[arch-commits] Commit in mupdf/trunk (3 files)
Christian Hesse
eworm at archlinux.org
Mon Aug 29 21:21:41 UTC 2016
Date: Monday, August 29, 2016 @ 21:21:40
Author: eworm
Revision: 187973
upgpkg: mupdf 1.9_a-4
* fix building against openjpeg2 (libopenjp2.so) 2.1.1
* fix use after free with security implications:
https://security-tracker.debian.org/tracker/CVE-2016-6265
Added:
mupdf/trunk/0001-mupdf-openjpeg.patch
Modified:
mupdf/trunk/PKGBUILD
Deleted:
mupdf/trunk/mupdf-1.5-openjpeg-2.1.0.patch
--------------------------------+
0001-mupdf-openjpeg.patch | 37 +++++++++++++++++++++++++++++++++++++
PKGBUILD | 23 ++++++++++++++++-------
mupdf-1.5-openjpeg-2.1.0.patch | 13 -------------
3 files changed, 53 insertions(+), 20 deletions(-)
Added: 0001-mupdf-openjpeg.patch
===================================================================
--- 0001-mupdf-openjpeg.patch (rev 0)
+++ 0001-mupdf-openjpeg.patch 2016-08-29 21:21:40 UTC (rev 187973)
@@ -0,0 +1,37 @@
+--- a/source/fitz/load-jpx.c
++++ b/source/fitz/load-jpx.c
+@@ -3,12 +3,17 @@
+ /* Without the definition of OPJ_STATIC, compilation fails on windows
+ * due to the use of __stdcall. We believe it is required on some
+ * linux toolchains too. */
++
++#ifdef __cplusplus
++extern "C"
++{
+ #define OPJ_STATIC
+ #ifndef _MSC_VER
+ #define OPJ_HAVE_STDINT_H
+ #endif
++#endif
+
+-#include <openjpeg.h>
++#include <openjpeg-2.1/openjpeg.h>
+
+ static void fz_opj_error_callback(const char *msg, void *client_data)
+ {
+@@ -117,7 +122,7 @@ fz_load_jpx(fz_context *ctx, unsigned ch
+ opj_stream_set_read_function(stream, fz_opj_stream_read);
+ opj_stream_set_skip_function(stream, fz_opj_stream_skip);
+ opj_stream_set_seek_function(stream, fz_opj_stream_seek);
+- opj_stream_set_user_data(stream, &sb);
++ opj_stream_set_user_data(stream, &sb, NULL);
+ /* Set the length to avoid an assert */
+ opj_stream_set_user_data_length(stream, size);
+
+@@ -247,3 +252,6 @@ fz_load_jpx(fz_context *ctx, unsigned ch
+
+ return img;
+ }
++#ifdef __cplusplus
++}
++#endif
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-08-29 18:42:21 UTC (rev 187972)
+++ PKGBUILD 2016-08-29 21:21:40 UTC (rev 187973)
@@ -9,7 +9,7 @@
pkgbase=mupdf
pkgname=(libmupdf mupdf mupdf-gl mupdf-tools)
pkgver=1.9_a
-pkgrel=3
+pkgrel=4
pkgdesc='Lightweight PDF and XPS viewer'
arch=('i686' 'x86_64')
url='http://mupdf.com'
@@ -18,12 +18,14 @@
'jbig2dec' 'libjpeg' 'mesa-libgl' 'openjpeg2' 'openssl')
# we need static libs for zathura-pdf-mupdf
options=('staticlibs')
-source=(http://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz
- mupdf-1.5-openjpeg-2.1.0.patch
- mupdf.desktop
- mupdf.xpm)
+source=("http://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz"
+ '0001-mupdf-openjpeg.patch'
+ 'mupdf-0001-bug-696941-fix-use-after-free.patch::http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=fa1936405b6a84e5c9bb440912c23d532772f958'
+ 'mupdf.desktop'
+ 'mupdf.xpm')
md5sums=('658b90788a57d858dcb069cf326e11c3'
- '8e71587ad9b86e10c9144618ab43149b'
+ 'c2d096ecd41ae26735551d01099c0a3e'
+ '5fb16881b14c686a44957ec53f7fa924'
'39b54f82a763aac54e352315a0ee9037'
'f3f35e7320bafde331250de1c99186a1')
@@ -33,8 +35,15 @@
# remove bundled packages, we want our system libraries
rm -rf thirdparty/{curl,freetype,glfw,harfbuzz,jbig2dec,jpeg,openjpeg,zlib}
- patch -p1 -i ../mupdf-1.5-openjpeg-2.1.0.patch
+ # Bug 696941: Fix use after free.
+ # CVE-2016-6265
+ # https://security-tracker.debian.org/tracker/CVE-2016-6265
+ patch -Np1 < "${srcdir}/mupdf-0001-bug-696941-fix-use-after-free.patch"
+ # fix function for openjpeg 2.1.x
+ patch -Np1 < "${srcdir}/0001-mupdf-openjpeg.patch"
+
+ # fix includes for jbig2dec
sed '/^JBIG2DEC_CFLAGS :=/s|$| -I./include/mupdf|' -i Makethird
}
Deleted: mupdf-1.5-openjpeg-2.1.0.patch
===================================================================
--- mupdf-1.5-openjpeg-2.1.0.patch 2016-08-29 18:42:21 UTC (rev 187972)
+++ mupdf-1.5-openjpeg-2.1.0.patch 2016-08-29 21:21:40 UTC (rev 187973)
@@ -1,13 +0,0 @@
-diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
-index dd7bf9e..b7c8680 100644
---- a/source/fitz/load-jpx.c
-+++ b/source/fitz/load-jpx.c
-@@ -116,7 +116,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs
- opj_stream_set_read_function(stream, fz_opj_stream_read);
- opj_stream_set_skip_function(stream, fz_opj_stream_skip);
- opj_stream_set_seek_function(stream, fz_opj_stream_seek);
-- opj_stream_set_user_data(stream, &sb);
-+ opj_stream_set_user_data(stream, &sb, NULL);
- /* Set the length to avoid an assert */
- opj_stream_set_user_data_length(stream, size);
-
More information about the arch-commits
mailing list