CVE-2018-10289

(rh bz #1573050) (gs bz #699271)
7 years ago · 10faca3a65
parent 582410f75e
commit 10faca3a65
2 changed files with 33 additions and 1 deletions
--- a/0001-Fix-699271-skip-space-correctly.patch
+++ b/0001-Fix-699271-skip-space-correctly.patch
@ -0,0 +1,27 @@
+From 6f3535a520674b757548c1c84a48150e12cbb739 Mon Sep 17 00:00:00 2001
+Message-Id: <6f3535a520674b757548c1c84a48150e12cbb739.1528633460.git.mjg@fedoraproject.org>
+From: Michael J Gruber <mjg@fedoraproject.org>
+Date: Sun, 10 Jun 2018 14:22:50 +0200
+Subject: [PATCH] Fix 699271: skip space correctly
+
+Terminate skipping spaces when there is no more space or no more char.
+---
+ source/pdf/pdf-xref.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 8515090d..68a8783b 100644
+--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
+@@ -647,7 +647,7 @@ fz_skip_space(fz_context *ctx, fz_stream *stm)
+ 	do
+ 	{
+ 		int c = fz_peek_byte(ctx, stm);
+-		if (c > 32 && c != EOF)
+		if (c > 32 || c == EOF)
+ 			return;
+ 		(void)fz_read_byte(ctx, stm);
+ 	}
+-- 
+2.18.0.rc1.265.g7dd663a68f
+
--- a/mupdf.spec
+++ b/mupdf.spec
@ -1,6 +1,6 @@
 Name:           mupdf
 Version:        1.13.0
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        A lightweight PDF viewer and toolkit
 Group:          Applications/Publishing
 License:        AGPLv3+
@ -20,6 +20,7 @@ Provides:       bundled(lcms2-devel) = 2.9
 Provides:       bundled(freeglut)-devel) = 3.0.0
 Patch0:         %{name}-1.13-openjpeg.patch
 Patch1:         0001-fix-build-on-big-endian.patch
+Patch2:         0001-Fix-699271-skip-space-correctly.patch

 %description
 MuPDF is a lightweight PDF viewer and toolkit written in portable C.
@ -54,6 +55,7 @@ do
 done
 %patch0 -p1
 %patch1 -p1 -d thirdparty/lcms2
+%patch2 -p1

 %build
 export XCFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK"
@ -92,6 +94,9 @@ update-desktop-database &> /dev/null || :
 %{_libdir}/lib%{name}*.a

 %changelog
+* Sun Jun 10 2018 Michael J Gruber <mjg@fedoraproject.org> - 1.13.0-8
+- CVE-2018-10289 (rh bz #1573050) (gs bz #699271)
+
 * Wed Jun 06 2018 Michael J Gruber <mjg@fedoraproject.org> - 1.13.0-7
 - fix license field (bug #1586328)