diff options
author | spz <spz@pkgsrc.org> | 2015-03-11 20:58:26 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2015-03-11 20:58:26 +0000 |
commit | 208743db7786cd3bc68866470f214e56ef3883b7 (patch) | |
tree | fb93a88df4bb2e3b3dfb0363b9a99c9b16299ec6 | |
parent | 745f9903243c51bfba8e1eb4415ad55c834c4e12 (diff) | |
download | pkgsrc-208743db7786cd3bc68866470f214e56ef3883b7.tar.gz |
add patches against CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 and
CVE-2014-8158 originating from the Fedora project
-rw-r--r-- | print/ghostscript-gpl/Makefile | 4 | ||||
-rw-r--r-- | print/ghostscript-gpl/distinfo | 6 | ||||
-rw-r--r-- | print/ghostscript-gpl/patches/patch-CVE-2014-8137 | 62 | ||||
-rw-r--r-- | print/ghostscript-gpl/patches/patch-CVE-2014-8138 | 16 | ||||
-rw-r--r-- | print/ghostscript-gpl/patches/patch-CVE-2014-8157 | 16 | ||||
-rw-r--r-- | print/ghostscript-gpl/patches/patch-CVE-2014-8158 | 93 |
6 files changed, 194 insertions, 3 deletions
diff --git a/print/ghostscript-gpl/Makefile b/print/ghostscript-gpl/Makefile index 04c0f633919..bbd035b5485 100644 --- a/print/ghostscript-gpl/Makefile +++ b/print/ghostscript-gpl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.15 2014/12/30 07:52:41 dholland Exp $ +# $NetBSD: Makefile,v 1.16 2015/03/11 20:58:26 spz Exp $ DISTNAME= ghostscript-${GS_VERSION} PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-gpl/} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} MASTER_SITES+= http://ghostscript.com/releases/ diff --git a/print/ghostscript-gpl/distinfo b/print/ghostscript-gpl/distinfo index d2efc41a480..d4a6ae8de6f 100644 --- a/print/ghostscript-gpl/distinfo +++ b/print/ghostscript-gpl/distinfo @@ -1,9 +1,13 @@ -$NetBSD: distinfo,v 1.8 2015/02/24 08:21:07 markd Exp $ +$NetBSD: distinfo,v 1.9 2015/03/11 20:58:26 spz Exp $ SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d Size (ghostscript-9.06.tar.bz2) = 29246039 bytes SHA1 (patch-CVE-2012-4405) = 1dcb4cfeceb366c144e0a1337c6ccc2d8e13e4ca +SHA1 (patch-CVE-2014-8137) = 5375f56f3d7cdfed0c9f900d291d75bbc3182b96 +SHA1 (patch-CVE-2014-8138) = be161051680e3c6c9246f31237019470a447ee49 +SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4 +SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531 SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52 diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8137 b/print/ghostscript-gpl/patches/patch-CVE-2014-8137 new file mode 100644 index 00000000000..5850abc6f46 --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8137 @@ -0,0 +1,62 @@ +$NetBSD: patch-CVE-2014-8137,v 1.1 2015/03/11 20:58:26 spz Exp $ + +patch for CVE-2014-8137 taken from +http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8137.patch + +--- jasper/src/libjasper/base/jas_icc.c.orig 2012-08-08 08:01:36.000000000 +0000 ++++ jasper/src/libjasper/base/jas_icc.c +@@ -1024,7 +1024,6 @@ static int jas_icccurv_input(jas_iccattr + return 0; + + error: +- jas_icccurv_destroy(attrval); + return -1; + } + +@@ -1144,7 +1143,6 @@ static int jas_icctxtdesc_input(jas_icca + #endif + return 0; + error: +- jas_icctxtdesc_destroy(attrval); + return -1; + } + +@@ -1223,8 +1221,6 @@ static int jas_icctxt_input(jas_iccattrv + goto error; + return 0; + error: +- if (txt->string) +- jas_free(txt->string); + return -1; + } + +@@ -1349,7 +1345,6 @@ static int jas_icclut8_input(jas_iccattr + goto error; + return 0; + error: +- jas_icclut8_destroy(attrval); + return -1; + } + +@@ -1520,7 +1515,6 @@ static int jas_icclut16_input(jas_iccatt + goto error; + return 0; + error: +- jas_icclut16_destroy(attrval); + return -1; + } + +--- jasper/src/libjasper/jp2/jp2_dec.c.orig 2012-08-08 08:01:36.000000000 +0000 ++++ jasper/src/libjasper/jp2/jp2_dec.c +@@ -325,7 +325,10 @@ jas_image_t *jp2_decode(jas_stream_t *in + case JP2_COLR_ICC: + iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, + dec->colr->data.colr.iccplen); +- assert(iccprof); ++ if (!iccprof) { ++ jas_eprintf("error: failed to parse ICC profile\n"); ++ goto error; ++ } + jas_iccprof_gethdr(iccprof, &icchdr); + if (jas_getdbglevel() >= 1) { + jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8138 b/print/ghostscript-gpl/patches/patch-CVE-2014-8138 new file mode 100644 index 00000000000..0c499a10827 --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8138 @@ -0,0 +1,16 @@ +$NetBSD: patch-CVE-2014-8138,v 1.1 2015/03/11 20:58:26 spz Exp $ + +--- jasper/src/libjasper/jp2/jp2_dec.c.orig 2012-08-08 08:01:36.000000000 +0000 ++++ jasper/src/libjasper/jp2/jp2_dec.c +@@ -444,6 +447,11 @@ jas_image_t *jp2_decode(jas_stream_t *in + /* Determine the type of each component. */ + if (dec->cdef) { + for (i = 0; i < dec->numchans; ++i) { ++ /* Is the channel number reasonable? */ ++ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { ++ jas_eprintf("error: invalid channel number in CDEF box\n"); ++ goto error; ++ } + jas_image_setcmpttype(dec->image, + dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], + jp2_getct(jas_image_clrspc(dec->image), diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8157 b/print/ghostscript-gpl/patches/patch-CVE-2014-8157 new file mode 100644 index 00000000000..4a8685ad9b9 --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8157 @@ -0,0 +1,16 @@ +$NetBSD: patch-CVE-2014-8157,v 1.1 2015/03/11 20:58:26 spz Exp $ + +patch for CVE-2014-8157 from +http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch + +--- jasper/src/libjasper/jpc/jpc_dec.c.orig 2012-08-08 08:01:36.000000000 +0000 ++++ jasper/src/libjasper/jpc/jpc_dec.c +@@ -496,7 +496,7 @@ static int jpc_dec_process_sot(jpc_dec_t + dec->curtileendoff = 0; + } + +- if (JAS_CAST(int, sot->tileno) > dec->numtiles) { ++ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) { + jas_eprintf("invalid tile number in SOT marker segment\n"); + return -1; + } diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8158 b/print/ghostscript-gpl/patches/patch-CVE-2014-8158 new file mode 100644 index 00000000000..9ee1fa49af6 --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8158 @@ -0,0 +1,93 @@ +$NetBSD: patch-CVE-2014-8158,v 1.1 2015/03/11 20:58:26 spz Exp $ + +patch for CVE-2014-8158 loosely based on +http://pkgs.fedoraproject.org/cgit/jasper.git/plain/jasper-CVE-2014-8158.patch + +eradicate all code-paths activated by HAVE_VLA + +--- jasper/src/libjasper/jpc/jpc_qmfb.c.orig 2012-08-08 08:01:36.000000000 +0000 ++++ jasper/src/libjasper/jpc/jpc_qmfb.c +@@ -158,12 +158,8 @@ static void jpc_qmfb1d_split(jpc_fix_t * + jpc_fix_t *hstartptr, int hstartind, int hendind) + { + int bufsize = JPC_CEILDIVPOW2(endind - startind, 2); +-#if !defined(HAVE_VLA) + #define QMFB_SPLITBUFSIZE 4096 + jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; +-#else +- jpc_fix_t splitbuf[bufsize]; +-#endif + jpc_fix_t *buf = splitbuf; + int llen; + int hlen; +@@ -179,7 +175,6 @@ static void jpc_qmfb1d_split(jpc_fix_t * + llen = lendind - lstartind; + hlen = hendind - hstartind; + +-#if !defined(HAVE_VLA) + /* Get a buffer. */ + if (bufsize > QMFB_SPLITBUFSIZE) { + if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { +@@ -190,7 +185,6 @@ static void jpc_qmfb1d_split(jpc_fix_t * + return; + } + } +-#endif + + if (hstartind < lstartind) { + /* The first sample in the input signal is to appear +@@ -272,12 +266,10 @@ static void jpc_qmfb1d_split(jpc_fix_t * + } + } + +-#if !defined(HAVE_VLA) + /* If the split buffer was allocated on the heap, free this memory. */ + if (buf != splitbuf) { + jas_free(buf); + } +-#endif + } + + static void jpc_qmfb1d_join(jpc_fix_t *startptr, int startind, int endind, +@@ -285,12 +277,8 @@ static void jpc_qmfb1d_join(jpc_fix_t *s + jpc_fix_t *hstartptr, int hstartind, int hendind) + { + int bufsize = JPC_CEILDIVPOW2(endind - startind, 2); +-#if !defined(HAVE_VLA) + #define QMFB_JOINBUFSIZE 4096 + jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; +-#else +- jpc_fix_t joinbuf[bufsize]; +-#endif + jpc_fix_t *buf = joinbuf; + int llen; + int hlen; +@@ -302,7 +290,6 @@ static void jpc_qmfb1d_join(jpc_fix_t *s + register int n; + int state; + +-#if !defined(HAVE_VLA) + /* Allocate memory for the join buffer from the heap. */ + if (bufsize > QMFB_JOINBUFSIZE) { + if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { +@@ -313,7 +300,6 @@ static void jpc_qmfb1d_join(jpc_fix_t *s + return; + } + } +-#endif + + twostep = step << 1; + llen = lendind - lstartind; +@@ -400,12 +386,10 @@ static void jpc_qmfb1d_join(jpc_fix_t *s + } + } + +-#if !defined(HAVE_VLA) + /* If the join buffer was allocated on the heap, free this memory. */ + if (buf != joinbuf) { + jas_free(buf); + } +-#endif + } + + /******************************************************************************\ |