diff options
| author | spz <spz> | 2009-04-17 21:43:51 +0000 |
|---|---|---|
| committer | spz <spz> | 2009-04-17 21:43:51 +0000 |
| commit | 1fa1e4b0bb35ef9b717177a791dd8d6a4bad04a8 (patch) | |
| tree | 094f52f113be04e25b2c3cb796a511af4d6ac735 | |
| parent | 69b6f3fca262c29751837823c2a573f34070ea6a (diff) | |
| download | pkgsrc-1fa1e4b0bb35ef9b717177a791dd8d6a4bad04a8.tar.gz | |
Pullup ticket 2738 - requested by tron
Security fix
Revisions pulled up:
- pkgsrc/graphics/ghostscript/Makefile 1.61
- pkgsrc/graphics/ghostscript/distinfo 1.23
- pkgsrc/graphics/ghostscript/patches/patch-aa 1.4
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 14 19:32:54 UTC 2009
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript/patches: patch-aa
Log Message:
Add patch for the security vulnerability reported in CVE-2009-0196
taken from Redhat's Bugzilla.
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/print/ghostscript/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/print/ghostscript/distinfo
cvs rdiff -u -r0 -r1.4 pkgsrc/print/ghostscript/patches/patch-aa
| -rw-r--r-- | print/ghostscript/Makefile | 4 | ||||
| -rw-r--r-- | print/ghostscript/distinfo | 3 | ||||
| -rw-r--r-- | print/ghostscript/patches/patch-aa | 24 |
3 files changed, 28 insertions, 3 deletions
diff --git a/print/ghostscript/Makefile b/print/ghostscript/Makefile index c2970cdb5a5..83bae5140fc 100644 --- a/print/ghostscript/Makefile +++ b/print/ghostscript/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.60 2009/03/25 10:42:13 drochner Exp $ +# $NetBSD: Makefile,v 1.60.2.1 2009/04/17 21:43:51 spz Exp $ DISTNAME= ghostscript-8.64 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} EXTRACT_SUFX= .tar.bz2 diff --git a/print/ghostscript/distinfo b/print/ghostscript/distinfo index debf9cd7d9f..0e40a573bb1 100644 --- a/print/ghostscript/distinfo +++ b/print/ghostscript/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.22 2009/03/25 10:42:13 drochner Exp $ +$NetBSD: distinfo,v 1.22.2.1 2009/04/17 21:43:51 spz Exp $ SHA1 (ghostscript-8.64.tar.bz2) = 4c2a6e04145428d35da73fbc4db9c66a75e336e0 RMD160 (ghostscript-8.64.tar.bz2) = 565134dcfe1e823b435c3761461c5eb394bd633c Size (ghostscript-8.64.tar.bz2) = 16921504 bytes +SHA1 (patch-aa) = 31d077502dba343c5834e5ee9fdb42102ef47668 SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 SHA1 (patch-ae) = 50335e72adebe95ab0cb5873d1c6dd00e971579a diff --git a/print/ghostscript/patches/patch-aa b/print/ghostscript/patches/patch-aa new file mode 100644 index 00000000000..822a8535739 --- /dev/null +++ b/print/ghostscript/patches/patch-aa @@ -0,0 +1,24 @@ +$NetBSD: patch-aa,v 1.4.2.2 2009/04/17 21:43:51 spz Exp $ + +Patch for CVE-2009-0196 taken from Redhat's Bugzilla: + +https://bugzilla.redhat.com/attachment.cgi?id=337747 + +--- jbig2dec/jbig2_symbol_dict.c.orig 2007-12-11 08:29:58.000000000 +0000 ++++ jbig2dec/jbig2_symbol_dict.c 2009-04-14 20:19:01.000000000 +0100 +@@ -699,6 +699,15 @@ + exrunlength = params->SDNUMEXSYMS; + else + code = jbig2_arith_int_decode(IAEX, as, &exrunlength); ++ if (exrunlength > params->SDNUMEXSYMS - j) { ++ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, ++ "runlength too large in export symbol table (%d > %d - %d)\n", ++ exrunlength, params->SDNUMEXSYMS, j); ++ jbig2_sd_release(ctx, SDEXSYMS); ++ /* skip to the cleanup code and return SDEXSYMS = NULL */ ++ SDEXSYMS = NULL; ++ break; ++ } + for(k = 0; k < exrunlength; k++) + if (exflag) { + SDEXSYMS->glyphs[j++] = (i < m) ? |