rpms/mupdf
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v1.12RC1 test build

Browse Source
This commit is contained in:
Michael J Gruber 2017-11-26 17:59:11 +01:00
parent 98c6676b5c
commit f1b65b7b3d
6 changed files with 16 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,3 +11,4 @@
/mupdf-1.8-source.tar.gz
/mupdf-1.10a-source.tar.gz
/mupdf-1.11-source.tar.gz
/mupdf-1.12-rc1-source.tar.gz

45
mupdf-1.11-CVE-2017-15369.patch
View File

@ -1,45 +0,0 @@
From c2663e51238ec8256da7fc61ad580db891d9fe9a Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Mon, 25 Sep 2017 13:04:11 +0200
Subject: [PATCH] Bug 698592: Mark variable fz_var(), avoiding optimization.
The change in 2707fa9e8e6d17d794330e719dec1b08161fb045
in build_filter_chain() allows for the variable chain
to reside in a register, which means that the bug is
likely to only be visible if built under optimization.
First the chain variable is transferred to chain2, then
set to NULL, then when an exception occurs in build_filter()
the filter chain will be freed by build_filter(). Next
the expectation is that execution proceeds to fz_catch()
where fz_drop_stream() would be called with chain == NULL.
However due to the chain variable residing in a register,
its value is not NULL as expected, but was reset to its
original value upon the exception (since they use setjmp()),
hence fz_drop_stream() is called with a non-NULL value.
Marking the chain variable with fz_var() prevents the
compiler from allowing the chain variable to reside in
a register and hence its value will remain NULL and
never be reset.
---
source/pdf/pdf-stream.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c
index baf9f0a..56592b0 100644
--- a/source/pdf/pdf-stream.c
+++ b/source/pdf/pdf-stream.c
@@ -246,6 +246,8 @@ build_filter_chain(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_obj
pdf_obj *p;
int i, n;
+ fz_var(chain);
+
fz_try(ctx)
{
n = pdf_array_len(ctx, fs);
--
2.9.1

26
mupdf-1.11-CVE-2017-15587.patch
View File

@ -1,26 +0,0 @@
From 82df2631d7d0446b206ea6b434ea609b6c28b0e8 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Mon, 16 Oct 2017 13:14:25 +0200
Subject: [PATCH] Check for integer overflow when validating new style xref
Index.
---
source/pdf/pdf-xref.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 66bd0ed..6292793 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
pdf_xref_entry *table;
int i, n;
- if (i0 < 0 || i1 < 0)
+ if (i0 < 0 || i1 < 0 || (i0+i1) < 0)
fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
//if (i0 + i1 > pdf_xref_len(ctx, doc))
// fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
--
2.9.1

8
mupdf-1.11-openjpeg.patch → mupdf-1.12-openjpeg.patch
View File

@ -1,8 +1,8 @@
diff --git i/source/fitz/load-jpx.c w/source/fitz/load-jpx.c
index d01de585..9934e47a 100644
index 65699bab..800ee32c 100644
--- i/source/fitz/load-jpx.c
+++ w/source/fitz/load-jpx.c
@@ -443,12 +443,15 @@ fz_load_jpx_info(fz_context *ctx, unsigned char *data, size_t size, int *wp, int
@@ -444,12 +444,15 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
}
#else /* HAVE_LURATECH */
@ -12,14 +12,14 @@ index d01de585..9934e47a 100644
+{
#define OPJ_STATIC
#define OPJ_HAVE_INTTYPES_H
#if !defined(_WIN32) && !defined(_WIN64)
#if !defined(_MSC_VER) || _MSC_VER >= 1600
#define OPJ_HAVE_STDINT_H
#endif
+#endif
#define USE_JPIP
#include <openjpeg.h>
@@ -920,6 +923,9 @@ fz_load_jpx_info(fz_context *ctx, unsigned char *data, size_t size, int *wp, int
@@ -931,6 +934,9 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
}
#endif /* HAVE_LURATECH */

20
mupdf.spec
View File

@ -1,20 +1,19 @@
Name: mupdf
Version: 1.11
Release: 9%{?dist}
Version: 1.12rc1
%global origversion 1.12-rc1
Release: 1%{?dist}
Summary: A lightweight PDF viewer and toolkit
Group: Applications/Publishing
License: GPLv3
URL: http://mupdf.com/
Source0: http://mupdf.com/downloads/%{name}-%{version}-source.tar.gz
Source0: http://mupdf.com/downloads/%{name}-%{origversion}-source.tar.gz
Source1: %{name}.desktop
BuildRequires: gcc make binutils desktop-file-utils coreutils
BuildRequires: openjpeg2-devel jbig2dec-devel desktop-file-utils
BuildRequires: libjpeg-devel freetype-devel libXext-devel curl-devel
BuildRequires: harfbuzz-devel
BuildRequires: glfw-devel mesa-libGL-devel
Patch0: %{name}-1.11-openjpeg.patch
Patch1: %{name}-1.11-CVE-2017-15369.patch
Patch2: %{name}-1.11-CVE-2017-15587.patch
BuildRequires: glfw-devel mesa-libGL-devel freeglut-devel
Patch0: %{name}-1.12-openjpeg.patch
%description
@ -43,11 +42,9 @@ The mupdf-devel package contains header files for developing
applications that use mupdf and static libraries
%prep
%setup -q -n %{name}-%{version}-source
%setup -q -n %{name}-%{origversion}-source
rm -rf thirdparty
%patch0 -p1
%patch1 -p1
%patch2 -p1
%build
export XCFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK"
@ -85,6 +82,9 @@ update-desktop-database &> /dev/null || :
%{_libdir}/lib%{name}*.a
%changelog
* Sun Nov 26 2017 Michael J Gruber <mjg@fedoraproject.org> - 1.12rc1-1
- rc test
* Sat Nov 11 2017 Michael J Gruber <mjg@fedoraproject.org> - 1.11-9
- CVE-2017-15369
- CVE-2017-15587

2
sources
View File

@ -1 +1 @@
SHA512 (mupdf-1.11-source.tar.gz) = 501670f540e298a8126806ebbd9db8b29866f663b7bbf26c9ade1933e42f0c00ad410b9d93f3ddbfb3e45c38722869095de28d832fe3fb3703c55cc9a01dbf63
SHA512 (mupdf-1.12-rc1-source.tar.gz) = 12b232224b2a73794e3a70270b3dd3d6cdb51400c8ec421f2d96436ec5f221f567634851a9892e60a3fe39d74def6f2c666e301fa6f40c4f28e6a26b5dd5deb6