diff options
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2021-3407.patch | 51 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-fix-linkage.patch | 27 | ||||
-rw-r--r-- | gnu/packages/pdf.scm | 9 |
4 files changed, 4 insertions, 85 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 5233581200..3a849ed2b0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1513,8 +1513,6 @@ dist_patch_DATA = \ %D%/packages/patches/mumps-shared-libseq.patch \ %D%/packages/patches/mumps-shared-mumps.patch \ %D%/packages/patches/mumps-shared-pord.patch \ - %D%/packages/patches/mupdf-fix-linkage.patch \ - %D%/packages/patches/mupdf-CVE-2021-3407.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/musl-cross-locale.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2021-3407.patch b/gnu/packages/patches/mupdf-CVE-2021-3407.patch deleted file mode 100644 index 9f901517c5..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2021-3407.patch +++ /dev/null @@ -1,51 +0,0 @@ -This patch came from https://git.ghostscript.com/?p=mupdf.git;a=patch;h=cee7cefc610d42fd383b3c80c12cbc675443176a -and fixes CVE-2021-3407. - -From cee7cefc610d42fd383b3c80c12cbc675443176a Mon Sep 17 00:00:00 2001 -From: Robin Watts <Robin.Watts@artifex.com> -Date: Fri, 22 Jan 2021 17:05:15 +0000 -Subject: [PATCH] Bug 703366: Fix double free of object during linearization. - -This appears to happen because we parse an illegal object from -a broken file and assign it to object 0, which is defined to -be free. - -Here, we fix the parsing code so this can't happen. ---- - source/pdf/pdf-parse.c | 6 ++++++ - source/pdf/pdf-xref.c | 2 ++ - 2 files changed, 8 insertions(+) - -diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c -index 7abc8c3d4..5761c3351 100644 ---- a/source/pdf/pdf-parse.c -+++ b/source/pdf/pdf-parse.c -@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc, - fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num); - } - gen = buf->i; -+ if (gen < 0 || gen >= 65536) -+ { -+ if (try_repair) -+ *try_repair = 1; -+ fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen); -+ } - - tok = pdf_lex(ctx, file, buf); - if (tok != PDF_TOK_OBJ) -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 1b2bdcd59..30197b4b8 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1190,6 +1190,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - { - ofs = fz_tell(ctx, doc->file); - trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL); -+ if (num == 0) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n"); - } - fz_catch(ctx) - { --- -2.17.1 - diff --git a/gnu/packages/patches/mupdf-fix-linkage.patch b/gnu/packages/patches/mupdf-fix-linkage.patch deleted file mode 100644 index 4ffd1c6a77..0000000000 --- a/gnu/packages/patches/mupdf-fix-linkage.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Tobias Geerinckx-Rice <me@tobias.gr> -Date: Tue, 24 Nov 2020 10:29:28 +0000 -Subject: [PATCH] gnu: mupdf: Fix linkage. - -Replace broken linkage to ‘build/shared-release/libmupdf.so’ with the -proper ‘-L$(libdir) -lmupdf’ incantation, and fix libmupdf.so's mode. - ---- mupdf-1.18.0-source.org/Makefile -+++ mupdf-1.18.0-source/Makefile -@@ -61,7 +61,7 @@ - ifdef RANLIB - RANLIB_CMD = $(QUIET_RANLIB) $(RANLIB) $@ - endif --LINK_CMD = $(QUIET_LINK) $(MKTGTDIR) ; $(CC) $(LDFLAGS) -o $@ $^ $(LIBS) -+LINK_CMD = $(QUIET_LINK) $(MKTGTDIR) ; $(CC) $(LDFLAGS) -o $@ $(subst $(MUPDF_LIB),-L$(libdir) -L$(OUT) -lmupdf,$^) $(LIBS) - TAGS_CMD = $(QUIET_TAGS) ctags -R --c-kinds=+p - WINDRES_CMD = $(QUIET_WINDRES) $(MKTGTDIR) ; $(WINDRES) $< $@ - OBJCOPY_CMD = $(QUIET_OBJCOPY) $(MKTGTDIR) ; $(LD) -r -b binary -z noexecstack -o $@ $< -@@ -364,7 +364,7 @@ install: libs apps - install -m 644 include/mupdf/pdf/*.h $(DESTDIR)$(incdir)/mupdf/pdf - - install -d $(DESTDIR)$(libdir) -- install -m 644 $(INSTALL_LIBS) $(DESTDIR)$(libdir) -+ install -m 755 $(INSTALL_LIBS) $(DESTDIR)$(libdir) - - install -d $(DESTDIR)$(bindir) - install -m 755 $(TOOL_APPS) $(VIEW_APPS) $(DESTDIR)$(bindir) diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 704093e16c..ec5f2a4f9b 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -710,21 +710,20 @@ extracting content or merging files.") (define-public mupdf (package (name "mupdf") - (version "1.18.0") + (version "1.19.0") (source (origin (method url-fetch) (uri (string-append "https://mupdf.com/downloads/archive/" "mupdf-" version "-source.tar.xz")) (sha256 - (base32 "16m5sksil22sshxy70xkslsb2qhvcqb1d95i9savnhds1xn4ybar")) - (patches (search-patches "mupdf-fix-linkage.patch" - "mupdf-CVE-2021-3407.patch")) + (base32 "1i98xqgnzp168hnnhradl8658qsif06wlbvcglz0mmh8wi1rkwrq")) (modules '((guix build utils))) (snippet '(begin ;; Remove bundled software. - (let* ((keep (list "lcms2")) ; different from our lcms2 package + (let* ((keep (list "extract" + "lcms2")) ; different from our lcms2 package (from "thirdparty") (kept (string-append from "~temp"))) (mkdir-p kept) |