[pkgsrc/trunk]: pkgsrc Fix for CVE-2017-7207

[tez <tez%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/95f2459d848a
branches:  trunk
changeset: 360739:95f2459d848a
user:      tez <tez%pkgsrc.org@localhost>
date:      Wed Apr 05 20:11:01 2017 +0000

description:
Fix for CVE-2017-7207

diffstat:

 doc/CHANGES-2017                                  |   3 ++-
 print/ghostscript-gpl/Makefile                    |   4 ++--
 print/ghostscript-gpl/distinfo                    |   3 ++-
 print/ghostscript-gpl/patches/patch-CVE-2017-7207 |  17 +++++++++++++++++
 4 files changed, 23 insertions(+), 4 deletions(-)

diffs (66 lines):

diff -r 45926ce43a5e -r 95f2459d848a doc/CHANGES-2017
--- a/doc/CHANGES-2017  Wed Apr 05 19:17:30 2017 +0000
+++ b/doc/CHANGES-2017  Wed Apr 05 20:11:01 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2017,v 1.1445 2017/04/05 19:17:30 rillig Exp $
+$NetBSD: CHANGES-2017,v 1.1446 2017/04/05 20:11:35 tez Exp $
 
 Changes to the packages collection and infrastructure in 2017:
 
@@ -1756,3 +1756,4 @@
        Updated devel/py-backports_abc to 0.5 [adam 2017-04-05]
        Updated www/py-tornado to 4.4.3 [adam 2017-04-05]
        Updated pkgtools/pkglint to 5.4.20 [rillig 2017-04-05]
+       Updated print/ghostscript-gpl to 9.06nb11 [tez 2017-04-05]
diff -r 45926ce43a5e -r 95f2459d848a print/ghostscript-gpl/Makefile
--- a/print/ghostscript-gpl/Makefile    Wed Apr 05 19:17:30 2017 +0000
+++ b/print/ghostscript-gpl/Makefile    Wed Apr 05 20:11:01 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.23 2017/03/23 20:38:24 tez Exp $
+# $NetBSD: Makefile,v 1.24 2017/04/05 20:11:01 tez Exp $
 
 DISTNAME=      ghostscript-${GS_VERSION}
 PKGNAME=       ${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION=   10
+PKGREVISION=   11
 CATEGORIES=    print
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 MASTER_SITES+= http://ghostscript.com/releases/
diff -r 45926ce43a5e -r 95f2459d848a print/ghostscript-gpl/distinfo
--- a/print/ghostscript-gpl/distinfo    Wed Apr 05 19:17:30 2017 +0000
+++ b/print/ghostscript-gpl/distinfo    Wed Apr 05 20:11:01 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2017/03/23 20:38:24 tez Exp $
+$NetBSD: distinfo,v 1.15 2017/04/05 20:11:01 tez Exp $
 
 SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
@@ -11,6 +11,7 @@
 SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
 SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
 SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc
+SHA1 (patch-CVE-2017-7207) = 31f4a73b49b52942385eaa3c8cf2a94b5bbde6df
 SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
 SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
 SHA1 (patch-ai) = 3962a3acac1d4537dbbe3fc3b205aba87387d485
diff -r 45926ce43a5e -r 95f2459d848a print/ghostscript-gpl/patches/patch-CVE-2017-7207
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2017-7207 Wed Apr 05 20:11:01 2017 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-CVE-2017-7207,v 1.1 2017/04/05 20:11:01 tez Exp $
+
+Fix for CVE-2017-7207 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091;hp=dd5da2cb3e08398ac6d86598b36b00994d058308
+
+
+--- base/gdevmem.c.orig        2017-04-05 19:13:09.561063700 +0000
++++ base/gdevmem.c
+@@ -562,6 +562,8 @@ mem_get_bits_rectangle(gx_device * dev,
+             GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
+         return_error(gs_error_rangecheck);
+     }
++    if (mdev->line_ptrs == 0x00)
++      return_error(gs_error_rangecheck);
+     if ((w <= 0) | (h <= 0)) {
+         if ((w | h) < 0)
+             return_error(gs_error_rangecheck);