diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2016-12-03 21:39:55 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2016-12-04 17:41:54 +0100 |
| commit | 76bbce6af2baed0c2fa7dddd43ecc2ffe6482c41 (patch) | |
| tree | 2ecb09d811b48dc2243f223f88e2f9b177299964 /gnu/packages/patches/mupdf-CVE-2016-6265.patch | |
| parent | a351fc83694f436c3bff7cbdef09bd3cc91c74fc (diff) | |
gnu: mupdf: Update to 1.10a.
* gnu/packages/patches/mupdf-CVE-2016-6265.patch: Delete file.
* gnu/packages/patches/mupdf-CVE-2016-6525.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-7504.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-7505.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-7506.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-7563.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-7564.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-8674.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-9017.patch: Likewise.
* gnu/packages/patches/mupdf-CVE-2016-9136.patch: Likewise.
* gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Adjust to 1.10a.
* gnu/local.mk (dist_patch_DATA): Remove deleted patches.
* gnu/packages/pdf.scm (mupdf): Update to 1.10a.
[source]: Remove patches.
Diffstat (limited to 'gnu/packages/patches/mupdf-CVE-2016-6265.patch')
| -rw-r--r-- | gnu/packages/patches/mupdf-CVE-2016-6265.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2016-6265.patch b/gnu/packages/patches/mupdf-CVE-2016-6265.patch deleted file mode 100644 index 58f5c3726c..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6265.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6265 (use after free in pdf_load_xref()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265 -https://security-tracker.debian.org/tracker/CVE-2016-6265 - -Patch copied from upstream source repository: - -http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 576c315..3222599 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); - } - if (entry->type == 'o') -- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') -- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); -+ { -+ /* Read this into a local variable here, because pdf_get_xref_entry -+ * may solidify the xref, hence invalidating "entry", meaning we -+ * need a stashed value for the throw. */ -+ fz_off_t ofs = entry->ofs; -+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); -+ } - } - } - |