diff options
author | tron <tron@pkgsrc.org> | 2010-06-30 12:44:55 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2010-06-30 12:44:55 +0000 |
commit | fc6f81e619e9d03c11b040dd9e235979fce19754 (patch) | |
tree | c73fc580640bd26a5cdb283424ed8fa8c7d04185 | |
parent | 5ce2da448294d9daee6b1a654319213f2b0f5cec (diff) | |
download | pkgsrc-fc6f81e619e9d03c11b040dd9e235979fce19754.tar.gz |
Add a fix for the security vulnerability reported in CVE-2010-1628
taken from the Ghostscript Bugzilla.
-rw-r--r-- | print/ghostscript/Makefile | 4 | ||||
-rw-r--r-- | print/ghostscript/distinfo | 5 | ||||
-rw-r--r-- | print/ghostscript/patches/patch-ba | 47 | ||||
-rw-r--r-- | print/ghostscript/patches/patch-bb | 50 | ||||
-rw-r--r-- | print/ghostscript/patches/patch-bc | 42 |
5 files changed, 145 insertions, 3 deletions
diff --git a/print/ghostscript/Makefile b/print/ghostscript/Makefile index 2c3507413ff..9ed949aa1d8 100644 --- a/print/ghostscript/Makefile +++ b/print/ghostscript/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.79 2010/06/13 22:45:15 wiz Exp $ +# $NetBSD: Makefile,v 1.80 2010/06/30 12:44:55 tron Exp $ DISTNAME= ghostscript-8.71 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} MASTER_SITES+= http://ghostscript.com/releases/ diff --git a/print/ghostscript/distinfo b/print/ghostscript/distinfo index 764c72b895a..4497b546d01 100644 --- a/print/ghostscript/distinfo +++ b/print/ghostscript/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.33 2010/06/13 22:45:15 wiz Exp $ +$NetBSD: distinfo,v 1.34 2010/06/30 12:44:55 tron Exp $ SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb @@ -15,3 +15,6 @@ SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c SHA1 (patch-al) = 86489b704c60320385794c3eb68170d9b9f1f6cc SHA1 (patch-am) = 47a994e902d565f2a06b054766d6fa93c7534d21 SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130 +SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057 +SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac +SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c diff --git a/print/ghostscript/patches/patch-ba b/print/ghostscript/patches/patch-ba new file mode 100644 index 00000000000..8becb375bf4 --- /dev/null +++ b/print/ghostscript/patches/patch-ba @@ -0,0 +1,47 @@ +$NetBSD: patch-ba,v 1.3 2010/06/30 12:44:55 tron Exp $ + +Fix for security vulnerability reported in CVE-2010-1628 taken from here: + +http://bugs.ghostscript.com/attachment.cgi?id=6350 + +--- psi/idosave.h.orig 2008-08-28 23:48:19.000000000 +0100 ++++ psi/idosave.h 2010-06-30 13:31:32.000000000 +0100 +@@ -18,6 +18,22 @@ + # define idosave_INCLUDED + + /* ++ * Structure for saved change chain for save/restore. Because of the ++ * garbage collector, we need to distinguish the cases where the change ++ * is in a static object, a dynamic ref, or a dynamic struct. ++ */ ++typedef struct alloc_change_s alloc_change_t; ++struct alloc_change_s { ++ alloc_change_t *next; ++ ref_packed *where; ++ ref contents; ++#define AC_OFFSET_STATIC (-2) /* static object */ ++#define AC_OFFSET_REF (-1) /* dynamic ref */ ++#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */ ++ short offset; /* if >= 0, offset within struct */ ++}; ++ ++/* + * Save a change that must be undone by restore. We have to pass the + * pointer to the containing object to alloc_save_change for two reasons: + * +@@ -29,6 +45,7 @@ + * relocate the pointer to it from the change record during garbage + * collection. + */ ++ + int alloc_save_change(gs_dual_memory_t *dmem, const ref *pcont, + ref_packed *ptr, client_name_t cname); + int alloc_save_change_in(gs_ref_memory_t *mem, const ref *pcont, +@@ -36,6 +53,6 @@ + /* Remove an AC_OFFSET_ALLOCATED element. */ + void alloc_save_remove(gs_ref_memory_t *mem, ref_packed *obj, client_name_t cname); + /* Allocate a structure for recording an allocation event. */ +-int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr); ++int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp); + + #endif /* idosave_INCLUDED */ diff --git a/print/ghostscript/patches/patch-bb b/print/ghostscript/patches/patch-bb new file mode 100644 index 00000000000..27baf7fbd51 --- /dev/null +++ b/print/ghostscript/patches/patch-bb @@ -0,0 +1,50 @@ +$NetBSD: patch-bb,v 1.3 2010/06/30 12:44:55 tron Exp $ + +Fix for security vulnerability reported in CVE-2010-1628 taken from here: + +http://bugs.ghostscript.com/attachment.cgi?id=6350 + +--- psi/isave.c.orig 2008-08-28 23:48:19.000000000 +0100 ++++ psi/isave.c 2010-06-30 13:31:32.000000000 +0100 +@@ -156,22 +156,6 @@ + /* A link to igcref.c . */ + ptr_proc_reloc(igc_reloc_ref_ptr_nocheck, ref_packed); + +-/* +- * Structure for saved change chain for save/restore. Because of the +- * garbage collector, we need to distinguish the cases where the change +- * is in a static object, a dynamic ref, or a dynamic struct. +- */ +-typedef struct alloc_change_s alloc_change_t; +-struct alloc_change_s { +- alloc_change_t *next; +- ref_packed *where; +- ref contents; +-#define AC_OFFSET_STATIC (-2) /* static object */ +-#define AC_OFFSET_REF (-1) /* dynamic ref */ +-#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */ +- short offset; /* if >= 0, offset within struct */ +-}; +- + static + CLEAR_MARKS_PROC(change_clear_marks) + { +@@ -519,7 +503,7 @@ + + /* Allocate a structure for recording an allocation event. */ + int +-alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr) ++alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, alloc_change_t **pcp) + { + register alloc_change_t *cp; + +@@ -533,8 +517,7 @@ + cp->where = 0; + cp->offset = AC_OFFSET_ALLOCATED; + make_null(&cp->contents); +- mem->changes = cp; +- *ppr = &cp->where; ++ *pcp = cp; + return 1; + } + diff --git a/print/ghostscript/patches/patch-bc b/print/ghostscript/patches/patch-bc new file mode 100644 index 00000000000..f5d7987ef0d --- /dev/null +++ b/print/ghostscript/patches/patch-bc @@ -0,0 +1,42 @@ +$NetBSD: patch-bc,v 1.3 2010/06/30 12:44:55 tron Exp $ + +Fix for security vulnerability reported in CVE-2010-1628 taken from here: + +http://bugs.ghostscript.com/attachment.cgi?id=6350 + +--- psi/ialloc.c.orig 2008-08-28 23:48:19.000000000 +0100 ++++ psi/ialloc.c 2010-06-30 13:31:32.000000000 +0100 +@@ -185,7 +185,14 @@ + */ + chunk_t *pcc = mem->pcc; + ref *end; ++ alloc_change_t *cp = 0; ++ int code = 0; + ++ if ((gs_memory_t *)mem != mem->stable_memory) { ++ code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &cp); ++ if (code < 0) ++ return code; ++ } + obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1, + ref, &st_refs, cname); + if (obj == 0) +@@ -210,14 +217,10 @@ + chunk_locate_ptr(obj, &cl); + cl.cp->has_refs = true; + } +- if ((gs_memory_t *)mem != mem->stable_memory) { +- ref_packed **ppr = 0; +- int code = alloc_save_change_alloc(mem, "gs_alloc_ref_array", &ppr); +- if (code < 0) +- return code; +- if (ppr) +- *ppr = (ref_packed *)obj; +- } ++ if (cp) { ++ mem->changes = cp; ++ cp->where = (ref_packed *)obj; ++ } + } + make_array(parr, attrs | mem->space, num_refs, obj); + return 0; |