From 7791cfc458ffa14d0aa94914bd7cf6212ae70c80 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Fri, 19 May 2017 10:52:16 +0200 Subject: [PATCH] Fix for CVE-2016-8728 CVE-2016-8729 --- mupdf-1452545_scale_underflow.patch | 25 +++++++++++++++++++++++++ mupdf.spec | 13 +++++++------ 2 files changed, 32 insertions(+), 6 deletions(-) create mode 100644 mupdf-1452545_scale_underflow.patch diff --git a/mupdf-1452545_scale_underflow.patch b/mupdf-1452545_scale_underflow.patch new file mode 100644 index 0000000..7466cbc --- /dev/null +++ b/mupdf-1452545_scale_underflow.patch @@ -0,0 +1,25 @@ +commit 0c86abf954ca4a5f00c26f6600acac93f9fc3538 +Author: Robin Watts +Date: Tue Feb 28 17:15:40 2017 +0000 + + Bug 697395: Fix underflow in special case scaler. + + When scaling a single row pixmap with a flip, I was getting + the offset to the far end of the line wrong due to forgetting + to allow for the alpha plane. + + Fixed here. + +diff --git a/source/fitz/draw-scale-simple.c b/source/fitz/draw-scale-simple.c +index 1525c7b..1d59092 100644 +--- a/source/fitz/draw-scale-simple.c ++++ b/source/fitz/draw-scale-simple.c +@@ -1294,7 +1294,7 @@ scale_single_row(unsigned char * restrict dst, int dstride, const unsigned char + tmp[j] = 128; + if (weights->flip) + { +- dst += (weights->count-1)*n; ++ dst += (weights->count-1)*nf; + for (i=weights->count; i > 0; i--) + { + min = *contrib++; diff --git a/mupdf.spec b/mupdf.spec index c581094..3196e50 100644 --- a/mupdf.spec +++ b/mupdf.spec @@ -1,6 +1,6 @@ Name: mupdf Version: 1.10a -Release: 6%{?dist} +Release: 7%{?dist} Summary: A lightweight PDF viewer and toolkit Group: Applications/Publishing License: GPLv3 @@ -16,6 +16,7 @@ Patch0: %{name}-1.10a-openjpeg.patch Patch1: %{name}-Bug-697500-Fix-NULL-ptr-access.patch Patch2: %{name}-bug-697515-Fix-out-of-bounds-read-in-fz_subsample_pi.patch Patch3: %{name}-bz1439643.patch +Patch4: %{name}-1452545_scale_underflow.patch %description @@ -44,12 +45,9 @@ The mupdf-devel package contains header files for developing applications that use mupdf and static libraries %prep -%setup -q -n %{name}-%{version}-source +##%setup -q +%autosetup -n %{name}-%{version}-source -p1 rm -rf thirdparty -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build export CFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK" @@ -87,6 +85,9 @@ update-desktop-database &> /dev/null || : %{_libdir}/lib%{name}*.a %changelog +* Fri May 19 2017 Pavel Zhukov - 1.10a-7 +- Fix for CVE-2016-8728 CVE-2016-8729 + * Wed May 10 2017 Pavel Zhukov - 1.10a-6 - Rebuild with new jbig2dec