diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-04-14 11:52:11 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-04-15 18:51:00 +0200 |
| commit | e5da4d8b4027a8300ee80a970e8628266609c126 (patch) | |
| tree | f1989838170c2c226eacb59679ef9810775df3da /gnu/packages/patches/mupdf-CVE-2017-5896.patch | |
| parent | f46eb986c2d4d2bf35d03544e260ac8573a4158b (diff) | |
| download | guix-e5da4d8b4027a8300ee80a970e8628266609c126.tar.gz | |
gnu: mupdf: Update to 1.11.
Also delete two stray patches that were added in 92ae98e2a0c2ffc807111dbf7616df47a9d3b31c and lost in a subsequent merge (mupdf/fixed was already gone at e90e0fad1b3ba79d81f02424e143ee6f4f736e8b). * gnu/packages/patches/mupdf-CVE-2017-5896.patch, gnu/packages/patches/mupdf-CVE-2017-5991.patch, gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch, gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Adjust. * gnu/packages/pdf.scm (mupdf): Update to 1.11. [source]: Remove mujs patches. Adjust snippet to source rename.
Diffstat (limited to 'gnu/packages/patches/mupdf-CVE-2017-5896.patch')
| -rw-r--r-- | gnu/packages/patches/mupdf-CVE-2017-5896.patch | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5896.patch b/gnu/packages/patches/mupdf-CVE-2017-5896.patch deleted file mode 100644 index 1537ecc896..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-5896.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix CVE-2017-5896: - -https://bugs.ghostscript.com/show_bug.cgi?id=697515 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5896 -http://www.openwall.com/lists/oss-security/2017/02/10/1 -https://security-tracker.debian.org/tracker/CVE-2017-5896 -https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ - -Patch lifted from upstream source repository: - -http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 - -From 2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 Mon Sep 17 00:00:00 2001 -From: Robin Watts <Robin.Watts@artifex.com> -Date: Thu, 9 Feb 2017 07:12:16 -0800 -Subject: [PATCH] bug 697515: Fix out of bounds read in fz_subsample_pixmap - -Pointer arithmetic for final special case was going wrong. ---- - source/fitz/pixmap.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c -index a8317127..f1291dc2 100644 ---- a/source/fitz/pixmap.c -+++ b/source/fitz/pixmap.c -@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor, - "@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n" - "ldr r4, [r13,#4*22] @ r4 = divXY \n" - "ldr r5, [r13,#4*11] @ for (nn = n; nn > 0; n--) { \n" -+ "ldr r8, [r13,#4*17] @ r8 = back4 \n" - "18: @ \n" - "mov r14,#0 @ r14= v = 0 \n" - "sub r5, r5, r1, LSL #8 @ for (xx = x; xx > 0; x--) { \n" -@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor, - "mul r14,r4, r14 @ r14= v *= divX \n" - "mov r14,r14,LSR #16 @ r14= v >>= 16 \n" - "strb r14,[r9], #1 @ *d++ = r14 \n" -- "sub r0, r0, r8 @ s -= back2 \n" -+ "sub r0, r0, r8 @ s -= back4 \n" - "subs r5, r5, #1 @ n-- \n" - "bgt 18b @ } \n" - "21: @ \n" -@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor) - x += f; - if (x > 0) - { -+ int back4 = x * n - 1; - div = x * y; - for (nn = n; nn > 0; nn--) - { -@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor) - s -= back5; - } - *d++ = v / div; -- s -= back2; -+ s -= back4; - } - } - } --- -2.12.0 - |