[arch-commits] Commit in mupdf/trunk (4 files)
Christian Hesse
eworm at archlinux.org
Mon May 7 21:52:33 UTC 2018
Date: Monday, May 7, 2018 @ 21:52:32
Author: eworm
Revision: 319472
upgpkg: mupdf 1.13.0-1
new upstream release
Modified:
mupdf/trunk/PKGBUILD
Deleted:
mupdf/trunk/0001-mupdf-openjpeg.patch
mupdf/trunk/mupdf-1.12.0-security-roundup.patch
mupdf/trunk/mupdf-CVE-2017-17858.patch
-------------------------------------+
0001-mupdf-openjpeg.patch | 35 ---------
PKGBUILD | 29 ++-----
mupdf-1.12.0-security-roundup.patch | 131 ----------------------------------
mupdf-CVE-2017-17858.patch | 101 --------------------------
4 files changed, 8 insertions(+), 288 deletions(-)
Deleted: 0001-mupdf-openjpeg.patch
===================================================================
--- 0001-mupdf-openjpeg.patch 2018-05-07 21:52:09 UTC (rev 319471)
+++ 0001-mupdf-openjpeg.patch 2018-05-07 21:52:32 UTC (rev 319472)
@@ -1,35 +0,0 @@
-diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
-index 65699ba..5f36221 100644
---- a/source/fitz/load-jpx.c
-+++ b/source/fitz/load-jpx.c
-@@ -445,14 +445,18 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
-
- #else /* HAVE_LURATECH */
-
-+#ifdef __cplusplus
-+extern "C"
-+{
- #define OPJ_STATIC
- #define OPJ_HAVE_INTTYPES_H
- #if !defined(_MSC_VER) || _MSC_VER >= 1600
- #define OPJ_HAVE_STDINT_H
- #endif
-+#endif
- #define USE_JPIP
-
--#include <openjpeg.h>
-+#include <openjpeg-__OPENJPEG__VERSION__/openjpeg.h>
-
- struct fz_jpxd_s
- {
-@@ -930,6 +934,10 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
- *yresp = state.yres;
- }
-
-+#ifdef __cplusplus
-+}
-+#endif
-+
- #endif /* HAVE_LURATECH */
-
- #else /* FZ_ENABLE_JPX */
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-05-07 21:52:09 UTC (rev 319471)
+++ PKGBUILD 2018-05-07 21:52:32 UTC (rev 319472)
@@ -8,9 +8,8 @@
pkgbase=mupdf
pkgname=(libmupdf mupdf mupdf-gl mupdf-tools)
-pkgver=1.12.0
-pkgrel=2
-_openjpeg_version=2.3
+pkgver=1.13.0
+pkgrel=1
pkgdesc='Lightweight PDF and XPS viewer'
arch=('x86_64')
url='http://mupdf.com'
@@ -20,15 +19,9 @@
# we need static libs for zathura-pdf-mupdf
options=('staticlibs')
source=("https://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.xz"
- '0001-mupdf-openjpeg.patch'
- "mupdf-1.12.0-security-roundup.patch"
- "mupdf-CVE-2017-17858.patch"
'mupdf.desktop'
'mupdf.xpm')
-sha256sums=('577b3820c6b23d319be91e0e06080263598aa0662d9a7c50af500eb6f003322d'
- 'e4be458dabc577e687c3abfa1ae03bd62e8727cfa24f25b8eb23384263486605'
- '04d0b69d2af9839e3bbaf89af05fadc635312dd4a7f536e087450dc13d3aa180'
- '61e5528761a1be9361ccbda07faa669070cca8e8ad7320fa82eaa9fd72eb4b01'
+sha256sums=('746698e0d5cd113bdcb8f65d096772029edea8cf20704f0d15c96cb5449a4904'
'ccff66979249bd4ab4ba8918660f194eb90eb0ae231b16e36a6cecdcf471883f'
'a435f44425f5432c074dee745d8fbaeb879038ec1f1ec64f037c74662f09aca8')
@@ -35,17 +28,9 @@
prepare() {
cd $pkgbase-${pkgver/_/}-source
- # security fixes
- patch -Np1 < ../mupdf-1.12.0-security-roundup.patch
- patch -Np1 < ../mupdf-CVE-2017-17858.patch
-
# remove bundled packages, we want our system libraries
- rm -rf thirdparty/{curl,freeglut,freetype,harfbuzz,jbig2dec,libjpeg,openjpeg,zlib}
+ rm -rf thirdparty/{curl,freeglut,freetype,harfbuzz,jbig2dec,lcms2,libjpeg,openjpeg,zlib}
- # fix function for openjpeg
- patch -Np1 < "${srcdir}/0001-mupdf-openjpeg.patch"
- sed -i "s/__OPENJPEG__VERSION__/${_openjpeg_version}/" source/fitz/load-jpx.c
-
# fix includes for jbig2dec
sed '/^JBIG2DEC_CFLAGS :=/s|$| -I./include/mupdf|' -i Makethird
@@ -59,7 +44,7 @@
export CFLAGS CXXFLAGS
cd $pkgbase-${pkgver/_/}-source
- make build=release
+ make build=release libs apps extra
}
package_libmupdf() {
@@ -97,7 +82,7 @@
package_mupdf-gl() {
pkgdesc='Lightweight PDF and XPS viewer with OpenGL backend'
conflicts=('mupdf')
- provides=('mupdf')
+ provides=("mupdf=${pkgver}")
depends=('desktop-file-utils' 'freetype2' 'freeglut' 'glu' 'harfbuzz' 'jbig2dec'
'libjpeg' 'openjpeg2')
@@ -124,6 +109,8 @@
install -D -m0755 build/release/mutool "$pkgdir"/usr/bin/mutool
install -D -m0755 build/release/mujstest "$pkgdir"/usr/bin/mujstest
+ install -D -m0755 build/release/muraster "$pkgdir"/usr/bin/muraster
+ install -D -m0755 build/release/mjsgen "$pkgdir"/usr/bin/mjsgen
install -D -m0644 docs/man/mutool.1 "$pkgdir"/usr/share/man/man1/mutool.1
Deleted: mupdf-1.12.0-security-roundup.patch
===================================================================
--- mupdf-1.12.0-security-roundup.patch 2018-05-07 21:52:09 UTC (rev 319471)
+++ mupdf-1.12.0-security-roundup.patch 2018-05-07 21:52:32 UTC (rev 319472)
@@ -1,131 +0,0 @@
-From 22339500c243e564eadf564b5ae2925e1caf44a9 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras at gmail.com>
-Date: Sun, 21 Jan 2018 21:08:07 +0100
-Subject: [PATCH] Bug 698889: Handle unterminated PDF arrays gracefully.
-
-Thanks to oss-fuzz for reporting this.
----
- source/pdf/pdf-parse.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-From 2a1611030030e18010a0ab1d69eda0359eb5f585 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras at gmail.com>
-Date: Wed, 13 Dec 2017 21:14:19 +0100
-Subject: [PATCH] Validate that /Size in trailer is in range.
-
----
- source/pdf/pdf-xref.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-From 5722ebc5823381ee57c525cbc0d4dc627009979d Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson at artifex.com>
-Date: Fri, 1 Dec 2017 16:25:39 +0100
-Subject: [PATCH] Fix 698787: avoid using "system()" to copy files.
-
----
- platform/x11/x11_main.c | 35 ++++++++++++++++++++++++++++++-----
- 1 file changed, 30 insertions(+), 5 deletions(-)
-
-From d9bc8c6f7fb2e3ec7035bebaaee0edcf59287705 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras at gmail.com>
-Date: Mon, 22 Jan 2018 17:56:20 +0100
-Subject: [PATCH] Bug 698885: When parsing PDF version, make sure to initialize
- buffer.
-
-Thanks to oss-fuzz for reporting this.
----
- source/pdf/pdf-xref.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c
-index ff741dc..7904ebd 100644
---- a/source/pdf/pdf-parse.c
-+++ b/source/pdf/pdf-parse.c
-@@ -401,6 +401,9 @@ pdf_parse_array(fz_context *ctx, pdf_document *doc, fz_stream *file, pdf_lexbuf
-
- switch (tok)
- {
-+ case PDF_TOK_EOF:
-+ fz_throw(ctx, FZ_ERROR_SYNTAX, "array not closed before end of file");
-+
- case PDF_TOK_CLOSE_ARRAY:
- op = ary;
- goto end;
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index f2ba5a5..392adf3 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -748,8 +748,8 @@ pdf_xref_size_from_old_trailer(fz_context *ctx, pdf_document *doc, pdf_lexbuf *b
- trailer = pdf_parse_dict(ctx, doc, doc->file, buf);
-
- size = pdf_to_int(ctx, pdf_dict_get(ctx, trailer, PDF_NAME_Size));
-- if (!size)
-- fz_throw(ctx, FZ_ERROR_GENERIC, "trailer missing Size entry");
-+ if (size < 0 || size > PDF_MAX_OBJECT_NUMBER + 1)
-+ fz_throw(ctx, FZ_ERROR_GENERIC, "trailer Size entry out of range");
- }
- fz_always(ctx)
- {
-diff --git a/platform/x11/x11_main.c b/platform/x11/x11_main.c
-index fe2daa8..edbb9fa 100644
---- a/platform/x11/x11_main.c
-+++ b/platform/x11/x11_main.c
-@@ -317,13 +317,38 @@ void winreplacefile(char *source, char *target)
-
- void wincopyfile(char *source, char *target)
- {
-- char *buf = malloc(strlen(source)+strlen(target)+5);
-- if (buf)
-+ FILE *in, *out;
-+ char buf[32 << 10];
-+ int n;
-+
-+ in = fopen(source, "rb");
-+ if (!in)
-+ {
-+ winerror(&gapp, "cannot open source file for copying");
-+ return;
-+ }
-+ out = fopen(target, "wb");
-+ if (!out)
-+ {
-+ winerror(&gapp, "cannot open target file for copying");
-+ fclose(in);
-+ return;
-+ }
-+
-+ for (;;)
- {
-- sprintf(buf, "cp %s %s", source, target);
-- system(buf);
-- free(buf);
-+ n = fread(buf, 1, sizeof buf, in);
-+ fwrite(buf, 1, n, out);
-+ if (n < sizeof buf)
-+ {
-+ if (ferror(in))
-+ winerror(&gapp, "cannot read data from source file");
-+ break;
-+ }
- }
-+
-+ fclose(out);
-+ fclose(in);
- }
-
- void cleanup(pdfapp_t *app)
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 392adf3..4997ebe 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -590,7 +590,7 @@ pdf_load_version(fz_context *ctx, pdf_document *doc)
-
- fz_seek(ctx, doc->file, 0, SEEK_SET);
- fz_read_line(ctx, doc->file, buf, sizeof buf);
-- if (memcmp(buf, "%PDF-", 5) != 0)
-+ if (strlen(buf) < 5 || memcmp(buf, "%PDF-", 5) != 0)
- fz_throw(ctx, FZ_ERROR_GENERIC, "cannot recognize version marker");
-
- doc->version = 10 * (fz_atof(buf+5) + 0.05f);
---
-2.9.1
Deleted: mupdf-CVE-2017-17858.patch
===================================================================
--- mupdf-CVE-2017-17858.patch 2018-05-07 21:52:09 UTC (rev 319471)
+++ mupdf-CVE-2017-17858.patch 2018-05-07 21:52:32 UTC (rev 319472)
@@ -1,101 +0,0 @@
-From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras at gmail.com>
-Date: Mon, 11 Dec 2017 14:09:15 +0100
-Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below
- limit.
-
-This ensures that:
- * xref tables with objects pointers do not grow out of bounds.
- * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf.
----
- include/mupdf/pdf/object.h | 3 +++
- source/pdf/pdf-repair.c | 5 +----
- source/pdf/pdf-xref.c | 21 ++++++++++++---------
- 3 files changed, 16 insertions(+), 13 deletions(-)
-
-diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h
-index 21ed859..4177112 100644
---- a/include/mupdf/pdf/object.h
-+++ b/include/mupdf/pdf/object.h
-@@ -3,6 +3,9 @@
-
- typedef struct pdf_document_s pdf_document;
-
-+/* Defined in PDF 1.7 according to Acrobat limit. */
-+#define PDF_MAX_OBJECT_NUMBER 8388607
-+
- /*
- * Dynamic objects.
- * The same type of objects as found in PDF and PostScript.
-diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
-index ca149bd..0c29758 100644
---- a/source/pdf/pdf-repair.c
-+++ b/source/pdf/pdf-repair.c
-@@ -6,9 +6,6 @@
-
- /* Scan file for objects and reconstruct xref table */
-
--/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */
--#define MAX_OBJECT_NUMBER (10 << 20)
--
- struct entry
- {
- int num;
-@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
- break;
- }
-
-- if (num <= 0 || num > MAX_OBJECT_NUMBER)
-+ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER)
- {
- fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen);
- goto have_next_token;
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 00586db..6284e70 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
- fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR);
- }
-
-- if (ofs < 0)
-- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs);
-- if (ofs > INT64_MAX - len)
-- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big");
--
-+ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER
-+ || len < 0 || len > PDF_MAX_OBJECT_NUMBER
-+ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER)
-+ {
-+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
-+ }
- /* broken pdfs where size in trailer undershoots entries in xref sections */
- if (ofs + len > xref_len)
- {
-@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in
- pdf_xref_entry *table;
- int i, n;
-
-- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
-- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
-- //if (i0 + i1 > pdf_xref_len(ctx, doc))
-- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
-+ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER)
-+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
-
- table = pdf_xref_find_subsection(ctx, doc, i0, i1);
- for (i = i0; i < i0 + i1; i++)
-@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc)
- /* TODO: reuse free object slots by properly linking free object chains in the ofs field */
- pdf_xref_entry *entry;
- int num = pdf_xref_len(ctx, doc);
-+
-+ if (num > PDF_MAX_OBJECT_NUMBER)
-+ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf");
-+
- entry = pdf_get_incremental_xref_entry(ctx, doc, num);
- entry->type = 'f';
- entry->ofs = -1;
---
-2.9.1
-
More information about the arch-commits
mailing list