guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: mupdf: Update to 1.12.0 [fixes CVE-2017-15369].


From: Leo Famulari
Subject: 01/01: gnu: mupdf: Update to 1.12.0 [fixes CVE-2017-15369].
Date: Thu, 21 Dec 2017 02:01:11 -0500 (EST)

lfam pushed a commit to branch master
in repository guix.

commit dab2542f845bf1b6b7761f1be6fc55b9259238fe
Author: Leo Famulari <address@hidden>
Date:   Thu Dec 21 01:53:48 2017 -0500

    gnu: mupdf: Update to 1.12.0 [fixes CVE-2017-15369].
    
    * gnu/packages/pdf.scm (mupdf): Update to 1.12.0.
    [source]: Remove obsolete patches.
    [inputs]: Add freeglut.
    * gnu/packages/patches/mupdf-CVE-2017-14685.patch,
    gnu/packages/patches/mupdf-CVE-2017-14686.patch,
    gnu/packages/patches/mupdf-CVE-2017-14687.patch,
    gnu/packages/patches/mupdf-CVE-2017-15587.patch: Delete files.
    * gnu/local.mk (dist_patch_DATA): Remove them.
    * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Update and
    rename to...
    * gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch: ... new file.
---
 gnu/local.mk                                       |   6 +-
 gnu/packages/patches/mupdf-CVE-2017-14685.patch    |  34 ------
 gnu/packages/patches/mupdf-CVE-2017-14686.patch    |  34 ------
 gnu/packages/patches/mupdf-CVE-2017-14687.patch    | 130 ---------------------
 gnu/packages/patches/mupdf-CVE-2017-15587.patch    |  25 ----
 ...atch => mupdf-build-with-latest-openjpeg.patch} |   8 +-
 gnu/packages/pdf.scm                               |  13 +--
 7 files changed, 10 insertions(+), 240 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index f583a61..8ffcc58 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -897,11 +897,7 @@ dist_patch_DATA =                                          
\
   %D%/packages/patches/mozjs38-tracelogger.patch               \
   %D%/packages/patches/mozjs38-version-detection.patch         \
   %D%/packages/patches/mumps-build-parallelism.patch           \
-  %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch     \
-  %D%/packages/patches/mupdf-CVE-2017-14685.patch              \
-  %D%/packages/patches/mupdf-CVE-2017-14686.patch              \
-  %D%/packages/patches/mupdf-CVE-2017-14687.patch              \
-  %D%/packages/patches/mupdf-CVE-2017-15587.patch              \
+  %D%/packages/patches/mupdf-build-with-latest-openjpeg.patch  \
   %D%/packages/patches/mupen64plus-ui-console-notice.patch     \
   %D%/packages/patches/mutt-store-references.patch             \
   %D%/packages/patches/ncurses-CVE-2017-10684-10685.patch      \
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14685.patch 
b/gnu/packages/patches/mupdf-CVE-2017-14685.patch
deleted file mode 100644
index 3fcce5f..0000000
--- a/gnu/packages/patches/mupdf-CVE-2017-14685.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-14685:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
-
-From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
-From: Tor Andersson <address@hidden>
-Date: Tue, 19 Sep 2017 15:23:04 +0200
-Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
-
-xps_load_links_in_glyphs did not cope with font loading failures.
----
- source/xps/xps-link.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
-index c07e0d7..c26a8d9 100644
---- a/source/xps/xps-link.c
-+++ b/source/xps/xps-link.c
-@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, 
const fz_matrix *ct
-                       bidi_level = atoi(bidi_level_att);
- 
-               font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, 
style_att);
-+              if (!font)
-+                      return;
-               text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, 
fz_atof(font_size_att),
-                               fz_atof(origin_x_att), fz_atof(origin_y_att),
-                               is_sideways, bidi_level, indices_att, 
unicode_att);
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14686.patch 
b/gnu/packages/patches/mupdf-CVE-2017-14686.patch
deleted file mode 100644
index e462a6f..0000000
--- a/gnu/packages/patches/mupdf-CVE-2017-14686.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-14686:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
-
-From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <address@hidden>
-Date: Tue, 19 Sep 2017 16:33:38 +0200
-Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs.
-
----
- source/fitz/unzip.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
-index f2d4f32..0bcce0f 100644
---- a/source/fitz/unzip.c
-+++ b/source/fitz/unzip.c
-@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, 
fz_zip_archive *zip, int start_off
-               (void) fz_read_int32_le(ctx, file); /* ext file atts */
-               offset = fz_read_int32_le(ctx, file);
- 
-+              if (namesize < 0 || metasize < 0 || commentsize < 0)
-+                      fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip 
entry");
-+
-               name = fz_malloc(ctx, namesize + 1);
-               n = fz_read(ctx, file, (unsigned char*)name, namesize);
-               if (n < (size_t)namesize)
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14687.patch 
b/gnu/packages/patches/mupdf-CVE-2017-14687.patch
deleted file mode 100644
index cdc41df..0000000
--- a/gnu/packages/patches/mupdf-CVE-2017-14687.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-Fix CVE-2017-14687:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
-
-From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <address@hidden>
-Date: Tue, 19 Sep 2017 17:17:12 +0200
-Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.
-
-Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
----
- source/html/css-apply.c   | 2 +-
- source/svg/svg-run.c      | 2 +-
- source/xps/xps-common.c   | 6 +++---
- source/xps/xps-glyphs.c   | 2 +-
- source/xps/xps-path.c     | 4 ++--
- source/xps/xps-resource.c | 2 +-
- 6 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/source/html/css-apply.c b/source/html/css-apply.c
-index de55490..6a91df0 100644
---- a/source/html/css-apply.c
-+++ b/source/html/css-apply.c
-@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
- 
-       if (sel->name)
-       {
--              if (strcmp(sel->name, fz_xml_tag(node)))
-+              if (!fz_xml_is_tag(node, sel->name))
-                       return 0;
-       }
- 
-diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
-index f974c67..5302c64 100644
---- a/source/svg/svg-run.c
-+++ b/source/svg/svg-run.c
-@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, 
svg_document *doc, fz_xml *root, co
-               fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att 
+ 1);
-               if (linked)
-               {
--                      if (!strcmp(fz_xml_tag(linked), "symbol"))
-+                      if (fz_xml_is_tag(linked, "symbol"))
-                               svg_run_use_symbol(ctx, dev, doc, root, linked, 
&local_state);
-                       else
-                               svg_run_element(ctx, dev, doc, linked, 
&local_state);
-diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
-index cc7fed9..f2f9b93 100644
---- a/source/xps/xps-common.c
-+++ b/source/xps/xps-common.c
-@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const 
fz_matrix *ctm, const
-       else if (fz_xml_is_tag(node, "RadialGradientBrush"))
-               xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, 
dict, node);
-       else
--              fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
-+              fz_warn(ctx, "unknown brush tag");
- }
- 
- void
-@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const 
fz_matrix *ctm, cons
-       if (opacity_att)
-               opacity = fz_atof(opacity_att);
- 
--      if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), 
"SolidColorBrush"))
-+      if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
-       {
-               char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
-               char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
-@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char 
*base_uri, xps_resource
- 
-       if (opacity_mask_tag)
-       {
--              if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
-+              if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
-                       fz_pop_clip(ctx, dev);
-       }
- }
-diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
-index 29dc5b3..5b26d78 100644
---- a/source/xps/xps-glyphs.c
-+++ b/source/xps/xps-glyphs.c
-@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const 
fz_matrix *ctm,
- 
-       /* If it's a solid color brush fill/stroke do a simple fill */
- 
--      if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
-+      if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
-       {
-               fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
-               fill_att = fz_xml_att(fill_tag, "Color");
-diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
-index 6faeb0c..021d202 100644
---- a/source/xps/xps-path.c
-+++ b/source/xps/xps-path.c
-@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const 
fz_matrix *ctm, char *b
-       if (!data_att && !data_tag)
-               return;
- 
--      if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
-+      if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
-       {
-               fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
-               fill_att = fz_xml_att(fill_tag, "Color");
-               fill_tag = NULL;
-       }
- 
--      if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
-+      if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
-       {
-               stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
-               stroke_att = fz_xml_att(stroke_tag, "Color");
-diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
-index c2292e6..8e81ab8 100644
---- a/source/xps/xps-resource.c
-+++ b/source/xps/xps-resource.c
-@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, 
xps_document *doc, char *b
-       if (!xml)
-               return NULL;
- 
--      if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
-+      if (!fz_xml_is_tag(xml, "ResourceDictionary"))
-       {
-               fz_drop_xml(ctx, xml);
-               fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary 
element");
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch 
b/gnu/packages/patches/mupdf-CVE-2017-15587.patch
deleted file mode 100644
index 7d24666..0000000
--- a/gnu/packages/patches/mupdf-CVE-2017-15587.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fix CVE-2017-15587.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
-https://nandynarwhals.org/CVE-2017-15587/
-
-This patch is these two upstream commits squashed together:
-<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
-<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232>
-
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 66bd0ed8..89499e61 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document 
*doc, fz_stream *stm, fz
-       pdf_xref_entry *table;
-       int i, n;
- 
--      if (i0 < 0 || i1 < 0)
-+      if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
-               fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry 
index");
-       //if (i0 + i1 > pdf_xref_len(ctx, doc))
-       //      fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many 
entries");
--- 
-2.15.0
-
diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch 
b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
similarity index 69%
rename from gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
rename to gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
index 0b5b735..d5c9c60 100644
--- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
+++ b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
@@ -1,4 +1,4 @@
-Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest
+Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest
 release series and contains many important bug fixes.
 
 Patch adapted from Debian:
@@ -10,16 +10,16 @@ And related to this upstream commit:
 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da
 
 diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
-index 6b92e5c..72dea50 100644
+index 65699ba..ea84778 100644
 --- a/source/fitz/load-jpx.c
 +++ b/source/fitz/load-jpx.c
-@@ -444,11 +444,6 @@
+@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char 
*data, size_t size, int *w
  
  #else /* HAVE_LURATECH */
  
 -#define OPJ_STATIC
 -#define OPJ_HAVE_INTTYPES_H
--#if !defined(_WIN32) && !defined(_WIN64)
+-#if !defined(_MSC_VER) || _MSC_VER >= 1600
 -#define OPJ_HAVE_STDINT_H
 -#endif
  #define USE_JPIP
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 84b9261..335d0b2 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -567,25 +567,22 @@ extracting content or merging files.")
 (define-public mupdf
   (package
     (name "mupdf")
-    (version "1.11")
+    (version "1.12.0")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "https://mupdf.com/downloads/archive/";
-                            name "-" version "-source.tar.gz"))
+                            name "-" version "-source.tar.xz"))
+        (patches (search-patches "mupdf-build-with-latest-openjpeg.patch"))
         (sha256
          (base32
-          "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
-        (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
-                                 "mupdf-CVE-2017-14685.patch"
-                                 "mupdf-CVE-2017-14686.patch"
-                                 "mupdf-CVE-2017-14687.patch"
-                                 "mupdf-CVE-2017-15587.patch"))
+          "0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp"))
         (modules '((guix build utils)))
         (snippet '(delete-file-recursively "thirdparty"))))
     (build-system gnu-build-system)
     (inputs
       `(("curl" ,curl)
+        ("freeglut" ,freeglut)
         ("freetype" ,freetype)
         ("harfbuzz" ,harfbuzz)
         ("jbig2dec" ,jbig2dec)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]