X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com [209.85.220.172]) by lists.alpinelinux.org (Postfix) with ESMTP id BDC2D5C5403 for ; Mon, 1 May 2017 04:07:57 +0000 (GMT) Received: by mail-qk0-f172.google.com with SMTP id u75so87956823qka.3 for ; Sun, 30 Apr 2017 21:07:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=dPgxpZVq5hNG5f4w0iVQn23BJHFvmWdn1Y/k4IEfkbA=; b=o/U+pnq8qWGn4mj/3mAQlK8EwwNv8Zwhm/7nLn8v73Oac+qZtcCatNcrqYOENh0KC/ jXJMSarOqQjOIluGKOqFikIjVn8SOFZLne0pUWx0N8Bx5ziZ6/WVxeYdD3dvpqx5+jeX IfMfMPLtnfd6zEOjI1kjTs7MOzUN+MBhX/BrYKNaJ2O8nu+tLwinDcbLGfm4x4FUbmU8 a1/+RiccFo65LAFXU7G8tC6sqsFs0fAdHTjIS570DModeeusRKjAVrfHs9nX03ulH4gu mN/I0Wg2ixkFylKuD9tvjS04AoT1mRWT33hPGvedNewkF6CNs1DPnxdywrCyTQ8LJaV6 xPww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=dPgxpZVq5hNG5f4w0iVQn23BJHFvmWdn1Y/k4IEfkbA=; b=f8YMbY6fLxO+cMfQEdeX2HxRqxKV3LR4+8PkB+LUnJ7IOwYSB65EfPVnsZGv2m7cAW dd2a5MyW9aDtIz9dRZvpqVVYWDnEvLRppn6FbS3Haa782MhBTg61poV7J1cwSO187+b0 vXA6I5awCHrxJYwZKgPcDDitZECHIUZCwOxOxVBuQn+zNfEYy+rCQUwNuzoQQW1/REQD L07Ak3TIvFGvD3okgIKKceYvmeE5yUkxjFxW/oizjPCQKtnHzoxZNb6lKJUZ9HpWthwR toaGAOJ5WflzP7MICm5r5lwIkG9P+2jknlUGSgtikZQ5n3jKwwWrWdzibjldptHxTi5C hN6Q== X-Gm-Message-State: AN3rC/6E34eBnHuDipRpseXS3Te6oCum50Q44XX69dO/MGiJBAz5iqLT NQu/qwhiNQd1zYji X-Received: by 10.55.150.133 with SMTP id y127mr19189154qkd.230.1493611677154; Sun, 30 Apr 2017 21:07:57 -0700 (PDT) Received: from alp.lan (c-71-60-35-21.hsd1.pa.comcast.net. [71.60.35.21]) by smtp.googlemail.com with ESMTPSA id j1sm10006369qkf.57.2017.04.30.21.07.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 30 Apr 2017 21:07:56 -0700 (PDT) From: Daniel Sabogal To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] main/mupdf: security fix for CVE-2017-6060 Date: Mon, 1 May 2017 00:07:24 -0400 Message-Id: <20170501040725.15347-2-dsabogalcc@gmail.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170501040725.15347-1-dsabogalcc@gmail.com> References: <20170501040725.15347-1-dsabogalcc@gmail.com> X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- main/mupdf/APKBUILD | 8 ++++++-- main/mupdf/CVE-2017-6060.patch | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 main/mupdf/CVE-2017-6060.patch diff --git a/main/mupdf/APKBUILD b/main/mupdf/APKBUILD index b98896dd7c..d6c76afd88 100644 --- a/main/mupdf/APKBUILD +++ b/main/mupdf/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Daniel Sabogal pkgname=mupdf pkgver=1.11 -pkgrel=0 +pkgrel=1 pkgdesc="A lightweight PDF and XPS viewer" url="http://mupdf.com" arch="all" @@ -17,9 +17,12 @@ options="!check" source="http://mupdf.com/downloads/archive/$pkgname-$pkgver-source.tar.gz shared-lib.patch openjpeg-2.1.patch + CVE-2017-6060.patch " # secfixes: +# 1.11-r1: +# - CVE-2017-6060 # 1.10a-r2: # - CVE-2017-5991 # 1.10a-r1: @@ -84,4 +87,5 @@ _tools() { sha512sums="501670f540e298a8126806ebbd9db8b29866f663b7bbf26c9ade1933e42f0c00ad410b9d93f3ddbfb3e45c38722869095de28d832fe3fb3703c55cc9a01dbf63 mupdf-1.11-source.tar.gz b3ddbc22da894a8b9a0fa0c93711e2052b5d2ca29497473b6e15ffbae52faaafff9238619680de474c455ebd073c2d29ead4ff5d962fddb99f7ced27057fa77f shared-lib.patch -f8283db9a510527e84afeeb6eea89948161899c149a559c4a699c533445b42f30e5bf520616ca69d7feb554529ad494a60c276a1eecc915723ec0f264bbc0ed0 openjpeg-2.1.patch" +f8283db9a510527e84afeeb6eea89948161899c149a559c4a699c533445b42f30e5bf520616ca69d7feb554529ad494a60c276a1eecc915723ec0f264bbc0ed0 openjpeg-2.1.patch +3e3f34e448967acb7772365065234c313cb014ebe6e3c3b3bcdbed2242b32ee5589ecd749d06fb4cd5f406eb37ca431e369c96b9adb3b5367d2e5296f1ca983e CVE-2017-6060.patch" diff --git a/main/mupdf/CVE-2017-6060.patch b/main/mupdf/CVE-2017-6060.patch new file mode 100644 index 0000000000..cc03f6106b --- /dev/null +++ b/main/mupdf/CVE-2017-6060.patch @@ -0,0 +1,41 @@ +squashed commits: +06a012a42c9884e3cd653e7826cff1ddec04eb6e +e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14 + +From 05cb7595b61aa00a29f1609b75d280b589091356 Mon Sep 17 00:00:00 2001 +From: Sebastian Rasmussen +Date: Tue, 11 Apr 2017 10:54:12 +0800 +Subject: [PATCH] Bug 697551: Make path and line buffers of equal size. + +Previously a too long line could be copied into the too short path buffer. + +jstest: Stop printing bogus script lines. +--- + platform/x11/jstest_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/platform/x11/jstest_main.c b/platform/x11/jstest_main.c +index 13c3a0a3..36b32155 100644 +--- a/platform/x11/jstest_main.c ++++ b/platform/x11/jstest_main.c +@@ -346,7 +346,7 @@ main(int argc, char *argv[]) + } + else if (match(&line, "OPEN")) + { +- char path[1024]; ++ char path[LONGLINE]; + if (file_open) + pdfapp_close(&gapp); + if (prefix) +@@ -402,7 +402,7 @@ main(int argc, char *argv[]) + } + else + { +- fprintf(stderr, "Unmatched: %s\n", line); ++ fprintf(stderr, "Ignoring line without script statement.\n"); + } + } + while (!feof(script)); +-- +2.12.2 + -- 2.12.2 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---