Date: Wed, 12 Oct 2016 00:11:07 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r423807 - in head/graphics: llpp mupdf mupdf/files zathura-pdf-mupdf Message-ID: <201610120011.u9C0B7xE090961@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed Oct 12 00:11:07 2016 New Revision: 423807 URL: https://svnweb.freebsd.org/changeset/ports/423807 Log: graphics/mupdf: Patch to resolve CVEs PR: 212207 MFH: 2016Q4 Security: CVE-2016-6525 Security: CVE-2016-6265 Added: head/graphics/mupdf/files/patch-source_pdf_pdf-shade.c (contents, props changed) head/graphics/mupdf/files/patch-source_pdf_pdf-xref.c (contents, props changed) Modified: head/graphics/llpp/Makefile head/graphics/mupdf/Makefile head/graphics/mupdf/files/patch-scripts_fontdump.c head/graphics/mupdf/files/patch-source__fitz__load-jpx.c head/graphics/zathura-pdf-mupdf/Makefile Modified: head/graphics/llpp/Makefile ============================================================================== --- head/graphics/llpp/Makefile Wed Oct 12 00:10:51 2016 (r423806) +++ head/graphics/llpp/Makefile Wed Oct 12 00:11:07 2016 (r423807) @@ -3,7 +3,7 @@ PORTNAME= llpp PORTVERSION= 22 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= graphics MASTER_SITES= http://repo.or.cz/llpp.git/snapshot/ DISTNAME= 561dc5673cea431e930668b0d87b0c4b31a36b39 Modified: head/graphics/mupdf/Makefile ============================================================================== --- head/graphics/mupdf/Makefile Wed Oct 12 00:10:51 2016 (r423806) +++ head/graphics/mupdf/Makefile Wed Oct 12 00:11:07 2016 (r423807) @@ -3,6 +3,7 @@ PORTNAME= mupdf PORTVERSION= 1.9a +PORTREVISION= 1 DISTVERSIONSUFFIX= -source PORTEPOCH= 1 CATEGORIES= graphics Modified: head/graphics/mupdf/files/patch-scripts_fontdump.c ============================================================================== --- head/graphics/mupdf/files/patch-scripts_fontdump.c Wed Oct 12 00:10:51 2016 (r423806) +++ head/graphics/mupdf/files/patch-scripts_fontdump.c Wed Oct 12 00:11:07 2016 (r423807) @@ -1,4 +1,4 @@ ---- scripts/fontdump.c.orig 2016-06-12 09:11:56 UTC +--- scripts/fontdump.c.orig 2016-04-21 11:14:32 UTC +++ scripts/fontdump.c @@ -50,7 +50,6 @@ main(int argc, char **argv) fprintf(fo, "#ifndef __STRICT_ANSI__\n"); Modified: head/graphics/mupdf/files/patch-source__fitz__load-jpx.c ============================================================================== --- head/graphics/mupdf/files/patch-source__fitz__load-jpx.c Wed Oct 12 00:10:51 2016 (r423806) +++ head/graphics/mupdf/files/patch-source__fitz__load-jpx.c Wed Oct 12 00:11:07 2016 (r423807) @@ -1,4 +1,4 @@ ---- source/fitz/load-jpx.c.orig 2015-04-16 08:57:45 UTC +--- source/fitz/load-jpx.c.orig 2016-04-21 11:14:32 UTC +++ source/fitz/load-jpx.c @@ -1,14 +1,6 @@ #include "mupdf/fitz.h" Added: head/graphics/mupdf/files/patch-source_pdf_pdf-shade.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/mupdf/files/patch-source_pdf_pdf-shade.c Wed Oct 12 00:11:07 2016 (r423807) @@ -0,0 +1,17 @@ +$OpenBSD: patch-source_pdf_pdf-shade_c,v 1.1 2016/08/27 20:58:48 jca Exp $ + + CVE-2016-6525 + + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e;hp=fa1936405b6a84e5c9bb440912c23d532772f958 + +--- source/pdf/pdf-shade.c.orig 2016-04-21 11:14:32 UTC ++++ source/pdf/pdf-shade.c +@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pd + obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); + if (pdf_array_len(ctx, obj) >= 6) + { +- n = (pdf_array_len(ctx, obj) - 4) / 2; ++ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); + shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); + shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); + shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); Added: head/graphics/mupdf/files/patch-source_pdf_pdf-xref.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/mupdf/files/patch-source_pdf_pdf-xref.c Wed Oct 12 00:11:07 2016 (r423807) @@ -0,0 +1,25 @@ +$OpenBSD: patch-source_pdf_pdf-xref_c,v 1.1 2016/08/27 20:58:48 jca Exp $ + + CVE-2016-6265 + + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=fa1936405b6a84e5c9bb440912c23d532772f958 + +--- source/pdf/pdf-xref.c.orig 2016-04-21 11:14:32 UTC ++++ source/pdf/pdf-xref.c +@@ -1191,8 +1191,14 @@ pdf_load_xref(fz_context *ctx, pdf_docum + fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); + } + if (entry->type == 'o') +- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') +- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); ++ { ++ /* Read this into a local variable here, because pdf_get_xref_entry ++ * may solidify the xref, hence invalidating "entry", meaning we ++ * need a stashed value for the throw. */ ++ fz_off_t ofs = entry->ofs; ++ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') ++ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); ++ } + } + } + Modified: head/graphics/zathura-pdf-mupdf/Makefile ============================================================================== --- head/graphics/zathura-pdf-mupdf/Makefile Wed Oct 12 00:10:51 2016 (r423806) +++ head/graphics/zathura-pdf-mupdf/Makefile Wed Oct 12 00:11:07 2016 (r423807) @@ -3,7 +3,7 @@ PORTNAME= zathura-pdf-mupdf PORTVERSION= 0.3.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= graphics MASTER_SITES= http://pwmt.org/projects/zathura-pdf-mupdf/download/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610120011.u9C0B7xE090961>