CVS commit: pkgsrc/print/mupdf

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/print/mupdf
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Mon, 30 Jan 2017 14:06:05 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Mon Jan 30 14:06:05 UTC 2017

Modified Files:
        pkgsrc/print/mupdf: Makefile distinfo
Added Files:
        pkgsrc/print/mupdf/patches: patch-thirdparty_mujs_jsdate.c
            patch-thirdparty_mujs_jsrun.c

Log Message:
Backport fixes to mupdf-1.10a from upstream for CVE-2017-562[78]

PKGREVISION++


To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 pkgsrc/print/mupdf/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/print/mupdf/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c \
    pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/print/mupdf/Makefile
diff -u pkgsrc/print/mupdf/Makefile:1.43 pkgsrc/print/mupdf/Makefile:1.44
--- pkgsrc/print/mupdf/Makefile:1.43    Sun Jan  1 16:05:59 2017
+++ pkgsrc/print/mupdf/Makefile Mon Jan 30 14:06:05 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.43 2017/01/01 16:05:59 adam Exp $
+# $NetBSD: Makefile,v 1.44 2017/01/30 14:06:05 leot Exp $
 
 DISTNAME=      mupdf-1.10a-source
 PKGNAME=       ${DISTNAME:S/-source//}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    print
 MASTER_SITES=  http://mupdf.com/downloads/archive/
 

Index: pkgsrc/print/mupdf/distinfo
diff -u pkgsrc/print/mupdf/distinfo:1.29 pkgsrc/print/mupdf/distinfo:1.30
--- pkgsrc/print/mupdf/distinfo:1.29    Fri Dec  9 08:19:31 2016
+++ pkgsrc/print/mupdf/distinfo Mon Jan 30 14:06:05 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2016/12/09 08:19:31 leot Exp $
+$NetBSD: distinfo,v 1.30 2017/01/30 14:06:05 leot Exp $
 
 SHA1 (mupdf-1.10a-source.tar.gz) = 1c3a6e1d4406912004b8e2c09435199e6b425191
 RMD160 (mupdf-1.10a-source.tar.gz) = bfb482681c6804db8a0fd9ec46b16ac6f9fffdf2
@@ -10,3 +10,5 @@ SHA1 (patch-ac) = d75afe8b05b85d042dc1ba
 SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede
 SHA1 (patch-source_fitz_load-jpx.c) = fbe6814536d37835a4daa5bb90b1f6cf8698f807
 SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34
+SHA1 (patch-thirdparty_mujs_jsdate.c) = 020fcb9d1e77bd7ba10943070673d53bbcee573b
+SHA1 (patch-thirdparty_mujs_jsrun.c) = 79f730436b1f67780468c10096d3dbfb5e14d5a5

Added files:

Index: pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c
diff -u /dev/null pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c:1.1
--- /dev/null   Mon Jan 30 14:06:05 2017
+++ pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c   Mon Jan 30 14:06:05 2017
@@ -0,0 +1,27 @@
+$NetBSD: patch-thirdparty_mujs_jsdate.c,v 1.1 2017/01/30 14:06:05 leot Exp $
+
+Backport a fix from upstream for CVE-2017-5628:
+
+Fix 697496: Check NAN before accessing array in MakeDay().
+
+--- thirdparty/mujs/jsdate.c.orig
++++ thirdparty/mujs/jsdate.c
+@@ -207,12 +207,17 @@ static double MakeDay(double y, double m, double date)
+       };
+ 
+       double yd, md;
++      int im;
+ 
+       y += floor(m / 12);
+       m = pmod(m, 12);
+ 
++      im = (int)m;
++      if (im < 0 || im >= 12)
++              return NAN;
++
+       yd = floor(TimeFromYear(y) / msPerDay);
+-      md = firstDayOfMonth[InLeapYear(y)][(int)m];
++      md = firstDayOfMonth[InLeapYear(y)][im];
+ 
+       return yd + md + date - 1;
+ }
Index: pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c
diff -u /dev/null pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c:1.1
--- /dev/null   Mon Jan 30 14:06:05 2017
+++ pkgsrc/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c    Mon Jan 30 14:06:05 2017
@@ -0,0 +1,21 @@
+$NetBSD: patch-thirdparty_mujs_jsrun.c,v 1.1 2017/01/30 14:06:05 leot Exp $
+
+Backport a fix from upstream for CVE-2017-5627:
+
+Fix 697497: Ensure array length is positive.
+
+As a side effect when changing to using regular integers (and avoid the
+nightmare of mixing signed and unsigned) we accidentally allowed negative
+array lengths.
+
+--- thirdparty/mujs/jsrun.c.orig
++++ thirdparty/mujs/jsrun.c
+@@ -544,7 +544,7 @@ static void jsR_setproperty(js_State *J, js_Object *obj, const char *name)
+               if (!strcmp(name, "length")) {
+                       double rawlen = jsV_tonumber(J, value);
+                       int newlen = jsV_numbertointeger(rawlen);
+-                      if (newlen != rawlen)
++                      if (newlen != rawlen || newlen < 0)
+                               js_rangeerror(J, "array length");
+                       jsV_resizearray(J, obj, newlen);
+                       return;

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index