summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2010-06-30 12:44:55 +0000
committertron <tron@pkgsrc.org>2010-06-30 12:44:55 +0000
commitfc6f81e619e9d03c11b040dd9e235979fce19754 (patch)
treec73fc580640bd26a5cdb283424ed8fa8c7d04185
parent5ce2da448294d9daee6b1a654319213f2b0f5cec (diff)
downloadpkgsrc-fc6f81e619e9d03c11b040dd9e235979fce19754.tar.gz
Add a fix for the security vulnerability reported in CVE-2010-1628
taken from the Ghostscript Bugzilla.
-rw-r--r--print/ghostscript/Makefile4
-rw-r--r--print/ghostscript/distinfo5
-rw-r--r--print/ghostscript/patches/patch-ba47
-rw-r--r--print/ghostscript/patches/patch-bb50
-rw-r--r--print/ghostscript/patches/patch-bc42
5 files changed, 145 insertions, 3 deletions
diff --git a/print/ghostscript/Makefile b/print/ghostscript/Makefile
index 2c3507413ff..9ed949aa1d8 100644
--- a/print/ghostscript/Makefile
+++ b/print/ghostscript/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.79 2010/06/13 22:45:15 wiz Exp $
+# $NetBSD: Makefile,v 1.80 2010/06/30 12:44:55 tron Exp $
DISTNAME= ghostscript-8.71
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
MASTER_SITES+= http://ghostscript.com/releases/
diff --git a/print/ghostscript/distinfo b/print/ghostscript/distinfo
index 764c72b895a..4497b546d01 100644
--- a/print/ghostscript/distinfo
+++ b/print/ghostscript/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2010/06/13 22:45:15 wiz Exp $
+$NetBSD: distinfo,v 1.34 2010/06/30 12:44:55 tron Exp $
SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555
RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb
@@ -15,3 +15,6 @@ SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c
SHA1 (patch-al) = 86489b704c60320385794c3eb68170d9b9f1f6cc
SHA1 (patch-am) = 47a994e902d565f2a06b054766d6fa93c7534d21
SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130
+SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057
+SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac
+SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c
diff --git a/print/ghostscript/patches/patch-ba b/print/ghostscript/patches/patch-ba
new file mode 100644
index 00000000000..8becb375bf4
--- /dev/null
+++ b/print/ghostscript/patches/patch-ba
@@ -0,0 +1,47 @@
+$NetBSD: patch-ba,v 1.3 2010/06/30 12:44:55 tron Exp $
+
+Fix for security vulnerability reported in CVE-2010-1628 taken from here:
+
+http://bugs.ghostscript.com/attachment.cgi?id=6350
+
+--- psi/idosave.h.orig 2008-08-28 23:48:19.000000000 +0100
++++ psi/idosave.h 2010-06-30 13:31:32.000000000 +0100
+@@ -18,6 +18,22 @@
+ # define idosave_INCLUDED
+
+ /*
++ * Structure for saved change chain for save/restore. Because of the
++ * garbage collector, we need to distinguish the cases where the change
++ * is in a static object, a dynamic ref, or a dynamic struct.
++ */
++typedef struct alloc_change_s alloc_change_t;
++struct alloc_change_s {
++ alloc_change_t *next;
++ ref_packed *where;
++ ref contents;
++#define AC_OFFSET_STATIC (-2) /* static object */
++#define AC_OFFSET_REF (-1) /* dynamic ref */
++#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */
++ short offset; /* if >= 0, offset within struct */
++};
++
++/*
+ * Save a change that must be undone by restore. We have to pass the
+ * pointer to the containing object to alloc_save_change for two reasons:
+ *
+@@ -29,6 +45,7 @@
+ * relocate the pointer to it from the change record during garbage
+ * collection.
+ */
++
+ int alloc_save_change(gs_dual_memory_t *dmem, const ref *pcont,
+ ref_packed *ptr, client_name_t cname);
+ int alloc_save_change_in(gs_ref_memory_t *mem, const ref *pcont,
+@@ -36,6 +53,6 @@
+ /* Remove an AC_OFFSET_ALLOCATED element. */
+ void alloc_save_remove(gs_ref_memory_t *mem, ref_packed *obj, client_name_t cname);
+ /* Allocate a structure for recording an allocation event. */
+-int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr);
++int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp);
+
+ #endif /* idosave_INCLUDED */
diff --git a/print/ghostscript/patches/patch-bb b/print/ghostscript/patches/patch-bb
new file mode 100644
index 00000000000..27baf7fbd51
--- /dev/null
+++ b/print/ghostscript/patches/patch-bb
@@ -0,0 +1,50 @@
+$NetBSD: patch-bb,v 1.3 2010/06/30 12:44:55 tron Exp $
+
+Fix for security vulnerability reported in CVE-2010-1628 taken from here:
+
+http://bugs.ghostscript.com/attachment.cgi?id=6350
+
+--- psi/isave.c.orig 2008-08-28 23:48:19.000000000 +0100
++++ psi/isave.c 2010-06-30 13:31:32.000000000 +0100
+@@ -156,22 +156,6 @@
+ /* A link to igcref.c . */
+ ptr_proc_reloc(igc_reloc_ref_ptr_nocheck, ref_packed);
+
+-/*
+- * Structure for saved change chain for save/restore. Because of the
+- * garbage collector, we need to distinguish the cases where the change
+- * is in a static object, a dynamic ref, or a dynamic struct.
+- */
+-typedef struct alloc_change_s alloc_change_t;
+-struct alloc_change_s {
+- alloc_change_t *next;
+- ref_packed *where;
+- ref contents;
+-#define AC_OFFSET_STATIC (-2) /* static object */
+-#define AC_OFFSET_REF (-1) /* dynamic ref */
+-#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */
+- short offset; /* if >= 0, offset within struct */
+-};
+-
+ static
+ CLEAR_MARKS_PROC(change_clear_marks)
+ {
+@@ -519,7 +503,7 @@
+
+ /* Allocate a structure for recording an allocation event. */
+ int
+-alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr)
++alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp)
+ {
+ register alloc_change_t *cp;
+
+@@ -533,8 +517,7 @@
+ cp->where = 0;
+ cp->offset = AC_OFFSET_ALLOCATED;
+ make_null(&cp->contents);
+- mem->changes = cp;
+- *ppr = &cp->where;
++ *pcp = cp;
+ return 1;
+ }
+
diff --git a/print/ghostscript/patches/patch-bc b/print/ghostscript/patches/patch-bc
new file mode 100644
index 00000000000..f5d7987ef0d
--- /dev/null
+++ b/print/ghostscript/patches/patch-bc
@@ -0,0 +1,42 @@
+$NetBSD: patch-bc,v 1.3 2010/06/30 12:44:55 tron Exp $
+
+Fix for security vulnerability reported in CVE-2010-1628 taken from here:
+
+http://bugs.ghostscript.com/attachment.cgi?id=6350
+
+--- psi/ialloc.c.orig 2008-08-28 23:48:19.000000000 +0100
++++ psi/ialloc.c 2010-06-30 13:31:32.000000000 +0100
+@@ -185,7 +185,14 @@
+ */
+ chunk_t *pcc = mem->pcc;
+ ref *end;
++ alloc_change_t *cp = 0;
++ int code = 0;
+
++ if ((gs_memory_t *)mem != mem->stable_memory) {
++ code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &cp);
++ if (code < 0)
++ return code;
++ }
+ obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1,
+ ref, &st_refs, cname);
+ if (obj == 0)
+@@ -210,14 +217,10 @@
+ chunk_locate_ptr(obj, &cl);
+ cl.cp->has_refs = true;
+ }
+- if ((gs_memory_t *)mem != mem->stable_memory) {
+- ref_packed **ppr = 0;
+- int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr);
+- if (code < 0)
+- return code;
+- if (ppr)
+- *ppr = (ref_packed *)obj;
+- }
++ if (cp) {
++ mem->changes = cp;
++ cp->where = (ref_packed *)obj;
++ }
+ }
+ make_array(parr, attrs | mem->space, num_refs, obj);
+ return 0;