From 6f8610d53861f805bf4c4b6e1366935ad660b141 Mon Sep 17 00:00:00 2001 From: Sam James Date: Wed, 24 Feb 2021 16:09:26 +0000 Subject: app-text/mupdf: patch CVE-2021-3407 Bug: https://bugs.gentoo.org/772311 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James --- .../mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch | 51 ++++++++ app-text/mupdf/mupdf-1.18.0-r3.ebuild | 145 +++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch create mode 100644 app-text/mupdf/mupdf-1.18.0-r3.ebuild (limited to 'app-text/mupdf') diff --git a/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch new file mode 100644 index 000000000000..566ee562389c --- /dev/null +++ b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch @@ -0,0 +1,51 @@ +https://bugs.gentoo.org/772311 + +From cee7cefc610d42fd383b3c80c12cbc675443176a Mon Sep 17 00:00:00 2001 +From: Robin Watts +Date: Fri, 22 Jan 2021 17:05:15 +0000 +Subject: [PATCH 1/1] Bug 703366: Fix double free of object during + linearization. + +This appears to happen because we parse an illegal object from +a broken file and assign it to object 0, which is defined to +be free. + +Here, we fix the parsing code so this can't happen. +--- + source/pdf/pdf-parse.c | 6 ++++++ + source/pdf/pdf-xref.c | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c +index 7abc8c3d4..5761c3351 100644 +--- a/source/pdf/pdf-parse.c ++++ b/source/pdf/pdf-parse.c +@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc, + fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num); + } + gen = buf->i; ++ if (gen < 0 || gen >= 65536) ++ { ++ if (try_repair) ++ *try_repair = 1; ++ fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen); ++ } + + tok = pdf_lex(ctx, file, buf); + if (tok != PDF_TOK_OBJ) +diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c +index 1b2bdcd59..30197b4b8 100644 +--- a/source/pdf/pdf-xref.c ++++ b/source/pdf/pdf-xref.c +@@ -1190,6 +1190,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) + { + ofs = fz_tell(ctx, doc->file); + trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL); ++ if (num == 0) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n"); + } + fz_catch(ctx) + { +-- +2.17.1 + diff --git a/app-text/mupdf/mupdf-1.18.0-r3.ebuild b/app-text/mupdf/mupdf-1.18.0-r3.ebuild new file mode 100644 index 000000000000..4e67ceb7f20a --- /dev/null +++ b/app-text/mupdf/mupdf-1.18.0-r3.ebuild @@ -0,0 +1,145 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit desktop flag-o-matic toolchain-funcs xdg + +DESCRIPTION="A lightweight PDF viewer and toolkit written in portable C" +HOMEPAGE="https://mupdf.com/ https://git.ghostscript.com/?p=mupdf.git" +SRC_URI="https://mupdf.com/downloads/archive/${P}-source.tar.xz" +S="${WORKDIR}/${P}-source" + +LICENSE="AGPL-3" +SLOT="0/${PV}" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~x86" +IUSE="X +javascript libressl opengl ssl" +REQUIRED_USE="opengl? ( javascript )" + +# Although we use the bundled, patched version of freeglut in mupdf (because of +# bug #653298), the best way to ensure that its dependencies are present is to +# install system's freeglut. +BDEPEND="virtual/pkgconfig" +RDEPEND=" + dev-libs/gumbo + media-libs/freetype:2= + media-libs/harfbuzz:=[truetype] + media-libs/jbig2dec:= + media-libs/libpng:0= + >=media-libs/openjpeg-2.1:2= + virtual/jpeg + javascript? ( >=dev-lang/mujs-1.0.7:= ) + opengl? ( >=media-libs/freeglut-3.0.0 ) + ssl? ( + libressl? ( >=dev-libs/libressl-3.1.4:0= ) + !libressl? ( >=dev-libs/openssl-1.1:0= ) + ) + X? ( + x11-libs/libX11 + x11-libs/libXext + )" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-1.15-CFLAGS.patch + "${FILESDIR}"/${PN}-1.18-Makefile.patch + "${FILESDIR}"/${PN}-1.10a-add-desktop-pc-xpm-files.patch + # See bugs #662352 + "${FILESDIR}"/${PN}-1.15-openssl-x11.patch + # General cross fixes from Debian (refreshed) + "${FILESDIR}"/${PN}-1.18.0-cross-fixes.patch + # Additional security patches post-1.18.0 + "${FILESDIR}"/${P}-fix-oob-in-pdf-layer.c + "${FILESDIR}"/${P}-fix-oob-in-pixmap.c + "${FILESDIR}"/${P}-CVE-2021-3407.patch +) + +src_prepare() { + xdg_src_prepare + + use hppa && append-cflags -ffunction-sections + + append-cflags "-DFZ_ENABLE_JS=$(usex javascript 1 0)" + + sed -e "1iOS = Linux" \ + -e "1iCC = $(tc-getCC)" \ + -e "1iCXX = $(tc-getCXX)" \ + -e "1iLD = $(tc-getLD)" \ + -e "1iAR = $(tc-getAR)" \ + -e "1iverbose = yes" \ + -e "1ibuild = debug" \ + -e "1iprefix = ${ED}/usr" \ + -e "1ilibdir = ${ED}/usr/$(get_libdir)" \ + -e "1idocdir = ${ED}/usr/share/doc/${PF}" \ + -i Makerules || die +} + +_emake() { + # When HAVE_OBJCOPY is yes, we end up with a lot of QA warnings. + # Bundled libs + # * General + # Note that USE_SYSTEM_LIBS=yes is a metaoption which will set to upstream's + # recommendations. It does not mean "always use system libs". + # See [0] below for what it means in a specific version. + # + # * freeglut + # We don't use system's freeglut because upstream has a special modified + # version of it that gives mupdf clipboard support. See bug #653298 + # + # * mujs + # As of v1.15.0, mupdf started using symbols in mujs that were not part + # of any release. We then went back to using the bundled version of it. + # But v1.17.0 looks ok, so we'll go unbundled again. Be aware of this risk + # when bumping and check! + # See bug #685244 + # + # * lmms2 + # mupdf uses a bundled version of lcms2 [0] because Artifex have forked it [1]. + # It is therefore not appropriate for us to unbundle it at this time. + # + # [0] https://git.ghostscript.com/?p=mupdf.git;a=blob;f=Makethird;h=c4c540fa4a075df0db85e6fdaab809099881f35a;hb=HEAD#l9 + # [1] https://www.ghostscript.com/doc/lcms2mt/doc/WhyThisFork.txt + emake \ + GENTOO_PV=${PV} \ + HAVE_GLUT=$(usex opengl) \ + HAVE_LIBCRYPTO=$(usex ssl) \ + HAVE_X11=$(usex X) \ + USE_SYSTEM_LIBS=yes \ + USE_SYSTEM_MUJS=$(usex javascript) \ + USE_SYSTEM_GLUT=no \ + HAVE_OBJCOPY=no \ + "$@" +} + +src_compile() { + _emake XCFLAGS="-fpic" +} + +src_install() { + if use X || use opengl ; then + domenu platform/debian/${PN}.desktop + doicon platform/debian/${PN}.xpm + else + rm docs/man/${PN}.1 || die + fi + + _emake install + + dosym libmupdf.so.${PV} /usr/$(get_libdir)/lib${PN}.so + + if use opengl ; then + einfo "mupdf symlink points to mupdf-gl (bug 616654)" + dosym ${PN}-gl /usr/bin/${PN} + elif use X ; then + einfo "mupdf symlink points to mupdf-x11 (bug 616654)" + dosym ${PN}-x11 /usr/bin/${PN} + fi + + # Respect libdir (bug #734898) + sed -i -e "s:/lib:/$(get_libdir):" platform/debian/${PN}.pc || die + + insinto /usr/$(get_libdir)/pkgconfig + doins platform/debian/${PN}.pc + + dodoc README CHANGES CONTRIBUTORS +} -- cgit v1.2.3-65-gdbad