From 07dfc89859a3539100a23c8acc0d643f4f7cb99d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 18 Oct 2017 22:15:09 +0200 Subject: gnu: mupdf: Fix CVE-2017-15587. * gnu/packages/patches/mupdf-CVE-2017-15587.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (mupdf)[source](patches): Use it. --- gnu/local.mk | 1 + gnu/packages/patches/mupdf-CVE-2017-15587.patch | 21 +++++++++++++++++++++ gnu/packages/pdf.scm | 3 ++- 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/mupdf-CVE-2017-15587.patch diff --git a/gnu/local.mk b/gnu/local.mk index e2f31c27bf..45adc73f20 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -877,6 +877,7 @@ dist_patch_DATA = \ %D%/packages/patches/mozjs38-version-detection.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ + %D%/packages/patches/mupdf-CVE-2017-15587.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch b/gnu/packages/patches/mupdf-CVE-2017-15587.patch new file mode 100644 index 0000000000..5da7737ea1 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-15587.patch @@ -0,0 +1,21 @@ +Fix CVE-2017-15587. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587 +https://nandynarwhals.org/CVE-2017-15587/ + +Copied from upstream: + + +diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c +index 66bd0ed..6292793 100644 +--- a/source/pdf/pdf-xref.c ++++ b/source/pdf/pdf-xref.c +@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz + pdf_xref_entry *table; + int i, n; + +- if (i0 < 0 || i1 < 0) ++ if (i0 < 0 || i1 < 0 || (i0+i1) < 0) + fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); + //if (i0 + i1 > pdf_xref_len(ctx, doc)) + // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 98df90e2d4..56f5486791 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -540,7 +540,8 @@ extracting content or merging files.") (sha256 (base32 "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510")) - (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch")) + (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" + "mupdf-CVE-2017-15587.patch")) (modules '((guix build utils))) (snippet ;; Delete all the bundled libraries except for mujs, which is -- cgit v1.2.3