Bug#877379: mupdf: diff for NMU version 1.11+ds1-1.1

[Salvatore Bonaccorso]

Hi

On Sat, Oct 14, 2017 at 11:52:44PM +0800, Kan-Ru Chen wrote:
> Thanks for preparing the NMU! I really appreciate that.
> 
> Please go ahead and upload it directly to sid. 

Thank you!

I rescheduled now (could only act on it now).

Regards,
Salvatore

Bug#877379: mupdf: diff for NMU version 1.11+ds1-1.1

[Kan-Ru Chen]

Thanks for preparing the NMU! I really appreciate that.

Please go ahead and upload it directly to sid. 

Kanru

On Sat, Oct 14, 2017, at 03:22 PM, Salvatore Bonaccorso wrote:
> Control: tags 877379 + patch
> Control: tags 877379 + pending
> 
> Dear maintainer,
> 
> I've prepared an NMU for mupdf (versioned as 1.11+ds1-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
> 
> Regards,
> Salvatore
> Email had 1 attachment:
> + mupdf-1.11+ds1-1.1-nmu.diff
>   10k (text/x-diff)

Bug#877379: mupdf: diff for NMU version 1.11+ds1-1.1

[Salvatore Bonaccorso]

Control: tags 877379 + patch
Control: tags 877379 + pending

Dear maintainer,

I've prepared an NMU for mupdf (versioned as 1.11+ds1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru mupdf-1.11+ds1/debian/changelog mupdf-1.11+ds1/debian/changelog
--- mupdf-1.11+ds1/debian/changelog	2017-09-24 08:56:00.0 +0200
+++ mupdf-1.11+ds1/debian/changelog	2017-10-08 10:37:23.0 +0200
@@ -1,3 +1,14 @@
+mupdf (1.11+ds1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't use xps font if it could not be loaded (CVE-2017-14685)
+(Closes: #877379)
+  * Check name, comment and meta size field signs (CVE-2017-14686)
+(Closes: #877379)
+  * Handle non-tags in tag name comparisons (CVE-2017-14687) (Closes: #877379)
+
+ -- Salvatore Bonaccorso   Sun, 08 Oct 2017 10:37:23 +0200
+
 mupdf (1.11+ds1-1) unstable; urgency=medium
 
   * New upstream version 1.11+ds1
diff -Nru mupdf-1.11+ds1/debian/patches/0003-Fix-698539-Don-t-use-xps-font-if-it-could-not-be-loa.patch mupdf-1.11+ds1/debian/patches/0003-Fix-698539-Don-t-use-xps-font-if-it-could-not-be-loa.patch
--- mupdf-1.11+ds1/debian/patches/0003-Fix-698539-Don-t-use-xps-font-if-it-could-not-be-loa.patch	1970-01-01 01:00:00.0 +0100
+++ mupdf-1.11+ds1/debian/patches/0003-Fix-698539-Don-t-use-xps-font-if-it-could-not-be-loa.patch	2017-10-08 10:37:23.0 +0200
@@ -0,0 +1,29 @@
+From: Tor Andersson 
+Date: Tue, 19 Sep 2017 15:23:04 +0200
+Subject: Fix 698539: Don't use xps font if it could not be loaded.
+Origin: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=ab1a420613dec93c686acbee2c165274e922f82a
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14685
+Bug-Debian: https://bugs.debian.org/877379
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=698539
+
+xps_load_links_in_glyphs did not cope with font loading failures.
+---
+ source/xps/xps-link.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
+index c07e0d76..c26a8d99 100644
+--- a/source/xps/xps-link.c
 b/source/xps/xps-link.c
+@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
+ 			bidi_level = atoi(bidi_level_att);
+ 
+ 		font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
++		if (!font)
++			return;
+ 		text = xps_parse_glyphs_imp(ctx, doc, _ctm, font, fz_atof(font_size_att),
+ fz_atof(origin_x_att), fz_atof(origin_y_att),
+ is_sideways, bidi_level, indices_att, unicode_att);
+-- 
+2.11.0
+
diff -Nru mupdf-1.11+ds1/debian/patches/0004-Fix-698540-Check-name-comment-and-meta-size-field-si.patch mupdf-1.11+ds1/debian/patches/0004-Fix-698540-Check-name-comment-and-meta-size-field-si.patch
--- mupdf-1.11+ds1/debian/patches/0004-Fix-698540-Check-name-comment-and-meta-size-field-si.patch	1970-01-01 01:00:00.0 +0100
+++ mupdf-1.11+ds1/debian/patches/0004-Fix-698540-Check-name-comment-and-meta-size-field-si.patch	2017-10-08 10:37:23.0 +0200
@@ -0,0 +1,29 @@
+From: Tor Andersson 
+Date: Tue, 19 Sep 2017 16:33:38 +0200
+Subject: Fix 698540: Check name, comment and meta size field signs.
+Origin: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14686
+Bug-Debian: https://bugs.debian.org/877379
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=698540
+
+---
+ source/fitz/unzip.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
+index f2d4f322..0bcce0fd 100644
+--- a/source/fitz/unzip.c
 b/source/fitz/unzip.c
+@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
+ 		(void) fz_read_int32_le(ctx, file); /* ext file atts */
+ 		offset = fz_read_int32_le(ctx, file);
+ 
++		if (namesize < 0 || metasize < 0 || commentsize < 0)
++			fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
++
+ 		name = fz_malloc(ctx, namesize + 1);
+ 		n = fz_read(ctx, file, (unsigned char*)name, namesize);
+ 		if (n < (size_t)namesize)
+-- 
+2.11.0
+
diff -Nru mupdf-1.11+ds1/debian/patches/0005-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch mupdf-1.11+ds1/debian/patches/0005-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch
--- mupdf-1.11+ds1/debian/patches/0005-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch	1970-01-01 01:00:00.0 +0100
+++ mupdf-1.11+ds1/debian/patches/0005-Fix-698558-Handle-non-tags-in-tag-name-comparisons.patch	2017-10-08 10:37:23.0 +0200
@@ -0,0 +1,125 @@
+From: Tor Andersson 
+Date: Tue, 19 Sep 2017 17:17:12 +0200
+Subject: Fix 698558: Handle non-tags in tag name comparisons.
+Origin: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28