Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mupdf for openSUSE:Factory checked in at 2026-02-17 16:52:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mupdf (Old) and /work/SRC/openSUSE:Factory/.mupdf.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mupdf" Tue Feb 17 16:52:53 2026 rev:71 rq:1333519 version:1.27.1 Changes: -------- --- /work/SRC/openSUSE:Factory/mupdf/mupdf.changes 2025-07-30 11:44:47.785278776 +0200 +++ /work/SRC/openSUSE:Factory/.mupdf.new.1977/mupdf.changes 2026-02-17 16:58:16.662830794 +0100 @@ -1,0 +2,21 @@ +Fri Feb 13 15:28:59 UTC 2026 - Yunus Acar <[email protected]> + +- Update to 1.27.1: + * Several optimizations, tweaks, and fixes to the structured text + device text extraction. + * Improve table-hunting code in structured text device. + * Import image-rafting code from layout project to the structured + text device. + * Fix bug causing FitR link destination rectangles to remain + untransformed. + * Fix bug causing xps rendering to enter eternal loop. +- For changes in 1.27.0 and older see + https://mupdf.com/releases/history +- CVE-2025-55780: null pointer dereference occurs in the function + break_word_for_overflow_wrap() (bsc#1250443) + Fixed by update +- CVE-2026-25556: double-free in fz_fill_pixmap_from_display_list() + (bsc#1257944) + Add cve-2026-25556.patch (upstream) + +------------------------------------------------------------------- Old: ---- mupdf-1.26.3-source.tar.gz New: ---- cve-2026-25556.patch mupdf-1.27.1-source.tar.gz ----------(New B)---------- New: (bsc#1257944) Add cve-2026-25556.patch (upstream) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mupdf.spec ++++++ --- /var/tmp/diff_new_pack.brJ8Rt/_old 2026-02-17 16:58:19.854964539 +0100 +++ /var/tmp/diff_new_pack.brJ8Rt/_new 2026-02-17 16:58:19.858964707 +0100 @@ -1,7 +1,7 @@ # # spec file for package mupdf # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2011 Guido Berhoerster. # # All modifications and additions to the file contributed by third parties @@ -21,7 +21,7 @@ %define gcc_ver 11 %endif Name: mupdf -Version: 1.26.3 +Version: 1.27.1 Release: 0 Summary: PDF and XPS Viewer and Parser and Rendering Library License: AGPL-3.0-or-later @@ -31,6 +31,8 @@ Source1: %{name}.desktop Source2: %{name}-gl.desktop Patch0: mupdf-no-strip.patch +# PATCH-FIX-UPSTREAM cve-2026-25556.patch -- based on commit d4743b6092d513321c23c6f7fe5cff87cde043c1 +Patch1: cve-2026-25556.patch BuildRequires: Mesa-libGL-devel BuildRequires: desktop-file-utils BuildRequires: fdupes ++++++ cve-2026-25556.patch ++++++ >From d4743b6092d513321c23c6f7fe5cff87cde043c1 Mon Sep 17 00:00:00 2001 From: Robin Watts <[email protected]> Date: Mon, 12 Jan 2026 19:08:56 +0000 Subject: Bug 709029: Fix incorrect error-case free of pixmap. Don't free a pixmap we don't own! --- source/fitz/util.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/source/fitz/util.c b/source/fitz/util.c index 7710124cc..90226a5c1 100644 --- a/source/fitz/util.c +++ b/source/fitz/util.c @@ -119,7 +119,15 @@ fz_new_pixmap_from_display_list_with_separations(fz_context *ctx, fz_display_lis else fz_clear_pixmap_with_value(ctx, pix, 0xFF); - return fz_fill_pixmap_from_display_list(ctx, list, ctm, pix); + fz_try(ctx) + fz_fill_pixmap_from_display_list(ctx, list, ctm, pix); + fz_catch(ctx) + { + fz_drop_pixmap(ctx, pix); + fz_rethrow(ctx); + } + + return pix; } fz_pixmap * @@ -136,14 +144,9 @@ fz_fill_pixmap_from_display_list(fz_context *ctx, fz_display_list *list, fz_matr fz_close_device(ctx, dev); } fz_always(ctx) - { fz_drop_device(ctx, dev); - } fz_catch(ctx) - { - fz_drop_pixmap(ctx, pix); fz_rethrow(ctx); - } return pix; } -- cgit v1.2.3 ++++++ mupdf-1.26.3-source.tar.gz -> mupdf-1.27.1-source.tar.gz ++++++ /work/SRC/openSUSE:Factory/mupdf/mupdf-1.26.3-source.tar.gz /work/SRC/openSUSE:Factory/.mupdf.new.1977/mupdf-1.27.1-source.tar.gz differ: char 5, line 1
