From 165174f22a3ced99c0fbf82419d2c5cbe8cacc3b Mon Sep 17 00:00:00 2001 From: Michael J Gruber Date: Thu, 15 Nov 2018 10:21:50 +0100 Subject: [PATCH] bz #1644444 #1644445 --- mupdf-CVE-2018-18662.patch | 62 ++++++++++++++++++++++++++++++++++++++ mupdf.spec | 7 ++++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 mupdf-CVE-2018-18662.patch diff --git a/mupdf-CVE-2018-18662.patch b/mupdf-CVE-2018-18662.patch new file mode 100644 index 0000000..c9cfec9 --- /dev/null +++ b/mupdf-CVE-2018-18662.patch @@ -0,0 +1,62 @@ +From 164ddc22ee0d5b63a81d5148f44c37dd132a9356 Mon Sep 17 00:00:00 2001 +Message-Id: <164ddc22ee0d5b63a81d5148f44c37dd132a9356.1542272812.git.mjg@fedoraproject.org> +From: Tor Andersson +Date: Mon, 5 Nov 2018 17:49:09 +0100 +Subject: [PATCH] Fix 700043: Don't assume a font is t3 just because + fz_outline_glyph fails. + +--- + source/fitz/svg-device.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/source/fitz/svg-device.c b/source/fitz/svg-device.c +index 2876a89b..aaf53b99 100644 +--- a/source/fitz/svg-device.c ++++ b/source/fitz/svg-device.c +@@ -472,27 +472,28 @@ svg_dev_text_span_as_paths_defs(fz_context *ctx, fz_device *dev, fz_text_span *s + /* Need to send this one */ + fz_rect rect; + fz_path *path; +- path = fz_outline_glyph(ctx, span->font, gid, fz_identity); +- if (path) ++ out = start_def(ctx, sdev); ++ fz_write_printf(ctx, out, "\n", fnt->id, gid); ++ if (fz_font_ft_face(ctx, span->font)) + { +- rect = fz_bound_path(ctx, path, NULL, fz_identity); +- shift.e = -rect.x0; +- shift.f = -rect.y0; +- fz_transform_path(ctx, path, shift); +- out = start_def(ctx, sdev); +- fz_write_printf(ctx, out, "\n", fnt->id, gid); +- fz_write_printf(ctx, out, "\n"); +- fz_drop_path(ctx, path); ++ path = fz_outline_glyph(ctx, span->font, gid, fz_identity); ++ if (path) ++ { ++ rect = fz_bound_path(ctx, path, NULL, fz_identity); ++ shift.e = -rect.x0; ++ shift.f = -rect.y0; ++ fz_transform_path(ctx, path, shift); ++ fz_write_printf(ctx, out, "\n"); ++ fz_drop_path(ctx, path); ++ } + } +- else ++ else if (fz_font_t3_procs(ctx, span->font)) + { + rect = fz_bound_glyph(ctx, span->font, gid, fz_identity); + shift.e = -rect.x0; + shift.f = -rect.y0; +- out = start_def(ctx, sdev); +- fz_write_printf(ctx, out, "\n", fnt->id, gid); + fz_run_t3_glyph(ctx, span->font, gid, shift, dev); + } + fz_write_printf(ctx, out, "\n"); +-- +2.19.1.1238.g4b45f61cc0 + diff --git a/mupdf.spec b/mupdf.spec index c1384e1..c9541b8 100644 --- a/mupdf.spec +++ b/mupdf.spec @@ -1,6 +1,6 @@ Name: mupdf Version: 1.14.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A lightweight PDF viewer and toolkit Group: Applications/Publishing License: AGPLv3+ @@ -25,6 +25,7 @@ Provides: bundled(mujs-devel) = 1.0.5 Patch0: 0001-fix-build-on-big-endian.patch Patch1: mupdf-CVE-2018-16647.patch Patch2: mupdf-CVE-2018-16648.patch +Patch3: mupdf-CVE-2018-18662.patch %description MuPDF is a lightweight PDF viewer and toolkit written in portable C. @@ -60,6 +61,7 @@ done %patch0 -p1 -d thirdparty/lcms2 %patch1 -p1 %patch2 -p1 +%patch3 -p1 echo > user.make "\ USE_SYSTEM_FREETYPE := yes USE_SYSTEM_HARFBUZZ := yes @@ -113,6 +115,9 @@ update-desktop-database &> /dev/null || : %{_libdir}/lib%{name}*.a %changelog +* Thu Nov 15 2018 Michael J Gruber - 1.14.0-4 +- bz #1644444 #1644445 + * Thu Nov 15 2018 Michael J Gruber - 1.14.0-3 - bz #1626481 #1626484