pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2021Q1]: pkgsrc/print/mupdf Pullup ticket #6461 - requested by...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e1aa84595bff
branches:  pkgsrc-2021Q1
changeset: 453228:e1aa84595bff
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue May 25 15:14:19 2021 +0000

description:
Pullup ticket #6461 - requested by nia
print/mupdf: security fix

Revisions pulled up:
- print/mupdf/Makefile                                          1.87
- print/mupdf/distinfo                                          1.53
- print/mupdf/patches/patch-source_pdf_pdf-parse.c              1.1
- print/mupdf/patches/patch-source_pdf_pdf-xref.c               1.3

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Tue May 25 07:59:43 UTC 2021

   Modified Files:
        pkgsrc/print/mupdf: Makefile distinfo
   Added Files:
        pkgsrc/print/mupdf/patches: patch-source_pdf_pdf-parse.c
            patch-source_pdf_pdf-xref.c

   Log Message:
   mupdf: apply fix for CVE-2021-3407, bump PKGREVISION

diffstat:

 print/mupdf/Makefile                             |   3 +-
 print/mupdf/distinfo                             |   4 ++-
 print/mupdf/patches/patch-source_pdf_pdf-parse.c |  28 ++++++++++++++++++++++++
 print/mupdf/patches/patch-source_pdf_pdf-xref.c  |  24 ++++++++++++++++++++
 4 files changed, 57 insertions(+), 2 deletions(-)

diffs (89 lines):

diff -r bdee12c06b07 -r e1aa84595bff print/mupdf/Makefile
--- a/print/mupdf/Makefile      Tue May 25 14:54:36 2021 +0000
+++ b/print/mupdf/Makefile      Tue May 25 15:14:19 2021 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.85 2020/10/08 22:50:16 leot Exp $
+# $NetBSD: Makefile,v 1.85.4.1 2021/05/25 15:14:19 bsiegert Exp $
 
 DISTNAME=      mupdf-1.18.0-source
 PKGNAME=       ${DISTNAME:S/-source//}
+PKGREVISION=   2
 CATEGORIES=    print
 MASTER_SITES=  https://mupdf.com/downloads/archive/
 
diff -r bdee12c06b07 -r e1aa84595bff print/mupdf/distinfo
--- a/print/mupdf/distinfo      Tue May 25 14:54:36 2021 +0000
+++ b/print/mupdf/distinfo      Tue May 25 15:14:19 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.52 2020/10/08 22:50:16 leot Exp $
+$NetBSD: distinfo,v 1.52.4.1 2021/05/25 15:14:19 bsiegert Exp $
 
 SHA1 (mupdf-1.18.0-source.tar.gz) = 8cc9d04313d06e3d514b961b7b900b721ebc24e0
 RMD160 (mupdf-1.18.0-source.tar.gz) = 59fce4cd71417510ed997ce518e34f426e981951
@@ -11,4 +11,6 @@
 SHA1 (patch-platform_gl_gl-app.h) = 48f48f13c9a6376231de25aa63411560ea9d91ca
 SHA1 (patch-platform_gl_gl-main.c) = c760d16f0ac4a9b09800869d22b7324724bc007b
 SHA1 (patch-source_fitz_load-jpx.c) = 8d7f58168c8429a82127b821387298341a1fcbfb
+SHA1 (patch-source_pdf_pdf-parse.c) = 39441caeae75b61ff0b56aa839047dde34b05108
+SHA1 (patch-source_pdf_pdf-xref.c) = 7d7a9650f63061edbc7659ce65401569642bd6e6
 SHA1 (patch-thirdparty_mujs_Makefile) = 8ff3cc67a60b648841b074846bd6e7de943fd034
diff -r bdee12c06b07 -r e1aa84595bff print/mupdf/patches/patch-source_pdf_pdf-parse.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/mupdf/patches/patch-source_pdf_pdf-parse.c  Tue May 25 15:14:19 2021 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-source_pdf_pdf-parse.c,v 1.1.2.2 2021/05/25 15:14:19 bsiegert Exp $
+
+Bug 703366: Fix double free of object during linearization.
+
+This appears to happen because we parse an illegal object from
+a broken file and assign it to object 0, which is defined to
+be free.
+
+Here, we fix the parsing code so this can't happen.
+
+https://nvd.nist.gov/vuln/detail/CVE-2021-3407
+http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
+
+--- source/pdf/pdf-parse.c.orig        2020-10-07 10:35:03.000000000 +0000
++++ source/pdf/pdf-parse.c
+@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_d
+               fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num);
+       }
+       gen = buf->i;
++      if (gen < 0 || gen >= 65536)
++      {
++              if (try_repair)
++                      *try_repair = 1;
++              fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen);
++      }
+ 
+       tok = pdf_lex(ctx, file, buf);
+       if (tok != PDF_TOK_OBJ)
diff -r bdee12c06b07 -r e1aa84595bff print/mupdf/patches/patch-source_pdf_pdf-xref.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/mupdf/patches/patch-source_pdf_pdf-xref.c   Tue May 25 15:14:19 2021 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-source_pdf_pdf-xref.c,v 1.3.2.2 2021/05/25 15:14:19 bsiegert Exp $
+
+Bug 703366: Fix double free of object during linearization.
+
+This appears to happen because we parse an illegal object from
+a broken file and assign it to object 0, which is defined to
+be free.
+
+Here, we fix the parsing code so this can't happen.
+
+https://nvd.nist.gov/vuln/detail/CVE-2021-3407
+http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
+
+--- source/pdf/pdf-xref.c.orig 2020-10-07 10:35:03.000000000 +0000
++++ source/pdf/pdf-xref.c
+@@ -1012,6 +1012,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_d
+       {
+               ofs = fz_tell(ctx, doc->file);
+               trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL);
++              if (num == 0)
++                      fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n");
+       }
+       fz_catch(ctx)
+       {
Home | Main Index | Thread Index | Old Index