From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kei Kebreau <kei@openmailbox.org>
Subject: Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.
Date: Tue, 25 Oct 2016 23:49:18 -0400
Message-ID: <874m3z7osh.fsf@openmailbox.org>
References: <87twc0s73r.fsf@openmailbox.org> <20161025171235.GA4569@jasmine>
	<87lgxbanmm.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53436)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kei@openmailbox.org>) id 1bzFDl-0005XY-CH
	for guix-devel@gnu.org; Tue, 25 Oct 2016 23:49:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kei@openmailbox.org>) id 1bzFDh-0005tV-IQ
	for guix-devel@gnu.org; Tue, 25 Oct 2016 23:49:45 -0400
Received: from smtp13.openmailbox.org ([62.4.1.47]:60648)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <kei@openmailbox.org>) id 1bzFDh-0005t2-9u
	for guix-devel@gnu.org; Tue, 25 Oct 2016 23:49:41 -0400
In-Reply-To: <87lgxbanmm.fsf@netris.org> (Mark H. Weaver's message of "Tue, 25
	Oct 2016 21:46:09 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Mark H Weaver <mhw@netris.org> writes:

> Leo Famulari <leo@famulari.name> writes:
>
>> On Tue, Oct 25, 2016 at 12:53:28PM -0400, Kei Kebreau wrote:
>>> Fix for
>>> https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_=
num-pdf-object-c/.
>>
>>> From 97312c3c9e13688081aa513d1c94a9fff1274f75 Mon Sep 17 00:00:00 2001
>>> From: Kei Kebreau <kei@openmailbox.org>
>>> Date: Tue, 25 Oct 2016 12:49:52 -0400
>>> Subject: [PATCH] gnu: mupdf: Fix CVE-2016-8674.
>>>=20
>>> * gnu/packages/patches/mupdf-CVE-2016-8674.patch: New file.
>>> * gnu/local.mk (dist_patch_DATA): Add it.
>>> * gnu/packages/pdf.scm (mupdf): Use it.
>>
>> Thank you, please push!
>
> mupdf-CVE-2016-8674.patch fails to apply:
>
>   https://hydra.gnu.org/build/1581228/nixlog/2/tail-reload
>
> Kei, did you test this?
>
>       Mark
I did not. It was a bad slip up, as I tested all of the rest of my
patches today. I'll be significantly more careful with future security
commits.

Is it frowned upon to revert that commit on its own (it's the third to
last commit as I write this), or should I attempt to patch on top of it?

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYECe+AAoJEOal7jwZRnoN1wEP/ij9+B+VbX5W7B9sDv41zDt8
BsuNaRtMjepgX6sSTEZIzQvgPu/OP3e11/rB5ySdDz+bA6VTRi/53WNmV3j8jgIo
9QI3kO2MiJgPoLLsb1H2Q35jJ1NE9M6SXBjJm42dOdrKfTOD5o1PcLFP+UuXqaHR
Ek+QWv+DtS3z/4eY3yKk7Idc2jBnsOPixZXLu/Gw27Tj36M18joM5528/DYIXIWc
FCnAQgJNiFm4lsaABoUGsxu5QlIXsY2dG9Y0SBK1I1bqIIYU2fICAVSmpb2gQJSj
I3ZNFQELZQCxLk/TfrVyZsqTWSyovSGuiWx0BDz7bpRcw2LMzbHrl0X9nJcZlGAI
LJeuKxkl9WIoVOiEU895Tsr6nfVsKvfiQ+9L500fMxq17v3bMrWQ4oxAmnGefivd
zF7/8rE8JDWUAh+sXvkRaVWueVem9vzEL2+AOFXMzTuX/NR1MR85AnUriCAmQ8jk
BZafSv1TX55tJ0B0I3mwta6YjFcflDAANFITZeB4mkjne3abt3JIyV4dnrL8XTN9
XbdNcreZhItC1DwQ44VJx/ASUTLGhVjXA+2Hsb+oyVowdiwt+o8DL1AkxuI5ZPTz
YXl18EDD6CWcRl1tFNyNDbYvjWD6Yo09843W2B5HbMnJlVwxZoF+tS3JabZxlV+e
5Tx2qi0yDd+4STCZFopm
=KhCZ
-----END PGP SIGNATURE-----
--=-=-=--