Bug 212207

Summary: graphics/mupdf: CVE-2016-6525, CVE-2016-6265
Product: Ports & Packages Reporter: Tobias Kortkamp <tobik>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Many People CC: feld, uzsolt
Priority: Normal Keywords: needs-qa, patch, security
Version: LatestFlags: uzsolt: maintainer-feedback+
feld: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
mupdf.diff uzsolt: maintainer-approval+

Description Tobias Kortkamp freebsd_committer freebsd_triage 2016-08-27 22:44:58 UTC 
Created attachment 174138 [details]
mupdf.diff

Seen on the OpenBSD Ports mailing list.

These should affect the version in the FreeBSD ports tree too.  This also affects graphics/llpp and graphics/zathura-pdf-mupdf since both statically link with mupdf.

I'm attaching a patch that bumps portrevisions of all 3 ports and includes patches that are supposed to fix these issues.

OpenBSD commit message:
-------------------------
revision 1.65
date: 2016/08/27 20:58:48;  author: jca;  state: Exp;  lines: +2 -2;  commitid: 7TTHy8bFvHVkME08;
SECURITY fixes for CVE-2016-6525 & CVE-2016-6265

CVE-2016-6525 heap overflow in pdf_load_mesh_params()
CVE-2016-6265 use-after-free

Reported by & looks good to stsp@, ok sthen@ (maintainer)
------------------------

More info:
- https://marc.info/?l=oss-security&m=147022667716011&w=2
- https://marc.info/?l=oss-security&m=146911020216511&w=2

I haven't done any test builds in Poudriere yet. Mupdf still builds fine outside of it however.  Doing poudriere builds will take a while.
Comment 1 Zsolt Udvari freebsd_committer freebsd_triage 2016-08-28 09:57:45 UTC 
Build fine with poudriere. Accept.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-08-28 10:12:46 UTC 
@Zsolt please approve patches by setting maintainer-approval to + on attachments for ports you are maintainer of. Attachment -> Details -> maintainer-approval [+]

Maintainer is not committer, assign to ports-secteam accordingly

Thank you for the report and patch Tobias
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-10-12 00:11:34 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 00:11:08 UTC 2016
New revision: 423807
URL: https://svnweb.freebsd.org/changeset/ports/423807

Log:
  graphics/mupdf: Patch to resolve CVEs

  PR:		212207
  MFH:		2016Q4
  Security:	CVE-2016-6525
  Security:	CVE-2016-6265

Changes:
  head/graphics/llpp/Makefile
  head/graphics/mupdf/Makefile
  head/graphics/mupdf/files/patch-scripts_fontdump.c
  head/graphics/mupdf/files/patch-source__fitz__load-jpx.c
  head/graphics/mupdf/files/patch-source_pdf_pdf-shade.c
  head/graphics/mupdf/files/patch-source_pdf_pdf-xref.c
  head/graphics/zathura-pdf-mupdf/Makefile
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-10-12 00:12:36 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 00:12:14 UTC 2016
New revision: 423808
URL: https://svnweb.freebsd.org/changeset/ports/423808

Log:
  MFH: r423807

  graphics/mupdf: Patch to resolve CVEs

  PR:		212207
  Security:	CVE-2016-6525
  Security:	CVE-2016-6265

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/graphics/llpp/Makefile
  branches/2016Q4/graphics/mupdf/Makefile
  branches/2016Q4/graphics/mupdf/files/patch-scripts_fontdump.c
  branches/2016Q4/graphics/mupdf/files/patch-source__fitz__load-jpx.c
  branches/2016Q4/graphics/mupdf/files/patch-source_pdf_pdf-shade.c
  branches/2016Q4/graphics/mupdf/files/patch-source_pdf_pdf-xref.c
  branches/2016Q4/graphics/zathura-pdf-mupdf/Makefile
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-10-12 00:49:43 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 00:49:01 UTC 2016
New revision: 423813
URL: https://svnweb.freebsd.org/changeset/ports/423813

Log:
  Document mupdf vulnerabilites

  PR:		212207
  Security:	CVE-2016-6525
  Security:	CVE-2016-6265

Changes:
  head/security/vuxml/vuln.xml
Comment 6 Mark Felder freebsd_committer freebsd_triage 2016-10-12 00:50:18 UTC 
Committed, thanks for your submission!