From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH] gnu: mupdf: Fix some security problems in bundled mujs. Date: Fri, 13 Jan 2017 12:34:28 -0500 Message-ID: <20170113173428.GA27117@jasmine> References: <20170112180655.1588-1-mbakke@fastmail.com> <20170112183017.GB23706@jasmine> <87wpe05adv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170112200346.GA11411@jasmine> <87shonai6b.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59798) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cS5kM-0000vs-BA for guix-devel@gnu.org; Fri, 13 Jan 2017 12:34:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cS5kJ-0005iP-71 for guix-devel@gnu.org; Fri, 13 Jan 2017 12:34:38 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:59028) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cS5kJ-0005i3-1y for guix-devel@gnu.org; Fri, 13 Jan 2017 12:34:35 -0500 Content-Disposition: inline In-Reply-To: <87shonai6b.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver Cc: guix-devel@gnu.org --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 12, 2017 at 07:59:40PM -0500, Mark H Weaver wrote: > Leo Famulari writes: > > If we can't graft it, we should build it on a branch on Hydra. >=20 > Here's what we can do: in addition to mupdf itself, we can also add a > graft for cups-filters (our only package that includes mupdf as an > input). The replacement for cups-filters would change its mupdf input > to refer directly to the fixed version of mupdf. >=20 > What do you think? That's a good idea, and I started implementing it, but then I wondered how cups-filters was actually using mupdf. The cups-filters package is only 3.7 MB, while libmupdf.a is 44 MB. It turns out that the built cups-filters doesn't refer to mupdf at all; mupdf is not protected from the garbage collector if you install cups-filters. I found two source files that use mupdf, 'filter/mupdftoraster.c' and 'filter/pdftops.c'. =46rom the cups-filters ./configure summary [0]: ------ mutool: yes mutool-path: system ippfind-path: system imagefilters: yes jpeg: yes pdftocairo-path: system pdftops: hybrid ------ The pdftops hybrid mode uses Poppler and Ghostscript, so we're not affected here: ------ if (renderer =3D=3D HYBRID) { if (make_model[0] && (!strncasecmp(make_model, "Brother", 7) || !strncasecmp(make_model, "Dell", 4) || strcasestr(make_model, "Minolta") || (!strncasecmp(make_model, "Apple", 5) && (ptr =3D strcasestr(make_model, "LaserWriter")) && (ptr =3D strcasestr(ptr + 11, "12")) && (ptr =3D strcasestr(ptr + 2, "640"))))) { =20 fprintf(stderr, "DEBUG: Switching to Poppler's pdftops instead of Gho= stscript for Brother, Minolta, Konica Minolta, Dell, and Apple LaserWriter = 12/640 to work around bugs in the printer's PS interpreters\n"); renderer =3D PDFTOPS; } =20 else=20 renderer =3D GS; [...] ------ source: 'filter/mupdfraster.c' involves the use of the mutool program. Does the configuration option 'mutool-path: system' mean that it looks for mutool on PATH? config.log [1] has: #define CUPS_MUTOOL "mutool" And I can't find a store reference for mupdf with `hexdump -C lib/cups/filter/mupdftoraster`; that's only file that `grep -ri mutool` matches.=20 Should we make cups-filters refer to mutool by an absolute path? [0] https://mirror.hydra.gnu.org/log/xlb7k5l3l4gq12z4fmg5i59y5hdzn472-cups-filt= ers-1.13.1 [1] config.log also has this line: #define CUPS_POPPLER_PDFTOPS "/usr/bin/pdftops"' This does get into the built 'lib/cups/filter/pdftops'. --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlh5D6EACgkQJkb6MLrK fwhoYhAA2BLXBjzjFA1/ca/F57T1OuG5HHhSDRV5BAwqZS0UKLxpAFk17sGU25hk HJ7PQo5Qm3jXY3ENiu/ZYNtJDKt1ADiX0OKm/vX4SNTUNWYdT0uv5oIG5K9DPYpM GegQSz+LR6yRKJmijRppUTtkHxXFlaByaxojGT0NLuj/cqOZHlUGGlTjVs3oC6Xs vSoCZR5iKjv6h0MO5AtGHXGy3VEkSOwr9LkHIv71rUV1BLdIVX/5nUdi7Jbxgsw3 6Mf5ygSxY6ja6vcEGPXPFrdSPAQWhJp71g6z8BGsiH7WleIZptr1aeyr+wjeUpX/ OX/tiz6656TfBmMMzfg2DAtK+oGJyyCneKKtxENjGvQXN5Qf4rt6UtHlQBlJ4t28 ekH4PqLQs2cvw6Pb++ol+apFC5I6YEP6g0AYmus7CvUPpVT/6bHqV8AxyGbkZKas No45CpmohFANCdIfwQ8HVXG6PN+oI1wSAXPwQPJcBQflPF0vY9OjDQLopOA4zF8K L3GSJlj7BAv8DZ1rrt5Jv6ZGGSg8n/hHczw5ETOmnos2RRSNxxajo4YXn6xtghx1 hx4CCEgOffZ70TnPzNeqJw02YEAM8epVPN0X/xuAS0O00a8H7vQOkQV2QKEQ4tTD s4I6eW4rmLaXUHUiZeG6Fs1/QcnsJUM8BEyWqg5CLW6Av8jbyEs= =rp9N -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--