aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-10-18 22:15:09 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-10-18 22:15:09 +0200
commit07dfc89859a3539100a23c8acc0d643f4f7cb99d (patch)
tree1f085d184d907637a519adbe89c7e76458750de9
parentdc1d06ba9e658e6eb0e9d2d3195d33957d40a06d (diff)
downloadpatches-07dfc89859a3539100a23c8acc0d643f4f7cb99d.tar
patches-07dfc89859a3539100a23c8acc0d643f4f7cb99d.tar.gz
gnu: mupdf: Fix CVE-2017-15587.
* gnu/packages/patches/mupdf-CVE-2017-15587.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (mupdf)[source](patches): Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-15587.patch21
-rw-r--r--gnu/packages/pdf.scm3
3 files changed, 24 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index e2f31c27bf..45adc73f20 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -877,6 +877,7 @@ dist_patch_DATA = \
%D%/packages/patches/mozjs38-version-detection.patch \
%D%/packages/patches/mumps-build-parallelism.patch \
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
+ %D%/packages/patches/mupdf-CVE-2017-15587.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/musl-CVE-2016-8859.patch \
%D%/packages/patches/mutt-store-references.patch \
diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch b/gnu/packages/patches/mupdf-CVE-2017-15587.patch
new file mode 100644
index 0000000000..5da7737ea1
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2017-15587.patch
@@ -0,0 +1,21 @@
+Fix CVE-2017-15587.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
+https://nandynarwhals.org/CVE-2017-15587/
+
+Copied from upstream:
+<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
+
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 66bd0ed..6292793 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
+ pdf_xref_entry *table;
+ int i, n;
+
+- if (i0 < 0 || i1 < 0)
++ if (i0 < 0 || i1 < 0 || (i0+i1) < 0)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
+ //if (i0 + i1 > pdf_xref_len(ctx, doc))
+ // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 98df90e2d4..56f5486791 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -540,7 +540,8 @@ extracting content or merging files.")
(sha256
(base32
"02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
- (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
+ (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
+ "mupdf-CVE-2017-15587.patch"))
(modules '((guix build utils)))
(snippet
;; Delete all the bundled libraries except for mujs, which is