diff options
| author | leot <leot@pkgsrc.org> | 2017-01-30 14:06:05 +0000 |
|---|---|---|
| committer | leot <leot@pkgsrc.org> | 2017-01-30 14:06:05 +0000 |
| commit | 58f4b7e9c4d9107d00c5b467f1289fdfedb2febc (patch) | |
| tree | 6320ac8e1a93b96cfefadf4332f28abd89f6c3c8 | |
| parent | f4b5507fcf1587fdeafba3b0adc23a8ee0f83865 (diff) | |
| download | pkgsrc-58f4b7e9c4d9107d00c5b467f1289fdfedb2febc.tar.gz | |
Backport fixes to mupdf-1.10a from upstream for CVE-2017-562[78]
PKGREVISION++
| -rw-r--r-- | print/mupdf/Makefile | 4 | ||||
| -rw-r--r-- | print/mupdf/distinfo | 4 | ||||
| -rw-r--r-- | print/mupdf/patches/patch-thirdparty_mujs_jsdate.c | 27 | ||||
| -rw-r--r-- | print/mupdf/patches/patch-thirdparty_mujs_jsrun.c | 21 |
4 files changed, 53 insertions, 3 deletions
diff --git a/print/mupdf/Makefile b/print/mupdf/Makefile index f9f3d4a38a5..ac6a82ab709 100644 --- a/print/mupdf/Makefile +++ b/print/mupdf/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.43 2017/01/01 16:05:59 adam Exp $ +# $NetBSD: Makefile,v 1.44 2017/01/30 14:06:05 leot Exp $ DISTNAME= mupdf-1.10a-source PKGNAME= ${DISTNAME:S/-source//} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= http://mupdf.com/downloads/archive/ diff --git a/print/mupdf/distinfo b/print/mupdf/distinfo index d71df999a61..8521d463370 100644 --- a/print/mupdf/distinfo +++ b/print/mupdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.29 2016/12/09 08:19:31 leot Exp $ +$NetBSD: distinfo,v 1.30 2017/01/30 14:06:05 leot Exp $ SHA1 (mupdf-1.10a-source.tar.gz) = 1c3a6e1d4406912004b8e2c09435199e6b425191 RMD160 (mupdf-1.10a-source.tar.gz) = bfb482681c6804db8a0fd9ec46b16ac6f9fffdf2 @@ -10,3 +10,5 @@ SHA1 (patch-ac) = d75afe8b05b85d042dc1baeaf8a9988f2e60338a SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede SHA1 (patch-source_fitz_load-jpx.c) = fbe6814536d37835a4daa5bb90b1f6cf8698f807 SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34 +SHA1 (patch-thirdparty_mujs_jsdate.c) = 020fcb9d1e77bd7ba10943070673d53bbcee573b +SHA1 (patch-thirdparty_mujs_jsrun.c) = 79f730436b1f67780468c10096d3dbfb5e14d5a5 diff --git a/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c b/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c new file mode 100644 index 00000000000..bb83c94204b --- /dev/null +++ b/print/mupdf/patches/patch-thirdparty_mujs_jsdate.c @@ -0,0 +1,27 @@ +$NetBSD: patch-thirdparty_mujs_jsdate.c,v 1.1 2017/01/30 14:06:05 leot Exp $ + +Backport a fix from upstream for CVE-2017-5628: + +Fix 697496: Check NAN before accessing array in MakeDay(). + +--- thirdparty/mujs/jsdate.c.orig ++++ thirdparty/mujs/jsdate.c +@@ -207,12 +207,17 @@ static double MakeDay(double y, double m, double date) + }; + + double yd, md; ++ int im; + + y += floor(m / 12); + m = pmod(m, 12); + ++ im = (int)m; ++ if (im < 0 || im >= 12) ++ return NAN; ++ + yd = floor(TimeFromYear(y) / msPerDay); +- md = firstDayOfMonth[InLeapYear(y)][(int)m]; ++ md = firstDayOfMonth[InLeapYear(y)][im]; + + return yd + md + date - 1; + } diff --git a/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c b/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c new file mode 100644 index 00000000000..3feecf477b2 --- /dev/null +++ b/print/mupdf/patches/patch-thirdparty_mujs_jsrun.c @@ -0,0 +1,21 @@ +$NetBSD: patch-thirdparty_mujs_jsrun.c,v 1.1 2017/01/30 14:06:05 leot Exp $ + +Backport a fix from upstream for CVE-2017-5627: + +Fix 697497: Ensure array length is positive. + +As a side effect when changing to using regular integers (and avoid the +nightmare of mixing signed and unsigned) we accidentally allowed negative +array lengths. + +--- thirdparty/mujs/jsrun.c.orig ++++ thirdparty/mujs/jsrun.c +@@ -544,7 +544,7 @@ static void jsR_setproperty(js_State *J, js_Object *obj, const char *name) + if (!strcmp(name, "length")) { + double rawlen = jsV_tonumber(J, value); + int newlen = jsV_numbertointeger(rawlen); +- if (newlen != rawlen) ++ if (newlen != rawlen || newlen < 0) + js_rangeerror(J, "array length"); + jsV_resizearray(J, obj, newlen); + return; |