summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2015-03-11 20:58:26 +0000
committerspz <spz@pkgsrc.org>2015-03-11 20:58:26 +0000
commit208743db7786cd3bc68866470f214e56ef3883b7 (patch)
treefb93a88df4bb2e3b3dfb0363b9a99c9b16299ec6
parent745f9903243c51bfba8e1eb4415ad55c834c4e12 (diff)
downloadpkgsrc-208743db7786cd3bc68866470f214e56ef3883b7.tar.gz
add patches against CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 and
CVE-2014-8158 originating from the Fedora project
-rw-r--r--print/ghostscript-gpl/Makefile4
-rw-r--r--print/ghostscript-gpl/distinfo6
-rw-r--r--print/ghostscript-gpl/patches/patch-CVE-2014-813762
-rw-r--r--print/ghostscript-gpl/patches/patch-CVE-2014-813816
-rw-r--r--print/ghostscript-gpl/patches/patch-CVE-2014-815716
-rw-r--r--print/ghostscript-gpl/patches/patch-CVE-2014-815893
6 files changed, 194 insertions, 3 deletions
diff --git a/print/ghostscript-gpl/Makefile b/print/ghostscript-gpl/Makefile
index 04c0f633919..bbd035b5485 100644
--- a/print/ghostscript-gpl/Makefile
+++ b/print/ghostscript-gpl/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.15 2014/12/30 07:52:41 dholland Exp $
+# $NetBSD: Makefile,v 1.16 2015/03/11 20:58:26 spz Exp $
DISTNAME= ghostscript-${GS_VERSION}
PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
MASTER_SITES+= http://ghostscript.com/releases/
diff --git a/print/ghostscript-gpl/distinfo b/print/ghostscript-gpl/distinfo
index d2efc41a480..d4a6ae8de6f 100644
--- a/print/ghostscript-gpl/distinfo
+++ b/print/ghostscript-gpl/distinfo
@@ -1,9 +1,13 @@
-$NetBSD: distinfo,v 1.8 2015/02/24 08:21:07 markd Exp $
+$NetBSD: distinfo,v 1.9 2015/03/11 20:58:26 spz Exp $
SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
Size (ghostscript-9.06.tar.bz2) = 29246039 bytes
SHA1 (patch-CVE-2012-4405) = 1dcb4cfeceb366c144e0a1337c6ccc2d8e13e4ca
+SHA1 (patch-CVE-2014-8137) = 5375f56f3d7cdfed0c9f900d291d75bbc3182b96
+SHA1 (patch-CVE-2014-8138) = be161051680e3c6c9246f31237019470a447ee49
+SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4
+SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8137 b/print/ghostscript-gpl/patches/patch-CVE-2014-8137
new file mode 100644
index 00000000000..5850abc6f46
--- /dev/null
+++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8137
@@ -0,0 +1,62 @@
+$NetBSD: patch-CVE-2014-8137,v 1.1 2015/03/11 20:58:26 spz Exp $
+
+patch for CVE-2014-8137 taken from
+http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8137.patch
+
+--- jasper/src/libjasper/base/jas_icc.c.orig 2012-08-08 08:01:36.000000000 +0000
++++ jasper/src/libjasper/base/jas_icc.c
+@@ -1024,7 +1024,6 @@ static int jas_icccurv_input(jas_iccattr
+ return 0;
+
+ error:
+- jas_icccurv_destroy(attrval);
+ return -1;
+ }
+
+@@ -1144,7 +1143,6 @@ static int jas_icctxtdesc_input(jas_icca
+ #endif
+ return 0;
+ error:
+- jas_icctxtdesc_destroy(attrval);
+ return -1;
+ }
+
+@@ -1223,8 +1221,6 @@ static int jas_icctxt_input(jas_iccattrv
+ goto error;
+ return 0;
+ error:
+- if (txt->string)
+- jas_free(txt->string);
+ return -1;
+ }
+
+@@ -1349,7 +1345,6 @@ static int jas_icclut8_input(jas_iccattr
+ goto error;
+ return 0;
+ error:
+- jas_icclut8_destroy(attrval);
+ return -1;
+ }
+
+@@ -1520,7 +1515,6 @@ static int jas_icclut16_input(jas_iccatt
+ goto error;
+ return 0;
+ error:
+- jas_icclut16_destroy(attrval);
+ return -1;
+ }
+
+--- jasper/src/libjasper/jp2/jp2_dec.c.orig 2012-08-08 08:01:36.000000000 +0000
++++ jasper/src/libjasper/jp2/jp2_dec.c
+@@ -325,7 +325,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ case JP2_COLR_ICC:
+ iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
+ dec->colr->data.colr.iccplen);
+- assert(iccprof);
++ if (!iccprof) {
++ jas_eprintf("error: failed to parse ICC profile\n");
++ goto error;
++ }
+ jas_iccprof_gethdr(iccprof, &icchdr);
+ if (jas_getdbglevel() >= 1) {
+ jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8138 b/print/ghostscript-gpl/patches/patch-CVE-2014-8138
new file mode 100644
index 00000000000..0c499a10827
--- /dev/null
+++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8138
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2014-8138,v 1.1 2015/03/11 20:58:26 spz Exp $
+
+--- jasper/src/libjasper/jp2/jp2_dec.c.orig 2012-08-08 08:01:36.000000000 +0000
++++ jasper/src/libjasper/jp2/jp2_dec.c
+@@ -444,6 +447,11 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ /* Determine the type of each component. */
+ if (dec->cdef) {
+ for (i = 0; i < dec->numchans; ++i) {
++ /* Is the channel number reasonable? */
++ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
++ jas_eprintf("error: invalid channel number in CDEF box\n");
++ goto error;
++ }
+ jas_image_setcmpttype(dec->image,
+ dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
+ jp2_getct(jas_image_clrspc(dec->image),
diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8157 b/print/ghostscript-gpl/patches/patch-CVE-2014-8157
new file mode 100644
index 00000000000..4a8685ad9b9
--- /dev/null
+++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8157
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2014-8157,v 1.1 2015/03/11 20:58:26 spz Exp $
+
+patch for CVE-2014-8157 from
+http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch
+
+--- jasper/src/libjasper/jpc/jpc_dec.c.orig 2012-08-08 08:01:36.000000000 +0000
++++ jasper/src/libjasper/jpc/jpc_dec.c
+@@ -496,7 +496,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ dec->curtileendoff = 0;
+ }
+
+- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
++ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
+ jas_eprintf("invalid tile number in SOT marker segment\n");
+ return -1;
+ }
diff --git a/print/ghostscript-gpl/patches/patch-CVE-2014-8158 b/print/ghostscript-gpl/patches/patch-CVE-2014-8158
new file mode 100644
index 00000000000..9ee1fa49af6
--- /dev/null
+++ b/print/ghostscript-gpl/patches/patch-CVE-2014-8158
@@ -0,0 +1,93 @@
+$NetBSD: patch-CVE-2014-8158,v 1.1 2015/03/11 20:58:26 spz Exp $
+
+patch for CVE-2014-8158 loosely based on
+http://pkgs.fedoraproject.org/cgit/jasper.git/plain/jasper-CVE-2014-8158.patch
+
+eradicate all code-paths activated by HAVE_VLA
+
+--- jasper/src/libjasper/jpc/jpc_qmfb.c.orig 2012-08-08 08:01:36.000000000 +0000
++++ jasper/src/libjasper/jpc/jpc_qmfb.c
+@@ -158,12 +158,8 @@ static void jpc_qmfb1d_split(jpc_fix_t *
+ jpc_fix_t *hstartptr, int hstartind, int hendind)
+ {
+ int bufsize = JPC_CEILDIVPOW2(endind - startind, 2);
+-#if !defined(HAVE_VLA)
+ #define QMFB_SPLITBUFSIZE 4096
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ int llen;
+ int hlen;
+@@ -179,7 +175,6 @@ static void jpc_qmfb1d_split(jpc_fix_t *
+ llen = lendind - lstartind;
+ hlen = hendind - hstartind;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+@@ -190,7 +185,6 @@ static void jpc_qmfb1d_split(jpc_fix_t *
+ return;
+ }
+ }
+-#endif
+
+ if (hstartind < lstartind) {
+ /* The first sample in the input signal is to appear
+@@ -272,12 +266,10 @@ static void jpc_qmfb1d_split(jpc_fix_t *
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+ }
+
+ static void jpc_qmfb1d_join(jpc_fix_t *startptr, int startind, int endind,
+@@ -285,12 +277,8 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
+ jpc_fix_t *hstartptr, int hstartind, int hendind)
+ {
+ int bufsize = JPC_CEILDIVPOW2(endind - startind, 2);
+-#if !defined(HAVE_VLA)
+ #define QMFB_JOINBUFSIZE 4096
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ int llen;
+ int hlen;
+@@ -302,7 +290,6 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
+ register int n;
+ int state;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+@@ -313,7 +300,6 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
+ return;
+ }
+ }
+-#endif
+
+ twostep = step << 1;
+ llen = lendind - lstartind;
+@@ -400,12 +386,10 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+ }
+
+ /******************************************************************************\