From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674. Date: Tue, 25 Oct 2016 23:49:18 -0400 Message-ID: <874m3z7osh.fsf@openmailbox.org> References: <87twc0s73r.fsf@openmailbox.org> <20161025171235.GA4569@jasmine> <87lgxbanmm.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53436) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzFDl-0005XY-CH for guix-devel@gnu.org; Tue, 25 Oct 2016 23:49:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bzFDh-0005tV-IQ for guix-devel@gnu.org; Tue, 25 Oct 2016 23:49:45 -0400 Received: from smtp13.openmailbox.org ([62.4.1.47]:60648) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bzFDh-0005t2-9u for guix-devel@gnu.org; Tue, 25 Oct 2016 23:49:41 -0400 In-Reply-To: <87lgxbanmm.fsf@netris.org> (Mark H. Weaver's message of "Tue, 25 Oct 2016 21:46:09 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Mark H Weaver writes: > Leo Famulari writes: > >> On Tue, Oct 25, 2016 at 12:53:28PM -0400, Kei Kebreau wrote: >>> Fix for >>> https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_= num-pdf-object-c/. >> >>> From 97312c3c9e13688081aa513d1c94a9fff1274f75 Mon Sep 17 00:00:00 2001 >>> From: Kei Kebreau >>> Date: Tue, 25 Oct 2016 12:49:52 -0400 >>> Subject: [PATCH] gnu: mupdf: Fix CVE-2016-8674. >>>=20 >>> * gnu/packages/patches/mupdf-CVE-2016-8674.patch: New file. >>> * gnu/local.mk (dist_patch_DATA): Add it. >>> * gnu/packages/pdf.scm (mupdf): Use it. >> >> Thank you, please push! > > mupdf-CVE-2016-8674.patch fails to apply: > > https://hydra.gnu.org/build/1581228/nixlog/2/tail-reload > > Kei, did you test this? > > Mark I did not. It was a bad slip up, as I tested all of the rest of my patches today. I'll be significantly more careful with future security commits. Is it frowned upon to revert that commit on its own (it's the third to last commit as I write this), or should I attempt to patch on top of it? --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYECe+AAoJEOal7jwZRnoN1wEP/ij9+B+VbX5W7B9sDv41zDt8 BsuNaRtMjepgX6sSTEZIzQvgPu/OP3e11/rB5ySdDz+bA6VTRi/53WNmV3j8jgIo 9QI3kO2MiJgPoLLsb1H2Q35jJ1NE9M6SXBjJm42dOdrKfTOD5o1PcLFP+UuXqaHR Ek+QWv+DtS3z/4eY3yKk7Idc2jBnsOPixZXLu/Gw27Tj36M18joM5528/DYIXIWc FCnAQgJNiFm4lsaABoUGsxu5QlIXsY2dG9Y0SBK1I1bqIIYU2fICAVSmpb2gQJSj I3ZNFQELZQCxLk/TfrVyZsqTWSyovSGuiWx0BDz7bpRcw2LMzbHrl0X9nJcZlGAI LJeuKxkl9WIoVOiEU895Tsr6nfVsKvfiQ+9L500fMxq17v3bMrWQ4oxAmnGefivd zF7/8rE8JDWUAh+sXvkRaVWueVem9vzEL2+AOFXMzTuX/NR1MR85AnUriCAmQ8jk BZafSv1TX55tJ0B0I3mwta6YjFcflDAANFITZeB4mkjne3abt3JIyV4dnrL8XTN9 XbdNcreZhItC1DwQ44VJx/ASUTLGhVjXA+2Hsb+oyVowdiwt+o8DL1AkxuI5ZPTz YXl18EDD6CWcRl1tFNyNDbYvjWD6Yo09843W2B5HbMnJlVwxZoF+tS3JabZxlV+e 5Tx2qi0yDd+4STCZFopm =KhCZ -----END PGP SIGNATURE----- --=-=-=--