diff options
| author | he <he@pkgsrc.org> | 2015-09-23 08:25:09 +0000 |
|---|---|---|
| committer | he <he@pkgsrc.org> | 2015-09-23 08:25:09 +0000 |
| commit | fc1b452dc8d2b0f5416862231cae0117ee45e409 (patch) | |
| tree | 81e86ca79991b6600b1c8564d87fa59ce00a5ed9 /print | |
| parent | 017a393f64286f9108d26995cc84a03c10a566a8 (diff) | |
| download | pkgsrc-fc1b452dc8d2b0f5416862231cae0117ee45e409.tar.gz | |
Protect against an overflow in gs_heap_alloc_bytes().
Fixes CVE-2015-3228.
Bump PKGREVISION. OK wiz@
Diffstat (limited to 'print')
| -rw-r--r-- | print/ghostscript-gpl/Makefile | 4 | ||||
| -rw-r--r-- | print/ghostscript-gpl/distinfo | 3 | ||||
| -rw-r--r-- | print/ghostscript-gpl/patches/patch-base_gsmalloc.c | 18 |
3 files changed, 22 insertions, 3 deletions
diff --git a/print/ghostscript-gpl/Makefile b/print/ghostscript-gpl/Makefile index 30c6e44e1c6..aab56d7ba0a 100644 --- a/print/ghostscript-gpl/Makefile +++ b/print/ghostscript-gpl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.18 2015/08/12 22:20:00 wiz Exp $ +# $NetBSD: Makefile,v 1.19 2015/09/23 08:25:09 he Exp $ DISTNAME= ghostscript-${GS_VERSION} PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-gpl/} -PKGREVISION= 6 +PKGREVISION= 7 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} MASTER_SITES+= http://ghostscript.com/releases/ diff --git a/print/ghostscript-gpl/distinfo b/print/ghostscript-gpl/distinfo index 37e455a4fae..0779d966b09 100644 --- a/print/ghostscript-gpl/distinfo +++ b/print/ghostscript-gpl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.11 2015/08/12 22:20:00 wiz Exp $ +$NetBSD: distinfo,v 1.12 2015/09/23 08:25:09 he Exp $ SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d @@ -18,5 +18,6 @@ SHA1 (patch-an) = 22ed9965aec5d540adb31334d8dd9e05eab8e0c2 SHA1 (patch-base_configure_ac) = c0f5ee586df05d1d136b7c89b4776c0bf480cc57 SHA1 (patch-base_gdevpng.c) = 24120e26bd2a846f6d4c8ab9753dfe91f151343f SHA1 (patch-base_gserrors_h) = fde64bd096a6e6f94005c8352a6295df06c19bae +SHA1 (patch-base_gsmalloc.c) = 891bdcef49e0f2c435744eaf7bbcd31f5dbcbaba SHA1 (patch-base_memento.c) = d30cfb9285a0268e743c90cdf831674eaa24789b SHA1 (patch-openjpeg_libopenjpeg_opj_malloc_h) = 24f15c55cd7961afc1254f6c4bccd6d0c2a5e737 diff --git a/print/ghostscript-gpl/patches/patch-base_gsmalloc.c b/print/ghostscript-gpl/patches/patch-base_gsmalloc.c new file mode 100644 index 00000000000..19e6faeae31 --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-base_gsmalloc.c @@ -0,0 +1,18 @@ +$NetBSD: patch-base_gsmalloc.c,v 1.1 2015/09/23 08:25:09 he Exp $ + +In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the +variable holding the actual number of bytes we allocate. + +Fixes CVE-2015-3228. + +--- base/gsmalloc.c.orig 2012-08-08 08:01:36.000000000 +0000 ++++ base/gsmalloc.c +@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, u + } else { + uint added = size + sizeof(gs_malloc_block_t); + +- if (mmem->limit - added < mmem->used) ++ if (added <= size || mmem->limit - added < mmem->used) + set_msg("exceeded limit"); + else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) + set_msg("failed"); |