gentoo resync : 03.03.2021

3 files changed, 198 insertions, 0 deletions

diff --git a/app-text/mupdf/Manifest b/app-text/mupdf/Manifest
index 86862d3985d2..c5205bc77cdd 100644
--- a/app-text/mupdf/Manifest
+++ b/app-text/mupdf/Manifest
@@ -2,9 +2,11 @@ AUX mupdf-1.10a-add-desktop-pc-xpm-files.patch 13387 BLAKE2B e0100380b328cfd8ce6
 AUX mupdf-1.15-CFLAGS.patch 376 BLAKE2B ace255a4110df9200d627ac68f5950218eeaa993bbd37fa7fe2d676572cad02d50a632750e6a9bdf6269cd97501f709d075a79d7db8b9832909b59b33251b594 SHA512 c00cd5cb30d33a9cbc55557cab3c4e2be1ae86121c5b1b28b6e35f97f93751aa2e96e106f13b7f365a56ebcce8e1c5e4163a440e8c85a48130803f5a7aec63ed
 AUX mupdf-1.15-openssl-x11.patch 735 BLAKE2B 03e53970a145db913bad9c03de899ffeb7eed3abfad4d3db15819d5e101ba03e376fc0faea9c4939b7167b276fffe022975bae2e99238d5b4bee92edfb924fd5 SHA512 028930d5e6c86a9052de6e1e0f3e937d89a3f22e10b7fb71f1dba998c480c9914520e4248c21d68291c6fd7684c627b5068c1bb2e027ff6a518d1ca5533eb677
 AUX mupdf-1.18-Makefile.patch 1246 BLAKE2B e0054c441b067ef4aec069cb0fd4342f16919af51ac53096f20a2dbc87a81e2bece8478441df493d6825eedca53f4c9634cfe8724980da119d0ac20035a4d423 SHA512 def7524e0468ca15220b2d9c718ef61da4ce007c43f591ae3ad80afe55f86549985b1c5ec3d3d266045a0a6ca399580f8f4e001893d4feaabb7785a8a4df278e
+AUX mupdf-1.18.0-CVE-2021-3407.patch 1597 BLAKE2B acd956c6b2c50f1699af32c264c38bc2bd7c6d07de2b3d52b28aa44d63766f6a3f5d95400b0d364c4baf3949022bba6e7be33ae7c33831308c2e006fe8d061f6 SHA512 c63da7cd1c245e7b10a6823998a42398981c16ec87d059779d14d44f2c5d87adcd58b0d7b758e6aa22c04f7cc68f3989b882456122ca1cc9d6cd0a5ae79ca21e
 AUX mupdf-1.18.0-cross-fixes.patch 5830 BLAKE2B e91e41b4889f2716d20b112b18924799db5d21274feb3699f2bca04fd3d93528d86e2ef05ccf25d1a0800e81a333d0703f837d45fef926746aeec1ece60c6ced SHA512 0e7a91474c3f31a5d5f7ddc461d74f1bc0cc8de7eb7bedbaa0f6335a6038327f5c7261d16baade5dba567b3d1ad49adf7a65ea40b226fca5f1eb58cc7bc0b07a
 AUX mupdf-1.18.0-fix-oob-in-pdf-layer.c 3462 BLAKE2B 861f5d6d0f81aed837d19ed19ba54158856bed5cab3ce8202bad11bb509b017e554ea37d9ebd05213386251b26bce10f83311c3de99fe663bf2995adc1231a9e SHA512 91620d0d429d2f4068e1834ec9466d9e9f9bfb363fba33247636e38651196580a89bd36785e42b31328070c42bd2210585ddabea8a0a970d72e7066e61804d6c
 AUX mupdf-1.18.0-fix-oob-in-pixmap.c 1123 BLAKE2B d49194b540b489ad9d3a4b5057bbe6ac3a1414d0123b7c2d4710adad1ed7fd439f8e83162d07a86aee6bd778c35ea6798da166461ac6e358af6910cc6b492624 SHA512 1d836c1a3f37c21ed349da799d5cb0c57d3fc275a632a42343cda81aae76394273c06230fc9c22a6d5366498b51a057d5a11797376a4b2af96b937618ba31e11
 DIST mupdf-1.18.0-source.tar.xz 53621544 BLAKE2B d0057f4240bd4f6b4b6d9381ae1c3871c56b97604d5c6ea6438a8bde72d4696c10a9f0e8e2ed8f43d63a04bb1d973bade8a708327c00b0d0c6802b28af697a55 SHA512 7551f18b9bac6e2dc1cf073741cbc975ce3a16dc7e37c9d5a58254c67bf2c07bb36185d6585e435d4126f3ae351f67d7432d19a986c9b47b15105ca43db0edb8
 EBUILD mupdf-1.18.0-r2.ebuild 4163 BLAKE2B b22323a9ff00fce48d8f79816d55e18a89ae1f045a9278c26015ee2d045221b50baffae9090a13060f4d19e7756b03e093362190c9c34fe1e04f20bd80996b24 SHA512 3fc010afec1b390d7205d64ee2e9a6592dee800fcf12980e94558dff3f707d688c7a0ab55c42c5453e856ab928bb04d0b55127387526afdad978b68c224b6f9e
+EBUILD mupdf-1.18.0-r3.ebuild 4203 BLAKE2B ef284a8c1fc030e1bf14eada0a7cad0ff329a3192b3fabb901cba04549fc0e5cd9bd3b45c0b72c5c11f3d4cfc36be40814af7d11117abd5496de7257c25e4da0 SHA512 2c4138f9a512341b3f9de4122b92e239d8149f017617007cd50eafa807665ad3e0bd9da0d92c36fdc651725a4ca418fa8852a6c54bec56e124a72b6a181e88a3
 MISC metadata.xml 345 BLAKE2B 6adf08490e4a701eeb6ab07c2e5619cff42ff02bf75ec38fd94f215f000972f0b3d88c8b0fab827728dd12d7906dd580b7650f11da1d77964eb5fddd773ee4a9 SHA512 32902c1fac57a44927a53dbb52fb22cb04317bcdf3dd2ae8e9863bef557178e33565bb122e128908c61ade9a5e2d1f067c530ff05e7ed0242eccf193e6fa2026
diff --git a/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch
new file mode 100644
index 000000000000..566ee562389c
--- /dev/null
+++ b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch
@@ -0,0 +1,51 @@
+https://bugs.gentoo.org/772311
+
+From cee7cefc610d42fd383b3c80c12cbc675443176a Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Fri, 22 Jan 2021 17:05:15 +0000
+Subject: [PATCH 1/1] Bug 703366: Fix double free of object during
+ linearization.
+
+This appears to happen because we parse an illegal object from
+a broken file and assign it to object 0, which is defined to
+be free.
+
+Here, we fix the parsing code so this can't happen.
+---
+ source/pdf/pdf-parse.c | 6 ++++++
+ source/pdf/pdf-xref.c  | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c
+index 7abc8c3d4..5761c3351 100644
+--- a/source/pdf/pdf-parse.c
++++ b/source/pdf/pdf-parse.c
+@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc,
+ 		fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num);
+ 	}
+ 	gen = buf->i;
++	if (gen < 0 || gen >= 65536)
++	{
++		if (try_repair)
++			*try_repair = 1;
++		fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen);
++	}
+ 
+ 	tok = pdf_lex(ctx, file, buf);
+ 	if (tok != PDF_TOK_OBJ)
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 1b2bdcd59..30197b4b8 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -1190,6 +1190,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
+ 	{
+ 		ofs = fz_tell(ctx, doc->file);
+ 		trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL);
++		if (num == 0)
++			fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n");
+ 	}
+ 	fz_catch(ctx)
+ 	{
+-- 
+2.17.1
+
diff --git a/app-text/mupdf/mupdf-1.18.0-r3.ebuild b/app-text/mupdf/mupdf-1.18.0-r3.ebuild
new file mode 100644
index 000000000000..72d2fde1d19e
--- /dev/null
+++ b/app-text/mupdf/mupdf-1.18.0-r3.ebuild
@@ -0,0 +1,145 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit desktop flag-o-matic toolchain-funcs xdg
+
+DESCRIPTION="A lightweight PDF viewer and toolkit written in portable C"
+HOMEPAGE="https://mupdf.com/ https://git.ghostscript.com/?p=mupdf.git"
+SRC_URI="https://mupdf.com/downloads/archive/${P}-source.tar.xz"
+S="${WORKDIR}/${P}-source"
+
+LICENSE="AGPL-3"
+SLOT="0/${PV}"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~s390 x86"
+IUSE="X +javascript libressl opengl ssl"
+REQUIRED_USE="opengl? ( javascript )"
+
+# Although we use the bundled, patched version of freeglut in mupdf (because of
+# bug #653298), the best way to ensure that its dependencies are present is to
+# install system's freeglut.
+BDEPEND="virtual/pkgconfig"
+RDEPEND="
+	dev-libs/gumbo
+	media-libs/freetype:2=
+	media-libs/harfbuzz:=[truetype]
+	media-libs/jbig2dec:=
+	media-libs/libpng:0=
+	>=media-libs/openjpeg-2.1:2=
+	virtual/jpeg
+	javascript? ( >=dev-lang/mujs-1.0.7:= )
+	opengl? ( >=media-libs/freeglut-3.0.0 )
+	ssl? (
+		libressl? ( >=dev-libs/libressl-3.1.4:0= )
+		!libressl? ( >=dev-libs/openssl-1.1:0= )
+	)
+	X? (
+		x11-libs/libX11
+		x11-libs/libXext
+	)"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.15-CFLAGS.patch
+	"${FILESDIR}"/${PN}-1.18-Makefile.patch
+	"${FILESDIR}"/${PN}-1.10a-add-desktop-pc-xpm-files.patch
+	# See bugs #662352
+	"${FILESDIR}"/${PN}-1.15-openssl-x11.patch
+	# General cross fixes from Debian (refreshed)
+	"${FILESDIR}"/${PN}-1.18.0-cross-fixes.patch
+	# Additional security patches post-1.18.0
+	"${FILESDIR}"/${P}-fix-oob-in-pdf-layer.c
+	"${FILESDIR}"/${P}-fix-oob-in-pixmap.c
+	"${FILESDIR}"/${P}-CVE-2021-3407.patch
+)
+
+src_prepare() {
+	xdg_src_prepare
+
+	use hppa && append-cflags -ffunction-sections
+
+	append-cflags "-DFZ_ENABLE_JS=$(usex javascript 1 0)"
+
+	sed -e "1iOS = Linux" \
+		-e "1iCC = $(tc-getCC)" \
+		-e "1iCXX = $(tc-getCXX)" \
+		-e "1iLD = $(tc-getLD)" \
+		-e "1iAR = $(tc-getAR)" \
+		-e "1iverbose = yes" \
+		-e "1ibuild = debug" \
+		-e "1iprefix = ${ED}/usr" \
+		-e "1ilibdir = ${ED}/usr/$(get_libdir)" \
+		-e "1idocdir = ${ED}/usr/share/doc/${PF}" \
+		-i Makerules || die
+}
+
+_emake() {
+	# When HAVE_OBJCOPY is yes, we end up with a lot of QA warnings.
+	# Bundled libs
+	# * General
+	# Note that USE_SYSTEM_LIBS=yes is a metaoption which will set to upstream's
+	# recommendations. It does not mean "always use system libs".
+	# See [0] below for what it means in a specific version.
+	#
+	# * freeglut
+	# We don't use system's freeglut because upstream has a special modified
+	# version of it that gives mupdf clipboard support. See bug #653298
+	#
+	# * mujs
+	# As of v1.15.0, mupdf started using symbols in mujs that were not part
+	# of any release. We then went back to using the bundled version of it.
+	# But v1.17.0 looks ok, so we'll go unbundled again. Be aware of this risk
+	# when bumping and check!
+	# See bug #685244
+	#
+	# * lmms2
+	# mupdf uses a bundled version of lcms2 [0] because Artifex have forked it [1].
+	# It is therefore not appropriate for us to unbundle it at this time.
+	#
+	# [0] https://git.ghostscript.com/?p=mupdf.git;a=blob;f=Makethird;h=c4c540fa4a075df0db85e6fdaab809099881f35a;hb=HEAD#l9
+	# [1] https://www.ghostscript.com/doc/lcms2mt/doc/WhyThisFork.txt
+	emake \
+		GENTOO_PV=${PV} \
+		HAVE_GLUT=$(usex opengl) \
+		HAVE_LIBCRYPTO=$(usex ssl) \
+		HAVE_X11=$(usex X) \
+		USE_SYSTEM_LIBS=yes \
+		USE_SYSTEM_MUJS=$(usex javascript) \
+		USE_SYSTEM_GLUT=no \
+		HAVE_OBJCOPY=no \
+		"$@"
+}
+
+src_compile() {
+	_emake XCFLAGS="-fpic"
+}
+
+src_install() {
+	if use X || use opengl ; then
+		domenu platform/debian/${PN}.desktop
+		doicon platform/debian/${PN}.xpm
+	else
+		rm docs/man/${PN}.1 || die
+	fi
+
+	_emake install
+
+	dosym libmupdf.so.${PV} /usr/$(get_libdir)/lib${PN}.so
+
+	if use opengl ; then
+		einfo "mupdf symlink points to mupdf-gl (bug 616654)"
+		dosym ${PN}-gl /usr/bin/${PN}
+	elif use X ; then
+		einfo "mupdf symlink points to mupdf-x11 (bug 616654)"
+		dosym ${PN}-x11 /usr/bin/${PN}
+	fi
+
+	# Respect libdir (bug #734898)
+	sed -i -e "s:/lib:/$(get_libdir):" platform/debian/${PN}.pc || die
+
+	insinto /usr/$(get_libdir)/pkgconfig
+	doins platform/debian/${PN}.pc
+
+	dodoc README CHANGES CONTRIBUTORS
+}