diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2021-05-25 15:14:19 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2021-05-25 15:14:19 +0000 |
| commit | 6949e2177c4a4a2db198161101d2effa95e0b1d2 (patch) | |
| tree | 837903a0fa42dc8a5fc7bf71a5026cd6d06655a1 | |
| parent | b639062e78c50715ab993cb22e5bcf5d5f582c91 (diff) | |
| download | pkgsrc-6949e2177c4a4a2db198161101d2effa95e0b1d2.tar.gz | |
Pullup ticket #6461 - requested by nia
print/mupdf: security fix
Revisions pulled up:
- print/mupdf/Makefile 1.87
- print/mupdf/distinfo 1.53
- print/mupdf/patches/patch-source_pdf_pdf-parse.c 1.1
- print/mupdf/patches/patch-source_pdf_pdf-xref.c 1.3
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 25 07:59:43 UTC 2021
Modified Files:
pkgsrc/print/mupdf: Makefile distinfo
Added Files:
pkgsrc/print/mupdf/patches: patch-source_pdf_pdf-parse.c
patch-source_pdf_pdf-xref.c
Log Message:
mupdf: apply fix for CVE-2021-3407, bump PKGREVISION
| -rw-r--r-- | print/mupdf/Makefile | 3 | ||||
| -rw-r--r-- | print/mupdf/distinfo | 4 | ||||
| -rw-r--r-- | print/mupdf/patches/patch-source_pdf_pdf-parse.c | 28 | ||||
| -rw-r--r-- | print/mupdf/patches/patch-source_pdf_pdf-xref.c | 24 |
4 files changed, 57 insertions, 2 deletions
diff --git a/print/mupdf/Makefile b/print/mupdf/Makefile index 8bcf30b3d51..67341396721 100644 --- a/print/mupdf/Makefile +++ b/print/mupdf/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.85 2020/10/08 22:50:16 leot Exp $ +# $NetBSD: Makefile,v 1.85.4.1 2021/05/25 15:14:19 bsiegert Exp $ DISTNAME= mupdf-1.18.0-source PKGNAME= ${DISTNAME:S/-source//} +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= https://mupdf.com/downloads/archive/ diff --git a/print/mupdf/distinfo b/print/mupdf/distinfo index 523f776beb7..73f3b6649a6 100644 --- a/print/mupdf/distinfo +++ b/print/mupdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.52 2020/10/08 22:50:16 leot Exp $ +$NetBSD: distinfo,v 1.52.4.1 2021/05/25 15:14:19 bsiegert Exp $ SHA1 (mupdf-1.18.0-source.tar.gz) = 8cc9d04313d06e3d514b961b7b900b721ebc24e0 RMD160 (mupdf-1.18.0-source.tar.gz) = 59fce4cd71417510ed997ce518e34f426e981951 @@ -11,4 +11,6 @@ SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede SHA1 (patch-platform_gl_gl-app.h) = 48f48f13c9a6376231de25aa63411560ea9d91ca SHA1 (patch-platform_gl_gl-main.c) = c760d16f0ac4a9b09800869d22b7324724bc007b SHA1 (patch-source_fitz_load-jpx.c) = 8d7f58168c8429a82127b821387298341a1fcbfb +SHA1 (patch-source_pdf_pdf-parse.c) = 39441caeae75b61ff0b56aa839047dde34b05108 +SHA1 (patch-source_pdf_pdf-xref.c) = 7d7a9650f63061edbc7659ce65401569642bd6e6 SHA1 (patch-thirdparty_mujs_Makefile) = 8ff3cc67a60b648841b074846bd6e7de943fd034 diff --git a/print/mupdf/patches/patch-source_pdf_pdf-parse.c b/print/mupdf/patches/patch-source_pdf_pdf-parse.c new file mode 100644 index 00000000000..f6e7409f208 --- /dev/null +++ b/print/mupdf/patches/patch-source_pdf_pdf-parse.c @@ -0,0 +1,28 @@ +$NetBSD: patch-source_pdf_pdf-parse.c,v 1.1.2.2 2021/05/25 15:14:19 bsiegert Exp $ + +Bug 703366: Fix double free of object during linearization. + +This appears to happen because we parse an illegal object from +a broken file and assign it to object 0, which is defined to +be free. + +Here, we fix the parsing code so this can't happen. + +https://nvd.nist.gov/vuln/detail/CVE-2021-3407 +http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a + +--- source/pdf/pdf-parse.c.orig 2020-10-07 10:35:03.000000000 +0000 ++++ source/pdf/pdf-parse.c +@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_d + fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num); + } + gen = buf->i; ++ if (gen < 0 || gen >= 65536) ++ { ++ if (try_repair) ++ *try_repair = 1; ++ fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen); ++ } + + tok = pdf_lex(ctx, file, buf); + if (tok != PDF_TOK_OBJ) diff --git a/print/mupdf/patches/patch-source_pdf_pdf-xref.c b/print/mupdf/patches/patch-source_pdf_pdf-xref.c new file mode 100644 index 00000000000..e96e43391dc --- /dev/null +++ b/print/mupdf/patches/patch-source_pdf_pdf-xref.c @@ -0,0 +1,24 @@ +$NetBSD: patch-source_pdf_pdf-xref.c,v 1.3.2.2 2021/05/25 15:14:19 bsiegert Exp $ + +Bug 703366: Fix double free of object during linearization. + +This appears to happen because we parse an illegal object from +a broken file and assign it to object 0, which is defined to +be free. + +Here, we fix the parsing code so this can't happen. + +https://nvd.nist.gov/vuln/detail/CVE-2021-3407 +http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a + +--- source/pdf/pdf-xref.c.orig 2020-10-07 10:35:03.000000000 +0000 ++++ source/pdf/pdf-xref.c +@@ -1012,6 +1012,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_d + { + ofs = fz_tell(ctx, doc->file); + trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL); ++ if (num == 0) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n"); + } + fz_catch(ctx) + { |