Add patch for CVE-2017-6196

3 files changed, 45 insertions, 3 deletions

diff --git a/print/ghostscript-gpl/Makefile b/print/ghostscript-gpl/Makefile
index 9cda64c12ea..0920c561f1c 100644
--- a/print/ghostscript-gpl/Makefile
+++ b/print/ghostscript-gpl/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.22 2016/07/09 06:38:50 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2017/03/23 20:38:24 tez Exp $
 
 DISTNAME=	ghostscript-${GS_VERSION}
 PKGNAME=	${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION=	9
+PKGREVISION=	10
 CATEGORIES=	print
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 MASTER_SITES+=	http://ghostscript.com/releases/
diff --git a/print/ghostscript-gpl/distinfo b/print/ghostscript-gpl/distinfo
index 1924d03589c..ce389a6ab3a 100644
--- a/print/ghostscript-gpl/distinfo
+++ b/print/ghostscript-gpl/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2015/11/04 01:01:33 agc Exp $
+$NetBSD: distinfo,v 1.14 2017/03/23 20:38:24 tez Exp $
 
 SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
@@ -10,6 +10,7 @@ SHA1 (patch-CVE-2014-8138) = be161051680e3c6c9246f31237019470a447ee49
 SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4
 SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
 SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
+SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc
 SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
 SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
 SHA1 (patch-ai) = 3962a3acac1d4537dbbe3fc3b205aba87387d485
diff --git a/print/ghostscript-gpl/patches/patch-CVE-2017-6196 b/print/ghostscript-gpl/patches/patch-CVE-2017-6196
new file mode 100644
index 00000000000..7bf20419e75
--- /dev/null
+++ b/print/ghostscript-gpl/patches/patch-CVE-2017-6196
@@ -0,0 +1,41 @@
+$NetBSD: patch-CVE-2017-6196,v 1.1 2017/03/23 20:38:24 tez Exp $
+
+Patch for CVE-2017-6196 adapted from:
+
+http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
+
+
+--- base/gxipixel.c
++++ base/gxipixel.c
+@@ -257,7 +257,6 @@ gx_image_enum_begin(gx_device * dev, con
+         if ((code = gs_matrix_invert_to_double(&pim->ImageMatrix, &mat)) < 0 ||
+             (code = gs_matrix_multiply_double(&mat, pmat, &mat)) < 0
+             ) {
+-            gs_free_object(mem, penum, "gx_default_begin_image");
+             return code;
+         }
+     }
+@@ -487,7 +486,6 @@ gx_image_enum_begin(gx_device * dev, con
+     }
+     if (masked) {       /* This is imagemask. */
+         if (bps != 1 || pcs != NULL || penum->alpha || decode[0] == decode[1]) {
+-            gs_free_object(mem, penum, "gx_default_begin_image");
+             return_error(gs_error_rangecheck);
+         }
+         /* Initialize color entries 0 and 255. */
+@@ -507,7 +505,6 @@ gx_image_enum_begin(gx_device * dev, con
+ 
+         spp = cs_num_components(pcs);
+         if (spp < 0) {          /* Pattern not allowed */
+-            gs_free_object(mem, penum, "gx_default_begin_image");
+             return_error(gs_error_rangecheck);
+         }
+         if (penum->alpha)
+@@ -613,7 +610,6 @@ gx_image_enum_begin(gx_device * dev, con
+     bsize = ((bps > 8 ? width * 2 : width) + 15) * spp;
+     buffer = gs_alloc_bytes(mem, bsize, "image buffer");
+     if (buffer == 0) {
+-        gs_free_object(mem, penum, "gx_default_begin_image");
+         return_error(gs_error_VMerror);
+     }
+     penum->bps = bps;