diff options
| author | leot <leot@pkgsrc.org> | 2016-07-22 15:42:38 +0000 |
|---|---|---|
| committer | leot <leot@pkgsrc.org> | 2016-07-22 15:42:38 +0000 |
| commit | f84d74e5555e59d7eead0795dab479db14fd0379 (patch) | |
| tree | f2a3a13757fb4f074b720addfa44d33621cfc664 /print | |
| parent | cd4d7bdc3e87b107813ea36cf35588ff3275210a (diff) | |
| download | pkgsrc-f84d74e5555e59d7eead0795dab479db14fd0379.tar.gz | |
Add a patch to fix CVE-2016-6265 use after free bug (from upstream)
Bump PKGREVISION
Diffstat (limited to 'print')
| -rw-r--r-- | print/mupdf/Makefile | 4 | ||||
| -rw-r--r-- | print/mupdf/distinfo | 3 | ||||
| -rw-r--r-- | print/mupdf/patches/patch-source_pdf_pdf-xref.c | 23 |
3 files changed, 27 insertions, 3 deletions
diff --git a/print/mupdf/Makefile b/print/mupdf/Makefile index 28b133c0d63..3fafb7ce6f3 100644 --- a/print/mupdf/Makefile +++ b/print/mupdf/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.37 2016/07/15 12:32:33 leot Exp $ +# $NetBSD: Makefile,v 1.38 2016/07/22 15:42:38 leot Exp $ DISTNAME= mupdf-1.9a-source PKGNAME= ${DISTNAME:S/-source//} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= http://mupdf.com/downloads/archive/ diff --git a/print/mupdf/distinfo b/print/mupdf/distinfo index 6151378ac96..3eda7b0950b 100644 --- a/print/mupdf/distinfo +++ b/print/mupdf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.25 2016/07/15 12:32:33 leot Exp $ +$NetBSD: distinfo,v 1.26 2016/07/22 15:42:38 leot Exp $ SHA1 (mupdf-1.9a-source.tar.gz) = f2b3c21e5060d6ec56ea0d0c32b0feac7eac0e5f RMD160 (mupdf-1.9a-source.tar.gz) = 0cb0d098c603b16be217e42299052a928d95c3fc @@ -9,4 +9,5 @@ SHA1 (patch-ab) = c1ee4dd0b79aa0d905c0a0b634fbd016c063cd64 SHA1 (patch-ac) = 51b62ef8ff3e6c44ad954b2405bd982f9d682d37 SHA1 (patch-ae) = c6b113818b32cb4470e8549c00a16e0b2f364ede SHA1 (patch-source_fitz_load-jpx.c) = cb33828a6ca638c1b61ff017708a41cc586d1b0e +SHA1 (patch-source_pdf_pdf-xref.c) = 406c7a664b7171eb5ca7c5a09aac6be549a8fbb5 SHA1 (patch-thirdparty_mujs_Makefile) = f1da7cdf2c9e2e4bbac3e80ef486204a39b27e34 diff --git a/print/mupdf/patches/patch-source_pdf_pdf-xref.c b/print/mupdf/patches/patch-source_pdf_pdf-xref.c new file mode 100644 index 00000000000..ae0e331381b --- /dev/null +++ b/print/mupdf/patches/patch-source_pdf_pdf-xref.c @@ -0,0 +1,23 @@ +$NetBSD: patch-source_pdf_pdf-xref.c,v 1.1 2016/07/22 15:42:38 leot Exp $ + +Fix for CVE-2016-6265 use after free (via upstream bug 696941). + +--- source/pdf/pdf-xref.c.orig 2016-04-21 11:14:32.000000000 +0000 ++++ source/pdf/pdf-xref.c +@@ -1191,8 +1191,14 @@ pdf_load_xref(fz_context *ctx, pdf_docum + fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); + } + if (entry->type == 'o') +- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') +- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); ++ { ++ /* Read this into a local variable here, because pdf_get_xref_entry ++ * may solidify the xref, hence invalidating "entry", meaning we ++ * need a stashed value for the throw. */ ++ fz_off_t ofs = entry->ofs; ++ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') ++ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); ++ } + } + } + |