[arch-commits] Commit in mupdf/trunk (3 files)

Christian Hesse eworm at archlinux.org
Mon Aug 29 21:21:41 UTC 2016 

    Date: Monday, August 29, 2016 @ 21:21:40
  Author: eworm
Revision: 187973

upgpkg: mupdf 1.9_a-4

* fix building against openjpeg2 (libopenjp2.so) 2.1.1
* fix use after free with security implications:
  https://security-tracker.debian.org/tracker/CVE-2016-6265

Added:
  mupdf/trunk/0001-mupdf-openjpeg.patch
Modified:
  mupdf/trunk/PKGBUILD
Deleted:
  mupdf/trunk/mupdf-1.5-openjpeg-2.1.0.patch

--------------------------------+
 0001-mupdf-openjpeg.patch      |   37 +++++++++++++++++++++++++++++++++++++
 PKGBUILD                       |   23 ++++++++++++++++-------
 mupdf-1.5-openjpeg-2.1.0.patch |   13 -------------
 3 files changed, 53 insertions(+), 20 deletions(-)

Added: 0001-mupdf-openjpeg.patch
===================================================================
--- 0001-mupdf-openjpeg.patch	                        (rev 0)
+++ 0001-mupdf-openjpeg.patch	2016-08-29 21:21:40 UTC (rev 187973)
@@ -0,0 +1,37 @@
+--- a/source/fitz/load-jpx.c
++++ b/source/fitz/load-jpx.c
+@@ -3,12 +3,17 @@
+ /* Without the definition of OPJ_STATIC, compilation fails on windows
+  * due to the use of __stdcall. We believe it is required on some
+  * linux toolchains too. */
++
++#ifdef __cplusplus
++extern "C"
++{
+ #define OPJ_STATIC
+ #ifndef _MSC_VER
+ #define OPJ_HAVE_STDINT_H
+ #endif
++#endif
+ 
+-#include <openjpeg.h>
++#include <openjpeg-2.1/openjpeg.h>
+ 
+ static void fz_opj_error_callback(const char *msg, void *client_data)
+ {
+@@ -117,7 +122,7 @@ fz_load_jpx(fz_context *ctx, unsigned ch
+ 	opj_stream_set_read_function(stream, fz_opj_stream_read);
+ 	opj_stream_set_skip_function(stream, fz_opj_stream_skip);
+ 	opj_stream_set_seek_function(stream, fz_opj_stream_seek);
+-	opj_stream_set_user_data(stream, &sb);
++	opj_stream_set_user_data(stream, &sb, NULL);
+ 	/* Set the length to avoid an assert */
+ 	opj_stream_set_user_data_length(stream, size);
+ 
+@@ -247,3 +252,6 @@ fz_load_jpx(fz_context *ctx, unsigned ch
+ 
+ 	return img;
+ }
++#ifdef __cplusplus
++}
++#endif

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-08-29 18:42:21 UTC (rev 187972)
+++ PKGBUILD	2016-08-29 21:21:40 UTC (rev 187973)
@@ -9,7 +9,7 @@
 pkgbase=mupdf
 pkgname=(libmupdf mupdf mupdf-gl mupdf-tools)
 pkgver=1.9_a
-pkgrel=3
+pkgrel=4
 pkgdesc='Lightweight PDF and XPS viewer'
 arch=('i686' 'x86_64')
 url='http://mupdf.com'
@@ -18,12 +18,14 @@
              'jbig2dec' 'libjpeg' 'mesa-libgl' 'openjpeg2' 'openssl')
 # we need static libs for zathura-pdf-mupdf
 options=('staticlibs')
-source=(http://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz
-        mupdf-1.5-openjpeg-2.1.0.patch
-        mupdf.desktop
-	mupdf.xpm)
+source=("http://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz"
+        '0001-mupdf-openjpeg.patch'
+        'mupdf-0001-bug-696941-fix-use-after-free.patch::http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=fa1936405b6a84e5c9bb440912c23d532772f958'
+        'mupdf.desktop'
+        'mupdf.xpm')
 md5sums=('658b90788a57d858dcb069cf326e11c3'
-         '8e71587ad9b86e10c9144618ab43149b'
+         'c2d096ecd41ae26735551d01099c0a3e'
+         '5fb16881b14c686a44957ec53f7fa924'
          '39b54f82a763aac54e352315a0ee9037'
          'f3f35e7320bafde331250de1c99186a1')
 
@@ -33,8 +35,15 @@
   # remove bundled packages, we want our system libraries
   rm -rf thirdparty/{curl,freetype,glfw,harfbuzz,jbig2dec,jpeg,openjpeg,zlib}
 
-  patch -p1 -i ../mupdf-1.5-openjpeg-2.1.0.patch
+  # Bug 696941: Fix use after free.
+  # CVE-2016-6265
+  # https://security-tracker.debian.org/tracker/CVE-2016-6265
+  patch -Np1 < "${srcdir}/mupdf-0001-bug-696941-fix-use-after-free.patch"
 
+  # fix function for openjpeg 2.1.x
+  patch -Np1 < "${srcdir}/0001-mupdf-openjpeg.patch"
+
+  # fix includes for jbig2dec
   sed '/^JBIG2DEC_CFLAGS :=/s|$| -I./include/mupdf|' -i Makethird
 }
 

Deleted: mupdf-1.5-openjpeg-2.1.0.patch
===================================================================
--- mupdf-1.5-openjpeg-2.1.0.patch	2016-08-29 18:42:21 UTC (rev 187972)
+++ mupdf-1.5-openjpeg-2.1.0.patch	2016-08-29 21:21:40 UTC (rev 187973)
@@ -1,13 +0,0 @@
-diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
-index dd7bf9e..b7c8680 100644
---- a/source/fitz/load-jpx.c
-+++ b/source/fitz/load-jpx.c
-@@ -116,7 +116,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs
- 	opj_stream_set_read_function(stream, fz_opj_stream_read);
- 	opj_stream_set_skip_function(stream, fz_opj_stream_skip);
- 	opj_stream_set_seek_function(stream, fz_opj_stream_seek);
--	opj_stream_set_user_data(stream, &sb);
-+	opj_stream_set_user_data(stream, &sb, NULL);
- 	/* Set the length to avoid an assert */
- 	opj_stream_set_user_data_length(stream, size);
-

More information about the arch-commits mailing list