diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index b0d8ba3bb08..1b510221d12 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -39,6 +39,48 @@ in stdenv.mkDerivation rec { url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=26527eef77b3e51c2258c8e40845bfbc015e405d;hp=ab98356f959c7a6e94b1ec10f78dd2c33ed3f3e7"; sha256 = "1brcc029s5zmd6ya0d9qk3mh9qwx5g6vhsf1j8h879092sya5627"; }) + (fetchpatch { + # Bugs 698804/698810/698811, 698819: Keep PDF object numbers below limit. + name = "CVE-2017-17858.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731"; + sha256 = "1bf683d59i5009cv1hhmwmrp2rsb75cbf98qd44dk39cpvq8ydwv"; + }) + (fetchpatch { + # Bug 698825: Do not drop borrowed colorspaces. + name = "CVE-2018-1000051.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=321ba1de287016b0036bf4a56ce774ad11763384"; + sha256 = "0jbcc9j565q5y305pi888qzlp83zww6nhkqbsmkk91gim958zikm"; + }) + (fetchpatch { + # Bug 698908 preprecondition: Add portable pseudo-random number generator based on the lrand48 family. + name = "CVE-2018-6187.0.1.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=2d5b4683e912d6e6e1f1e2ca5aa0297beb3e6807"; + sha256 = "028bxinbjs5gg9myjr3vs366qxg9l2iyba2j3pxkxsh1851hj728"; + }) + (fetchpatch { + # Bug 698908 precondition: Fix "being able to search for redacted text" bug. + name = "CVE-2018-6187.0.2.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=25593f4f9df0c4a9b9adaa84aaa33fe2a89087f6"; + sha256 = "195y69c3f8yqxcsa0bxrmxbdc3fx1dzvz8v66i56064mjj0mx04s"; + }) + (fetchpatch { + # Bug 698908: Resize object use and renumbering lists after repair. + name = "CVE-2018-6187.1.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=3e30fbb7bf5efd88df431e366492356e7eb969ec"; + sha256 = "0wzbqj750h06q1wa6vxbpv5a5q9pfg0cxjdv88yggkrjb3vrkd9j"; + }) + (fetchpatch { + # Bug 698908: Plug PDF object leaks when decimating pages in pdfposter. + name = "CVE-2018-6187.2.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=a71e7c85a9f2313cde20d4479cd727a5f5518ed2"; + sha256 = "1pcjkq8lg6l2m0186rl79lilg79crgdvz9hrmm3w60gy2gxkgksc"; + }) + (fetchpatch { + # Bug 698916: Indirect object numbers must be in range. + name = "CVE-2018-6192.patch"; + url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=5e411a99604ff6be5db9e273ee84737204113299"; + sha256 = "134zc07fp0p1mwqa8xrkq3drg4crajzf1hjf4mdwmcy1jfj2pfhj"; + }) ] # Use shared libraries to decrease size