diff options
Diffstat (limited to 'office/mupdf')
-rw-r--r-- | office/mupdf/mupdf.SlackBuild | 21 | ||||
-rw-r--r-- | office/mupdf/xps_parse_color_overflow_fix.diff | 60 |
2 files changed, 80 insertions, 1 deletions
diff --git a/office/mupdf/mupdf.SlackBuild b/office/mupdf/mupdf.SlackBuild index e7d9d94b8623..f7e98c4bdb83 100644 --- a/office/mupdf/mupdf.SlackBuild +++ b/office/mupdf/mupdf.SlackBuild @@ -17,9 +17,23 @@ # - Updated README & slack-desc to mention XPS and CBZ # - Fix the man pages slightly +# Modified 20140224 by B. Watson (yalhcru@gmail.com): +# - backported security fix for CVE-2014-2013. I will be upgrading this +# build to mupdf-1.3, but it'll take more work than I currently have +# time for: +# + mupdf's internals have changed, will have to redo my patches +# + it depends on openjpeg 2.0 which SBo hasn't got yet. 2.0 uses an +# incompatible API, so an openjpeg 2.0 SlackBuild would require +# updates for everything that depends on it. +# + zathura-pdf-mupdf will need updating (mupdf's API has changed) +# + probably all the other zathura-* builds will need updating to +# be compatible with new zathura-pdf-mupdf +# The security fix is needed now, it's a tiny patch, and shouldn't have +# to wait on all that other stuff. + PRGNAM=mupdf VERSION=${VERSION:-1.2} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -80,6 +94,11 @@ patch -p1 < $CWD/man_page.diff sed -i 's,libopenjpeg,libopenjpeg1,' Makerules rm -rf thirdparty +# patch from upstream git, fix security vulnerability CVE-2014-2013. +# from here: http://git.ghostscript.com/?p=user/zeniko/mupdf.git;h=60dabde18d +# Patch is for mupdf-1.3, I've backported it to 1.2 for now. +patch -p1 < $CWD/xps_parse_color_overflow_fix.diff + make build=release prefix=/usr XCFLAGS="$SLKCFLAGS" make \ build=release \ diff --git a/office/mupdf/xps_parse_color_overflow_fix.diff b/office/mupdf/xps_parse_color_overflow_fix.diff new file mode 100644 index 000000000000..3995b665ccc7 --- /dev/null +++ b/office/mupdf/xps_parse_color_overflow_fix.diff @@ -0,0 +1,60 @@ +diff -Naur mupdf-1.2-source/xps/xps_common.c mupdf-1.2-source.patched/xps/xps_common.c +--- mupdf-1.2-source/xps/xps_common.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_common.c 2014-02-24 15:25:35.000000000 -0500 +@@ -89,7 +89,7 @@ + if (scb_color_att) + { + fz_colorspace *colorspace; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples); + opacity = opacity * samples[0]; + } +@@ -273,6 +273,11 @@ + + *p++ = 0; + n = count_commas(p) + 1; ++ if (n > FZ_MAX_COLORS) ++ { ++ fz_warn(doc->ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS); ++ n = FZ_MAX_COLORS; ++ } + i = 0; + while (i < n) + { +diff -Naur mupdf-1.2-source/xps/xps_glyphs.c mupdf-1.2-source.patched/xps/xps_glyphs.c +--- mupdf-1.2-source/xps/xps_glyphs.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_glyphs.c 2014-02-24 15:25:57.000000000 -0500 +@@ -591,7 +591,7 @@ + + if (fill_att) + { +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + + xps_parse_color(doc, base_uri, fill_att, &colorspace, samples); +diff -Naur mupdf-1.2-source/xps/xps_gradient.c mupdf-1.2-source.patched/xps/xps_gradient.c +--- mupdf-1.2-source/xps/xps_gradient.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_gradient.c 2014-02-24 15:26:30.000000000 -0500 +@@ -38,7 +38,7 @@ + struct stop *stops, int maxcount) + { + fz_colorspace *colorspace; +- float sample[8]; ++ float sample[FZ_MAX_COLORS]; + float rgb[3]; + int before, after; + int count; +diff -Naur mupdf-1.2-source/xps/xps_path.c mupdf-1.2-source.patched/xps/xps_path.c +--- mupdf-1.2-source/xps/xps_path.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_path.c 2014-02-24 15:27:07.000000000 -0500 +@@ -826,7 +826,7 @@ + + fz_stroke_state *stroke = NULL; + fz_matrix transform; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + fz_path *path; + fz_path *stroke_path = NULL; |