pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q1]: pkgsrc/print/ghostscript-gpl Pullup ticket #5323 - re...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5afd850bf35e
branches: pkgsrc-2017Q1
changeset: 360280:5afd850bf35e
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Wed Apr 19 18:51:44 2017 +0000
description:
Pullup ticket #5323 - requested by sevan
print/ghostscript-gpl: security fix
Revisions pulled up:
- print/ghostscript-gpl/Makefile 1.25
- print/ghostscript-gpl/distinfo 1.17
- print/ghostscript-gpl/patches/patch-CVE-2016-10217 1.1
- print/ghostscript-gpl/patches/patch-CVE-2016-10219 1.1
- print/ghostscript-gpl/patches/patch-CVE-2016-10220 1.1
- print/ghostscript-gpl/patches/patch-CVE-2017-5951 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Apr 18 22:07:07 UTC 2017
Modified Files:
pkgsrc/print/ghostscript-gpl: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript-gpl/patches: patch-CVE-2016-10217
patch-CVE-2016-10219 patch-CVE-2016-10220 patch-CVE-2017-5951
Log Message:
Patches for CVE-2016-10217, CVE-2016-10219, CVE-2016-10220 & CVE-2017-5951
diffstat:
print/ghostscript-gpl/Makefile | 4 +-
print/ghostscript-gpl/distinfo | 6 ++++-
print/ghostscript-gpl/patches/patch-CVE-2016-10217 | 19 ++++++++++++++++
print/ghostscript-gpl/patches/patch-CVE-2016-10219 | 26 ++++++++++++++++++++++
print/ghostscript-gpl/patches/patch-CVE-2016-10220 | 16 +++++++++++++
print/ghostscript-gpl/patches/patch-CVE-2017-5951 | 24 ++++++++++++++++++++
6 files changed, 92 insertions(+), 3 deletions(-)
diffs (135 lines):
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/Makefile
--- a/print/ghostscript-gpl/Makefile Wed Apr 19 18:33:38 2017 +0000
+++ b/print/ghostscript-gpl/Makefile Wed Apr 19 18:51:44 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.23 2017/03/23 20:38:24 tez Exp $
+# $NetBSD: Makefile,v 1.23.2.1 2017/04/19 18:51:44 bsiegert Exp $
DISTNAME= ghostscript-${GS_VERSION}
PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION= 10
+PKGREVISION= 12
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
MASTER_SITES+= http://ghostscript.com/releases/
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/distinfo
--- a/print/ghostscript-gpl/distinfo Wed Apr 19 18:33:38 2017 +0000
+++ b/print/ghostscript-gpl/distinfo Wed Apr 19 18:51:44 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2017/03/23 20:38:24 tez Exp $
+$NetBSD: distinfo,v 1.14.2.1 2017/04/19 18:51:44 bsiegert Exp $
SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
@@ -10,6 +10,10 @@
SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4
SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
+SHA1 (patch-CVE-2016-10217) = 85f2cb708bb38a88215573e63821be8a54bc019e
+SHA1 (patch-CVE-2016-10219) = 24ef41da0579840360110cc5c1f79622210f8e6b
+SHA1 (patch-CVE-2016-10220) = 6edfa87948ff0f9412a5509efb98bf2d063a5951
+SHA1 (patch-CVE-2017-5951) = a4af8e561b9f5a6a330fbc2f915257bf5ba3cb2a
SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc
SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2016-10217
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2016-10217 Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-CVE-2016-10217,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Patch for CVE-2016-10217 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb;hp=d621292fb2c8157d9899dcd83fd04dd250e30fe4
+Patch for CVE-2016-10218 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4;hp=4bef1a1d32e29b68855616020dbff574b9cda08f
+(actually no patch, the null check was already in place!)
+
+
+--- base/gdevp14.c.orig 2017-04-05 20:36:47.701597100 +0000
++++ base/gdevp14.c
+@@ -1369,6 +1369,7 @@ pdf14_open(gx_device *dev)
+ rect.p.y = 0;
+ rect.q.x = dev->width;
+ rect.q.y = dev->height;
++ if (pdev->ctx == NULL)
+ pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components,
+ pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev);
+ if (pdev->ctx == NULL)
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2016-10219
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2016-10219 Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-CVE-2016-10219,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Patch for CVE-2016-10219 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4bef1a1d32e29b68855616020dbff574b9cda08f;hp=0aeb0bbd41cc16e70ab6e4b1d56e0c510bf2a758
+
+
+--- base/gxfill.c.orig 2017-04-05 20:56:07.869067200 +0000
++++ base/gxfill.c
+@@ -1743,7 +1743,7 @@ intersect(active_line *endp, active_line
+ fixed dx_old = alp->x_current - endp->x_current;
+ fixed dx_den = dx_old + endp->x_next - alp->x_next;
+
+- if (dx_den <= dx_old)
++ if (dx_den <= dx_old || dx_den == 0)
+ return false; /* Intersection isn't possible. */
+ dy = y1 - y;
+ if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n",
+@@ -1752,7 +1752,7 @@ intersect(active_line *endp, active_line
+ /* Do the computation in single precision */
+ /* if the values are small enough. */
+ y_new =
+- ((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ?
++ (((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ?
+ dy * dx_old / dx_den :
+ (INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den)))
+ + y;
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2016-10220
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2016-10220 Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2016-10220,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Fix for CVE-2016-10220 from
+http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=daf85701dab05f17e924a48a81edc9195b4a04e8;hp=2299c9a25fc9ae7b59752f1795f8b53920901c80
+
+
+--- base/gsdevmem.c.orig 2017-04-05 21:01:59.873181700 +0000
++++ base/gsdevmem.c
+@@ -223,6 +223,7 @@ gs_makewordimagedevice(gx_device ** pnew
+
+ if (pnew == 0)
+ return_error(gs_error_VMerror);
++ memset(pnew, 0x00, st_device_memory.ssize);
+ code = gs_initialize_wordimagedevice(pnew, pmat, width, height,
+ colors, num_colors, word_oriented,
+ page_device, mem);
diff -r 9943e7f49571 -r 5afd850bf35e print/ghostscript-gpl/patches/patch-CVE-2017-5951
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2017-5951 Wed Apr 19 18:51:44 2017 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-CVE-2017-5951,v 1.1.2.2 2017/04/19 18:51:44 bsiegert Exp $
+
+Patch for CVE-2017-5951 from
+ http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ec
+
+--- psi/iparam.c.orig 2017-04-06 19:05:43.573183800 +0000
++++ psi/iparam.c
+@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * pli
+ gs_param_enumerator_t enumr;
+ gs_param_key_t key;
+ ref_type keytype;
++ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list;
+
+ param_init_enumerator(&enumr);
+- if (!(*((iparam_list *) plist)->enumerate)
+- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype)
++ if (!(*(dlist->enumerate))
++ ((iparam_list *) dlist, &enumr, &key, &keytype)
+ && keytype == t_integer) {
+- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1;
++ dlist->int_keys = 1;
+ pvalue->type = gs_param_type_dict_int_keys;
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index