pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/print/mupdf
Module Name: pkgsrc
Committed By: leot
Date: Sat Jul 6 11:27:48 UTC 2019
Modified Files:
pkgsrc/print/mupdf: Makefile distinfo
Added Files:
pkgsrc/print/mupdf/patches: patch-source_fitz_list-device.c
Log Message:
mupdf: Backport patches to address CVE-2019-13290
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 pkgsrc/print/mupdf/Makefile
cvs rdiff -u -r1.45 -r1.46 pkgsrc/print/mupdf/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/print/mupdf/patches/patch-source_fitz_list-device.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/print/mupdf/Makefile
diff -u pkgsrc/print/mupdf/Makefile:1.68 pkgsrc/print/mupdf/Makefile:1.69
--- pkgsrc/print/mupdf/Makefile:1.68 Mon May 13 11:03:58 2019
+++ pkgsrc/print/mupdf/Makefile Sat Jul 6 11:27:48 2019
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.68 2019/05/13 11:03:58 leot Exp $
+# $NetBSD: Makefile,v 1.69 2019/07/06 11:27:48 leot Exp $
DISTNAME= mupdf-1.15.0-source
PKGNAME= ${DISTNAME:S/-source//}
+PKGREVISION= 1
CATEGORIES= print
MASTER_SITES= https://mupdf.com/downloads/archive/
Index: pkgsrc/print/mupdf/distinfo
diff -u pkgsrc/print/mupdf/distinfo:1.45 pkgsrc/print/mupdf/distinfo:1.46
--- pkgsrc/print/mupdf/distinfo:1.45 Fri May 17 05:45:10 2019
+++ pkgsrc/print/mupdf/distinfo Sat Jul 6 11:27:48 2019
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.45 2019/05/17 05:45:10 wiz Exp $
+$NetBSD: distinfo,v 1.46 2019/07/06 11:27:48 leot Exp $
SHA1 (mupdf-1.15.0-source.tar.gz) = 4354a1c7245d4351ba604a4deed4a4ecf3e27492
RMD160 (mupdf-1.15.0-source.tar.gz) = 892247f12a9e85d384c6cbc6c5a394d36e783158
@@ -10,5 +10,6 @@ SHA1 (patch-ac) = 94294d03a0ad31e2e4063f
SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede
SHA1 (patch-platform_gl_gl-app.h) = f8682b54821a560b2ba1082bcf215eeefb549644
SHA1 (patch-platform_gl_gl-main.c) = edff1aa77c4d6af59b2eca442340606a0bae9970
+SHA1 (patch-source_fitz_list-device.c) = ea8ca9df49c16a91546ab05e8f3e57b1308c2278
SHA1 (patch-source_fitz_load-jpx.c) = 161d21bca13bb57db37807aec844c85dc5b34157
SHA1 (patch-thirdparty_mujs_Makefile) = 833e44f4e23d2a6ff61e6276feede4892feeb9bb
Added files:
Index: pkgsrc/print/mupdf/patches/patch-source_fitz_list-device.c
diff -u /dev/null pkgsrc/print/mupdf/patches/patch-source_fitz_list-device.c:1.1
--- /dev/null Sat Jul 6 11:27:48 2019
+++ pkgsrc/print/mupdf/patches/patch-source_fitz_list-device.c Sat Jul 6 11:27:48 2019
@@ -0,0 +1,48 @@
+$NetBSD: patch-source_fitz_list-device.c,v 1.1 2019/07/06 11:27:48 leot Exp $
+
+Backport commits ed19bc806809ad10c4ddce515d375581b86ede85 and
+aaf794439e40a2ef544f15b50c20e657414dec7a to address CVE-2019-13290.
+
+Commit ed19bc806809ad10c4ddce515d375581b86ede85:
+> Bug 701118: Handle appending large display list nodes.
+>
+> The size of the begin layer node depends on the size of the layer
+> name. That name may be a string from the page's property resources,
+> and is only bounded by memory when parsed by lex_string(). So the
+> append_list_node() logic cannot simply double the size of the
+> display list and hope that the node fits, since the node may be
+> of arbitrary size.
+>
+> Now append_list_node() would repeatedly double the size of the
+> display list until the node fits, or malloc() runs out of memory.
+
+Commit aaf794439e40a2ef544f15b50c20e657414dec7a:
+> Bug 701118: Limit size of begin layer nodes in display list.
+>
+> The size of the begin layer node depends on the size of the layer
+> name. That name may be a string from the page's property resources,
+> and is only bounded by memory when parsed by lex_string(). The
+> layer name may cause a display node to be larger than the maximum
+> size allowed. This condition is now checked for.
+
+--- source/fitz/list-device.c.orig
++++ source/fitz/list-device.c
+@@ -462,6 +462,9 @@ fz_append_display_node(
+ }
+ if (private_data != NULL)
+ {
++ int max = SIZE_IN_NODES(MAX_NODE_SIZE) - size;
++ if (SIZE_IN_NODES(private_data_len) > max)
++ fz_throw(ctx, FZ_ERROR_GENERIC, "Private data too large to pack into display list node");
+ private_off = size;
+ size += SIZE_IN_NODES(private_data_len);
+ }
+@@ -466,7 +466,7 @@ fz_append_display_node(
+ size += SIZE_IN_NODES(private_data_len);
+ }
+
+- if (list->len + size > list->max)
++ while (list->len + size > list->max)
+ {
+ int newsize = list->max * 2;
+ fz_display_node *old = list->list;
Home |
Main Index |
Thread Index |
Old Index