Bug 280469

Summary:	app-text/mupdf (new ebuild)
Product:	Gentoo Linux	Reporter:	avx <idevelop>
Component:	New packages	Assignee:	Michael Weber (RETIRED) <xmw>
Status:	RESOLVED FIXED
Severity:	enhancement	Keywords:	EBUILD
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://mupdf.com/
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	ebuild for mupdf-20090707 ebuild for mupdf-20090707 modified ebuild for current upstream release, added some \|\| die 1:1 copy of mupdf-938.ebuild

Description avx 2009-08-05 15:38:19 UTC

MuPDF is a lightweight PDF viewer and toolkit written in portable C.

The attached ebuild is for the 2009-07-07 version of mupdf, tested and working on ~amd64 and ~x86, with the help of @goffrie from the forums.

Please test and include into portage. Thanks.

Greets,
MW

Reproducible: Always

Steps to Reproduce:
1. download ebuild
2. ebuild $file mupdf-20090707
3. emerge mupdf

Actual Results:  
Works on ~amd64 & ~x86

Expected Results:  
Works on ~amd64 & ~x86

Comment 1 avx 2009-08-05 15:39:13 UTC

Created attachment 200265 [details]
ebuild for mupdf-20090707

Comment 2 James Earl Spahlinger 2009-08-06 01:26:38 UTC

Thank you for this ebuild, you may also want to investigate putting your ebuild in the sunrise overlay which is located at http://www.gentoo.org/proj/en/sunrise/. When/if the ebuild is put into sunrise, please let us know on this bug.

Comment 3 avx 2009-08-06 05:55:16 UTC

Created attachment 200341 [details]
ebuild for mupdf-20090707

new and nicer ebuild

Comment 4 Alex Legler (RETIRED) archtester

2009-11-30 17:24:00 UTC

There has been a vulnerability report for MuPDF:
http://secunia.com/advisories/37494/

DESCRIPTION:
Christophe Devine has reported some vulnerabilities in MuPDF, which
can be exploited by malicious people to compromise an application
using the library.

The vulnerabilities are caused due to boundary errors within the
"pdf_loadtype4shade()", "pdf_loadtype5shade()",
"pdf_loadtype6shade()", and "pdf_loadtype7shade()" functions in
mupdf/pdf_shade4.c. This can be exploited to cause stack-based buffer
overflows by e.g. tricking a user into opening a specially crafted PDF
file in an application using the library.

The issue was fixed in upstream's darcs repository. Please note that we require the initial commiter to gentoo-x86 to verify that this issue has been resolved before adding the package. Please contact Security if you have any questions. Thanks.

Comment 5 avx 2010-01-17 01:45:48 UTC

> Please note that we require
the *initial commiter* to gentoo-x86 to verify that this issue has been resolved
before adding the package.

Am I meant here? If so, I don't have an x86-machine available anymore, sorry.

Comment 6 Michael Weber (RETIRED) gentoo-dev

2010-02-19 15:28:56 UTC

Created attachment 220361 [details]
modified ebuild for current upstream release, added some || die

see http://svn.xmw.de/gentoo-overlay/ if you use layman

Comment 7 Michael Weber (RETIRED) gentoo-dev

2010-03-16 12:57:43 UTC

Created attachment 223873 [details]
1:1 copy of mupdf-938.ebuild

see http://svn.xmw.de/gentoo-overlay/

Comment 8 Michael Weber (RETIRED) gentoo-dev

2010-04-13 11:48:09 UTC

This is committed in the sunrise overlay. You can find it at soon:
http://overlays.gentoo.org/proj/sunrise/browser/reviewed/app-text/mupdf/

Comment 9 Sylvain BERTRAND 2010-06-02 20:26:27 UTC

fast and lean viewer for the PDF I have to view.
Hope mupdf will go in main portage tree.

Comment 10 Michael Weber (RETIRED) gentoo-dev

2010-06-05 16:42:53 UTC

There's a new 0.6 release (committed for review) and heavy activity on upstream.

Comment 11 Michael Weber (RETIRED) gentoo-dev

2010-08-24 23:07:14 UTC

(In reply to comment #9)
> Hope mupdf will go in main portage tree.

+*mupdf-0.6 (24 Aug 2010)
+
+  24 Aug 2010; Michael Weber (xmw) <xmw@gentoo.org> +mupdf-0.6.ebuild,
+  +files/mupdf-0.6-buildsystem.patch, +metadata.xml:
+  New ebuild for app-text/mupdf from sunrise. Fixes bug #280469. Thanks to
+  Manu Wächter for the initial ebuilds.

Have fun!