pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/print/mupdf Backport security fixes for upstream bugs ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/191e5c0e16e0
branches:  trunk
changeset: 358374:191e5c0e16e0
user:      leot <leot%pkgsrc.org@localhost>
date:      Sat Feb 11 09:39:05 2017 +0000

description:
Backport security fixes for upstream bugs 697514 and 697515 (CVE-2017-5896) to

PKGREVISON++

diffstat:

 print/mupdf/Makefile                            |   4 +-
 print/mupdf/distinfo                            |   4 +-
 print/mupdf/patches/patch-source_fitz_pixmap.c  |  44 +++++++++++++++++++++++++
 print/mupdf/patches/patch-source_tools_mudraw.c |  17 +++++++++
 4 files changed, 66 insertions(+), 3 deletions(-)

diffs (101 lines):

diff -r 4cb758cfeb2b -r 191e5c0e16e0 print/mupdf/Makefile
--- a/print/mupdf/Makefile      Sat Feb 11 09:21:02 2017 +0000
+++ b/print/mupdf/Makefile      Sat Feb 11 09:39:05 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.45 2017/02/06 13:54:48 wiz Exp $
+# $NetBSD: Makefile,v 1.46 2017/02/11 09:39:05 leot Exp $
 
 DISTNAME=      mupdf-1.10a-source
 PKGNAME=       ${DISTNAME:S/-source//}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    print
 MASTER_SITES=  http://mupdf.com/downloads/archive/
 
diff -r 4cb758cfeb2b -r 191e5c0e16e0 print/mupdf/distinfo
--- a/print/mupdf/distinfo      Sat Feb 11 09:21:02 2017 +0000
+++ b/print/mupdf/distinfo      Sat Feb 11 09:39:05 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2017/01/30 14:06:05 leot Exp $
+$NetBSD: distinfo,v 1.31 2017/02/11 09:39:05 leot Exp $
 
 SHA1 (mupdf-1.10a-source.tar.gz) = 1c3a6e1d4406912004b8e2c09435199e6b425191
 RMD160 (mupdf-1.10a-source.tar.gz) = bfb482681c6804db8a0fd9ec46b16ac6f9fffdf2
@@ -9,6 +9,8 @@
 SHA1 (patch-ac) = d75afe8b05b85d042dc1baeaf8a9988f2e60338a
 SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede
 SHA1 (patch-source_fitz_load-jpx.c) = fbe6814536d37835a4daa5bb90b1f6cf8698f807
+SHA1 (patch-source_fitz_pixmap.c) = d0b3e44780fd64381424e367e5233ce1013dc974
+SHA1 (patch-source_tools_mudraw.c) = 99b827e39767559a8d5b6b380f0bbb100f5125e7
 SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34
 SHA1 (patch-thirdparty_mujs_jsdate.c) = 020fcb9d1e77bd7ba10943070673d53bbcee573b
 SHA1 (patch-thirdparty_mujs_jsrun.c) = 79f730436b1f67780468c10096d3dbfb5e14d5a5
diff -r 4cb758cfeb2b -r 191e5c0e16e0 print/mupdf/patches/patch-source_fitz_pixmap.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/mupdf/patches/patch-source_fitz_pixmap.c    Sat Feb 11 09:39:05 2017 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-source_fitz_pixmap.c,v 1.1 2017/02/11 09:39:05 leot Exp $
+
+Backport a fix from upstream for CVE-2017-5896:
+
+bug 697515: Fix out of bounds read in fz_subsample_pixmap
+
+Pointer arithmetic for final special case was going wrong.
+
+--- source/fitz/pixmap.c.orig
++++ source/fitz/pixmap.c
+@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
+       "@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
+       "ldr    r4, [r13,#4*22]         @ r4 = divXY                    \n"
+       "ldr    r5, [r13,#4*11]         @ for (nn = n; nn > 0; n--) {   \n"
++      "ldr    r8, [r13,#4*17]         @ r8 = back4                    \n"
+       "18:                            @                               \n"
+       "mov    r14,#0                  @ r14= v = 0                    \n"
+       "sub    r5, r5, r1, LSL #8      @ for (xx = x; xx > 0; x--) {   \n"
+@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
+       "mul    r14,r4, r14             @ r14= v *= divX                \n"
+       "mov    r14,r14,LSR #16         @ r14= v >>= 16                 \n"
+       "strb   r14,[r9], #1            @ *d++ = r14                    \n"
+-      "sub    r0, r0, r8              @ s -= back2                    \n"
++      "sub    r0, r0, r8              @ s -= back4                    \n"
+       "subs   r5, r5, #1              @ n--                           \n"
+       "bgt    18b                     @ }                             \n"
+       "21:                            @                               \n"
+@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
+               x += f;
+               if (x > 0)
+               {
++                      int back4 = x * n - 1;
+                       div = x * y;
+                       for (nn = n; nn > 0; nn--)
+                       {
+@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
+                                       s -= back5;
+                               }
+                               *d++ = v / div;
+-                              s -= back2;
++                              s -= back4;
+                       }
+               }
+       }
diff -r 4cb758cfeb2b -r 191e5c0e16e0 print/mupdf/patches/patch-source_tools_mudraw.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/mupdf/patches/patch-source_tools_mudraw.c   Sat Feb 11 09:39:05 2017 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-source_tools_mudraw.c,v 1.1 2017/02/11 09:39:05 leot Exp $
+
+Backport a fix from upstream for bug 697514:
+
+Bug 697514: Write SVG output to stdout if no output specified.
+
+--- source/tools/mudraw.c.orig
++++ source/tools/mudraw.c
+@@ -578,7 +578,7 @@ static void dodrawpage(fz_context *ctx, fz_page *page, fz_display_list *list, in
+               char buf[512];
+               fz_output *out;
+ 
+-              if (!strcmp(output, "-"))
++              if (!output || !strcmp(output, "-"))
+                       out = fz_stdout(ctx);
+               else
+               {



Home | Main Index | Thread Index | Old Index