summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-5896.patch63
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-5991.patch101
-rw-r--r--gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch16
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch188
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch36
-rw-r--r--gnu/packages/pdf.scm10
6 files changed, 11 insertions, 403 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5896.patch b/gnu/packages/patches/mupdf-CVE-2017-5896.patch
deleted file mode 100644
index 1537ecc896..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-5896.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix CVE-2017-5896:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697515
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5896
-http://www.openwall.com/lists/oss-security/2017/02/10/1
-https://security-tracker.debian.org/tracker/CVE-2017-5896
-https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
-
-From 2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 Mon Sep 17 00:00:00 2001
-From: Robin Watts <Robin.Watts@artifex.com>
-Date: Thu, 9 Feb 2017 07:12:16 -0800
-Subject: [PATCH] bug 697515: Fix out of bounds read in fz_subsample_pixmap
-
-Pointer arithmetic for final special case was going wrong.
----
- source/fitz/pixmap.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c
-index a8317127..f1291dc2 100644
---- a/source/fitz/pixmap.c
-+++ b/source/fitz/pixmap.c
-@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
- 	"@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
- 	"ldr	r4, [r13,#4*22]		@ r4 = divXY			\n"
- 	"ldr	r5, [r13,#4*11]		@ for (nn = n; nn > 0; n--) {	\n"
-+	"ldr	r8, [r13,#4*17]		@ r8 = back4			\n"
- 	"18:				@				\n"
- 	"mov	r14,#0			@ r14= v = 0			\n"
- 	"sub	r5, r5, r1, LSL #8	@ for (xx = x; xx > 0; x--) {	\n"
-@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
- 	"mul	r14,r4, r14		@ r14= v *= divX		\n"
- 	"mov	r14,r14,LSR #16		@ r14= v >>= 16			\n"
- 	"strb	r14,[r9], #1		@ *d++ = r14			\n"
--	"sub	r0, r0, r8		@ s -= back2			\n"
-+	"sub	r0, r0, r8		@ s -= back4			\n"
- 	"subs	r5, r5, #1		@ n--				\n"
- 	"bgt	18b			@ }				\n"
- 	"21:				@				\n"
-@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
- 		x += f;
- 		if (x > 0)
- 		{
-+			int back4 = x * n - 1;
- 			div = x * y;
- 			for (nn = n; nn > 0; nn--)
- 			{
-@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
- 					s -= back5;
- 				}
- 				*d++ = v / div;
--				s -= back2;
-+				s -= back4;
- 			}
- 		}
- 	}
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5991.patch b/gnu/packages/patches/mupdf-CVE-2017-5991.patch
deleted file mode 100644
index 1fa6dc3466..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-5991.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-Fix CVE-2017-5991:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697500
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5991
-https://security-tracker.debian.org/tracker/CVE-2017-5991
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
-
-From 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Mon Sep 17 00:00:00 2001
-From: Robin Watts <robin.watts@artifex.com>
-Date: Thu, 9 Feb 2017 15:49:15 +0000
-Subject: [PATCH] Bug 697500: Fix NULL ptr access.
-
-Cope better with errors during rendering - avoid letting the
-gstate stack get out of sync.
-
-This avoids us ever getting into the situation of popping
-a clip when we should be popping a mask or a group. This was
-causing an unexpected case in the painting.
----
- source/pdf/pdf-op-run.c | 26 ++++++++++++++++++--------
- 1 file changed, 18 insertions(+), 8 deletions(-)
-
-diff --git a/source/pdf/pdf-op-run.c b/source/pdf/pdf-op-run.c
-index a3ea895d..f1eac8d3 100644
---- a/source/pdf/pdf-op-run.c
-+++ b/source/pdf/pdf-op-run.c
-@@ -1213,6 +1213,7 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 	pdf_run_processor *pr = (pdf_run_processor *)proc;
- 	pdf_gstate *gstate = NULL;
- 	int oldtop = 0;
-+	int oldbot = -1;
- 	fz_matrix local_transform = *transform;
- 	softmask_save softmask = { NULL };
- 	int gparent_save;
-@@ -1232,16 +1233,17 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 	fz_var(cleanup_state);
- 	fz_var(gstate);
- 	fz_var(oldtop);
-+	fz_var(oldbot);
- 
- 	gparent_save = pr->gparent;
- 	pr->gparent = pr->gtop;
-+	oldtop = pr->gtop;
- 
- 	fz_try(ctx)
- 	{
- 		pdf_gsave(ctx, pr);
- 
- 		gstate = pr->gstate + pr->gtop;
--		oldtop = pr->gtop;
- 
- 		pdf_xobject_bbox(ctx, xobj, &xobj_bbox);
- 		pdf_xobject_matrix(ctx, xobj, &xobj_matrix);
-@@ -1302,12 +1304,25 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 
- 		doc = pdf_get_bound_document(ctx, xobj->obj);
- 
-+		oldbot = pr->gbot;
-+		pr->gbot = pr->gtop;
-+
- 		pdf_process_contents(ctx, (pdf_processor*)pr, doc, resources, xobj->obj, NULL);
- 	}
- 	fz_always(ctx)
- 	{
-+		/* Undo any gstate mismatches due to the pdf_process_contents call */
-+		if (oldbot != -1)
-+		{
-+			while (pr->gtop > pr->gbot)
-+			{
-+				pdf_grestore(ctx, pr);
-+			}
-+			pr->gbot = oldbot;
-+		}
-+
- 		if (cleanup_state >= 3)
--			pdf_grestore(ctx, pr); /* Remove the clippath */
-+			pdf_grestore(ctx, pr); /* Remove the state we pushed for the clippath */
- 
- 		/* wrap up transparency stacks */
- 		if (transparency)
-@@ -1341,13 +1356,8 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 		pr->gstate[pr->gparent].ctm = gparent_save_ctm;
- 		pr->gparent = gparent_save;
- 
--		if (gstate)
--		{
--			while (oldtop < pr->gtop)
--				pdf_grestore(ctx, pr);
--
-+		while (oldtop < pr->gtop)
- 			pdf_grestore(ctx, pr);
--		}
- 
- 		pdf_unmark_obj(ctx, xobj->obj);
- 	}
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
index d97c1cb348..0b5b735ff3 100644
--- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
+++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
@@ -13,17 +13,15 @@ diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
 index 6b92e5c..72dea50 100644
 --- a/source/fitz/load-jpx.c
 +++ b/source/fitz/load-jpx.c
-@@ -1,13 +1,5 @@
- #include "mupdf/fitz.h"
+@@ -444,11 +444,6 @@
+ 
+ #else /* HAVE_LURATECH */
  
--/* Without the definition of OPJ_STATIC, compilation fails on windows
-- * due to the use of __stdcall. We believe it is required on some
-- * linux toolchains too. */
 -#define OPJ_STATIC
--#ifndef _MSC_VER
+-#define OPJ_HAVE_INTTYPES_H
+-#if !defined(_WIN32) && !defined(_WIN64)
 -#define OPJ_HAVE_STDINT_H
 -#endif
--
- #include <openjpeg.h>
+ #define USE_JPIP
  
- static void fz_opj_error_callback(const char *msg, void *client_data)
+ #include <openjpeg.h>
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
deleted file mode 100644
index e752e57ec5..0000000000
--- a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-Fix CVE-2016-10132:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697381
-http://seclists.org/oss-sec/2017/q1/74
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
-
-From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor@ccxvii.net>
-Date: Fri, 2 Dec 2016 14:56:20 -0500
-Subject: [PATCH] Fix 697381: check allocation when compiling regular
- expressions.
-
-Also use allocator callback function.
----
- thirdparty/mujs/jsgc.c     |  2 +-
- thirdparty/mujs/jsregexp.c |  2 +-
- thirdparty/mujs/jsstate.c  |  6 ------
- thirdparty/mujs/regexp.c   | 45 +++++++++++++++++++++++++++++++++++----------
- thirdparty/mujs/regexp.h   |  7 +++++++
- 5 files changed, 44 insertions(+), 18 deletions(-)
-
-diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c
-index 4f7e7dc..f80111e 100644
---- a/thirdparty/mujs/jsgc.c
-+++ b/thirdparty/mujs/jsgc.c
-@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
- 		jsG_freeproperty(J, obj->head);
- 	if (obj->type == JS_CREGEXP) {
- 		js_free(J, obj->u.r.source);
--		js_regfree(obj->u.r.prog);
-+		js_regfreex(J->alloc, J->actx, obj->u.r.prog);
- 	}
- 	if (obj->type == JS_CITERATOR)
- 		jsG_freeiterator(J, obj->u.iter.head);
-diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c
-index a2d5156..7b09c06 100644
---- a/thirdparty/mujs/jsregexp.c
-+++ b/thirdparty/mujs/jsregexp.c
-@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
- 	if (flags & JS_REGEXP_I) opts |= REG_ICASE;
- 	if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;
- 
--	prog = js_regcomp(pattern, opts, &error);
-+	prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);
- 	if (!prog)
- 		js_syntaxerror(J, "regular expression: %s", error);
- 
-diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c
-index 638cab3..fd5bcf6 100644
---- a/thirdparty/mujs/jsstate.c
-+++ b/thirdparty/mujs/jsstate.c
-@@ -9,12 +9,6 @@
- 
- static void *js_defaultalloc(void *actx, void *ptr, int size)
- {
--	if (size == 0) {
--		free(ptr);
--		return NULL;
--	}
--	if (!ptr)
--		return malloc((size_t)size);
- 	return realloc(ptr, (size_t)size);
- }
- 
-diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c
-index 9852be2..01c18a3 100644
---- a/thirdparty/mujs/regexp.c
-+++ b/thirdparty/mujs/regexp.c
-@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog)
- }
- #endif
- 
--Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
-+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+	const char *pattern, int cflags, const char **errorp)
- {
- 	struct cstate g;
- 	Renode *node;
- 	Reinst *split, *jump;
- 	int i;
- 
--	g.prog = malloc(sizeof (Reprog));
--	g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);
-+	g.pstart = NULL;
-+	g.prog = NULL;
- 
- 	if (setjmp(g.kaboom)) {
- 		if (errorp) *errorp = g.error;
--		free(g.pstart);
--		free(g.prog);
-+		alloc(ctx, g.pstart, 0);
-+		alloc(ctx, g.prog, 0);
- 		return NULL;
- 	}
- 
-+	g.prog = alloc(ctx, NULL, sizeof (Reprog));
-+	if (!g.prog)
-+		die(&g, "cannot allocate regular expression");
-+	g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);
-+	if (!g.pstart)
-+		die(&g, "cannot allocate regular expression parse list");
-+
- 	g.source = pattern;
- 	g.ncclass = 0;
- 	g.nsub = 1;
-@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
- 		die(&g, "syntax error");
- 
- 	g.prog->nsub = g.nsub;
--	g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));
-+	g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));
-+	if (!g.prog->start)
-+		die(&g, "cannot allocate regular expression instruction list");
- 
- 	split = emit(g.prog, I_SPLIT);
- 	split->x = split + 3;
-@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
- 	dumpprog(g.prog);
- #endif
- 
--	free(g.pstart);
-+	alloc(ctx, g.pstart, 0);
- 
- 	if (errorp) *errorp = NULL;
- 	return g.prog;
- }
- 
--void regfree(Reprog *prog)
-+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)
- {
- 	if (prog) {
--		free(prog->start);
--		free(prog);
-+		alloc(ctx, prog->start, 0);
-+		alloc(ctx, prog, 0);
- 	}
- }
- 
-+static void *default_alloc(void *ctx, void *p, int n)
-+{
-+	return realloc(p, (size_t)n);
-+}
-+
-+Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
-+{
-+	return regcompx(default_alloc, NULL, pattern, cflags, errorp);
-+}
-+
-+void regfree(Reprog *prog)
-+{
-+	regfreex(default_alloc, NULL, prog);
-+}
-+
- /* Match */
- 
- static int isnewline(int c)
-diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h
-index 4bb4615..6bb73e8 100644
---- a/thirdparty/mujs/regexp.h
-+++ b/thirdparty/mujs/regexp.h
-@@ -1,6 +1,8 @@
- #ifndef regexp_h
- #define regexp_h
- 
-+#define regcompx js_regcompx
-+#define regfreex js_regfreex
- #define regcomp js_regcomp
- #define regexec js_regexec
- #define regfree js_regfree
-@@ -8,6 +10,11 @@
- typedef struct Reprog Reprog;
- typedef struct Resub Resub;
- 
-+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+	const char *pattern, int cflags, const char **errorp);
-+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+	Reprog *prog);
-+
- Reprog *regcomp(const char *pattern, int cflags, const char **errorp);
- int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);
- void regfree(Reprog *prog);
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
deleted file mode 100644
index d73849262c..0000000000
--- a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2016-10133:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697401
-http://seclists.org/oss-sec/2017/q1/74
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
-
-Patch lifted from upstream source repository:
-
-https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
-
-From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@gmail.com>
-Date: Thu, 12 Jan 2017 14:47:01 +0100
-Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
- lightweight functions.
-
----
- thirdparty/mujs/jsrun.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
-index ee80845..782a6f9 100644
---- a/thirdparty/mujs/jsrun.c
-+++ b/thirdparty/mujs/jsrun.c
-@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
- 	jsR_savescope(J, scope);
- 
- 	if (n > F->numparams) {
--		js_pop(J, F->numparams - n);
-+		js_pop(J, n - F->numparams);
- 		n = F->numparams;
- 	}
- 	for (i = n; i < F->varlen; ++i)
--- 
-2.9.1
-
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 0882d3b942..5ccaa38eea 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -531,7 +531,7 @@ extracting content or merging files.")
 (define-public mupdf
   (package
     (name "mupdf")
-    (version "1.10a")
+    (version "1.11")
     (source
       (origin
         (method url-fetch)
@@ -539,10 +539,8 @@ extracting content or merging files.")
                             name "-" version "-source.tar.gz"))
         (sha256
          (base32
-          "0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a"))
-        (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
-                                 "mupdf-mujs-CVE-2016-10132.patch"
-                                 "mupdf-mujs-CVE-2016-10133.patch"))
+          "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
+        (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
         (modules '((guix build utils)))
         (snippet
             ;; Delete all the bundled libraries except for mujs, which is
@@ -554,7 +552,7 @@ extracting content or merging files.")
                          "thirdparty/glfw"
                          "thirdparty/harfbuzz"
                          "thirdparty/jbig2dec"
-                         "thirdparty/jpeg"
+                         "thirdparty/libjpeg"
                          "thirdparty/openjpeg"
                          "thirdparty/zlib")))))
     (build-system gnu-build-system)