Fix for CVE-2016-8728 CVE-2016-8729

2017-05-19 10:52:16 +02:00 · 2017-05-19 10:52:16 +02:00 · 7791cfc458
commit 7791cfc458
parent 49a4895e52
2 changed files with 32 additions and 6 deletions
--- a/mupdf-1452545_scale_underflow.patch
+++ b/mupdf-1452545_scale_underflow.patch
@ -0,0 +1,25 @@
+commit 0c86abf954ca4a5f00c26f6600acac93f9fc3538
+Author: Robin Watts <robin.watts@artifex.com>
+Date:   Tue Feb 28 17:15:40 2017 +0000
+
+    Bug 697395: Fix underflow in special case scaler.
+    
+    When scaling a single row pixmap with a flip, I was getting
+    the offset to the far end of the line wrong due to forgetting
+    to allow for the alpha plane.
+    
+    Fixed here.
+
+diff --git a/source/fitz/draw-scale-simple.c b/source/fitz/draw-scale-simple.c
+index 1525c7b..1d59092 100644
+--- a/source/fitz/draw-scale-simple.c
+++ b/source/fitz/draw-scale-simple.c
+@@ -1294,7 +1294,7 @@ scale_single_row(unsigned char * restrict dst, int dstride, const unsigned char
+ 		tmp[j] = 128;
+ 	if (weights->flip)
+ 	{
+-		dst += (weights->count-1)*n;
+		dst += (weights->count-1)*nf;
+ 		for (i=weights->count; i > 0; i--)
+ 		{
+ 			min = *contrib++;
--- a/mupdf.spec
+++ b/mupdf.spec
@ -1,6 +1,6 @@
 Name:           mupdf
 Version:        1.10a
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        A lightweight PDF viewer and toolkit
 Group:          Applications/Publishing
 License:        GPLv3
@ -16,6 +16,7 @@ Patch0:         %{name}-1.10a-openjpeg.patch
 Patch1:         %{name}-Bug-697500-Fix-NULL-ptr-access.patch
 Patch2:         %{name}-bug-697515-Fix-out-of-bounds-read-in-fz_subsample_pi.patch
 Patch3:         %{name}-bz1439643.patch
+Patch4:         %{name}-1452545_scale_underflow.patch


 %description
@ -44,12 +45,9 @@ The mupdf-devel package contains header files for developing
 applications that use mupdf and static libraries

 %prep
-%setup -q -n %{name}-%{version}-source
+##%setup -q 
+%autosetup -n %{name}-%{version}-source -p1
 rm -rf thirdparty
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1

 %build
 export CFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK"
@ -87,6 +85,9 @@ update-desktop-database &> /dev/null || :
 %{_libdir}/lib%{name}*.a

 %changelog
+* Fri May 19 2017 Pavel Zhukov <landgraf@fedoraproject.org> - 1.10a-7
+- Fix for CVE-2016-8728 CVE-2016-8729
+
 * Wed May 10  2017 Pavel Zhukov <landgraf@fedoraproject.org> - 1.10a-6
 - Rebuild with new jbig2dec