Date: Monday, August 29, 2016 @ 21:21:40 Author: eworm Revision: 187973
upgpkg: mupdf 1.9_a-4 * fix building against openjpeg2 (libopenjp2.so) 2.1.1 * fix use after free with security implications: https://security-tracker.debian.org/tracker/CVE-2016-6265 Added: mupdf/trunk/0001-mupdf-openjpeg.patch Modified: mupdf/trunk/PKGBUILD Deleted: mupdf/trunk/mupdf-1.5-openjpeg-2.1.0.patch --------------------------------+ 0001-mupdf-openjpeg.patch | 37 +++++++++++++++++++++++++++++++++++++ PKGBUILD | 23 ++++++++++++++++------- mupdf-1.5-openjpeg-2.1.0.patch | 13 ------------- 3 files changed, 53 insertions(+), 20 deletions(-) Added: 0001-mupdf-openjpeg.patch =================================================================== --- 0001-mupdf-openjpeg.patch (rev 0) +++ 0001-mupdf-openjpeg.patch 2016-08-29 21:21:40 UTC (rev 187973) @@ -0,0 +1,37 @@ +--- a/source/fitz/load-jpx.c ++++ b/source/fitz/load-jpx.c +@@ -3,12 +3,17 @@ + /* Without the definition of OPJ_STATIC, compilation fails on windows + * due to the use of __stdcall. We believe it is required on some + * linux toolchains too. */ ++ ++#ifdef __cplusplus ++extern "C" ++{ + #define OPJ_STATIC + #ifndef _MSC_VER + #define OPJ_HAVE_STDINT_H + #endif ++#endif + +-#include <openjpeg.h> ++#include <openjpeg-2.1/openjpeg.h> + + static void fz_opj_error_callback(const char *msg, void *client_data) + { +@@ -117,7 +122,7 @@ fz_load_jpx(fz_context *ctx, unsigned ch + opj_stream_set_read_function(stream, fz_opj_stream_read); + opj_stream_set_skip_function(stream, fz_opj_stream_skip); + opj_stream_set_seek_function(stream, fz_opj_stream_seek); +- opj_stream_set_user_data(stream, &sb); ++ opj_stream_set_user_data(stream, &sb, NULL); + /* Set the length to avoid an assert */ + opj_stream_set_user_data_length(stream, size); + +@@ -247,3 +252,6 @@ fz_load_jpx(fz_context *ctx, unsigned ch + + return img; + } ++#ifdef __cplusplus ++} ++#endif Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-08-29 18:42:21 UTC (rev 187972) +++ PKGBUILD 2016-08-29 21:21:40 UTC (rev 187973) @@ -9,7 +9,7 @@ pkgbase=mupdf pkgname=(libmupdf mupdf mupdf-gl mupdf-tools) pkgver=1.9_a -pkgrel=3 +pkgrel=4 pkgdesc='Lightweight PDF and XPS viewer' arch=('i686' 'x86_64') url='http://mupdf.com' @@ -18,12 +18,14 @@ 'jbig2dec' 'libjpeg' 'mesa-libgl' 'openjpeg2' 'openssl') # we need static libs for zathura-pdf-mupdf options=('staticlibs') -source=(http://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz - mupdf-1.5-openjpeg-2.1.0.patch - mupdf.desktop - mupdf.xpm) +source=("http://mupdf.com/downloads/mupdf-${pkgver/_/}-source.tar.gz" + '0001-mupdf-openjpeg.patch' + 'mupdf-0001-bug-696941-fix-use-after-free.patch::http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=fa1936405b6a84e5c9bb440912c23d532772f958' + 'mupdf.desktop' + 'mupdf.xpm') md5sums=('658b90788a57d858dcb069cf326e11c3' - '8e71587ad9b86e10c9144618ab43149b' + 'c2d096ecd41ae26735551d01099c0a3e' + '5fb16881b14c686a44957ec53f7fa924' '39b54f82a763aac54e352315a0ee9037' 'f3f35e7320bafde331250de1c99186a1') @@ -33,8 +35,15 @@ # remove bundled packages, we want our system libraries rm -rf thirdparty/{curl,freetype,glfw,harfbuzz,jbig2dec,jpeg,openjpeg,zlib} - patch -p1 -i ../mupdf-1.5-openjpeg-2.1.0.patch + # Bug 696941: Fix use after free. + # CVE-2016-6265 + # https://security-tracker.debian.org/tracker/CVE-2016-6265 + patch -Np1 < "${srcdir}/mupdf-0001-bug-696941-fix-use-after-free.patch" + # fix function for openjpeg 2.1.x + patch -Np1 < "${srcdir}/0001-mupdf-openjpeg.patch" + + # fix includes for jbig2dec sed '/^JBIG2DEC_CFLAGS :=/s|$| -I./include/mupdf|' -i Makethird } Deleted: mupdf-1.5-openjpeg-2.1.0.patch =================================================================== --- mupdf-1.5-openjpeg-2.1.0.patch 2016-08-29 18:42:21 UTC (rev 187972) +++ mupdf-1.5-openjpeg-2.1.0.patch 2016-08-29 21:21:40 UTC (rev 187973) @@ -1,13 +0,0 @@ -diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c -index dd7bf9e..b7c8680 100644 ---- a/source/fitz/load-jpx.c -+++ b/source/fitz/load-jpx.c -@@ -116,7 +116,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs - opj_stream_set_read_function(stream, fz_opj_stream_read); - opj_stream_set_skip_function(stream, fz_opj_stream_skip); - opj_stream_set_seek_function(stream, fz_opj_stream_seek); -- opj_stream_set_user_data(stream, &sb); -+ opj_stream_set_user_data(stream, &sb, NULL); - /* Set the length to avoid an assert */ - opj_stream_set_user_data_length(stream, size); -