[arch-commits] Commit in mupdf/trunk (5 files)
Christian Hesse
eworm at archlinux.org
Wed Nov 1 21:36:37 UTC 2017
Date: Wednesday, November 1, 2017 @ 21:36:37
Author: eworm
Revision: 265068
upgpkg: mupdf 1.11-5
fix CVE CVE-2017-14685 [0][1], CVE-2017-14686 [2][3], CVE-2017-14687 [4][5] and CVE-2017-15587 [6][7]
[0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
[1] http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
[3] http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
[5] http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
[6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
[7] http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
Added:
mupdf/trunk/0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch
mupdf/trunk/0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch
mupdf/trunk/0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch
mupdf/trunk/0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch
Modified:
mupdf/trunk/PKGBUILD
----------------------------------------------------------------------------+
0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch | 122 ++++++++++
0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch | 26 ++
0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch | 25 ++
0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch | 26 ++
PKGBUILD | 26 ++
5 files changed, 224 insertions(+), 1 deletion(-)
Added: 0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch
===================================================================
--- 0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch (rev 0)
+++ 0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch 2017-11-01 21:36:37 UTC (rev 265068)
@@ -0,0 +1,122 @@
+From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson at artifex.com>
+Date: Tue, 19 Sep 2017 17:17:12 +0200
+Subject: Fix 698558: Handle non-tags in tag name comparisons.
+
+Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
+---
+ source/html/css-apply.c | 2 +-
+ source/svg/svg-run.c | 2 +-
+ source/xps/xps-common.c | 6 +++---
+ source/xps/xps-glyphs.c | 2 +-
+ source/xps/xps-path.c | 4 ++--
+ source/xps/xps-resource.c | 2 +-
+ 6 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/source/html/css-apply.c b/source/html/css-apply.c
+index de554908..6a91df0d 100644
+--- a/source/html/css-apply.c
++++ b/source/html/css-apply.c
+@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
+
+ if (sel->name)
+ {
+- if (strcmp(sel->name, fz_xml_tag(node)))
++ if (!fz_xml_is_tag(node, sel->name))
+ return 0;
+ }
+
+diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
+index f974c675..5302c640 100644
+--- a/source/svg/svg-run.c
++++ b/source/svg/svg-run.c
+@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
+ fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
+ if (linked)
+ {
+- if (!strcmp(fz_xml_tag(linked), "symbol"))
++ if (fz_xml_is_tag(linked, "symbol"))
+ svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
+ else
+ svg_run_element(ctx, dev, doc, linked, &local_state);
+diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
+index cc7fed94..f2f9b93c 100644
+--- a/source/xps/xps-common.c
++++ b/source/xps/xps-common.c
+@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
+ else if (fz_xml_is_tag(node, "RadialGradientBrush"))
+ xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
+ else
+- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
++ fz_warn(ctx, "unknown brush tag");
+ }
+
+ void
+@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
+ if (opacity_att)
+ opacity = fz_atof(opacity_att);
+
+- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
++ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
+ {
+ char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
+ char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
+@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
+
+ if (opacity_mask_tag)
+ {
+- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
++ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
+ fz_pop_clip(ctx, dev);
+ }
+ }
+diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
+index 29dc5b39..5b26d780 100644
+--- a/source/xps/xps-glyphs.c
++++ b/source/xps/xps-glyphs.c
+@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
+
+ /* If it's a solid color brush fill/stroke do a simple fill */
+
+- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
++ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
+ {
+ fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
+ fill_att = fz_xml_att(fill_tag, "Color");
+diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
+index 6faeb0ca..021d2021 100644
+--- a/source/xps/xps-path.c
++++ b/source/xps/xps-path.c
+@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
+ if (!data_att && !data_tag)
+ return;
+
+- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
++ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
+ {
+ fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
+ fill_att = fz_xml_att(fill_tag, "Color");
+ fill_tag = NULL;
+ }
+
+- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
++ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
+ {
+ stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
+ stroke_att = fz_xml_att(stroke_tag, "Color");
+diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
+index c2292e60..8e81ab83 100644
+--- a/source/xps/xps-resource.c
++++ b/source/xps/xps-resource.c
+@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
+ if (!xml)
+ return NULL;
+
+- if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
++ if (!fz_xml_is_tag(xml, "ResourceDictionary"))
+ {
+ fz_drop_xml(ctx, xml);
+ fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
+--
+cgit v1.1-22-g1649
+
Added: 0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch
===================================================================
--- 0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch (rev 0)
+++ 0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch 2017-11-01 21:36:37 UTC (rev 265068)
@@ -0,0 +1,26 @@
+From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson at artifex.com>
+Date: Tue, 19 Sep 2017 15:23:04 +0200
+Subject: Fix 698539: Don't use xps font if it could not be loaded.
+
+xps_load_links_in_glyphs did not cope with font loading failures.
+---
+ source/xps/xps-link.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
+index c07e0d76..c26a8d99 100644
+--- a/source/xps/xps-link.c
++++ b/source/xps/xps-link.c
+@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
+ bidi_level = atoi(bidi_level_att);
+
+ font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
++ if (!font)
++ return;
+ text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
+ fz_atof(origin_x_att), fz_atof(origin_y_att),
+ is_sideways, bidi_level, indices_att, unicode_att);
+--
+cgit v1.1-22-g1649
+
Added: 0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch
===================================================================
--- 0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch (rev 0)
+++ 0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch 2017-11-01 21:36:37 UTC (rev 265068)
@@ -0,0 +1,25 @@
+From 82df2631d7d0446b206ea6b434ea609b6c28b0e8 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson at artifex.com>
+Date: Mon, 16 Oct 2017 13:14:25 +0200
+Subject: Check for integer overflow when validating new style xref Index.
+
+---
+ source/pdf/pdf-xref.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 66bd0ed8..62927936 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
+ pdf_xref_entry *table;
+ int i, n;
+
+- if (i0 < 0 || i1 < 0)
++ if (i0 < 0 || i1 < 0 || (i0+i1) < 0)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
+ //if (i0 + i1 > pdf_xref_len(ctx, doc))
+ // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
+--
+cgit v1.1-22-g1649
+
Added: 0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch
===================================================================
--- 0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch (rev 0)
+++ 0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch 2017-11-01 21:36:37 UTC (rev 265068)
@@ -0,0 +1,26 @@
+From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson at artifex.com>
+Date: Tue, 19 Sep 2017 16:33:38 +0200
+Subject: Fix 698540: Check name, comment and meta size field signs.
+
+---
+ source/fitz/unzip.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
+index f2d4f322..0bcce0fd 100644
+--- a/source/fitz/unzip.c
++++ b/source/fitz/unzip.c
+@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
+ (void) fz_read_int32_le(ctx, file); /* ext file atts */
+ offset = fz_read_int32_le(ctx, file);
+
++ if (namesize < 0 || metasize < 0 || commentsize < 0)
++ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
++
+ name = fz_malloc(ctx, namesize + 1);
+ n = fz_read(ctx, file, (unsigned char*)name, namesize);
+ if (n < (size_t)namesize)
+--
+cgit v1.1-22-g1649
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-11-01 21:31:20 UTC (rev 265067)
+++ PKGBUILD 2017-11-01 21:36:37 UTC (rev 265068)
@@ -9,7 +9,7 @@
pkgbase=mupdf
pkgname=(libmupdf mupdf mupdf-gl mupdf-tools)
pkgver=1.11
-pkgrel=4
+pkgrel=5
_openjpeg_version=2.3
pkgdesc='Lightweight PDF and XPS viewer'
arch=('i686' 'x86_64')
@@ -21,10 +21,18 @@
options=('staticlibs')
source=("https://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz"
'0001-mupdf-openjpeg.patch'
+ '0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch'
+ '0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch'
+ '0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch'
+ '0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch'
'mupdf.desktop'
'mupdf.xpm')
sha256sums=('209474a80c56a035ce3f4958a63373a96fad75c927c7b1acdc553fc85855f00a'
'e87b0911121753ab24758a8c2bd533abe347b425f0681e84c945a225c62c63be'
+ 'cafea4a393cc9b15fe260e8f6238c6d8fff9e5cc849ffe5f5183f9d2798fbbd9'
+ '9abcaf5d2399ea67e877bc227eaea7aac9b0d4b6b635466940832eeedb2b37a1'
+ '9ccc6886352160e5bb7d7434bb49c4a0042f616cae0ae3e613636f709bb3b8df'
+ '69d3227aff15051b71c6d873a042a298e02b79ee2f0d71b7eb304e0c1717f459'
'70f632e22902ad4224b1d88696702b3ba4eb3c28eb7acf735f06d16e6884a078'
'a435f44425f5432c074dee745d8fbaeb879038ec1f1ec64f037c74662f09aca8')
@@ -43,6 +51,22 @@
# this does not build with openssl 1.1.0, so disable checks
sed -i 's/pkg-config --exists \(libcrypto\|openssl\)/false/' Makerules
+
+ # 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
+ # Fix 698558: Handle non-tags in tag name comparisons.
+ patch -Np1 < "${srcdir}"/'0002-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch'
+
+ # ab1a420613dec93c686acbee2c165274e922f82a
+ # Fix 698539: Don't use xps font if it could not be loaded.
+ patch -Np1 < "${srcdir}"/'0003-Fix-698539-Do-not-use-xps-font-if-it-could-not-be-loaded.patch'
+
+ # 82df2631d7d0446b206ea6b434ea609b6c28b0e8
+ # Check for integer overflow when validating new style xref Index.
+ patch -Np1 < "${srcdir}"/'0004-Check-for-integer-overflow-when-validating-new-style-xref-Index.patch'
+
+ # 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
+ # Fix 698540: Check name, comment and meta size field signs.
+ patch -Np1 < "${srcdir}"/'0005-Fix-698540-Check-name-comment-and-meta-size-field-signs.patch'
}
build() {
More information about the arch-commits
mailing list