Package: mupdf / 1.5-1+deb8u4

Metadata

Package Version Patches format
mupdf 1.5-1+deb8u4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 fix_libjpeg_header_mismatch.patch | (download)

scripts/jpeg/jconfig.h | 45 0 + 45 - 0 !
1 file changed, 45 deletions(-)

 fix_libjpeg_header_mismatch

commit 674a7b563e3010d26faef86d674b246d42c8edf0
0002 mupdf_manpage.patch | (download)

docs/man/mupdf.1 | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 mupdf_manpage


0003 Fix build with libopenjp2.patch | (download)

Makerules | 4 2 + 2 - 0 !
source/fitz/load-jpx.c | 10 1 + 9 - 0 !
2 files changed, 3 insertions(+), 11 deletions(-)

 fix build with libopenjp2


0004 Fix Werror format security error.patch | (download)

source/pdf/pdf-op-run.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix -werror=format-security error


0005 Fix unsafe conversion from float to fz_linecap.patch | (download)

source/pdf/pdf-op-run.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 fix unsafe conversion from float to fz_linecap


0006 Fix FTBFS with clang.patch | (download)

include/mupdf/fitz/output.h | 2 1 + 1 - 0 !
source/fitz/output.c | 8 4 + 4 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

 fix ftbfs with clang


0007 Add mudraw F command switch to man page.patch | (download)

docs/man/mudraw.1 | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 add mudraw -f command switch to man page


0008 CVE 2016 6265.patch | (download)

source/pdf/pdf-xref.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 bug 696941: fix use after free.

The file is HORRIBLY corrupt, and triggers Sophos to think it's
PDF malware (which it isn't). It does however trigger a use
after free, worked around here.

0009 CVE 2016 6525.patch | (download)

source/pdf/pdf-shade.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 make sure that number of colors in mesh params is valid.

Fixes bug 696954.

0008 CVE 2016 8674.patch | (download)

include/mupdf/pdf/document.h | 4 4 + 0 - 0 !
include/mupdf/pdf/object.h | 1 1 + 0 - 0 !
source/pdf/pdf-object.c | 43 40 + 3 - 0 !
source/pdf/pdf-repair.c | 28 26 + 2 - 0 !
source/pdf/pdf-xref.c | 6 6 + 0 - 0 !
5 files changed, 77 insertions(+), 5 deletions(-)

 port fixes for cve-2016-8674 from upstream


0009 CVE 2017 5896.patch | (download)

source/fitz/pixmap.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 bug 697515: fix out of bounds read in fz_subsample_pixmap

Pointer arithmetic for final special case was going wrong.

0010 CVE 2017 5991.patch | (download)

source/pdf/pdf-op-run.c | 26 18 + 8 - 0 !
1 file changed, 18 insertions(+), 8 deletions(-)

 bug 697500: fix null ptr access.

Cope better with errors during rendering - avoid letting the
gstate stack get out of sync.

This avoids us ever getting into the situation of popping
a clip when we should be popping a mask or a group. This was
causing an unexpected case in the painting.

CVE 2017 15587.patch | (download)

source/pdf/pdf-xref.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 an integer overflow was discovered in pdf_read_new_xref_section
CVE 2018 1000051.patch | (download)

source/pdf/pdf-appearance.c | 9 2 + 7 - 0 !
1 file changed, 2 insertions(+), 7 deletions(-)

 [patch] bug 698825: do not drop borrowed colorspaces.

Previously the borrowed colorspace was dropped when updating annotation
appearances, leading to use after free warnings from valgrind/ASAN.

CVE 2018 6544 1.patch | (download)

source/pdf/pdf-xref.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

---