diff options
| author | Michael Raskin <7c6f434c@mail.ru> | 2018-03-10 12:56:27 +0100 |
|---|---|---|
| committer | Michael Raskin <7c6f434c@mail.ru> | 2018-03-10 12:56:45 +0100 |
| commit | f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246 (patch) | |
| tree | f12feeba6f0f42e3fbb5ff6a0e2f025a77f9dc45 /pkgs/applications/misc/mupdf | |
| parent | 679580be35051d33887b9af626c3bc72420e0718 (diff) | |
| download | nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.tar nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.tar.gz nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.tar.bz2 nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.tar.lz nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.tar.xz nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.tar.zst nixlib-f2f7b0579b8aaf85f1afebb6346b1fe1d9a7b246.zip | |
mupdf: import upstream patches for CVEs: 2017-17858, 2018-1000051, 2018-6187, 2018-6192
Diffstat (limited to 'pkgs/applications/misc/mupdf')
| -rw-r--r-- | pkgs/applications/misc/mupdf/default.nix | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index b0d8ba3bb08e..1b510221d121 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -39,6 +39,48 @@ in stdenv.mkDerivation rec { url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=26527eef77b3e51c2258c8e40845bfbc015e405d;hp=ab98356f959c7a6e94b1ec10f78dd2c33ed3f3e7"; sha256 = "1brcc029s5zmd6ya0d9qk3mh9qwx5g6vhsf1j8h879092sya5627"; }) + (fetchpatch { + # Bugs 698804/698810/698811, 698819: Keep PDF object numbers below limit. + name = "CVE-2017-17858.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731"; + sha256 = "1bf683d59i5009cv1hhmwmrp2rsb75cbf98qd44dk39cpvq8ydwv"; + }) + (fetchpatch { + # Bug 698825: Do not drop borrowed colorspaces. + name = "CVE-2018-1000051.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=321ba1de287016b0036bf4a56ce774ad11763384"; + sha256 = "0jbcc9j565q5y305pi888qzlp83zww6nhkqbsmkk91gim958zikm"; + }) + (fetchpatch { + # Bug 698908 preprecondition: Add portable pseudo-random number generator based on the lrand48 family. + name = "CVE-2018-6187.0.1.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=2d5b4683e912d6e6e1f1e2ca5aa0297beb3e6807"; + sha256 = "028bxinbjs5gg9myjr3vs366qxg9l2iyba2j3pxkxsh1851hj728"; + }) + (fetchpatch { + # Bug 698908 precondition: Fix "being able to search for redacted text" bug. + name = "CVE-2018-6187.0.2.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=25593f4f9df0c4a9b9adaa84aaa33fe2a89087f6"; + sha256 = "195y69c3f8yqxcsa0bxrmxbdc3fx1dzvz8v66i56064mjj0mx04s"; + }) + (fetchpatch { + # Bug 698908: Resize object use and renumbering lists after repair. + name = "CVE-2018-6187.1.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=3e30fbb7bf5efd88df431e366492356e7eb969ec"; + sha256 = "0wzbqj750h06q1wa6vxbpv5a5q9pfg0cxjdv88yggkrjb3vrkd9j"; + }) + (fetchpatch { + # Bug 698908: Plug PDF object leaks when decimating pages in pdfposter. + name = "CVE-2018-6187.2.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=a71e7c85a9f2313cde20d4479cd727a5f5518ed2"; + sha256 = "1pcjkq8lg6l2m0186rl79lilg79crgdvz9hrmm3w60gy2gxkgksc"; + }) + (fetchpatch { + # Bug 698916: Indirect object numbers must be in range. + name = "CVE-2018-6192.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=5e411a99604ff6be5db9e273ee84737204113299"; + sha256 = "134zc07fp0p1mwqa8xrkq3drg4crajzf1hjf4mdwmcy1jfj2pfhj"; + }) ] # Use shared libraries to decrease size |