diff options
Diffstat (limited to 'app-text/mupdf')
-rw-r--r-- | app-text/mupdf/Manifest | 2 | ||||
-rw-r--r-- | app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch | 51 | ||||
-rw-r--r-- | app-text/mupdf/mupdf-1.18.0-r3.ebuild | 145 |
3 files changed, 198 insertions, 0 deletions
diff --git a/app-text/mupdf/Manifest b/app-text/mupdf/Manifest index 86862d3985d2..c5205bc77cdd 100644 --- a/app-text/mupdf/Manifest +++ b/app-text/mupdf/Manifest @@ -2,9 +2,11 @@ AUX mupdf-1.10a-add-desktop-pc-xpm-files.patch 13387 BLAKE2B e0100380b328cfd8ce6 AUX mupdf-1.15-CFLAGS.patch 376 BLAKE2B ace255a4110df9200d627ac68f5950218eeaa993bbd37fa7fe2d676572cad02d50a632750e6a9bdf6269cd97501f709d075a79d7db8b9832909b59b33251b594 SHA512 c00cd5cb30d33a9cbc55557cab3c4e2be1ae86121c5b1b28b6e35f97f93751aa2e96e106f13b7f365a56ebcce8e1c5e4163a440e8c85a48130803f5a7aec63ed AUX mupdf-1.15-openssl-x11.patch 735 BLAKE2B 03e53970a145db913bad9c03de899ffeb7eed3abfad4d3db15819d5e101ba03e376fc0faea9c4939b7167b276fffe022975bae2e99238d5b4bee92edfb924fd5 SHA512 028930d5e6c86a9052de6e1e0f3e937d89a3f22e10b7fb71f1dba998c480c9914520e4248c21d68291c6fd7684c627b5068c1bb2e027ff6a518d1ca5533eb677 AUX mupdf-1.18-Makefile.patch 1246 BLAKE2B e0054c441b067ef4aec069cb0fd4342f16919af51ac53096f20a2dbc87a81e2bece8478441df493d6825eedca53f4c9634cfe8724980da119d0ac20035a4d423 SHA512 def7524e0468ca15220b2d9c718ef61da4ce007c43f591ae3ad80afe55f86549985b1c5ec3d3d266045a0a6ca399580f8f4e001893d4feaabb7785a8a4df278e +AUX mupdf-1.18.0-CVE-2021-3407.patch 1597 BLAKE2B acd956c6b2c50f1699af32c264c38bc2bd7c6d07de2b3d52b28aa44d63766f6a3f5d95400b0d364c4baf3949022bba6e7be33ae7c33831308c2e006fe8d061f6 SHA512 c63da7cd1c245e7b10a6823998a42398981c16ec87d059779d14d44f2c5d87adcd58b0d7b758e6aa22c04f7cc68f3989b882456122ca1cc9d6cd0a5ae79ca21e AUX mupdf-1.18.0-cross-fixes.patch 5830 BLAKE2B e91e41b4889f2716d20b112b18924799db5d21274feb3699f2bca04fd3d93528d86e2ef05ccf25d1a0800e81a333d0703f837d45fef926746aeec1ece60c6ced SHA512 0e7a91474c3f31a5d5f7ddc461d74f1bc0cc8de7eb7bedbaa0f6335a6038327f5c7261d16baade5dba567b3d1ad49adf7a65ea40b226fca5f1eb58cc7bc0b07a AUX mupdf-1.18.0-fix-oob-in-pdf-layer.c 3462 BLAKE2B 861f5d6d0f81aed837d19ed19ba54158856bed5cab3ce8202bad11bb509b017e554ea37d9ebd05213386251b26bce10f83311c3de99fe663bf2995adc1231a9e SHA512 91620d0d429d2f4068e1834ec9466d9e9f9bfb363fba33247636e38651196580a89bd36785e42b31328070c42bd2210585ddabea8a0a970d72e7066e61804d6c AUX mupdf-1.18.0-fix-oob-in-pixmap.c 1123 BLAKE2B d49194b540b489ad9d3a4b5057bbe6ac3a1414d0123b7c2d4710adad1ed7fd439f8e83162d07a86aee6bd778c35ea6798da166461ac6e358af6910cc6b492624 SHA512 1d836c1a3f37c21ed349da799d5cb0c57d3fc275a632a42343cda81aae76394273c06230fc9c22a6d5366498b51a057d5a11797376a4b2af96b937618ba31e11 DIST mupdf-1.18.0-source.tar.xz 53621544 BLAKE2B d0057f4240bd4f6b4b6d9381ae1c3871c56b97604d5c6ea6438a8bde72d4696c10a9f0e8e2ed8f43d63a04bb1d973bade8a708327c00b0d0c6802b28af697a55 SHA512 7551f18b9bac6e2dc1cf073741cbc975ce3a16dc7e37c9d5a58254c67bf2c07bb36185d6585e435d4126f3ae351f67d7432d19a986c9b47b15105ca43db0edb8 EBUILD mupdf-1.18.0-r2.ebuild 4163 BLAKE2B b22323a9ff00fce48d8f79816d55e18a89ae1f045a9278c26015ee2d045221b50baffae9090a13060f4d19e7756b03e093362190c9c34fe1e04f20bd80996b24 SHA512 3fc010afec1b390d7205d64ee2e9a6592dee800fcf12980e94558dff3f707d688c7a0ab55c42c5453e856ab928bb04d0b55127387526afdad978b68c224b6f9e +EBUILD mupdf-1.18.0-r3.ebuild 4203 BLAKE2B ef284a8c1fc030e1bf14eada0a7cad0ff329a3192b3fabb901cba04549fc0e5cd9bd3b45c0b72c5c11f3d4cfc36be40814af7d11117abd5496de7257c25e4da0 SHA512 2c4138f9a512341b3f9de4122b92e239d8149f017617007cd50eafa807665ad3e0bd9da0d92c36fdc651725a4ca418fa8852a6c54bec56e124a72b6a181e88a3 MISC metadata.xml 345 BLAKE2B 6adf08490e4a701eeb6ab07c2e5619cff42ff02bf75ec38fd94f215f000972f0b3d88c8b0fab827728dd12d7906dd580b7650f11da1d77964eb5fddd773ee4a9 SHA512 32902c1fac57a44927a53dbb52fb22cb04317bcdf3dd2ae8e9863bef557178e33565bb122e128908c61ade9a5e2d1f067c530ff05e7ed0242eccf193e6fa2026 diff --git a/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch new file mode 100644 index 000000000000..566ee562389c --- /dev/null +++ b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch @@ -0,0 +1,51 @@ +https://bugs.gentoo.org/772311 + +From cee7cefc610d42fd383b3c80c12cbc675443176a Mon Sep 17 00:00:00 2001 +From: Robin Watts <Robin.Watts@artifex.com> +Date: Fri, 22 Jan 2021 17:05:15 +0000 +Subject: [PATCH 1/1] Bug 703366: Fix double free of object during + linearization. + +This appears to happen because we parse an illegal object from +a broken file and assign it to object 0, which is defined to +be free. + +Here, we fix the parsing code so this can't happen. +--- + source/pdf/pdf-parse.c | 6 ++++++ + source/pdf/pdf-xref.c | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c +index 7abc8c3d4..5761c3351 100644 +--- a/source/pdf/pdf-parse.c ++++ b/source/pdf/pdf-parse.c +@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc, + fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num); + } + gen = buf->i; ++ if (gen < 0 || gen >= 65536) ++ { ++ if (try_repair) ++ *try_repair = 1; ++ fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen); ++ } + + tok = pdf_lex(ctx, file, buf); + if (tok != PDF_TOK_OBJ) +diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c +index 1b2bdcd59..30197b4b8 100644 +--- a/source/pdf/pdf-xref.c ++++ b/source/pdf/pdf-xref.c +@@ -1190,6 +1190,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) + { + ofs = fz_tell(ctx, doc->file); + trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL); ++ if (num == 0) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n"); + } + fz_catch(ctx) + { +-- +2.17.1 + diff --git a/app-text/mupdf/mupdf-1.18.0-r3.ebuild b/app-text/mupdf/mupdf-1.18.0-r3.ebuild new file mode 100644 index 000000000000..72d2fde1d19e --- /dev/null +++ b/app-text/mupdf/mupdf-1.18.0-r3.ebuild @@ -0,0 +1,145 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit desktop flag-o-matic toolchain-funcs xdg + +DESCRIPTION="A lightweight PDF viewer and toolkit written in portable C" +HOMEPAGE="https://mupdf.com/ https://git.ghostscript.com/?p=mupdf.git" +SRC_URI="https://mupdf.com/downloads/archive/${P}-source.tar.xz" +S="${WORKDIR}/${P}-source" + +LICENSE="AGPL-3" +SLOT="0/${PV}" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~s390 x86" +IUSE="X +javascript libressl opengl ssl" +REQUIRED_USE="opengl? ( javascript )" + +# Although we use the bundled, patched version of freeglut in mupdf (because of +# bug #653298), the best way to ensure that its dependencies are present is to +# install system's freeglut. +BDEPEND="virtual/pkgconfig" +RDEPEND=" + dev-libs/gumbo + media-libs/freetype:2= + media-libs/harfbuzz:=[truetype] + media-libs/jbig2dec:= + media-libs/libpng:0= + >=media-libs/openjpeg-2.1:2= + virtual/jpeg + javascript? ( >=dev-lang/mujs-1.0.7:= ) + opengl? ( >=media-libs/freeglut-3.0.0 ) + ssl? ( + libressl? ( >=dev-libs/libressl-3.1.4:0= ) + !libressl? ( >=dev-libs/openssl-1.1:0= ) + ) + X? ( + x11-libs/libX11 + x11-libs/libXext + )" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-1.15-CFLAGS.patch + "${FILESDIR}"/${PN}-1.18-Makefile.patch + "${FILESDIR}"/${PN}-1.10a-add-desktop-pc-xpm-files.patch + # See bugs #662352 + "${FILESDIR}"/${PN}-1.15-openssl-x11.patch + # General cross fixes from Debian (refreshed) + "${FILESDIR}"/${PN}-1.18.0-cross-fixes.patch + # Additional security patches post-1.18.0 + "${FILESDIR}"/${P}-fix-oob-in-pdf-layer.c + "${FILESDIR}"/${P}-fix-oob-in-pixmap.c + "${FILESDIR}"/${P}-CVE-2021-3407.patch +) + +src_prepare() { + xdg_src_prepare + + use hppa && append-cflags -ffunction-sections + + append-cflags "-DFZ_ENABLE_JS=$(usex javascript 1 0)" + + sed -e "1iOS = Linux" \ + -e "1iCC = $(tc-getCC)" \ + -e "1iCXX = $(tc-getCXX)" \ + -e "1iLD = $(tc-getLD)" \ + -e "1iAR = $(tc-getAR)" \ + -e "1iverbose = yes" \ + -e "1ibuild = debug" \ + -e "1iprefix = ${ED}/usr" \ + -e "1ilibdir = ${ED}/usr/$(get_libdir)" \ + -e "1idocdir = ${ED}/usr/share/doc/${PF}" \ + -i Makerules || die +} + +_emake() { + # When HAVE_OBJCOPY is yes, we end up with a lot of QA warnings. + # Bundled libs + # * General + # Note that USE_SYSTEM_LIBS=yes is a metaoption which will set to upstream's + # recommendations. It does not mean "always use system libs". + # See [0] below for what it means in a specific version. + # + # * freeglut + # We don't use system's freeglut because upstream has a special modified + # version of it that gives mupdf clipboard support. See bug #653298 + # + # * mujs + # As of v1.15.0, mupdf started using symbols in mujs that were not part + # of any release. We then went back to using the bundled version of it. + # But v1.17.0 looks ok, so we'll go unbundled again. Be aware of this risk + # when bumping and check! + # See bug #685244 + # + # * lmms2 + # mupdf uses a bundled version of lcms2 [0] because Artifex have forked it [1]. + # It is therefore not appropriate for us to unbundle it at this time. + # + # [0] https://git.ghostscript.com/?p=mupdf.git;a=blob;f=Makethird;h=c4c540fa4a075df0db85e6fdaab809099881f35a;hb=HEAD#l9 + # [1] https://www.ghostscript.com/doc/lcms2mt/doc/WhyThisFork.txt + emake \ + GENTOO_PV=${PV} \ + HAVE_GLUT=$(usex opengl) \ + HAVE_LIBCRYPTO=$(usex ssl) \ + HAVE_X11=$(usex X) \ + USE_SYSTEM_LIBS=yes \ + USE_SYSTEM_MUJS=$(usex javascript) \ + USE_SYSTEM_GLUT=no \ + HAVE_OBJCOPY=no \ + "$@" +} + +src_compile() { + _emake XCFLAGS="-fpic" +} + +src_install() { + if use X || use opengl ; then + domenu platform/debian/${PN}.desktop + doicon platform/debian/${PN}.xpm + else + rm docs/man/${PN}.1 || die + fi + + _emake install + + dosym libmupdf.so.${PV} /usr/$(get_libdir)/lib${PN}.so + + if use opengl ; then + einfo "mupdf symlink points to mupdf-gl (bug 616654)" + dosym ${PN}-gl /usr/bin/${PN} + elif use X ; then + einfo "mupdf symlink points to mupdf-x11 (bug 616654)" + dosym ${PN}-x11 /usr/bin/${PN} + fi + + # Respect libdir (bug #734898) + sed -i -e "s:/lib:/$(get_libdir):" platform/debian/${PN}.pc || die + + insinto /usr/$(get_libdir)/pkgconfig + doins platform/debian/${PN}.pc + + dodoc README CHANGES CONTRIBUTORS +} |