diff options
-rw-r--r-- | print/ghostscript/Makefile | 4 | ||||
-rw-r--r-- | print/ghostscript/distinfo | 3 | ||||
-rw-r--r-- | print/ghostscript/patches/patch-ae | 214 |
3 files changed, 218 insertions, 3 deletions
diff --git a/print/ghostscript/Makefile b/print/ghostscript/Makefile index 20a7ce106f2..600a6a9a5a3 100644 --- a/print/ghostscript/Makefile +++ b/print/ghostscript/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.81 2010/11/13 17:03:00 bouyer Exp $ +# $NetBSD: Makefile,v 1.82 2010/11/23 11:10:15 tron Exp $ DISTNAME= ghostscript-8.71 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} MASTER_SITES+= http://ghostscript.com/releases/ diff --git a/print/ghostscript/distinfo b/print/ghostscript/distinfo index 2e2b250e06e..8c1fa65aacb 100644 --- a/print/ghostscript/distinfo +++ b/print/ghostscript/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.35 2010/11/13 17:03:00 bouyer Exp $ +$NetBSD: distinfo,v 1.36 2010/11/23 11:10:15 tron Exp $ SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb @@ -7,6 +7,7 @@ SHA1 (patch-aa) = 31f2107c474398a350916df6fe793a5920f81169 SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 SHA1 (patch-ac) = b1f71dc446f433be0b07b0511dc1028e8e3b77f3 SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 +SHA1 (patch-ae) = e015d340a69da3881d4c95ae169ff255f1ffcfd4 SHA1 (patch-af) = 13aa7b5159cbd5413353b48380d5665ed879fe64 SHA1 (patch-ag) = bdfbe40c849537d84ac2b3def4a0a3a87ecc152f SHA1 (patch-ah) = 2007d42df0bf1d93af90dedaadc882da9fc3e5bc diff --git a/print/ghostscript/patches/patch-ae b/print/ghostscript/patches/patch-ae new file mode 100644 index 00000000000..d491587315c --- /dev/null +++ b/print/ghostscript/patches/patch-ae @@ -0,0 +1,214 @@ +$NetBSD: patch-ae,v 1.6 2010/11/23 11:10:16 tron Exp $ + +Security patch for CVE-2010-2055 by Dr. Werner Fink taken from here: + +http://bugs.ghostscript.com/attachment.cgi?id=6449 + +--- psi/zfile.c.orig 2009-10-04 13:42:07.000000000 +0100 ++++ psi/zfile.c 2010-11-23 11:03:52.000000000 +0000 +@@ -902,6 +902,90 @@ + return 0; + } + ++/* return zero for success, -ve for error, +1 for continue */ ++static int ++lib_file_open_search_with_no_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p, ++ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile, ++ gx_io_device *iodev, bool starting_arg_file, char *fmode) ++{ ++ stream *s; ++ uint blen1 = blen; ++ if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success) ++ goto skip; ++ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, ++ (const char *)fmode, &s, (gs_memory_t *)mem) == 0) { ++ if (starting_arg_file || ++ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { ++ *pclen = blen1; ++ make_stream_file(pfile, s, "r"); ++ return 0; ++ } ++ sclose(s); ++ return_error(e_invalidfileaccess); ++ } ++ skip:; ++ return 1; ++} ++ ++/* return zero for success, -ve for error, +1 for continue */ ++static int ++lib_file_open_search_with_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p, ++ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile, ++ gx_io_device *iodev, bool starting_arg_file, char *fmode) ++{ ++ stream *s; ++ const gs_file_path *pfpath = lib_path; ++ uint pi; ++ ++ for (pi = 0; pi < r_size(&pfpath->list); ++pi) { ++ const ref *prdir = pfpath->list.value.refs + pi; ++ const char *pstr = (const char *)prdir->value.const_bytes; ++ uint plen = r_size(prdir), blen1 = blen; ++ gs_parsed_file_name_t pname; ++ gp_file_name_combine_result r; ++ ++ /* We need to concatenate and parse the file name here ++ * if this path has a %device% prefix. */ ++ if (pstr[0] == '%') { ++ int code; ++ ++ /* We concatenate directly since gp_file_name_combine_* ++ * rules are not correct for other devices such as %rom% */ ++ code = gs_parse_file_name(&pname, pstr, plen); ++ if (code < 0) ++ continue; ++ memcpy(buffer, pname.fname, pname.len); ++ memcpy(buffer+pname.len, fname, flen); ++ code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode, ++ &s, (gs_memory_t *)mem); ++ if (code < 0) ++ continue; ++ make_stream_file(pfile, s, "r"); ++ /* fill in the buffer with the device concatenated */ ++ memcpy(buffer, pstr, plen); ++ memcpy(buffer+plen, fname, flen); ++ *pclen = plen + flen; ++ return 0; ++ } else { ++ r = gp_file_name_combine(pstr, plen, ++ fname, flen, false, buffer, &blen1); ++ if (r != gp_combine_success) ++ continue; ++ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode, ++ &s, (gs_memory_t *)mem) == 0) { ++ if (starting_arg_file || ++ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { ++ *pclen = blen1; ++ make_stream_file(pfile, s, "r"); ++ return 0; ++ } ++ sclose(s); ++ return_error(e_invalidfileaccess); ++ } ++ } ++ } ++ return 1; ++} + + /* Return a file object of of the file searched for using the search paths. */ + /* The fname cannot contain a device part (%...%) but the lib paths might. */ +@@ -919,6 +1003,8 @@ + char fmode[4] = { 'r', 0, 0, 0 }; /* room for binary suffix */ + stream *s; + gx_io_device *iodev = iodev_default; ++ gs_main_instance *minst = get_minst_from_memory(mem); ++ int code; + + /* when starting arg files (@ files) iodev_default is not yet set */ + if (iodev == 0) +@@ -932,75 +1018,36 @@ + search_with_no_combine = starting_arg_file; + search_with_combine = true; + } +- if (search_with_no_combine) { +- uint blen1 = blen; +- +- if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success) +- goto skip; +- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, +- (const char *)fmode, &s, (gs_memory_t *)mem) == 0) { +- if (starting_arg_file || +- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { +- *pclen = blen1; +- make_stream_file(pfile, s, "r"); +- return 0; +- } +- sclose(s); +- return_error(e_invalidfileaccess); +- } +- skip:; +- } +- if (search_with_combine) { +- const gs_file_path *pfpath = lib_path; +- uint pi; +- +- for (pi = 0; pi < r_size(&pfpath->list); ++pi) { +- const ref *prdir = pfpath->list.value.refs + pi; +- const char *pstr = (const char *)prdir->value.const_bytes; +- uint plen = r_size(prdir), blen1 = blen; +- gs_parsed_file_name_t pname; +- gp_file_name_combine_result r; +- +- /* We need to concatenate and parse the file name here +- * if this path has a %device% prefix. */ +- if (pstr[0] == '%') { +- int code; +- +- /* We concatenate directly since gp_file_name_combine_* +- * rules are not correct for other devices such as %rom% */ +- code = gs_parse_file_name(&pname, pstr, plen); +- if (code < 0) +- continue; +- memcpy(buffer, pname.fname, pname.len); +- memcpy(buffer+pname.len, fname, flen); +- code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode, +- &s, (gs_memory_t *)mem); +- if (code < 0) +- continue; +- make_stream_file(pfile, s, "r"); +- /* fill in the buffer with the device concatenated */ +- memcpy(buffer, pstr, plen); +- memcpy(buffer+plen, fname, flen); +- *pclen = plen + flen; +- return 0; +- } else { +- r = gp_file_name_combine(pstr, plen, +- fname, flen, false, buffer, &blen1); +- if (r != gp_combine_success) +- continue; +- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode, +- &s, (gs_memory_t *)mem) == 0) { +- if (starting_arg_file || +- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) { +- *pclen = blen1; +- make_stream_file(pfile, s, "r"); +- return 0; +- } +- sclose(s); +- return_error(e_invalidfileaccess); +- } +- } +- } ++ if (minst->search_here_first) { ++ if (search_with_no_combine) { ++ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue continue */ ++ return code; ++ } ++ if (search_with_combine) { ++ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue searching */ ++ return code; ++ } ++ } else { ++ if (search_with_combine) { ++ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue searching */ ++ return code; ++ } ++ if (search_with_no_combine) { ++ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p, ++ fname, flen, buffer, blen, pclen, pfile, ++ iodev, starting_arg_file, fmode); ++ if (code <= 0) /* +ve means continue searching */ ++ return code; ++ } + } + return_error(e_undefinedfilename); + } |