pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/print/ghostscript-gpl Add patch for CVE-2017-6196



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a5041d3b2dbc
branches:  trunk
changeset: 360137:a5041d3b2dbc
user:      tez <tez%pkgsrc.org@localhost>
date:      Thu Mar 23 20:38:24 2017 +0000

description:
Add patch for CVE-2017-6196

diffstat:

 print/ghostscript-gpl/Makefile                    |   4 +-
 print/ghostscript-gpl/distinfo                    |   3 +-
 print/ghostscript-gpl/patches/patch-CVE-2017-6196 |  41 +++++++++++++++++++++++
 3 files changed, 45 insertions(+), 3 deletions(-)

diffs (76 lines):

diff -r d7209ce4226a -r a5041d3b2dbc print/ghostscript-gpl/Makefile
--- a/print/ghostscript-gpl/Makefile    Thu Mar 23 19:33:34 2017 +0000
+++ b/print/ghostscript-gpl/Makefile    Thu Mar 23 20:38:24 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.22 2016/07/09 06:38:50 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2017/03/23 20:38:24 tez Exp $
 
 DISTNAME=      ghostscript-${GS_VERSION}
 PKGNAME=       ${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    print
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 MASTER_SITES+= http://ghostscript.com/releases/
diff -r d7209ce4226a -r a5041d3b2dbc print/ghostscript-gpl/distinfo
--- a/print/ghostscript-gpl/distinfo    Thu Mar 23 19:33:34 2017 +0000
+++ b/print/ghostscript-gpl/distinfo    Thu Mar 23 20:38:24 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2015/11/04 01:01:33 agc Exp $
+$NetBSD: distinfo,v 1.14 2017/03/23 20:38:24 tez Exp $
 
 SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
@@ -10,6 +10,7 @@
 SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4
 SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
 SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
+SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc
 SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
 SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
 SHA1 (patch-ai) = 3962a3acac1d4537dbbe3fc3b205aba87387d485
diff -r d7209ce4226a -r a5041d3b2dbc print/ghostscript-gpl/patches/patch-CVE-2017-6196
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript-gpl/patches/patch-CVE-2017-6196 Thu Mar 23 20:38:24 2017 +0000
@@ -0,0 +1,41 @@
+$NetBSD: patch-CVE-2017-6196,v 1.1 2017/03/23 20:38:24 tez Exp $
+
+Patch for CVE-2017-6196 adapted from:
+
+http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
+
+
+--- base/gxipixel.c
++++ base/gxipixel.c
+@@ -257,7 +257,6 @@ gx_image_enum_begin(gx_device * dev, con
+         if ((code = gs_matrix_invert_to_double(&pim->ImageMatrix, &mat)) < 0 ||
+             (code = gs_matrix_multiply_double(&mat, pmat, &mat)) < 0
+             ) {
+-            gs_free_object(mem, penum, "gx_default_begin_image");
+             return code;
+         }
+     }
+@@ -487,7 +486,6 @@ gx_image_enum_begin(gx_device * dev, con
+     }
+     if (masked) {       /* This is imagemask. */
+         if (bps != 1 || pcs != NULL || penum->alpha || decode[0] == decode[1]) {
+-            gs_free_object(mem, penum, "gx_default_begin_image");
+             return_error(gs_error_rangecheck);
+         }
+         /* Initialize color entries 0 and 255. */
+@@ -507,7 +505,6 @@ gx_image_enum_begin(gx_device * dev, con
+ 
+         spp = cs_num_components(pcs);
+         if (spp < 0) {          /* Pattern not allowed */
+-            gs_free_object(mem, penum, "gx_default_begin_image");
+             return_error(gs_error_rangecheck);
+         }
+         if (penum->alpha)
+@@ -613,7 +610,6 @@ gx_image_enum_begin(gx_device * dev, con
+     bsize = ((bps > 8 ? width * 2 : width) + 15) * spp;
+     buffer = gs_alloc_bytes(mem, bsize, "image buffer");
+     if (buffer == 0) {
+-        gs_free_object(mem, penum, "gx_default_begin_image");
+         return_error(gs_error_VMerror);
+     }
+     penum->bps = bps;



Home | Main Index | Thread Index | Old Index