Accepting request 456000 from Publishing

- Add bsc1023760.patch to fix writing svg output to stdout if no output specified bsc#1023760 - Add CVE-2017-5896.patch to fix a heap overflow CVE-2017-5896 bsc#1023761 bsc#1024679 OBS-URL: https://build.opensuse.org/request/show/456000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mupdf?expand=0&rev=25
2017-02-15 09:00:07 +00:00 · 2017-02-15 09:00:07 +00:00 · 1d5cbfbc36
commit 1d5cbfbc36
parent 014dbb9c99 a462c990d8
4 changed files with 69 additions and 0 deletions
--- a/CVE-2017-5896.patch
+++ b/CVE-2017-5896.patch
@ -0,0 +1,40 @@
+X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=source%2Ffitz%2Fpixmap.c;h=f1291dc29d49ead44c10785fd014a0d995e45a91;hp=a8317127da7af6d39eb86fe3ca02cb4106a9b262;hb=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27;hpb=90fa6203ad032fe161d85a3e580941ce3d1216f0
+
+diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c
+index a831712..f1291dc 100644
+--- a/source/fitz/pixmap.c
+++ b/source/fitz/pixmap.c
+@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
+ 	"@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
+ 	"ldr	r4, [r13,#4*22]		@ r4 = divXY			\n"
+ 	"ldr	r5, [r13,#4*11]		@ for (nn = n; nn > 0; n--) {	\n"
+	"ldr	r8, [r13,#4*17]		@ r8 = back4			\n"
+ 	"18:				@				\n"
+ 	"mov	r14,#0			@ r14= v = 0			\n"
+ 	"sub	r5, r5, r1, LSL #8	@ for (xx = x; xx > 0; x--) {	\n"
+@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
+ 	"mul	r14,r4, r14		@ r14= v *= divX		\n"
+ 	"mov	r14,r14,LSR #16		@ r14= v >>= 16			\n"
+ 	"strb	r14,[r9], #1		@ *d++ = r14			\n"
+-	"sub	r0, r0, r8		@ s -= back2			\n"
+	"sub	r0, r0, r8		@ s -= back4			\n"
+ 	"subs	r5, r5, #1		@ n--				\n"
+ 	"bgt	18b			@ }				\n"
+ 	"21:				@				\n"
+@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
+ 		x += f;
+ 		if (x > 0)
+ 		{
+			int back4 = x * n - 1;
+ 			div = x * y;
+ 			for (nn = n; nn > 0; nn--)
+ 			{
+@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
+ 					s -= back5;
+ 				}
+ 				*d++ = v / div;
+-				s -= back2;
+				s -= back4;
+ 			}
+ 		}
+ 	}
--- a/bsc1023760.patch
+++ b/bsc1023760.patch
@ -0,0 +1,13 @@
+Index: mupdf-1.10a-source/source/tools/mudraw.c
+===================================================================
+--- mupdf-1.10a-source.orig/source/tools/mudraw.c
+++ mupdf-1.10a-source/source/tools/mudraw.c
+@@ -720,7 +720,7 @@ static void dodrawpage(fz_context *ctx,
+ 		char buf[512];
+ 		fz_output *out;
+ 
+-		if (!strcmp(output, "-"))
+		if (!output || !strcmp(output, "-"))
+ 			out = fz_stdout(ctx);
+ 		else
+ 		{
--- a/mupdf.changes
+++ b/mupdf.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Feb 10 12:19:43 UTC 2017 - idonmez@suse.com
+
+- Add bsc1023760.patch to fix writing svg output to stdout if no
+  output specified bsc#1023760
+
+-------------------------------------------------------------------
+Fri Feb 10 10:56:31 UTC 2017 - idonmez@suse.com
+
+- Add CVE-2017-5896.patch to fix a heap overflow
+  CVE-2017-5896 bsc#1023761 bsc#1024679
+
 -------------------------------------------------------------------
 Mon Feb  6 12:51:00 UTC 2017 - idonmez@suse.com

--- a/mupdf.spec
+++ b/mupdf.spec
@ -33,6 +33,8 @@ Patch3:         CVE-2016-10133.patch
 Patch4:         CVE-2016-10141.patch
 Patch5:         CVE-2017-5627.patch
 Patch6:         CVE-2017-5628.patch
+Patch7:         CVE-2017-5896.patch
+Patch8:         bsc1023760.patch
 BuildRequires:  freetype-devel
 BuildRequires:  gcc-c++
 BuildRequires:  jbig2dec-devel
@ -69,6 +71,8 @@ based on mupdf.
 %prep
 %setup -q -n %{name}-%{version}-source
 %patch1 -p1
+%patch7 -p1
+%patch8 -p1

 pushd ./thirdparty/mujs
 %patch2 -p1