aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk4
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-5896.patch63
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-5991.patch101
-rw-r--r--gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch16
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch188
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch36
-rw-r--r--gnu/packages/pdf.scm10
7 files changed, 11 insertions, 407 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 82e94171b8..c78eeb5e8d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -785,10 +785,6 @@ dist_patch_DATA = \
%D%/packages/patches/multiqc-fix-git-subprocess-error.patch \
%D%/packages/patches/mumps-build-parallelism.patch \
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
- %D%/packages/patches/mupdf-mujs-CVE-2016-10132.patch \
- %D%/packages/patches/mupdf-mujs-CVE-2016-10133.patch \
- %D%/packages/patches/mupdf-CVE-2017-5896.patch \
- %D%/packages/patches/mupdf-CVE-2017-5991.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/musl-CVE-2016-8859.patch \
%D%/packages/patches/mutt-store-references.patch \
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5896.patch b/gnu/packages/patches/mupdf-CVE-2017-5896.patch
deleted file mode 100644
index 1537ecc896..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-5896.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix CVE-2017-5896:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697515
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5896
-http://www.openwall.com/lists/oss-security/2017/02/10/1
-https://security-tracker.debian.org/tracker/CVE-2017-5896
-https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
-
-From 2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 Mon Sep 17 00:00:00 2001
-From: Robin Watts <Robin.Watts@artifex.com>
-Date: Thu, 9 Feb 2017 07:12:16 -0800
-Subject: [PATCH] bug 697515: Fix out of bounds read in fz_subsample_pixmap
-
-Pointer arithmetic for final special case was going wrong.
----
- source/fitz/pixmap.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c
-index a8317127..f1291dc2 100644
---- a/source/fitz/pixmap.c
-+++ b/source/fitz/pixmap.c
-@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
- "@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
- "ldr r4, [r13,#4*22] @ r4 = divXY \n"
- "ldr r5, [r13,#4*11] @ for (nn = n; nn > 0; n--) { \n"
-+ "ldr r8, [r13,#4*17] @ r8 = back4 \n"
- "18: @ \n"
- "mov r14,#0 @ r14= v = 0 \n"
- "sub r5, r5, r1, LSL #8 @ for (xx = x; xx > 0; x--) { \n"
-@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
- "mul r14,r4, r14 @ r14= v *= divX \n"
- "mov r14,r14,LSR #16 @ r14= v >>= 16 \n"
- "strb r14,[r9], #1 @ *d++ = r14 \n"
-- "sub r0, r0, r8 @ s -= back2 \n"
-+ "sub r0, r0, r8 @ s -= back4 \n"
- "subs r5, r5, #1 @ n-- \n"
- "bgt 18b @ } \n"
- "21: @ \n"
-@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
- x += f;
- if (x > 0)
- {
-+ int back4 = x * n - 1;
- div = x * y;
- for (nn = n; nn > 0; nn--)
- {
-@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
- s -= back5;
- }
- *d++ = v / div;
-- s -= back2;
-+ s -= back4;
- }
- }
- }
---
-2.12.0
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5991.patch b/gnu/packages/patches/mupdf-CVE-2017-5991.patch
deleted file mode 100644
index 1fa6dc3466..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-5991.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-Fix CVE-2017-5991:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697500
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5991
-https://security-tracker.debian.org/tracker/CVE-2017-5991
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
-
-From 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Mon Sep 17 00:00:00 2001
-From: Robin Watts <robin.watts@artifex.com>
-Date: Thu, 9 Feb 2017 15:49:15 +0000
-Subject: [PATCH] Bug 697500: Fix NULL ptr access.
-
-Cope better with errors during rendering - avoid letting the
-gstate stack get out of sync.
-
-This avoids us ever getting into the situation of popping
-a clip when we should be popping a mask or a group. This was
-causing an unexpected case in the painting.
----
- source/pdf/pdf-op-run.c | 26 ++++++++++++++++++--------
- 1 file changed, 18 insertions(+), 8 deletions(-)
-
-diff --git a/source/pdf/pdf-op-run.c b/source/pdf/pdf-op-run.c
-index a3ea895d..f1eac8d3 100644
---- a/source/pdf/pdf-op-run.c
-+++ b/source/pdf/pdf-op-run.c
-@@ -1213,6 +1213,7 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- pdf_run_processor *pr = (pdf_run_processor *)proc;
- pdf_gstate *gstate = NULL;
- int oldtop = 0;
-+ int oldbot = -1;
- fz_matrix local_transform = *transform;
- softmask_save softmask = { NULL };
- int gparent_save;
-@@ -1232,16 +1233,17 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- fz_var(cleanup_state);
- fz_var(gstate);
- fz_var(oldtop);
-+ fz_var(oldbot);
-
- gparent_save = pr->gparent;
- pr->gparent = pr->gtop;
-+ oldtop = pr->gtop;
-
- fz_try(ctx)
- {
- pdf_gsave(ctx, pr);
-
- gstate = pr->gstate + pr->gtop;
-- oldtop = pr->gtop;
-
- pdf_xobject_bbox(ctx, xobj, &xobj_bbox);
- pdf_xobject_matrix(ctx, xobj, &xobj_matrix);
-@@ -1302,12 +1304,25 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
-
- doc = pdf_get_bound_document(ctx, xobj->obj);
-
-+ oldbot = pr->gbot;
-+ pr->gbot = pr->gtop;
-+
- pdf_process_contents(ctx, (pdf_processor*)pr, doc, resources, xobj->obj, NULL);
- }
- fz_always(ctx)
- {
-+ /* Undo any gstate mismatches due to the pdf_process_contents call */
-+ if (oldbot != -1)
-+ {
-+ while (pr->gtop > pr->gbot)
-+ {
-+ pdf_grestore(ctx, pr);
-+ }
-+ pr->gbot = oldbot;
-+ }
-+
- if (cleanup_state >= 3)
-- pdf_grestore(ctx, pr); /* Remove the clippath */
-+ pdf_grestore(ctx, pr); /* Remove the state we pushed for the clippath */
-
- /* wrap up transparency stacks */
- if (transparency)
-@@ -1341,13 +1356,8 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- pr->gstate[pr->gparent].ctm = gparent_save_ctm;
- pr->gparent = gparent_save;
-
-- if (gstate)
-- {
-- while (oldtop < pr->gtop)
-- pdf_grestore(ctx, pr);
--
-+ while (oldtop < pr->gtop)
- pdf_grestore(ctx, pr);
-- }
-
- pdf_unmark_obj(ctx, xobj->obj);
- }
---
-2.12.0
-
diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
index d97c1cb348..0b5b735ff3 100644
--- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
+++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
@@ -13,17 +13,15 @@ diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
index 6b92e5c..72dea50 100644
--- a/source/fitz/load-jpx.c
+++ b/source/fitz/load-jpx.c
-@@ -1,13 +1,5 @@
- #include "mupdf/fitz.h"
+@@ -444,11 +444,6 @@
+
+ #else /* HAVE_LURATECH */
--/* Without the definition of OPJ_STATIC, compilation fails on windows
-- * due to the use of __stdcall. We believe it is required on some
-- * linux toolchains too. */
-#define OPJ_STATIC
--#ifndef _MSC_VER
+-#define OPJ_HAVE_INTTYPES_H
+-#if !defined(_WIN32) && !defined(_WIN64)
-#define OPJ_HAVE_STDINT_H
-#endif
--
- #include <openjpeg.h>
+ #define USE_JPIP
- static void fz_opj_error_callback(const char *msg, void *client_data)
+ #include <openjpeg.h>
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
deleted file mode 100644
index e752e57ec5..0000000000
--- a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-Fix CVE-2016-10132:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697381
-http://seclists.org/oss-sec/2017/q1/74
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
-
-From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor@ccxvii.net>
-Date: Fri, 2 Dec 2016 14:56:20 -0500
-Subject: [PATCH] Fix 697381: check allocation when compiling regular
- expressions.
-
-Also use allocator callback function.
----
- thirdparty/mujs/jsgc.c | 2 +-
- thirdparty/mujs/jsregexp.c | 2 +-
- thirdparty/mujs/jsstate.c | 6 ------
- thirdparty/mujs/regexp.c | 45 +++++++++++++++++++++++++++++++++++----------
- thirdparty/mujs/regexp.h | 7 +++++++
- 5 files changed, 44 insertions(+), 18 deletions(-)
-
-diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c
-index 4f7e7dc..f80111e 100644
---- a/thirdparty/mujs/jsgc.c
-+++ b/thirdparty/mujs/jsgc.c
-@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
- jsG_freeproperty(J, obj->head);
- if (obj->type == JS_CREGEXP) {
- js_free(J, obj->u.r.source);
-- js_regfree(obj->u.r.prog);
-+ js_regfreex(J->alloc, J->actx, obj->u.r.prog);
- }
- if (obj->type == JS_CITERATOR)
- jsG_freeiterator(J, obj->u.iter.head);
-diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c
-index a2d5156..7b09c06 100644
---- a/thirdparty/mujs/jsregexp.c
-+++ b/thirdparty/mujs/jsregexp.c
-@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
- if (flags & JS_REGEXP_I) opts |= REG_ICASE;
- if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;
-
-- prog = js_regcomp(pattern, opts, &error);
-+ prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);
- if (!prog)
- js_syntaxerror(J, "regular expression: %s", error);
-
-diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c
-index 638cab3..fd5bcf6 100644
---- a/thirdparty/mujs/jsstate.c
-+++ b/thirdparty/mujs/jsstate.c
-@@ -9,12 +9,6 @@
-
- static void *js_defaultalloc(void *actx, void *ptr, int size)
- {
-- if (size == 0) {
-- free(ptr);
-- return NULL;
-- }
-- if (!ptr)
-- return malloc((size_t)size);
- return realloc(ptr, (size_t)size);
- }
-
-diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c
-index 9852be2..01c18a3 100644
---- a/thirdparty/mujs/regexp.c
-+++ b/thirdparty/mujs/regexp.c
-@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog)
- }
- #endif
-
--Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
-+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+ const char *pattern, int cflags, const char **errorp)
- {
- struct cstate g;
- Renode *node;
- Reinst *split, *jump;
- int i;
-
-- g.prog = malloc(sizeof (Reprog));
-- g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);
-+ g.pstart = NULL;
-+ g.prog = NULL;
-
- if (setjmp(g.kaboom)) {
- if (errorp) *errorp = g.error;
-- free(g.pstart);
-- free(g.prog);
-+ alloc(ctx, g.pstart, 0);
-+ alloc(ctx, g.prog, 0);
- return NULL;
- }
-
-+ g.prog = alloc(ctx, NULL, sizeof (Reprog));
-+ if (!g.prog)
-+ die(&g, "cannot allocate regular expression");
-+ g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);
-+ if (!g.pstart)
-+ die(&g, "cannot allocate regular expression parse list");
-+
- g.source = pattern;
- g.ncclass = 0;
- g.nsub = 1;
-@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
- die(&g, "syntax error");
-
- g.prog->nsub = g.nsub;
-- g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));
-+ g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));
-+ if (!g.prog->start)
-+ die(&g, "cannot allocate regular expression instruction list");
-
- split = emit(g.prog, I_SPLIT);
- split->x = split + 3;
-@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
- dumpprog(g.prog);
- #endif
-
-- free(g.pstart);
-+ alloc(ctx, g.pstart, 0);
-
- if (errorp) *errorp = NULL;
- return g.prog;
- }
-
--void regfree(Reprog *prog)
-+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)
- {
- if (prog) {
-- free(prog->start);
-- free(prog);
-+ alloc(ctx, prog->start, 0);
-+ alloc(ctx, prog, 0);
- }
- }
-
-+static void *default_alloc(void *ctx, void *p, int n)
-+{
-+ return realloc(p, (size_t)n);
-+}
-+
-+Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
-+{
-+ return regcompx(default_alloc, NULL, pattern, cflags, errorp);
-+}
-+
-+void regfree(Reprog *prog)
-+{
-+ regfreex(default_alloc, NULL, prog);
-+}
-+
- /* Match */
-
- static int isnewline(int c)
-diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h
-index 4bb4615..6bb73e8 100644
---- a/thirdparty/mujs/regexp.h
-+++ b/thirdparty/mujs/regexp.h
-@@ -1,6 +1,8 @@
- #ifndef regexp_h
- #define regexp_h
-
-+#define regcompx js_regcompx
-+#define regfreex js_regfreex
- #define regcomp js_regcomp
- #define regexec js_regexec
- #define regfree js_regfree
-@@ -8,6 +10,11 @@
- typedef struct Reprog Reprog;
- typedef struct Resub Resub;
-
-+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+ const char *pattern, int cflags, const char **errorp);
-+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+ Reprog *prog);
-+
- Reprog *regcomp(const char *pattern, int cflags, const char **errorp);
- int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);
- void regfree(Reprog *prog);
---
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
deleted file mode 100644
index d73849262c..0000000000
--- a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2016-10133:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697401
-http://seclists.org/oss-sec/2017/q1/74
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
-
-Patch lifted from upstream source repository:
-
-https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
-
-From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@gmail.com>
-Date: Thu, 12 Jan 2017 14:47:01 +0100
-Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
- lightweight functions.
-
----
- thirdparty/mujs/jsrun.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
-index ee80845..782a6f9 100644
---- a/thirdparty/mujs/jsrun.c
-+++ b/thirdparty/mujs/jsrun.c
-@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
- jsR_savescope(J, scope);
-
- if (n > F->numparams) {
-- js_pop(J, F->numparams - n);
-+ js_pop(J, n - F->numparams);
- n = F->numparams;
- }
- for (i = n; i < F->varlen; ++i)
---
-2.9.1
-
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 0882d3b942..5ccaa38eea 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -531,7 +531,7 @@ extracting content or merging files.")
(define-public mupdf
(package
(name "mupdf")
- (version "1.10a")
+ (version "1.11")
(source
(origin
(method url-fetch)
@@ -539,10 +539,8 @@ extracting content or merging files.")
name "-" version "-source.tar.gz"))
(sha256
(base32
- "0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a"))
- (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
- "mupdf-mujs-CVE-2016-10132.patch"
- "mupdf-mujs-CVE-2016-10133.patch"))
+ "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
+ (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
(modules '((guix build utils)))
(snippet
;; Delete all the bundled libraries except for mujs, which is
@@ -554,7 +552,7 @@ extracting content or merging files.")
"thirdparty/glfw"
"thirdparty/harfbuzz"
"thirdparty/jbig2dec"
- "thirdparty/jpeg"
+ "thirdparty/libjpeg"
"thirdparty/openjpeg"
"thirdparty/zlib")))))
(build-system gnu-build-system)