pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q1]: pkgsrc/print/ghostscript-gpl Pullup ticket #5323 - re...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/5afd850bf35e
branches:  pkgsrc-2017Q1
changeset: 360280:5afd850bf35e
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Apr 19 18:51:44 2017 +0000

description:
Pullup ticket #5323 - requested by sevan
print/ghostscript-gpl: security fix

Revisions pulled up:
- print/ghostscript-gpl/Makefile                                1.25
- print/ghostscript-gpl/distinfo                                1.17
- print/ghostscript-gpl/patches/patch-CVE-2016-10217            1.1
- print/ghostscript-gpl/patches/patch-CVE-2016-10219            1.1
- print/ghostscript-gpl/patches/patch-CVE-2016-10220            1.1
- print/ghostscript-gpl/patches/patch-CVE-2017-5951             1.1

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Tue Apr 18 22:07:07 UTC 2017

   Modified Files:
           pkgsrc/print/ghostscript-gpl: Makefile distinfo
   Added Files:
           pkgsrc/print/ghostscript-gpl/patches: patch-CVE-2016-10217
               patch-CVE-2016-10219 patch-CVE-2016-10220 patch-CVE-2017-5951

   Log Message:
   Patches for CVE-2016-10217, CVE-2016-10219, CVE-2016-10220 & CVE-2017-5951

diffstat:

 print/ghostscript-gpl/Makefile                     |   4 +-
 print/ghostscript-gpl/distinfo                     |   6 ++++-
 print/ghostscript-gpl/patches/patch-CVE-2016-10217 |  19 ++++++++++++++++
 print/ghostscript-gpl/patches/patch-CVE-2016-10219 |  26 ++++++++++++++++++++++
 print/ghostscript-gpl/patches/patch-CVE-2016-10220 |  16 +++++++++++++
 print/ghostscript-gpl/patches/patch-CVE-2017-5951  |  24 ++++++++++++++++++++
 6 files changed, 92 insertions(+), 3 deletions(-)

diffs (135 lines):

diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/Makefile
--- a/print/ghostscript-gpl/Makefile    Wed Apr 19 18:33:38 2017 +0000
+++ b/print/ghostscript-gpl/Makefile    Wed Apr 19 18:51:44 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.23 2017/03/23 20:38:24 tez Exp $
+# $NetBSD: Makefile,v 1.23.2.1 2017/04/19 18:51:44 bsiegert Exp $
 
 DISTNAME=      ghostscript-${GS_VERSION}
 PKGNAME=       ${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION=   10
+PKGREVISION=   12
 CATEGORIES=    print
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 MASTER_SITES+= http://ghostscript.com/releases/
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/distinfo
--- a/print/ghostscript-gpl/distinfo    Wed Apr 19 18:33:38 2017 +0000
+++ b/print/ghostscript-gpl/distinfo    Wed Apr 19 18:51:44 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2017/03/23 20:38:24 tez Exp $
+$NetBSD: distinfo,v 1.14.2.1 2017/04/19 18:51:44 bsiegert Exp $
 
 SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
@@ -10,6 +10,10 @@
 SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4
 SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
 SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
+SHA1 (patch-CVE-2016-10217) = 85f2cb708bb38a88215573e63821be8a54bc019e
+SHA1 (patch-CVE-2016-10219) = 24ef41da0579840360110cc5c1f79622210f8e6b
+SHA1 (patch-CVE-2016-10220) = 6edfa87948ff0f9412a5509efb98bf2d063a5951
+SHA1 (patch-CVE-2017-5951) = a4af8e561b9f5a6a330fbc2f915257bf5ba3cb2a
 SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc
 SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
 SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2016-10217
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2016-10217        Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-CVE-2016-10217,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Patch for CVE-2016-10217 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb;hp=d621292fb2c8157d9899dcd83fd04dd250e30fe4
+Patch for CVE-2016-10218 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4;hp=4bef1a1d32e29b68855616020dbff574b9cda08f
+(actually no patch, the null check was already in place!)
+
+
+--- base/gdevp14.c.orig        2017-04-05 20:36:47.701597100 +0000
++++ base/gdevp14.c
+@@ -1369,6 +1369,7 @@ pdf14_open(gx_device *dev)
+     rect.p.y = 0;
+     rect.q.x = dev->width;
+     rect.q.y = dev->height;
++    if (pdev->ctx == NULL)
+     pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components,
+         pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev);
+     if (pdev->ctx == NULL)
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2016-10219
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2016-10219        Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-CVE-2016-10219,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Patch for CVE-2016-10219 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4bef1a1d32e29b68855616020dbff574b9cda08f;hp=0aeb0bbd41cc16e70ab6e4b1d56e0c510bf2a758
+
+
+--- base/gxfill.c.orig 2017-04-05 20:56:07.869067200 +0000
++++ base/gxfill.c
+@@ -1743,7 +1743,7 @@ intersect(active_line *endp, active_line
+     fixed dx_old = alp->x_current - endp->x_current;
+     fixed dx_den = dx_old + endp->x_next - alp->x_next;
+ 
+-    if (dx_den <= dx_old)
++    if (dx_den <= dx_old || dx_den == 0)
+         return false; /* Intersection isn't possible. */
+     dy = y1 - y;
+     if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n",
+@@ -1752,7 +1752,7 @@ intersect(active_line *endp, active_line
+     /* Do the computation in single precision */
+     /* if the values are small enough. */
+     y_new =
+-        ((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ?
++        (((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ?
+          dy * dx_old / dx_den :
+          (INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den)))
+         + y;
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2016-10220
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2016-10220        Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2016-10220,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Fix for CVE-2016-10220 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=daf85701dab05f17e924a48a81edc9195b4a04e8;hp=2299c9a25fc9ae7b59752f1795f8b53920901c80
+
+
+--- base/gsdevmem.c.orig       2017-04-05 21:01:59.873181700 +0000
++++ base/gsdevmem.c
+@@ -223,6 +223,7 @@ gs_makewordimagedevice(gx_device ** pnew
+ 
+     if (pnew == 0)
+         return_error(gs_error_VMerror);
++    memset(pnew, 0x00, st_device_memory.ssize);
+     code = gs_initialize_wordimagedevice(pnew, pmat, width, height,
+                                          colors, num_colors, word_oriented,
+                                          page_device, mem);
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2017-5951
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2017-5951 Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-CVE-2017-5951,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Patch for CVE-2017-5951 from
+ http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ec
+
+--- psi/iparam.c.orig  2017-04-06 19:05:43.573183800 +0000
++++ psi/iparam.c
+@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * pli
+                 gs_param_enumerator_t enumr;
+                 gs_param_key_t key;
+                 ref_type keytype;
++              dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list;
+ 
+                 param_init_enumerator(&enumr);
+-                if (!(*((iparam_list *) plist)->enumerate)
+-                    ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype)
++              if (!(*(dlist->enumerate))
++                  ((iparam_list *) dlist, &enumr, &key, &keytype)
+                     && keytype == t_integer) {
+-                    ((dict_param_list *) pvalue->value.d.list)->int_keys = 1;
++                    dlist->int_keys = 1;
+                     pvalue->type = gs_param_type_dict_int_keys;
+                 }
+             }



Home | Main Index | Thread Index | Old Index