diff options
| author | spz <spz> | 2010-11-23 22:43:36 +0000 |
|---|---|---|
| committer | spz <spz> | 2010-11-23 22:43:36 +0000 |
| commit | 163fa9569062ce0eb95b8ee598fbb90016bb3aaf (patch) | |
| tree | 07ade9d38e2021483ed21c6272c6426bddecb0e1 | |
| parent | cffecced3278f6320243cbf4e236fe11b65a8022 (diff) | |
| download | pkgsrc-163fa9569062ce0eb95b8ee598fbb90016bb3aaf.tar.gz | |
Pullup ticket 3280 - requested by tron
security fixes
Revisions pulled up:
- pkgsrc/print/ghostscript/Makefile 1.82
- pkgsrc/print/ghostscript/distinfo 1.36
Files added:
pkgsrc/print/ghostscript/patches/patch-ae
pkgsrc/print/ghostscript/patches/patch-bd
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Nov 13 17:03:00 UTC 2010
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript/patches: patch-bd
Log Message:
Apply patch from official repository:
- Fixed memory reallocation on bitmap size change. Reallocation is not only
needed when dimendions and margins change, but also when the color depth
changes. Fixes bugs #691029 and #691108.
- Fixed arrayoption() macro in cups_put_params() function. Array values did
not get actually set in cups.header data structure. Bug only showed via
a compiler warning.
- Silenced compiler warning by presetting c0..c3 in cups_map_cmyk() to zero.
makes my epson USB printer work again with 2010Q3 cups+ghostscript
PKGREVISION++
To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/print/ghostscript/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/print/ghostscript/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/print/ghostscript/patches/patch-bd
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 23 11:10:16 UTC 2010
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript/patches: patch-ae
Log Message:
Add Dr. Werner Fink's patch for the vulnerability reported in CVE-2010-2055.
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 pkgsrc/print/ghostscript/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/print/ghostscript/distinfo
cvs rdiff -u -r0 -r1.6 pkgsrc/print/ghostscript/patches/patch-ae
| -rw-r--r-- | print/ghostscript/Makefile | 4 | ||||
| -rw-r--r-- | print/ghostscript/distinfo | 4 | ||||
| -rw-r--r-- | print/ghostscript/patches/patch-ae | 214 | ||||
| -rw-r--r-- | print/ghostscript/patches/patch-bd | 98 |
4 files changed, 317 insertions, 3 deletions
diff --git a/print/ghostscript/Makefile b/print/ghostscript/Makefile index 9ed949aa1d8..b2fb20777dc 100644 --- a/print/ghostscript/Makefile +++ b/print/ghostscript/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.80 2010/06/30 12:44:55 tron Exp $ +# $NetBSD: Makefile,v 1.80.2.1 2010/11/23 22:43:36 spz Exp $ DISTNAME= ghostscript-8.71 -PKGREVISION= 4 +PKGREVISION= 6 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} MASTER_SITES+= http://ghostscript.com/releases/ diff --git a/print/ghostscript/distinfo b/print/ghostscript/distinfo index 4497b546d01..0ebfd26cc26 100644 --- a/print/ghostscript/distinfo +++ b/print/ghostscript/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2010/06/30 12:44:55 tron Exp $ +$NetBSD: distinfo,v 1.34.2.1 2010/11/23 22:43:36 spz Exp $ SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb @@ -7,6 +7,7 @@ SHA1 (patch-aa) = 31f2107c474398a350916df6fe793a5920f81169 SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 SHA1 (patch-ac) = b1f71dc446f433be0b07b0511dc1028e8e3b77f3 SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 +SHA1 (patch-ae) = e015d340a69da3881d4c95ae169ff255f1ffcfd4 SHA1 (patch-af) = 13aa7b5159cbd5413353b48380d5665ed879fe64 SHA1 (patch-ag) = bdfbe40c849537d84ac2b3def4a0a3a87ecc152f SHA1 (patch-ah) = 2007d42df0bf1d93af90dedaadc882da9fc3e5bc @@ -18,3 +19,4 @@ SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130 SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057 SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c +SHA1 (patch-bd) = f7a0448317118bd46d84d9cbc8f4c553175f1e74 diff --git a/print/ghostscript/patches/patch-ae b/print/ghostscript/patches/patch-ae new file mode 100644 index 00000000000..642536e68fb --- /dev/null +++ b/print/ghostscript/patches/patch-ae @@ -0,0 +1,214 @@ +$NetBSD: patch-ae,v 1.6.2.2 2010/11/23 22:43:36 spz Exp $ + +Security patch for CVE-2010-2055 by Dr. Werner Fink taken from here: + +http://bugs.ghostscript.com/attachment.cgi?id=6449 + +--- psi/zfile.c.orig 2009-10-04 13:42:07.000000000 +0100 ++++ psi/zfile.c 2010-11-23 11:03:52.000000000 +0000 +@@ -902,6 +902,90 @@ + return 0; + } + ++/* return zero for success, -ve for error, +1 for continue */ ++static int ++lib_file_open_search_with_no_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p, ++ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile, ++ gx_io_device *iodev, bool starting_arg_file, char *fmode) ++{ ++ stream *s; ++ uint blen1 = blen; ++ if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success) ++ goto skip; ++ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, ++ (const char *)fmode, &s, (gs_memory_t *)mem) == 0) { ++ if (starting_arg_file || ++ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { ++ *pclen = blen1; ++ make_stream_file(pfile, s, "r"); ++ return 0; ++ } ++ sclose(s); ++ return_error(e_invalidfileaccess); ++ } ++ skip:; ++ return 1; ++} ++ ++/* return zero for success, -ve for error, +1 for continue */ ++static int ++lib_file_open_search_with_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p, ++ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile, ++ gx_io_device *iodev, bool starting_arg_file, char *fmode) ++{ ++ stream *s; ++ const gs_file_path *pfpath = lib_path; ++ uint pi; ++ ++ for (pi = 0; pi < r_size(&pfpath->list); ++pi) { ++ const ref *prdir = pfpath->list.value.refs + pi; ++ const char *pstr = (const char *)prdir->value.const_bytes; ++ uint plen = r_size(prdir), blen1 = blen; ++ gs_parsed_file_name_t pname; ++ gp_file_name_combine_result r; ++ ++ /* We need to concatenate and parse the file name here ++ * if this path has a %device% prefix. */ ++ if (pstr[0] == '%') { ++ int code; ++ ++ /* We concatenate directly since gp_file_name_combine_* ++ * rules are not correct for other devices such as %rom% */ ++ code = gs_parse_file_name(&pname, pstr, plen); ++ if (code < 0) ++ continue; ++ memcpy(buffer, pname.fname, pname.len); ++ memcpy(buffer+pname.len, fname, flen); ++ code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode, ++ &s, (gs_memory_t *)mem); ++ if (code < 0) ++ continue; ++ make_stream_file(pfile, s, "r"); ++ /* fill in the buffer with the device concatenated */ ++ memcpy(buffer, pstr, plen); ++ memcpy(buffer+plen, fname, flen); ++ *pclen = plen + flen; ++ return 0; ++ } else { ++ r = gp_file_name_combine(pstr, plen, ++ fname, flen, false, buffer, &blen1); ++ if (r != gp_combine_success) ++ continue; ++ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode, ++ &s, (gs_memory_t *)mem) == 0) { ++ if (starting_arg_file || ++ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { ++ *pclen = blen1; ++ make_stream_file(pfile, s, "r"); ++ return 0; ++ } ++ sclose(s); ++ return_error(e_invalidfileaccess); ++ } ++ } ++ } ++ return 1; ++} + + /* Return a file object of of the file searched for using the search paths. */ + /* The fname cannot contain a device part (%...%) but the lib paths might. */ +@@ -919,6 +1003,8 @@ + char fmode[4] = { 'r', 0, 0, 0 }; /* room for binary suffix */ + stream *s; + gx_io_device *iodev = iodev_default; ++ gs_main_instance *minst = get_minst_from_memory(mem); ++ int code; + + /* when starting arg files (@ files) iodev_default is not yet set */ + if (iodev == 0) +@@ -932,75 +1018,36 @@ + search_with_no_combine = starting_arg_file; + search_with_combine = true; + } +- if (search_with_no_combine) { +- uint blen1 = blen; +- +- if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success) +- goto skip; +- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, +- (const char *)fmode, &s, (gs_memory_t *)mem) == 0) { +- if (starting_arg_file || +- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { +- *pclen = blen1; +- make_stream_file(pfile, s, "r"); +- return 0; +- } +- sclose(s); +- return_error(e_invalidfileaccess); +- } +- skip:; +- } +- if (search_with_combine) { +- const gs_file_path *pfpath = lib_path; +- uint pi; +- +- for (pi = 0; pi < r_size(&pfpath->list); ++pi) { +- const ref *prdir = pfpath->list.value.refs + pi; +- const char *pstr = (const char *)prdir->value.const_bytes; +- uint plen = r_size(prdir), blen1 = blen; +- gs_parsed_file_name_t pname; +- gp_file_name_combine_result r; +- +- /* We need to concatenate and parse the file name here +- * if this path has a %device% prefix. */ +- if (pstr[0] == '%') { +- int code; +- +- /* We concatenate directly since gp_file_name_combine_* +- * rules are not correct for other devices such as %rom% */ +- code = gs_parse_file_name(&pname, pstr, plen); +- if (code < 0) +- continue; +- memcpy(buffer, pname.fname, pname.len); +- memcpy(buffer+pname.len, fname, flen); +- code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode, +- &s, (gs_memory_t *)mem); +- if (code < 0) +- continue; +- make_stream_file(pfile, s, "r"); +- /* fill in the buffer with the device concatenated */ +- memcpy(buffer, pstr, plen); +- memcpy(buffer+plen, fname, flen); +- *pclen = plen + flen; +- return 0; +- } else { +- r = gp_file_name_combine(pstr, plen, +- fname, flen, false, buffer, &blen1); +- if (r != gp_combine_success) +- continue; +- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode, +- &s, (gs_memory_t *)mem) == 0) { +- if (starting_arg_file || +- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { +- *pclen = blen1; +- make_stream_file(pfile, s, "r"); +- return 0; +- } +- sclose(s); +- return_error(e_invalidfileaccess); +- } +- } +- } ++ if (minst->search_here_first) { ++ if (search_with_no_combine) { ++ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue continue */ ++ return code; ++ } ++ if (search_with_combine) { ++ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue searching */ ++ return code; ++ } ++ } else { ++ if (search_with_combine) { ++ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue searching */ ++ return code; ++ } ++ if (search_with_no_combine) { ++ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue searching */ ++ return code; ++ } + } + return_error(e_undefinedfilename); + } diff --git a/print/ghostscript/patches/patch-bd b/print/ghostscript/patches/patch-bd new file mode 100644 index 00000000000..b338540a544 --- /dev/null +++ b/print/ghostscript/patches/patch-bd @@ -0,0 +1,98 @@ +$NetBSD: patch-bd,v 1.3.2.2 2010/11/23 22:43:36 spz Exp $ + +From 6d26e9b1c38d8c0f0ab4af42c513cb23f3ae1656 Mon Sep 17 00:00:00 2001 +From: till <till@a1074d23-0009-0410-80fe-cf8c14f379e6> +Date: Tue, 9 Mar 2010 16:35:06 +0000 +Subject: [PATCH] Fixes on CUPS Raster output device: + - Fixed memory reallocation on bitmap size change. Reallocation is not only + needed when dimendions and margins change, but also when the color depth + changes. Fixes bugs #691029 and #691108. + - Fixed arrayoption() macro in cups_put_params() function. Array values did + not get actually set in cups.header data structure. Bug only showed via + a compiler warning. + - Silenced compiler warning by presetting c0..c3 in cups_map_cmyk() to zero. + +git-svn-id: http://svn.ghostscript.com/ghostscript/trunk/gs@10890 a1074d23-0009-0410-80fe-cf8c14f379e6 +--- + cups/gdevcups.c | 32 +++++++++++++++++++++++--------- + 1 files changed, 23 insertions(+), 9 deletions(-) + +diff --git a/cups/gdevcups.c b/cups/gdevcups.c +index 551b806..4000abf 100644 +--- a/cups/gdevcups.c ++++ cups/gdevcups.c +@@ -975,7 +975,8 @@ cups_map_cmyk(gx_device *pdev, /* I - Device info */ + frac k, /* I - Black value */ + frac *out) /* O - Device colors */ + { +- int c0, c1, c2, c3; /* Temporary color values */ ++ int c0 = 0, c1 = 0, ++ c2 = 0, c3 = 0; /* Temporary color values */ + float rr, rg, rb, /* Real RGB colors */ + ciex, ciey, ciez, /* CIE XYZ colors */ + ciey_yn, /* Normalized luminance */ +@@ -2703,9 +2704,13 @@ cups_put_params(gx_device *pdev, /* I - Device info */ + int color_set; /* Were the color attrs set? */ + gdev_prn_space_params sp; /* Space parameter data */ + int width, /* New width of page */ +- height; /* New height of page */ ++ height, /* New height of page */ ++ colorspace, /* New color space */ ++ bitspercolor; /* New bits per color */ + static int width_old = 0, /* Previous width */ +- height_old = 0; /* Previous height */ ++ height_old = 0, /* Previous height */ ++ colorspace_old = 0,/* Previous color space */ ++ bitspercolor_old = 0;/* Previous bits per color */ + ppd_attr_t *backside = NULL, + *backsiderequiresflippedmargins = NULL; + float swap; +@@ -2800,9 +2805,10 @@ cups_put_params(gx_device *pdev, /* I - Device info */ + else if (code == 0) \ + { \ + dprintf1("DEBUG: Setting %s to", sname); \ +- for (i = 0; i < count; i ++) \ +- dprintf1(" %d", (unsigned)(arrayval.data[i])); \ +- cups->header.name[i] = (unsigned)arrayval.data[i]; \ ++ for (i = 0; i < count; i ++) { \ ++ dprintf1(" %d", (unsigned)(arrayval.data[i])); \ ++ cups->header.name[i] = (unsigned)(arrayval.data[i]); \ ++ } \ + dprintf("...\n"); \ + } + +@@ -3243,23 +3249,31 @@ cups_put_params(gx_device *pdev, /* I - Device info */ + } + #endif /* CUPS_RASTER_SYNCv1 */ + ++ colorspace = cups->header.cupsColorSpace; ++ bitspercolor = cups->header.cupsBitsPerColor; ++ + /* + * Don't reallocate memory unless the device has been opened... + * Also reallocate only if the size has actually changed... + */ + +- if (pdev->is_open && (width != width_old || height != height_old)) ++ if (pdev->is_open && ++ (width != width_old || height != height_old || ++ colorspace != colorspace_old || bitspercolor != bitspercolor_old)) + { + + width_old = width; + height_old = height; ++ colorspace_old = colorspace; ++ bitspercolor_old = bitspercolor; + + /* + * Device is open and size has changed, so reallocate... + */ + +- dprintf4("DEBUG2: Reallocating memory, [%.0f %.0f] = %dx%d pixels...\n", +- pdev->MediaSize[0], pdev->MediaSize[1], width, height); ++ dprintf6("DEBUG2: Reallocating memory, [%.0f %.0f] = %dx%d pixels, color space: %d, bits per color: %d...\n", ++ pdev->MediaSize[0], pdev->MediaSize[1], width, height, ++ colorspace, bitspercolor); + + sp = ((gx_device_printer *)pdev)->space_params; + |