Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=66f0a83a79a365a789f250e928fa9164e5d58b96
commit 66f0a83a79a365a789f250e928fa9164e5d58b96 Author: kikadf <[email protected]> Date: Fri Jun 6 09:50:53 2014 +0200 mupdf-1.1-2arcturus1-x86_64 * Fix CVE-2014-2013 diff --git a/source/xapps-extra/mupdf/CVE-2014-2013.patch b/source/xapps-extra/mupdf/CVE-2014-2013.patch new file mode 100644 index 0000000..d215903 --- /dev/null +++ b/source/xapps-extra/mupdf/CVE-2014-2013.patch @@ -0,0 +1,60 @@ +diff -Naur mupdf-1.1-source/xps/xps_common.c mupdf-1.1-source.new/xps/xps_common.c +--- mupdf-1.1-source/xps/xps_common.c 2012-08-16 15:55:20.000000000 +0200 ++++ mupdf-1.1-source.new/xps/xps_common.c 2014-06-06 09:42:36.926296937 +0200 +@@ -89,7 +89,7 @@ + if (scb_color_att) + { + fz_colorspace *colorspace; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples); + opacity = opacity * samples[0]; + } +@@ -274,6 +274,11 @@ + *p++ = 0; + n = count_commas(p) + 1; + i = 0; ++ if (n > FZ_MAX_COLORS) ++ { ++ fz_warn("ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS); ++ n = FZ_MAX_COLORS; ++ } + while (i < n) + { + samples[i++] = fz_atof(p); +diff -Naur mupdf-1.1-source/xps/xps_glyphs.c mupdf-1.1-source.new/xps/xps_glyphs.c +--- mupdf-1.1-source/xps/xps_glyphs.c 2012-08-16 15:55:20.000000000 +0200 ++++ mupdf-1.1-source.new/xps/xps_glyphs.c 2014-06-06 09:43:25.272596433 +0200 +@@ -587,7 +587,7 @@ + + if (fill_att) + { +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + + xps_parse_color(doc, base_uri, fill_att, &colorspace, samples); +diff -Naur mupdf-1.1-source/xps/xps_gradient.c mupdf-1.1-source.new/xps/xps_gradient.c +--- mupdf-1.1-source/xps/xps_gradient.c 2012-08-16 15:55:20.000000000 +0200 ++++ mupdf-1.1-source.new/xps/xps_gradient.c 2014-06-06 09:44:07.473044212 +0200 +@@ -38,7 +38,7 @@ + struct stop *stops, int maxcount) + { + fz_colorspace *colorspace; +- float sample[8]; ++ float sample[FZ_MAX_COLORS]; + float rgb[3]; + int before, after; + int count; +diff -Naur mupdf-1.1-source/xps/xps_path.c mupdf-1.1-source.new/xps/xps_path.c +--- mupdf-1.1-source/xps/xps_path.c 2012-08-16 15:55:20.000000000 +0200 ++++ mupdf-1.1-source.new/xps/xps_path.c 2014-06-06 09:45:06.635122151 +0200 +@@ -825,7 +825,7 @@ + + fz_stroke_state *stroke = NULL; + fz_matrix transform; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + fz_path *path; + fz_path *stroke_path = NULL; diff --git a/source/xapps-extra/mupdf/FrugalBuild b/source/xapps-extra/mupdf/FrugalBuild index 71736c1..d4b2dfa 100644 --- a/source/xapps-extra/mupdf/FrugalBuild +++ b/source/xapps-extra/mupdf/FrugalBuild @@ -3,7 +3,7 @@ pkgname=mupdf pkgver=1.1 -pkgrel=1 +pkgrel=2arcturus1 pkgdesc="A lightweight PDF and XPS viewer" _F_desktop_name="MuPDF" _F_desktop_desc="PDF file viewer" @@ -16,6 +16,11 @@ _F_googlecode_ext="-source.tar.gz" Finclude googlecode sha1sums=('e2c2cd555d790ed97bd6507accf29817945dfe81') +# FSA fix *** +source=(${source[@]} CVE-2014-2013.patch) +sha1sums=(${sha1sums[@]} '83de3fbd8ab247d01c109e0a0be5d4046ece3693') +# *********** + build() { Fcd $pkgname-$pkgver-source _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
