head 1.2; access; symbols pkgsrc-2017Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2017.12.18.15.06.34; author leot; state dead; branches; next 1.1; commitid piDUW6ZgHXgvUnjA; 1.1 date 2017.10.25.11.00.03; author leot; state Exp; branches 1.1.2.1; next ; commitid mSGpjiZUP4KyhqcA; 1.1.2.1 date 2017.10.25.11.00.03; author bsiegert; state dead; branches; next 1.1.2.2; commitid 7DS2pPV5fZPCeKdA; 1.1.2.2 date 2017.11.04.17.48.30; author bsiegert; state Exp; branches; next ; commitid 7DS2pPV5fZPCeKdA; desc @@ 1.2 log @mupdf: Update print/mupdf to 1.12.0 pkgsrc changes: - Add support for the `opengl' option via graphics/glut and remove the `glfw' option to follow upstream changes. Adjust options.mk and buildlink3.mk accordingly. - Add patches/patch-platform_gl_gl-app.h to not force freeglut GLUT implementation to every non-APPLE platforms (glut also works!) and adjust the glut.h include. - Add a commented out lcms2 bl3 inclusion entry, lcms2>=2.9 is needed (due "lcms2art.h" et al. inclusion, so disable it for now) - Explain the OPJ_STATIC comment in patches/patch-source_fitz_load-jpx.c a bit more in depth... ...this will hopefully save some time to debug opj_* undefined symbols when trying to link libmupdf and accidently omitting the patches/patch-source_fitz_load-jpx.c hunk (for extra debugging stories fun, if OPJ_STATIC is defined some opj_* symbols are defined while others are not defined, making the debugging of that problem more naughty!). - Inject HAVE_{CURL,GLUT} variables via MAKE_ENV in options.mk to avoid depending on www/curl and graphics/glut (yes, that's a bit kludgy but unfortunately mupdf doesn't have a configure and so there isn't a more sensible way to do it). This is needed to avoid building mupdf-gl for native X.org where the glut.pc pkg-config file is available at build time. Also adjust patches/patch-ab accordingly. - Remove patches/patch-CVE*, they are no longer needed (all applied in 1.12.0) - Bump BUILDLINK_API_DEPENDS.mupdf to 1.12.0 (there were several API changes from 1.11 to 1.12.0) and remove the now redundant and no longer needed BUILDLINK_ABI_DEPENDS.mupdf. Changes: List of changes in MuPDF 1.12.0 * Color management: * LCMS2 library for color management. * CMYK rendering with overprint simulation. * Spot color rendering. * Transparency rendering fixes. * Structured text output improvements: * Reworked structured text API. * Faster text searching. * Highlight and copy text by selecting lines instead of by area. * New semantic XHTML output format. * New layout preserving HTML output format. * Features and improvements: * Improved non-AA rendering with new scan converter. * Improved LARGEFILE support. * Improved TIFF support. * Improved documentation. * PCLm output. * PSD output. * New "mutool trace" tool. * New "mutool sign" tool (work in progress). * Text redaction (work in progress). * Lots of bug fixes. @ text @$NetBSD: patch-CVE-2017-14687,v 1.1 2017/10/25 11:00:03 leot Exp $ Fix 698558: Handle non-tags in tag name comparisons. (AKA CVE-2017-14687) Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom. From upstream commit 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 --- source/html/css-apply.c.orig +++ source/html/css-apply.c @@@@ -328,7 +328,7 @@@@ match_selector(fz_css_selector *sel, fz_xml *node) if (sel->name) { - if (strcmp(sel->name, fz_xml_tag(node))) + if (!fz_xml_is_tag(node, sel->name)) return 0; } --- source/svg/svg-run.c.orig +++ source/svg/svg-run.c @@@@ -1044,7 +1044,7 @@@@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1); if (linked) { - if (!strcmp(fz_xml_tag(linked), "symbol")) + if (fz_xml_is_tag(linked, "symbol")) svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state); else svg_run_element(ctx, dev, doc, linked, &local_state); --- source/xps/xps-common.c.orig +++ source/xps/xps-common.c @@@@ -47,7 +47,7 @@@@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const else if (fz_xml_is_tag(node, "RadialGradientBrush")) xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node); else - fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node)); + fz_warn(ctx, "unknown brush tag"); } void @@@@ -85,7 +85,7 @@@@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons if (opacity_att) opacity = fz_atof(opacity_att); - if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) + if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) { char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity"); char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color"); @@@@ -129,7 +129,7 @@@@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource if (opacity_mask_tag) { - if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) + if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) fz_pop_clip(ctx, dev); } } --- source/xps/xps-glyphs.c.orig +++ source/xps/xps-glyphs.c @@@@ -592,7 +592,7 @@@@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, /* If it's a solid color brush fill/stroke do a simple fill */ - if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) + if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) { fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); fill_att = fz_xml_att(fill_tag, "Color"); --- source/xps/xps-path.c.orig +++ source/xps/xps-path.c @@@@ -879,14 +879,14 @@@@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b if (!data_att && !data_tag) return; - if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) + if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) { fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); fill_att = fz_xml_att(fill_tag, "Color"); fill_tag = NULL; } - if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush")) + if (fz_xml_is_tag(stroke_tag, "SolidColorBrush")) { stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity"); stroke_att = fz_xml_att(stroke_tag, "Color"); --- source/xps/xps-resource.c.orig +++ source/xps/xps-resource.c @@@@ -84,7 +84,7 @@@@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b if (!xml) return NULL; - if (strcmp(fz_xml_tag(xml), "ResourceDictionary")) + if (!fz_xml_is_tag(xml, "ResourceDictionary")) { fz_drop_xml(ctx, xml); fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element"); @ 1.1 log @mupdf: backport patches to fix several possible security issues Backport patches from upstream to address CVE-2017-14685, CVE-2017-14686, CVE-2017-14687, CVE-2017-15369 and CVE-2017-15587. These will not be needed for the next mupdf stable release. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2017-14687 was added on branch pkgsrc-2017Q3 on 2017-11-04 17:48:30 +0000 @ text @d1 101 @ 1.1.2.2 log @Pullup ticket #5595 - requested by sevan print/mupdf: security fix Revisions pulled up: - print/mupdf/Makefile 1.54 - print/mupdf/distinfo 1.38 - print/mupdf/patches/patch-CVE-2017-14685 1.1 - print/mupdf/patches/patch-CVE-2017-14686 1.1 - print/mupdf/patches/patch-CVE-2017-14687 1.1 - print/mupdf/patches/patch-CVE-2017-15369 1.1 - print/mupdf/patches/patch-CVE-2017-15587 1.1 --- Module Name: pkgsrc Committed By: leot Date: Wed Oct 25 11:00:03 UTC 2017 Modified Files: pkgsrc/print/mupdf: Makefile distinfo Added Files: pkgsrc/print/mupdf/patches: patch-CVE-2017-14685 patch-CVE-2017-14686 patch-CVE-2017-14687 patch-CVE-2017-15369 patch-CVE-2017-15587 Log Message: mupdf: backport patches to fix several possible security issues Backport patches from upstream to address CVE-2017-14685, CVE-2017-14686, CVE-2017-14687, CVE-2017-15369 and CVE-2017-15587. These will not be needed for the next mupdf stable release. Bump PKGREVISION. @ text @a0 101 $NetBSD: patch-CVE-2017-14687,v 1.1 2017/10/25 11:00:03 leot Exp $ Fix 698558: Handle non-tags in tag name comparisons. (AKA CVE-2017-14687) Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom. From upstream commit 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 --- source/html/css-apply.c.orig +++ source/html/css-apply.c @@@@ -328,7 +328,7 @@@@ match_selector(fz_css_selector *sel, fz_xml *node) if (sel->name) { - if (strcmp(sel->name, fz_xml_tag(node))) + if (!fz_xml_is_tag(node, sel->name)) return 0; } --- source/svg/svg-run.c.orig +++ source/svg/svg-run.c @@@@ -1044,7 +1044,7 @@@@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1); if (linked) { - if (!strcmp(fz_xml_tag(linked), "symbol")) + if (fz_xml_is_tag(linked, "symbol")) svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state); else svg_run_element(ctx, dev, doc, linked, &local_state); --- source/xps/xps-common.c.orig +++ source/xps/xps-common.c @@@@ -47,7 +47,7 @@@@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const else if (fz_xml_is_tag(node, "RadialGradientBrush")) xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node); else - fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node)); + fz_warn(ctx, "unknown brush tag"); } void @@@@ -85,7 +85,7 @@@@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons if (opacity_att) opacity = fz_atof(opacity_att); - if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) + if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) { char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity"); char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color"); @@@@ -129,7 +129,7 @@@@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource if (opacity_mask_tag) { - if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) + if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) fz_pop_clip(ctx, dev); } } --- source/xps/xps-glyphs.c.orig +++ source/xps/xps-glyphs.c @@@@ -592,7 +592,7 @@@@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, /* If it's a solid color brush fill/stroke do a simple fill */ - if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) + if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) { fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); fill_att = fz_xml_att(fill_tag, "Color"); --- source/xps/xps-path.c.orig +++ source/xps/xps-path.c @@@@ -879,14 +879,14 @@@@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b if (!data_att && !data_tag) return; - if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) + if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) { fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); fill_att = fz_xml_att(fill_tag, "Color"); fill_tag = NULL; } - if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush")) + if (fz_xml_is_tag(stroke_tag, "SolidColorBrush")) { stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity"); stroke_att = fz_xml_att(stroke_tag, "Color"); --- source/xps/xps-resource.c.orig +++ source/xps/xps-resource.c @@@@ -84,7 +84,7 @@@@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b if (!xml) return NULL; - if (strcmp(fz_xml_tag(xml), "ResourceDictionary")) + if (!fz_xml_is_tag(xml, "ResourceDictionary")) { fz_drop_xml(ctx, xml); fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element"); @