Accepting request 454978 from Publishing

- Add CVE-2017-5627.patch and CVE-2017-5628.patch fixes CVE-2017-5627 and CVE-2017-5628 bsc#1022503 bsc#1022504 OBS-URL: https://build.opensuse.org/request/show/454978 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mupdf?expand=0&rev=24
2017-02-10 08:46:17 +00:00 · 2017-02-10 08:46:17 +00:00 · 014dbb9c99
commit 014dbb9c99
parent 83e08f6010 42cfc2defc
4 changed files with 60 additions and 0 deletions
--- a/CVE-2017-5627.patch
+++ b/CVE-2017-5627.patch
@ -0,0 +1,15 @@
+X-Git-Url: http://git.ghostscript.com/?p=mujs.git;a=blobdiff_plain;f=jsrun.c;h=ca7d5ad46ba2414f075280ee94121a88f0bcfde6;hp=782a6f9caa62d510377397b0c63c1407e70f6c95;hb=4006739a28367c708dea19aeb19b8a1a9326ce08;hpb=8f62ea10a0af68e56d5c00720523ebcba13c2e6a
+
+diff --git a/jsrun.c b/jsrun.c
+index 782a6f9..ca7d5ad 100644
+--- a/jsrun.c
+++ b/jsrun.c
+@@ -544,7 +544,7 @@ static void jsR_setproperty(js_State *J, js_Object *obj, const char *name)
+ 		if (!strcmp(name, "length")) {
+ 			double rawlen = jsV_tonumber(J, value);
+ 			int newlen = jsV_numbertointeger(rawlen);
+-			if (newlen != rawlen)
+			if (newlen != rawlen || newlen < 0)
+ 				js_rangeerror(J, "array length");
+ 			jsV_resizearray(J, obj, newlen);
+ 			return;
--- a/CVE-2017-5628.patch
+++ b/CVE-2017-5628.patch
@ -0,0 +1,35 @@
+From 8f62ea10a0af68e56d5c00720523ebcba13c2e6a Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@gmail.com>
+Date: Tue, 24 Jan 2017 14:32:14 +0100
+Subject: [PATCH] Fix 697496: Check NAN before accessing array in MakeDay().
+
+---
+ jsdate.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/jsdate.c b/jsdate.c
+index 2b43edf..6efbb60 100644
+--- a/jsdate.c
+++ b/jsdate.c
+@@ -207,12 +207,17 @@ static double MakeDay(double y, double m, double date)
+ 	};
+ 
+ 	double yd, md;
+	int im;
+ 
+ 	y += floor(m / 12);
+ 	m = pmod(m, 12);
+ 
+	im = (int)m;
+	if (im < 0 || im >= 12)
+		return NAN;
+
+ 	yd = floor(TimeFromYear(y) / msPerDay);
+-	md = firstDayOfMonth[InLeapYear(y)][(int)m];
+	md = firstDayOfMonth[InLeapYear(y)][im];
+ 
+ 	return yd + md + date - 1;
+ }
+-- 
+2.9.1
+
--- a/mupdf.changes
+++ b/mupdf.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Feb  6 12:51:00 UTC 2017 - idonmez@suse.com
+
+- Add CVE-2017-5627.patch and CVE-2017-5628.patch fixes
+  CVE-2017-5627 and CVE-2017-5628 bsc#1022503 bsc#1022504
+
 -------------------------------------------------------------------
 Tue Jan 24 11:57:17 UTC 2017 - idonmez@suse.com

--- a/mupdf.spec
+++ b/mupdf.spec
@ -31,6 +31,8 @@ Patch1:         fix-openjpeg-flags.patch
 Patch2:         CVE-2016-10132.patch
 Patch3:         CVE-2016-10133.patch
 Patch4:         CVE-2016-10141.patch
+Patch5:         CVE-2017-5627.patch
+Patch6:         CVE-2017-5628.patch
 BuildRequires:  freetype-devel
 BuildRequires:  gcc-c++
 BuildRequires:  jbig2dec-devel
@ -72,6 +74,8 @@ pushd ./thirdparty/mujs
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 popd

 # do not use the inlined copies of build dpendencies except for mujs