[arch-commits] Commit in mupdf/repos (14 files)
Bartłomiej Piotrowski
bpiotrowski at nymeria.archlinux.org
Thu Jan 30 18:29:49 UTC 2014
Date: Thursday, January 30, 2014 @ 19:29:49
Author: bpiotrowski
Revision: 105051
archrelease: copy trunk to community-i686, community-x86_64
Added:
mupdf/repos/community-i686/PKGBUILD
(from rev 105050, mupdf/trunk/PKGBUILD)
mupdf/repos/community-i686/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch
(from rev 105050, mupdf/trunk/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch)
mupdf/repos/community-i686/mupdf-1.3-system-libcurl.patch
(from rev 105050, mupdf/trunk/mupdf-1.3-system-libcurl.patch)
mupdf/repos/community-i686/mupdf.install
(from rev 105050, mupdf/trunk/mupdf.install)
mupdf/repos/community-x86_64/PKGBUILD
(from rev 105050, mupdf/trunk/PKGBUILD)
mupdf/repos/community-x86_64/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch
(from rev 105050, mupdf/trunk/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch)
mupdf/repos/community-x86_64/mupdf-1.3-system-libcurl.patch
(from rev 105050, mupdf/trunk/mupdf-1.3-system-libcurl.patch)
mupdf/repos/community-x86_64/mupdf.install
(from rev 105050, mupdf/trunk/mupdf.install)
Deleted:
mupdf/repos/community-i686/PKGBUILD
mupdf/repos/community-i686/mupdf-1.3-system-libcurl.patch
mupdf/repos/community-i686/mupdf.install
mupdf/repos/community-x86_64/PKGBUILD
mupdf/repos/community-x86_64/mupdf-1.3-system-libcurl.patch
mupdf/repos/community-x86_64/mupdf.install
---------------------------------------------------------------------------+
/PKGBUILD | 124 +++++++++
/mupdf-1.3-system-libcurl.patch | 42 +++
/mupdf.install | 24 +
community-i686/PKGBUILD | 56 ----
community-i686/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch | 135 ++++++++++
community-i686/mupdf-1.3-system-libcurl.patch | 21 -
community-i686/mupdf.install | 12
community-x86_64/PKGBUILD | 56 ----
community-x86_64/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch | 135 ++++++++++
community-x86_64/mupdf-1.3-system-libcurl.patch | 21 -
community-x86_64/mupdf.install | 12
11 files changed, 460 insertions(+), 178 deletions(-)
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2014-01-30 18:29:37 UTC (rev 105050)
+++ community-i686/PKGBUILD 2014-01-30 18:29:49 UTC (rev 105051)
@@ -1,56 +0,0 @@
-# $Id$
-# Maintainer: Bartłomiej Piotrowski <nospam at bpiotrowski.pl>
-# Contributor: Brad Fanella <bradfanella at archlinux.us>
-# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
-# Contributor: Pierre-Paul Paquin <pierrepaulpaquin at gmail.com>
-# Contributor: xduugu
-
-pkgname=mupdf
-pkgver=1.3
-pkgrel=7
-pkgdesc='Lightweight PDF and XPS viewer'
-arch=('i686' 'x86_64')
-url='http://mupdf.com'
-license=('GPL3')
-depends=('curl' 'desktop-file-utils' 'freetype2' 'jbig2dec' 'libjpeg' 'libxext' 'openssl')
-install=mupdf.install
-options=('staticlibs')
-source=(https://mupdf.googlecode.com/files/$pkgname-$pkgver-source.tar.gz
- mupdf-1.3-system-libcurl.patch)
-sha256sums=('aba8b31bee9cc0a16abedab5e31c81c65996cba5591e62a50a79bea2a63d4478'
- '41a3b6df736f971e91c066e73afac286eec8fa37af244a55df52e8b173646f42')
-
-prepare() {
- cd $pkgname-$pkgver-source
- rm -rf thirdparty/{curl,freetype,jpeg,zlib,jbig2dec}
- patch -Np1 -i ../mupdf-1.3-system-libcurl.patch
-}
-
-build() {
- CFLAGS+=' -fPIC'
- CXXFLAGS+=' -fPIC'
-
- cd $pkgname-$pkgver-source
- make build=release CURL_LIBS='-lcurl -lpthread'
-}
-
-package() {
- cd $pkgname-$pkgver-source
- make build=release prefix="$pkgdir"/usr install
-
- mv "$pkgdir"/usr/bin/mupdf-x11-curl "$pkgdir"/usr/bin/mupdf
- rm "$pkgdir"/usr/bin/mupdf-x11
-
- cd platform/debian
- sed -i -e 's/mupdf.xpm/mupdf/' \
- -e 's/application\/x-pdf/application\/x-pdf/' \
- -e 's/mupdf-select-file/mupdf/' \
- -e 's/^$/NoDisplay=true/' \
- mupdf.desktop
- install -Dm644 mupdf.desktop "$pkgdir"/usr/share/applications/mupdf.desktop
- install -Dm644 mupdf.xpm "$pkgdir"/usr/share/pixmaps/mupdf.xpm
-
- find "$pkgdir"/usr/include \
- "$pkgdir"/usr/share \
- "$pkgdir"/usr/lib -type f | xargs chmod -v 0644
-}
Copied: mupdf/repos/community-i686/PKGBUILD (from rev 105050, mupdf/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,62 @@
+# $Id$
+# Maintainer: Bartłomiej Piotrowski <nospam at bpiotrowski.pl>
+# Contributor: Brad Fanella <bradfanella at archlinux.us>
+# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
+# Contributor: Pierre-Paul Paquin <pierrepaulpaquin at gmail.com>
+# Contributor: xduugu
+
+pkgname=mupdf
+pkgver=1.3
+pkgrel=8
+pkgdesc='Lightweight PDF and XPS viewer'
+arch=('i686' 'x86_64')
+url='http://mupdf.com'
+license=('GPL3')
+depends=('curl' 'desktop-file-utils' 'freetype2' 'jbig2dec' 'libjpeg' 'libxext'
+ 'openssl')
+install=mupdf.install
+options=('staticlibs')
+source=(https://mupdf.googlecode.com/files/$pkgname-$pkgver-source.tar.gz
+ mupdf-1.3-system-libcurl.patch
+ mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch)
+md5sums=('fe53c2a56ebd7759f5f965bc4ff66359'
+ '6d11387e9bb9897f6f1ecc3956f8e2d4'
+ 'f4d785b28f711e12d4a078ce9b3ed8f5')
+
+prepare() {
+ cd $pkgname-$pkgver-source
+ rm -rf thirdparty/{curl,freetype,jpeg,zlib,jbig2dec}
+ patch -p1 -i ../mupdf-1.3-system-libcurl.patch
+ patch -p1 -i ../mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch
+
+ cd platform/debian
+ sed -i -e 's/mupdf.xpm/mupdf/' \
+ -e 's/application\/x-pdf/application\/x-pdf/' \
+ -e 's/mupdf-select-file/mupdf/' \
+ -e 's/^$/NoDisplay=true/' \
+ mupdf.desktop
+}
+
+build() {
+ CFLAGS+=' -fPIC'
+ CXXFLAGS+=' -fPIC'
+
+ cd $pkgname-$pkgver-source
+ make build=release CURL_LIBS='-lcurl -lpthread'
+}
+
+package() {
+ cd $pkgname-$pkgver-source
+ make build=release prefix="$pkgdir"/usr install
+
+ mv "$pkgdir"/usr/bin/mupdf-x11-curl "$pkgdir"/usr/bin/mupdf
+ rm "$pkgdir"/usr/bin/mupdf-x11
+
+ cd platform/debian
+ install -Dm644 mupdf.desktop "$pkgdir"/usr/share/applications/mupdf.desktop
+ install -Dm644 mupdf.xpm "$pkgdir"/usr/share/pixmaps/mupdf.xpm
+
+ find "$pkgdir"/usr/include \
+ "$pkgdir"/usr/share \
+ "$pkgdir"/usr/lib -type f | xargs chmod -v 0644
+}
Copied: mupdf/repos/community-i686/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch (from rev 105050, mupdf/trunk/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch)
===================================================================
--- community-i686/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch (rev 0)
+++ community-i686/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,135 @@
+From 60dabde18d7fe12b19da8b509bdfee9cc886aafc Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Simon=20B=C3=BCnzli?= <zeniko at gmail.com>
+Date: Thu, 16 Jan 2014 22:04:51 +0100
+Subject: [PATCH] Bug 694957: fix stack buffer overflow in xps_parse_color
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+xps_parse_color happily reads more than FZ_MAX_COLORS values out of a
+ContextColor array which overflows the passed in samples array.
+Limiting the number of allowed samples to FZ_MAX_COLORS and make sure
+to use that constant for all callers fixes the problem.
+
+Thanks to Jean-Jamil Khalifé for reporting and investigating the issue
+and providing a sample exploit file.
+---
+ source/xps/xps-common.c | 22 ++++++++++++++--------
+ source/xps/xps-glyphs.c | 2 +-
+ source/xps/xps-gradient.c | 2 +-
+ source/xps/xps-path.c | 2 +-
+ 4 files changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
+index b780f42..32a30ba 100644
+--- a/source/xps/xps-common.c
++++ b/source/xps/xps-common.c
+@@ -89,7 +89,7 @@ xps_begin_opacity(xps_document *doc, const fz_matrix *ctm, const fz_rect *area,
+ if (scb_color_att)
+ {
+ fz_colorspace *colorspace;
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples);
+ opacity = opacity * samples[0];
+ }
+@@ -208,12 +208,13 @@ void
+ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ fz_colorspace **csp, float *samples)
+ {
++ fz_context *ctx = doc->ctx;
+ char *p;
+ int i, n;
+ char buf[1024];
+ char *profile;
+
+- *csp = fz_device_rgb(doc->ctx);
++ *csp = fz_device_rgb(ctx);
+
+ samples[0] = 1;
+ samples[1] = 0;
+@@ -259,7 +260,7 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ profile = strchr(buf, ' ');
+ if (!profile)
+ {
+- fz_warn(doc->ctx, "cannot find icc profile uri in '%s'", string);
++ fz_warn(ctx, "cannot find icc profile uri in '%s'", string);
+ return;
+ }
+
+@@ -267,12 +268,17 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ p = strchr(profile, ' ');
+ if (!p)
+ {
+- fz_warn(doc->ctx, "cannot find component values in '%s'", profile);
++ fz_warn(ctx, "cannot find component values in '%s'", profile);
+ return;
+ }
+
+ *p++ = 0;
+ n = count_commas(p) + 1;
++ if (n > FZ_MAX_COLORS)
++ {
++ fz_warn(ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS);
++ n = FZ_MAX_COLORS;
++ }
+ i = 0;
+ while (i < n)
+ {
+@@ -292,10 +298,10 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ /* TODO: load ICC profile */
+ switch (n)
+ {
+- case 2: *csp = fz_device_gray(doc->ctx); break;
+- case 4: *csp = fz_device_rgb(doc->ctx); break;
+- case 5: *csp = fz_device_cmyk(doc->ctx); break;
+- default: *csp = fz_device_gray(doc->ctx); break;
++ case 2: *csp = fz_device_gray(ctx); break;
++ case 4: *csp = fz_device_rgb(ctx); break;
++ case 5: *csp = fz_device_cmyk(ctx); break;
++ default: *csp = fz_device_gray(ctx); break;
+ }
+ }
+ }
+diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
+index b26e18d..e621257 100644
+--- a/source/xps/xps-glyphs.c
++++ b/source/xps/xps-glyphs.c
+@@ -590,7 +590,7 @@ xps_parse_glyphs(xps_document *doc, const fz_matrix *ctm,
+
+ if (fill_att)
+ {
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ fz_colorspace *colorspace;
+
+ xps_parse_color(doc, base_uri, fill_att, &colorspace, samples);
+diff --git a/source/xps/xps-gradient.c b/source/xps/xps-gradient.c
+index 7d03f89..76188e9 100644
+--- a/source/xps/xps-gradient.c
++++ b/source/xps/xps-gradient.c
+@@ -39,7 +39,7 @@ xps_parse_gradient_stops(xps_document *doc, char *base_uri, fz_xml *node,
+ struct stop *stops, int maxcount)
+ {
+ fz_colorspace *colorspace;
+- float sample[8];
++ float sample[FZ_MAX_COLORS];
+ float rgb[3];
+ int before, after;
+ int count;
+diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
+index b97ee17..ea84a81 100644
+--- a/source/xps/xps-path.c
++++ b/source/xps/xps-path.c
+@@ -826,7 +826,7 @@ xps_parse_path(xps_document *doc, const fz_matrix *ctm, char *base_uri, xps_reso
+
+ fz_stroke_state *stroke = NULL;
+ fz_matrix transform;
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ fz_colorspace *colorspace;
+ fz_path *path = NULL;
+ fz_path *stroke_path = NULL;
+--
+1.7.9.5
+
Deleted: community-i686/mupdf-1.3-system-libcurl.patch
===================================================================
--- community-i686/mupdf-1.3-system-libcurl.patch 2014-01-30 18:29:37 UTC (rev 105050)
+++ community-i686/mupdf-1.3-system-libcurl.patch 2014-01-30 18:29:49 UTC (rev 105051)
@@ -1,21 +0,0 @@
---- a/Makerules 2013-08-27 14:35:11.243520354 +0000
-+++ b/Makerules 2013-08-27 15:40:22.583629510 +0000
-@@ -67,6 +67,8 @@
- SYS_JBIG2DEC_LIBS = -ljbig2dec
- SYS_JPEG_LIBS = -ljpeg
- SYS_ZLIB_LIBS = -lz
-+SYS_CURL_CFLAGS = $(shell pkg-config --cflags libcurl) -I/usr/include/curl
-+SYS_CURL_LIBS = $(shell pkg-config --libs libcurl)
-
- endif
-
---- a/Makethird 2013-08-27 15:41:18.043354692 +0000
-+++ b/Makethird 2013-08-27 15:42:41.332916192 +0000
-@@ -444,5 +444,6 @@
- CURL_CFLAGS := -I$(CURL_DIR)/include
- CURL_LIBS := $(SYS_CURL_DEPS)
- else
--NOCURL := yes
-+CURL_CFLAGS := $(SYS_CURL_CFLAGS)
-+CURL_LIBS := $(SYS_CURL_LIBS) $(SYS_CURL_DEPS)
- endif
Copied: mupdf/repos/community-i686/mupdf-1.3-system-libcurl.patch (from rev 105050, mupdf/trunk/mupdf-1.3-system-libcurl.patch)
===================================================================
--- community-i686/mupdf-1.3-system-libcurl.patch (rev 0)
+++ community-i686/mupdf-1.3-system-libcurl.patch 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,21 @@
+--- a/Makerules 2013-08-27 14:35:11.243520354 +0000
++++ b/Makerules 2013-08-27 15:40:22.583629510 +0000
+@@ -67,6 +67,8 @@
+ SYS_JBIG2DEC_LIBS = -ljbig2dec
+ SYS_JPEG_LIBS = -ljpeg
+ SYS_ZLIB_LIBS = -lz
++SYS_CURL_CFLAGS = $(shell pkg-config --cflags libcurl) -I/usr/include/curl
++SYS_CURL_LIBS = $(shell pkg-config --libs libcurl)
+
+ endif
+
+--- a/Makethird 2013-08-27 15:41:18.043354692 +0000
++++ b/Makethird 2013-08-27 15:42:41.332916192 +0000
+@@ -444,5 +444,6 @@
+ CURL_CFLAGS := -I$(CURL_DIR)/include
+ CURL_LIBS := $(SYS_CURL_DEPS)
+ else
+-NOCURL := yes
++CURL_CFLAGS := $(SYS_CURL_CFLAGS)
++CURL_LIBS := $(SYS_CURL_LIBS) $(SYS_CURL_DEPS)
+ endif
Deleted: community-i686/mupdf.install
===================================================================
--- community-i686/mupdf.install 2014-01-30 18:29:37 UTC (rev 105050)
+++ community-i686/mupdf.install 2014-01-30 18:29:49 UTC (rev 105051)
@@ -1,12 +0,0 @@
-post_install() {
- update-desktop-database -q
-}
-
-post_upgrade() {
- post_install
-}
-
-post_remove() {
- post_install
-}
-
Copied: mupdf/repos/community-i686/mupdf.install (from rev 105050, mupdf/trunk/mupdf.install)
===================================================================
--- community-i686/mupdf.install (rev 0)
+++ community-i686/mupdf.install 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,12 @@
+post_install() {
+ update-desktop-database -q
+}
+
+post_upgrade() {
+ post_install
+}
+
+post_remove() {
+ post_install
+}
+
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2014-01-30 18:29:37 UTC (rev 105050)
+++ community-x86_64/PKGBUILD 2014-01-30 18:29:49 UTC (rev 105051)
@@ -1,56 +0,0 @@
-# $Id$
-# Maintainer: Bartłomiej Piotrowski <nospam at bpiotrowski.pl>
-# Contributor: Brad Fanella <bradfanella at archlinux.us>
-# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
-# Contributor: Pierre-Paul Paquin <pierrepaulpaquin at gmail.com>
-# Contributor: xduugu
-
-pkgname=mupdf
-pkgver=1.3
-pkgrel=7
-pkgdesc='Lightweight PDF and XPS viewer'
-arch=('i686' 'x86_64')
-url='http://mupdf.com'
-license=('GPL3')
-depends=('curl' 'desktop-file-utils' 'freetype2' 'jbig2dec' 'libjpeg' 'libxext' 'openssl')
-install=mupdf.install
-options=('staticlibs')
-source=(https://mupdf.googlecode.com/files/$pkgname-$pkgver-source.tar.gz
- mupdf-1.3-system-libcurl.patch)
-sha256sums=('aba8b31bee9cc0a16abedab5e31c81c65996cba5591e62a50a79bea2a63d4478'
- '41a3b6df736f971e91c066e73afac286eec8fa37af244a55df52e8b173646f42')
-
-prepare() {
- cd $pkgname-$pkgver-source
- rm -rf thirdparty/{curl,freetype,jpeg,zlib,jbig2dec}
- patch -Np1 -i ../mupdf-1.3-system-libcurl.patch
-}
-
-build() {
- CFLAGS+=' -fPIC'
- CXXFLAGS+=' -fPIC'
-
- cd $pkgname-$pkgver-source
- make build=release CURL_LIBS='-lcurl -lpthread'
-}
-
-package() {
- cd $pkgname-$pkgver-source
- make build=release prefix="$pkgdir"/usr install
-
- mv "$pkgdir"/usr/bin/mupdf-x11-curl "$pkgdir"/usr/bin/mupdf
- rm "$pkgdir"/usr/bin/mupdf-x11
-
- cd platform/debian
- sed -i -e 's/mupdf.xpm/mupdf/' \
- -e 's/application\/x-pdf/application\/x-pdf/' \
- -e 's/mupdf-select-file/mupdf/' \
- -e 's/^$/NoDisplay=true/' \
- mupdf.desktop
- install -Dm644 mupdf.desktop "$pkgdir"/usr/share/applications/mupdf.desktop
- install -Dm644 mupdf.xpm "$pkgdir"/usr/share/pixmaps/mupdf.xpm
-
- find "$pkgdir"/usr/include \
- "$pkgdir"/usr/share \
- "$pkgdir"/usr/lib -type f | xargs chmod -v 0644
-}
Copied: mupdf/repos/community-x86_64/PKGBUILD (from rev 105050, mupdf/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,62 @@
+# $Id$
+# Maintainer: Bartłomiej Piotrowski <nospam at bpiotrowski.pl>
+# Contributor: Brad Fanella <bradfanella at archlinux.us>
+# Contributor: Stefan Husmann <stefan-husmann at t-online.de>
+# Contributor: Pierre-Paul Paquin <pierrepaulpaquin at gmail.com>
+# Contributor: xduugu
+
+pkgname=mupdf
+pkgver=1.3
+pkgrel=8
+pkgdesc='Lightweight PDF and XPS viewer'
+arch=('i686' 'x86_64')
+url='http://mupdf.com'
+license=('GPL3')
+depends=('curl' 'desktop-file-utils' 'freetype2' 'jbig2dec' 'libjpeg' 'libxext'
+ 'openssl')
+install=mupdf.install
+options=('staticlibs')
+source=(https://mupdf.googlecode.com/files/$pkgname-$pkgver-source.tar.gz
+ mupdf-1.3-system-libcurl.patch
+ mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch)
+md5sums=('fe53c2a56ebd7759f5f965bc4ff66359'
+ '6d11387e9bb9897f6f1ecc3956f8e2d4'
+ 'f4d785b28f711e12d4a078ce9b3ed8f5')
+
+prepare() {
+ cd $pkgname-$pkgver-source
+ rm -rf thirdparty/{curl,freetype,jpeg,zlib,jbig2dec}
+ patch -p1 -i ../mupdf-1.3-system-libcurl.patch
+ patch -p1 -i ../mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch
+
+ cd platform/debian
+ sed -i -e 's/mupdf.xpm/mupdf/' \
+ -e 's/application\/x-pdf/application\/x-pdf/' \
+ -e 's/mupdf-select-file/mupdf/' \
+ -e 's/^$/NoDisplay=true/' \
+ mupdf.desktop
+}
+
+build() {
+ CFLAGS+=' -fPIC'
+ CXXFLAGS+=' -fPIC'
+
+ cd $pkgname-$pkgver-source
+ make build=release CURL_LIBS='-lcurl -lpthread'
+}
+
+package() {
+ cd $pkgname-$pkgver-source
+ make build=release prefix="$pkgdir"/usr install
+
+ mv "$pkgdir"/usr/bin/mupdf-x11-curl "$pkgdir"/usr/bin/mupdf
+ rm "$pkgdir"/usr/bin/mupdf-x11
+
+ cd platform/debian
+ install -Dm644 mupdf.desktop "$pkgdir"/usr/share/applications/mupdf.desktop
+ install -Dm644 mupdf.xpm "$pkgdir"/usr/share/pixmaps/mupdf.xpm
+
+ find "$pkgdir"/usr/include \
+ "$pkgdir"/usr/share \
+ "$pkgdir"/usr/lib -type f | xargs chmod -v 0644
+}
Copied: mupdf/repos/community-x86_64/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch (from rev 105050, mupdf/trunk/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch)
===================================================================
--- community-x86_64/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch (rev 0)
+++ community-x86_64/mupdf-1.3-stack-buffer-overflow-in-xps_parse_color.patch 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,135 @@
+From 60dabde18d7fe12b19da8b509bdfee9cc886aafc Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Simon=20B=C3=BCnzli?= <zeniko at gmail.com>
+Date: Thu, 16 Jan 2014 22:04:51 +0100
+Subject: [PATCH] Bug 694957: fix stack buffer overflow in xps_parse_color
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+xps_parse_color happily reads more than FZ_MAX_COLORS values out of a
+ContextColor array which overflows the passed in samples array.
+Limiting the number of allowed samples to FZ_MAX_COLORS and make sure
+to use that constant for all callers fixes the problem.
+
+Thanks to Jean-Jamil Khalifé for reporting and investigating the issue
+and providing a sample exploit file.
+---
+ source/xps/xps-common.c | 22 ++++++++++++++--------
+ source/xps/xps-glyphs.c | 2 +-
+ source/xps/xps-gradient.c | 2 +-
+ source/xps/xps-path.c | 2 +-
+ 4 files changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
+index b780f42..32a30ba 100644
+--- a/source/xps/xps-common.c
++++ b/source/xps/xps-common.c
+@@ -89,7 +89,7 @@ xps_begin_opacity(xps_document *doc, const fz_matrix *ctm, const fz_rect *area,
+ if (scb_color_att)
+ {
+ fz_colorspace *colorspace;
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples);
+ opacity = opacity * samples[0];
+ }
+@@ -208,12 +208,13 @@ void
+ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ fz_colorspace **csp, float *samples)
+ {
++ fz_context *ctx = doc->ctx;
+ char *p;
+ int i, n;
+ char buf[1024];
+ char *profile;
+
+- *csp = fz_device_rgb(doc->ctx);
++ *csp = fz_device_rgb(ctx);
+
+ samples[0] = 1;
+ samples[1] = 0;
+@@ -259,7 +260,7 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ profile = strchr(buf, ' ');
+ if (!profile)
+ {
+- fz_warn(doc->ctx, "cannot find icc profile uri in '%s'", string);
++ fz_warn(ctx, "cannot find icc profile uri in '%s'", string);
+ return;
+ }
+
+@@ -267,12 +268,17 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ p = strchr(profile, ' ');
+ if (!p)
+ {
+- fz_warn(doc->ctx, "cannot find component values in '%s'", profile);
++ fz_warn(ctx, "cannot find component values in '%s'", profile);
+ return;
+ }
+
+ *p++ = 0;
+ n = count_commas(p) + 1;
++ if (n > FZ_MAX_COLORS)
++ {
++ fz_warn(ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS);
++ n = FZ_MAX_COLORS;
++ }
+ i = 0;
+ while (i < n)
+ {
+@@ -292,10 +298,10 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ /* TODO: load ICC profile */
+ switch (n)
+ {
+- case 2: *csp = fz_device_gray(doc->ctx); break;
+- case 4: *csp = fz_device_rgb(doc->ctx); break;
+- case 5: *csp = fz_device_cmyk(doc->ctx); break;
+- default: *csp = fz_device_gray(doc->ctx); break;
++ case 2: *csp = fz_device_gray(ctx); break;
++ case 4: *csp = fz_device_rgb(ctx); break;
++ case 5: *csp = fz_device_cmyk(ctx); break;
++ default: *csp = fz_device_gray(ctx); break;
+ }
+ }
+ }
+diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
+index b26e18d..e621257 100644
+--- a/source/xps/xps-glyphs.c
++++ b/source/xps/xps-glyphs.c
+@@ -590,7 +590,7 @@ xps_parse_glyphs(xps_document *doc, const fz_matrix *ctm,
+
+ if (fill_att)
+ {
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ fz_colorspace *colorspace;
+
+ xps_parse_color(doc, base_uri, fill_att, &colorspace, samples);
+diff --git a/source/xps/xps-gradient.c b/source/xps/xps-gradient.c
+index 7d03f89..76188e9 100644
+--- a/source/xps/xps-gradient.c
++++ b/source/xps/xps-gradient.c
+@@ -39,7 +39,7 @@ xps_parse_gradient_stops(xps_document *doc, char *base_uri, fz_xml *node,
+ struct stop *stops, int maxcount)
+ {
+ fz_colorspace *colorspace;
+- float sample[8];
++ float sample[FZ_MAX_COLORS];
+ float rgb[3];
+ int before, after;
+ int count;
+diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
+index b97ee17..ea84a81 100644
+--- a/source/xps/xps-path.c
++++ b/source/xps/xps-path.c
+@@ -826,7 +826,7 @@ xps_parse_path(xps_document *doc, const fz_matrix *ctm, char *base_uri, xps_reso
+
+ fz_stroke_state *stroke = NULL;
+ fz_matrix transform;
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ fz_colorspace *colorspace;
+ fz_path *path = NULL;
+ fz_path *stroke_path = NULL;
+--
+1.7.9.5
+
Deleted: community-x86_64/mupdf-1.3-system-libcurl.patch
===================================================================
--- community-x86_64/mupdf-1.3-system-libcurl.patch 2014-01-30 18:29:37 UTC (rev 105050)
+++ community-x86_64/mupdf-1.3-system-libcurl.patch 2014-01-30 18:29:49 UTC (rev 105051)
@@ -1,21 +0,0 @@
---- a/Makerules 2013-08-27 14:35:11.243520354 +0000
-+++ b/Makerules 2013-08-27 15:40:22.583629510 +0000
-@@ -67,6 +67,8 @@
- SYS_JBIG2DEC_LIBS = -ljbig2dec
- SYS_JPEG_LIBS = -ljpeg
- SYS_ZLIB_LIBS = -lz
-+SYS_CURL_CFLAGS = $(shell pkg-config --cflags libcurl) -I/usr/include/curl
-+SYS_CURL_LIBS = $(shell pkg-config --libs libcurl)
-
- endif
-
---- a/Makethird 2013-08-27 15:41:18.043354692 +0000
-+++ b/Makethird 2013-08-27 15:42:41.332916192 +0000
-@@ -444,5 +444,6 @@
- CURL_CFLAGS := -I$(CURL_DIR)/include
- CURL_LIBS := $(SYS_CURL_DEPS)
- else
--NOCURL := yes
-+CURL_CFLAGS := $(SYS_CURL_CFLAGS)
-+CURL_LIBS := $(SYS_CURL_LIBS) $(SYS_CURL_DEPS)
- endif
Copied: mupdf/repos/community-x86_64/mupdf-1.3-system-libcurl.patch (from rev 105050, mupdf/trunk/mupdf-1.3-system-libcurl.patch)
===================================================================
--- community-x86_64/mupdf-1.3-system-libcurl.patch (rev 0)
+++ community-x86_64/mupdf-1.3-system-libcurl.patch 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,21 @@
+--- a/Makerules 2013-08-27 14:35:11.243520354 +0000
++++ b/Makerules 2013-08-27 15:40:22.583629510 +0000
+@@ -67,6 +67,8 @@
+ SYS_JBIG2DEC_LIBS = -ljbig2dec
+ SYS_JPEG_LIBS = -ljpeg
+ SYS_ZLIB_LIBS = -lz
++SYS_CURL_CFLAGS = $(shell pkg-config --cflags libcurl) -I/usr/include/curl
++SYS_CURL_LIBS = $(shell pkg-config --libs libcurl)
+
+ endif
+
+--- a/Makethird 2013-08-27 15:41:18.043354692 +0000
++++ b/Makethird 2013-08-27 15:42:41.332916192 +0000
+@@ -444,5 +444,6 @@
+ CURL_CFLAGS := -I$(CURL_DIR)/include
+ CURL_LIBS := $(SYS_CURL_DEPS)
+ else
+-NOCURL := yes
++CURL_CFLAGS := $(SYS_CURL_CFLAGS)
++CURL_LIBS := $(SYS_CURL_LIBS) $(SYS_CURL_DEPS)
+ endif
Deleted: community-x86_64/mupdf.install
===================================================================
--- community-x86_64/mupdf.install 2014-01-30 18:29:37 UTC (rev 105050)
+++ community-x86_64/mupdf.install 2014-01-30 18:29:49 UTC (rev 105051)
@@ -1,12 +0,0 @@
-post_install() {
- update-desktop-database -q
-}
-
-post_upgrade() {
- post_install
-}
-
-post_remove() {
- post_install
-}
-
Copied: mupdf/repos/community-x86_64/mupdf.install (from rev 105050, mupdf/trunk/mupdf.install)
===================================================================
--- community-x86_64/mupdf.install (rev 0)
+++ community-x86_64/mupdf.install 2014-01-30 18:29:49 UTC (rev 105051)
@@ -0,0 +1,12 @@
+post_install() {
+ update-desktop-database -q
+}
+
+post_upgrade() {
+ post_install
+}
+
+post_remove() {
+ post_install
+}
+
More information about the arch-commits
mailing list