X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-qk0-f175.google.com (mail-qk0-f175.google.com [209.85.220.175])
	by lists.alpinelinux.org (Postfix) with ESMTP id 1D6E05C53ED
	for <alpine-aports@lists.alpinelinux.org>; Wed,  3 May 2017 17:41:22 +0000 (GMT)
Received: by mail-qk0-f175.google.com with SMTP id q1so21385769qkd.2
        for <alpine-aports@lists.alpinelinux.org>; Wed, 03 May 2017 10:41:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:date:message-id:in-reply-to:references;
        bh=xwfkEQim2FmmiABEmIiBmK/HxovdZnxEk75tHHvWub8=;
        b=FpKBVc1BNgG5UT3oLRdgCHnlMbz9ouuDVH2WzysqKOpI9P+8EbWJsS31mb6ynh56BQ
         kTTZHnAGGym6s+Qaf9X9GDpNcOUlxRZyzCOiLIHhG8cji+veheNlai2DnBOjAhgIODU3
         xY6DPQEsbjR3uGCKltcPpqYmkCaalxPI+5ucH1mhnYZL2s+rJlA6SUnSH5l9wBhkpgtc
         msRsiq3ScJyzWXvAz20d0cLS6HiMSuUdBLd27OdzS7HZ8MSCjAzuywu2wT1ZUkI5IT5E
         MmHsE4JKxzbm2NK8bxuUH32QJ/wvzY8OOZgPtyK30KXbITRZ6lurcMdg66EtDrzA96By
         Xsvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references;
        bh=xwfkEQim2FmmiABEmIiBmK/HxovdZnxEk75tHHvWub8=;
        b=YxLS+IVi5kpEgV3Mckh7znIdi4kVqLR6eTQMuzrG7a27D2loOtx1ogVOkDN7bDi26V
         2M3+Toj515bE+L5SpW531XUERW+nzMTpyJ0pwF65gOk/PIiwVQ2rzunOJ4WCA0zt20b6
         zpyHH2d+l6EjryeN5k+018BncfbDQQr3Er/7f/GuTKGUwtL/UjA4qIktLDCRjxfkQt4v
         SRFG7D9KMd/O1301oFUnYLu7fLLIjOLkq0I4HDaPjWumgCitFslwpJW/aJldtJ/4bUv7
         eAdumPVl/OKeBKyAEDVieAX4sNHKxA2LjCzS2X5VbPd6w/wlkkjqOFebYhTmLINWQCKN
         OAUg==
X-Gm-Message-State: AODbwcBz2kQ2chQpLZsXNZleYMbIXtojJ0pq3WvLDpT1GG42PNutJY6I
	VY/L1xDXssvB0okt
X-Received: by 10.55.21.90 with SMTP id f87mr4395396qkh.240.1493833281618;
        Wed, 03 May 2017 10:41:21 -0700 (PDT)
Received: from alp.lan (c-71-60-35-21.hsd1.pa.comcast.net. [71.60.35.21])
        by smtp.googlemail.com with ESMTPSA id n14sm176890qtf.33.2017.05.03.10.41.20
        for <alpine-aports@lists.alpinelinux.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 03 May 2017 10:41:20 -0700 (PDT)
From: Daniel Sabogal <dsabogalcc@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Subject: [alpine-aports] [PATCH 3.5-stable] main/mupdf: security fixes #6897 (CVE-2017-6060)
Date: Wed,  3 May 2017 13:41:30 -0400
Message-Id: <20170503174131.31939-2-dsabogalcc@gmail.com>
X-Mailer: git-send-email 2.12.2
In-Reply-To: <20170503174131.31939-1-dsabogalcc@gmail.com>
References: <20170503174131.31939-1-dsabogalcc@gmail.com>
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

---
 main/mupdf/APKBUILD            | 14 ++++++++++----
 main/mupdf/CVE-2017-6060.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 main/mupdf/CVE-2017-6060.patch

diff --git a/main/mupdf/APKBUILD b/main/mupdf/APKBUILD
index 166d6d5075..4f6117af2c 100644
--- a/main/mupdf/APKBUILD
+++ b/main/mupdf/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Daniel Sabogal <dsabogalcc@gmail.com>
 pkgname=mupdf
 pkgver=1.10a
-pkgrel=2
+pkgrel=3
 pkgdesc="A lightweight PDF and XPS viewer"
 url="http://mupdf.com"
 arch="all"
@@ -18,9 +18,12 @@ source="http://mupdf.com/downloads/archive/$pkgname-$pkgver-source.tar.gz
 	openjpeg-2.1.patch
 	CVE-2017-5896.patch
 	CVE-2017-5991.patch
+	CVE-2017-6060.patch
 	"
 
 # secfixes:
+#   1.10a-r3:
+#   - CVE-2017-6060
 #   1.10a-r2:
 #   - CVE-2017-5991
 #   1.10a-r1:
@@ -86,14 +89,17 @@ md5sums="f80fbba2524d1d52f6ed09237d382411  mupdf-1.10a-source.tar.gz
 8c4c5ec03c3df7e87a672c79302f6df5  shared-lib.patch
 a5b85a55be0e958c16f900730ff24ad8  openjpeg-2.1.patch
 64d2931655dbea67a291032221b67e10  CVE-2017-5896.patch
-1c10386d9b536669c5c787b3b1585d6f  CVE-2017-5991.patch"
+1c10386d9b536669c5c787b3b1585d6f  CVE-2017-5991.patch
+b0a85e545d0ae1bfe8173c3034a1bab5  CVE-2017-6060.patch"
 sha256sums="aacc1f36b9180f562022ef1ab3439b009369d944364f3cff8a2a898834e3a836  mupdf-1.10a-source.tar.gz
 3ff3c9413c4c1005db7e41a085ce8e72ee1e956e8d1538a615f51f86f8bb1d14  shared-lib.patch
 12ea2a295b62ca85298273d54b423ec8e73fb52d712bcee20bab0507a595b7a0  openjpeg-2.1.patch
 23994ce0dc819b29f983328503d073595d56d75fd1001674d30275170fe96792  CVE-2017-5896.patch
-c600d516648c6324069930ea6b606a0a040dfaf7a9d3d323156c5e7d80bc4eb9  CVE-2017-5991.patch"
+c600d516648c6324069930ea6b606a0a040dfaf7a9d3d323156c5e7d80bc4eb9  CVE-2017-5991.patch
+0dd145a8ac2c11b0cf493b39c71b39b163b0ed0d05ee8c351500670e669bbe8b  CVE-2017-6060.patch"
 sha512sums="8c735963364985e74ceb38242afae555a3d2ee7c69abe3fe5c485e8613a83d996a58f231cb689a156019d431fa67d565503247d010b0a404054850483aed9fec  mupdf-1.10a-source.tar.gz
 bc38cc6935ed1c5941773e0671bea25d33897c1018c30f11ff3a1ec1e583276597f521b9e526f9bd38a6f9a1e76aa3e52782995ded72a618d07811abcd7ca734  shared-lib.patch
 bfb509c529e26c3d2dc827298ce3a6083640fbe3fd7491560ffb1e8f86d62bbd4a5d52721079caef8a38d6f332132b581859276000b397f9512673eedb0315a7  openjpeg-2.1.patch
 e9f29b909e016967fc9e6ca6723d63aecfea5c8aeadbd923bbf8a0fa1f4b0e16bd4eedac178bbf5fa359e47a55aa307b6581c6ce45b177ee12430f41c0b49cd7  CVE-2017-5896.patch
-b65a9dce7ba239be788d144c27edb7528ebcf08ead4defe887a08d7879cf72ca3b172a9a33ec3f9426743f45ecb9aac17baf1b526bf5f880beb00bdd84bdc42a  CVE-2017-5991.patch"
+b65a9dce7ba239be788d144c27edb7528ebcf08ead4defe887a08d7879cf72ca3b172a9a33ec3f9426743f45ecb9aac17baf1b526bf5f880beb00bdd84bdc42a  CVE-2017-5991.patch
+3e3f34e448967acb7772365065234c313cb014ebe6e3c3b3bcdbed2242b32ee5589ecd749d06fb4cd5f406eb37ca431e369c96b9adb3b5367d2e5296f1ca983e  CVE-2017-6060.patch"
diff --git a/main/mupdf/CVE-2017-6060.patch b/main/mupdf/CVE-2017-6060.patch
new file mode 100644
index 0000000000..cc03f6106b
--- /dev/null
+++ b/main/mupdf/CVE-2017-6060.patch
@@ -0,0 +1,41 @@
+squashed commits:
+06a012a42c9884e3cd653e7826cff1ddec04eb6e
+e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14
+
+From 05cb7595b61aa00a29f1609b75d280b589091356 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Tue, 11 Apr 2017 10:54:12 +0800
+Subject: [PATCH] Bug 697551: Make path and line buffers of equal size.
+
+Previously a too long line could be copied into the too short path buffer.
+
+jstest: Stop printing bogus script lines.
+---
+ platform/x11/jstest_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/platform/x11/jstest_main.c b/platform/x11/jstest_main.c
+index 13c3a0a3..36b32155 100644
+--- a/platform/x11/jstest_main.c
++++ b/platform/x11/jstest_main.c
+@@ -346,7 +346,7 @@ main(int argc, char *argv[])
+ 				}
+ 				else if (match(&line, "OPEN"))
+ 				{
+-					char path[1024];
++					char path[LONGLINE];
+ 					if (file_open)
+ 						pdfapp_close(&gapp);
+ 					if (prefix)
+@@ -402,7 +402,7 @@ main(int argc, char *argv[])
+ 				}
+ 				else
+ 				{
+-					fprintf(stderr, "Unmatched: %s\n", line);
++					fprintf(stderr, "Ignoring line without script statement.\n");
+ 				}
+ 			}
+ 			while (!feof(script));
+-- 
+2.12.2
+
-- 
2.12.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---