pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/print/ghostscript-gpl
Module Name: pkgsrc
Committed By: he
Date: Mon Nov 13 15:10:05 UTC 2017
Modified Files:
pkgsrc/print/ghostscript-gpl: Makefile
Added Files:
pkgsrc/print/ghostscript-gpl/patches: patch-psi_zfrsd.c
Log Message:
Apply fix for CVE-2017-8291, from their git repository,
fixing bug 697799: have .rsdparams check its parameters.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/print/ghostscript-gpl/Makefile
cvs rdiff -u -r0 -r1.1 pkgsrc/print/ghostscript-gpl/patches/patch-psi_zfrsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/print/ghostscript-gpl/Makefile
diff -u pkgsrc/print/ghostscript-gpl/Makefile:1.33 pkgsrc/print/ghostscript-gpl/Makefile:1.34
--- pkgsrc/print/ghostscript-gpl/Makefile:1.33 Sun Nov 12 16:03:35 2017
+++ pkgsrc/print/ghostscript-gpl/Makefile Mon Nov 13 15:10:05 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.33 2017/11/12 16:03:35 khorben Exp $
+# $NetBSD: Makefile,v 1.34 2017/11/13 15:10:05 he Exp $
DISTNAME= ghostscript-${GS_VERSION}
PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION= 16
+PKGREVISION= 17
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
MASTER_SITES+= https://ghostscript.com/releases/
Added files:
Index: pkgsrc/print/ghostscript-gpl/patches/patch-psi_zfrsd.c
diff -u /dev/null pkgsrc/print/ghostscript-gpl/patches/patch-psi_zfrsd.c:1.1
--- /dev/null Mon Nov 13 15:10:05 2017
+++ pkgsrc/print/ghostscript-gpl/patches/patch-psi_zfrsd.c Mon Nov 13 15:10:05 2017
@@ -0,0 +1,55 @@
+$NetBSD: patch-psi_zfrsd.c,v 1.1 2017/11/13 15:10:05 he Exp $
+
+Fix for CVE-2017-8291 from
+https://git.ghostscript.com/?p=ghostpdl.git;a=blobdiff_plain;f=psi/zfrsd.c;h=950588d696b682448ec3216fb3ea397999bb50a5;hp=191107d8ae0b3becea2c7318e3ed538b0d18d470;hb=04b37bbce174eed24edec7ad5b920eb93db4d47d;hpb=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+
+Original commit message:
+Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+
+--- psi/zfrsd.c.orig 2012-08-08 08:01:36.000000000 +0000
++++ psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ ref *pFilter;
+ ref *pDecodeParms;
+ int Intent = 0;
+- bool AsyncRead;
++ bool AsyncRead = false;
+ ref empty_array, filter1_array, parms1_array;
+ uint i;
+- int code;
++ int code = 0;
++
++ if (ref_stack_count(&o_stack) < 1)
++ return_error(gs_error_stackunderflow);
++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++ return_error(gs_error_typecheck);
++ }
+
+ make_empty_array(&empty_array, a_readonly);
+- if (dict_find_string(op, "Filter", &pFilter) > 0) {
++ if (r_has_type(op, t_dictionary)
++ && dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (!r_is_array(pFilter)) {
+ if (!r_has_type(pFilter, t_name))
+ return_error(e_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ return_error(e_typecheck);
+ }
+ }
+- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++ if (r_has_type(op, t_dictionary))
++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+ return code;
+- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+- )
+- return code;
++ if (r_has_type(op, t_dictionary))
++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++ return code;
+ push(1);
+ op[-1] = *pFilter;
+ if (pDecodeParms)
Home |
Main Index |
Thread Index |
Old Index