diff --git a/.gitignore b/.gitignore index 767d5d6..3075256 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /mupdf-1.8-source.tar.gz /mupdf-1.10a-source.tar.gz /mupdf-1.11-source.tar.gz +/mupdf-1.12-rc1-source.tar.gz diff --git a/mupdf-1.11-CVE-2017-15369.patch b/mupdf-1.11-CVE-2017-15369.patch deleted file mode 100644 index 3b62e96..0000000 --- a/mupdf-1.11-CVE-2017-15369.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c2663e51238ec8256da7fc61ad580db891d9fe9a Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Mon, 25 Sep 2017 13:04:11 +0200 -Subject: [PATCH] Bug 698592: Mark variable fz_var(), avoiding optimization. - -The change in 2707fa9e8e6d17d794330e719dec1b08161fb045 -in build_filter_chain() allows for the variable chain -to reside in a register, which means that the bug is -likely to only be visible if built under optimization. - -First the chain variable is transferred to chain2, then -set to NULL, then when an exception occurs in build_filter() -the filter chain will be freed by build_filter(). Next -the expectation is that execution proceeds to fz_catch() -where fz_drop_stream() would be called with chain == NULL. - -However due to the chain variable residing in a register, -its value is not NULL as expected, but was reset to its -original value upon the exception (since they use setjmp()), -hence fz_drop_stream() is called with a non-NULL value. - -Marking the chain variable with fz_var() prevents the -compiler from allowing the chain variable to reside in -a register and hence its value will remain NULL and -never be reset. ---- - source/pdf/pdf-stream.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c -index baf9f0a..56592b0 100644 ---- a/source/pdf/pdf-stream.c -+++ b/source/pdf/pdf-stream.c -@@ -246,6 +246,8 @@ build_filter_chain(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_obj - pdf_obj *p; - int i, n; - -+ fz_var(chain); -+ - fz_try(ctx) - { - n = pdf_array_len(ctx, fs); --- -2.9.1 - diff --git a/mupdf-1.11-CVE-2017-15587.patch b/mupdf-1.11-CVE-2017-15587.patch deleted file mode 100644 index 0640979..0000000 --- a/mupdf-1.11-CVE-2017-15587.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 82df2631d7d0446b206ea6b434ea609b6c28b0e8 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Mon, 16 Oct 2017 13:14:25 +0200 -Subject: [PATCH] Check for integer overflow when validating new style xref - Index. - ---- - source/pdf/pdf-xref.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 66bd0ed..6292793 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0) -+ if (i0 < 0 || i1 < 0 || (i0+i1) < 0) - fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); - //if (i0 + i1 > pdf_xref_len(ctx, doc)) - // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); --- -2.9.1 - diff --git a/mupdf-1.11-openjpeg.patch b/mupdf-1.12-openjpeg.patch similarity index 59% rename from mupdf-1.11-openjpeg.patch rename to mupdf-1.12-openjpeg.patch index 5539cdb..9775b2f 100644 --- a/mupdf-1.11-openjpeg.patch +++ b/mupdf-1.12-openjpeg.patch @@ -1,8 +1,8 @@ diff --git i/source/fitz/load-jpx.c w/source/fitz/load-jpx.c -index d01de585..9934e47a 100644 +index 65699bab..800ee32c 100644 --- i/source/fitz/load-jpx.c +++ w/source/fitz/load-jpx.c -@@ -443,12 +443,15 @@ fz_load_jpx_info(fz_context *ctx, unsigned char *data, size_t size, int *wp, int +@@ -444,12 +444,15 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w } #else /* HAVE_LURATECH */ @@ -12,14 +12,14 @@ index d01de585..9934e47a 100644 +{ #define OPJ_STATIC #define OPJ_HAVE_INTTYPES_H - #if !defined(_WIN32) && !defined(_WIN64) + #if !defined(_MSC_VER) || _MSC_VER >= 1600 #define OPJ_HAVE_STDINT_H #endif +#endif #define USE_JPIP #include -@@ -920,6 +923,9 @@ fz_load_jpx_info(fz_context *ctx, unsigned char *data, size_t size, int *wp, int +@@ -931,6 +934,9 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w } #endif /* HAVE_LURATECH */ diff --git a/mupdf.spec b/mupdf.spec index 0cbab8c..a4a6e2e 100644 --- a/mupdf.spec +++ b/mupdf.spec @@ -1,20 +1,19 @@ Name: mupdf -Version: 1.11 -Release: 9%{?dist} +Version: 1.12rc1 +%global origversion 1.12-rc1 +Release: 1%{?dist} Summary: A lightweight PDF viewer and toolkit Group: Applications/Publishing License: GPLv3 URL: http://mupdf.com/ -Source0: http://mupdf.com/downloads/%{name}-%{version}-source.tar.gz +Source0: http://mupdf.com/downloads/%{name}-%{origversion}-source.tar.gz Source1: %{name}.desktop BuildRequires: gcc make binutils desktop-file-utils coreutils BuildRequires: openjpeg2-devel jbig2dec-devel desktop-file-utils BuildRequires: libjpeg-devel freetype-devel libXext-devel curl-devel BuildRequires: harfbuzz-devel -BuildRequires: glfw-devel mesa-libGL-devel -Patch0: %{name}-1.11-openjpeg.patch -Patch1: %{name}-1.11-CVE-2017-15369.patch -Patch2: %{name}-1.11-CVE-2017-15587.patch +BuildRequires: glfw-devel mesa-libGL-devel freeglut-devel +Patch0: %{name}-1.12-openjpeg.patch %description @@ -43,11 +42,9 @@ The mupdf-devel package contains header files for developing applications that use mupdf and static libraries %prep -%setup -q -n %{name}-%{version}-source +%setup -q -n %{name}-%{origversion}-source rm -rf thirdparty %patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build export XCFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK" @@ -85,6 +82,9 @@ update-desktop-database &> /dev/null || : %{_libdir}/lib%{name}*.a %changelog +* Sun Nov 26 2017 Michael J Gruber - 1.12rc1-1 +- rc test + * Sat Nov 11 2017 Michael J Gruber - 1.11-9 - CVE-2017-15369 - CVE-2017-15587 diff --git a/sources b/sources index 103e2b0..faa4bfd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (mupdf-1.11-source.tar.gz) = 501670f540e298a8126806ebbd9db8b29866f663b7bbf26c9ade1933e42f0c00ad410b9d93f3ddbfb3e45c38722869095de28d832fe3fb3703c55cc9a01dbf63 +SHA512 (mupdf-1.12-rc1-source.tar.gz) = 12b232224b2a73794e3a70270b3dd3d6cdb51400c8ec421f2d96436ec5f221f567634851a9892e60a3fe39d74def6f2c666e301fa6f40c4f28e6a26b5dd5deb6