1,18 @@ | | | @@ -1,18 +1,18 @@ |
| 1 | # $NetBSD: Makefile,v 1.45 2017/02/06 13:54:48 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.46 2017/02/11 09:39:05 leot Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= mupdf-1.10a-source | | 3 | DISTNAME= mupdf-1.10a-source |
| 4 | PKGNAME= ${DISTNAME:S/-source//} | | 4 | PKGNAME= ${DISTNAME:S/-source//} |
| 5 | PKGREVISION= 3 | | 5 | PKGREVISION= 4 |
| 6 | CATEGORIES= print | | 6 | CATEGORIES= print |
| 7 | MASTER_SITES= http://mupdf.com/downloads/archive/ | | 7 | MASTER_SITES= http://mupdf.com/downloads/archive/ |
| 8 | | | 8 | |
| 9 | MAINTAINER= leot@NetBSD.org | | 9 | MAINTAINER= leot@NetBSD.org |
| 10 | HOMEPAGE= http://mupdf.com/ | | 10 | HOMEPAGE= http://mupdf.com/ |
| 11 | COMMENT= Lightweight PDF, XPS and E-book viewer and toolkit | | 11 | COMMENT= Lightweight PDF, XPS and E-book viewer and toolkit |
| 12 | LICENSE= gnu-agpl-v3 | | 12 | LICENSE= gnu-agpl-v3 |
| 13 | | | 13 | |
| 14 | USE_LANGUAGES= c99 | | 14 | USE_LANGUAGES= c99 |
| 15 | USE_LIBTOOL= yes | | 15 | USE_LIBTOOL= yes |
| 16 | USE_TOOLS+= pkg-config gmake | | 16 | USE_TOOLS+= pkg-config gmake |
| 17 | | | 17 | |
| 18 | INSTALLATION_DIRS+= bin include lib/pkgconfig | | 18 | INSTALLATION_DIRS+= bin include lib/pkgconfig |
--- pkgsrc/print/mupdf/distinfo 2017/01/30 14:06:05 1.30
+++ pkgsrc/print/mupdf/distinfo 2017/02/11 09:39:05 1.31
| @@ -1,14 +1,16 @@ | | | @@ -1,14 +1,16 @@ |
| 1 | $NetBSD: distinfo,v 1.30 2017/01/30 14:06:05 leot Exp $ | | 1 | $NetBSD: distinfo,v 1.31 2017/02/11 09:39:05 leot Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (mupdf-1.10a-source.tar.gz) = 1c3a6e1d4406912004b8e2c09435199e6b425191 | | 3 | SHA1 (mupdf-1.10a-source.tar.gz) = 1c3a6e1d4406912004b8e2c09435199e6b425191 |
| 4 | RMD160 (mupdf-1.10a-source.tar.gz) = bfb482681c6804db8a0fd9ec46b16ac6f9fffdf2 | | 4 | RMD160 (mupdf-1.10a-source.tar.gz) = bfb482681c6804db8a0fd9ec46b16ac6f9fffdf2 |
| 5 | SHA512 (mupdf-1.10a-source.tar.gz) = 8c735963364985e74ceb38242afae555a3d2ee7c69abe3fe5c485e8613a83d996a58f231cb689a156019d431fa67d565503247d010b0a404054850483aed9fec | | 5 | SHA512 (mupdf-1.10a-source.tar.gz) = 8c735963364985e74ceb38242afae555a3d2ee7c69abe3fe5c485e8613a83d996a58f231cb689a156019d431fa67d565503247d010b0a404054850483aed9fec |
| 6 | Size (mupdf-1.10a-source.tar.gz) = 42264707 bytes | | 6 | Size (mupdf-1.10a-source.tar.gz) = 42264707 bytes |
| 7 | SHA1 (patch-Makethird) = 0a5951d543755c42053013f03b1c573b5da9c82c | | 7 | SHA1 (patch-Makethird) = 0a5951d543755c42053013f03b1c573b5da9c82c |
| 8 | SHA1 (patch-ab) = 7bee583086078359ce04eacd9db3b4f03737a7bb | | 8 | SHA1 (patch-ab) = 7bee583086078359ce04eacd9db3b4f03737a7bb |
| 9 | SHA1 (patch-ac) = d75afe8b05b85d042dc1baeaf8a9988f2e60338a | | 9 | SHA1 (patch-ac) = d75afe8b05b85d042dc1baeaf8a9988f2e60338a |
| 10 | SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede | | 10 | SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede |
| 11 | SHA1 (patch-source_fitz_load-jpx.c) = fbe6814536d37835a4daa5bb90b1f6cf8698f807 | | 11 | SHA1 (patch-source_fitz_load-jpx.c) = fbe6814536d37835a4daa5bb90b1f6cf8698f807 |
| | | 12 | SHA1 (patch-source_fitz_pixmap.c) = d0b3e44780fd64381424e367e5233ce1013dc974 |
| | | 13 | SHA1 (patch-source_tools_mudraw.c) = 99b827e39767559a8d5b6b380f0bbb100f5125e7 |
| 12 | SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34 | | 14 | SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34 |
| 13 | SHA1 (patch-thirdparty_mujs_jsdate.c) = 020fcb9d1e77bd7ba10943070673d53bbcee573b | | 15 | SHA1 (patch-thirdparty_mujs_jsdate.c) = 020fcb9d1e77bd7ba10943070673d53bbcee573b |
| 14 | SHA1 (patch-thirdparty_mujs_jsrun.c) = 79f730436b1f67780468c10096d3dbfb5e14d5a5 | | 16 | SHA1 (patch-thirdparty_mujs_jsrun.c) = 79f730436b1f67780468c10096d3dbfb5e14d5a5 |
$NetBSD: patch-source_fitz_pixmap.c,v 1.1 2017/02/11 09:39:05 leot Exp $
Backport a fix from upstream for CVE-2017-5896:
bug 697515: Fix out of bounds read in fz_subsample_pixmap
Pointer arithmetic for final special case was going wrong.
--- source/fitz/pixmap.c.orig
+++ source/fitz/pixmap.c
@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
"@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
"ldr r4, [r13,#4*22] @ r4 = divXY \n"
"ldr r5, [r13,#4*11] @ for (nn = n; nn > 0; n--) { \n"
+ "ldr r8, [r13,#4*17] @ r8 = back4 \n"
"18: @ \n"
"mov r14,#0 @ r14= v = 0 \n"
"sub r5, r5, r1, LSL #8 @ for (xx = x; xx > 0; x--) { \n"
@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
"mul r14,r4, r14 @ r14= v *= divX \n"
"mov r14,r14,LSR #16 @ r14= v >>= 16 \n"
"strb r14,[r9], #1 @ *d++ = r14 \n"
- "sub r0, r0, r8 @ s -= back2 \n"
+ "sub r0, r0, r8 @ s -= back4 \n"
"subs r5, r5, #1 @ n-- \n"
"bgt 18b @ } \n"
"21: @ \n"
@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
x += f;
if (x > 0)
{
+ int back4 = x * n - 1;
div = x * y;
for (nn = n; nn > 0; nn--)
{
@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
s -= back5;
}
*d++ = v / div;
- s -= back2;
+ s -= back4;
}
}
}
$NetBSD: patch-source_tools_mudraw.c,v 1.1 2017/02/11 09:39:05 leot Exp $
Backport a fix from upstream for bug 697514:
Bug 697514: Write SVG output to stdout if no output specified.
--- source/tools/mudraw.c.orig
+++ source/tools/mudraw.c
@@ -578,7 +578,7 @@ static void dodrawpage(fz_context *ctx, fz_page *page, fz_display_list *list, in
char buf[512];
fz_output *out;
- if (!strcmp(output, "-"))
+ if (!output || !strcmp(output, "-"))
out = fz_stdout(ctx);
else
{