[arch-commits] Commit in ghostscript/trunk (CVE-2017-8291.patch PKGBUILD)
Andreas Radke
andyrtr at archlinux.org
Sun May 7 16:07:40 UTC 2017
Date: Sunday, May 7, 2017 @ 16:07:39
Author: andyrtr
Revision: 295429
upgpkg: ghostscript 9.21-2
apply git fixes for CVE-2017-8291; AVG-256
Added:
ghostscript/trunk/CVE-2017-8291.patch
Modified:
ghostscript/trunk/PKGBUILD
---------------------+
CVE-2017-8291.patch | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 10 ++-
2 files changed, 139 insertions(+), 3 deletions(-)
Added: CVE-2017-8291.patch
===================================================================
--- CVE-2017-8291.patch (rev 0)
+++ CVE-2017-8291.patch 2017-05-07 16:07:39 UTC (rev 295429)
@@ -0,0 +1,132 @@
+From: Chris Liddell <chris.liddell at artifex.com>
+Date: Thu, 27 Apr 2017 12:03:33 +0000 (+0100)
+Subject: Bug 697799: have .eqproc check its parameters
+X-Git-Url: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=4f83478c88
+
+Bug 697799: have .eqproc check its parameters
+
+The Ghostscript custom operator .eqproc was not check the number or type of
+the parameters it was given.
+---
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b3042..37293ff 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+ ref2_t stack[MAX_DEPTH + 1];
+ ref2_t *top = stack;
+
++ if (ref_stack_count(&o_stack) < 2)
++ return_error(gs_error_stackunderflow);
++ if (!r_is_array(op - 1) || !r_is_array(op)) {
++ return_error(gs_error_typecheck);
++ }
++
+ make_array(&stack[0].proc1, 0, 1, op - 1);
+ make_array(&stack[0].proc2, 0, 1, op);
+ for (;;) {
+From: Chris Liddell <chris.liddell at artifex.com>
+Date: Thu, 27 Apr 2017 12:21:31 +0000 (+0100)
+Subject: Bug 697799: have .rsdparams check its parameters
+X-Git-Url: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=04b37bbce1
+
+Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+---
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 191107d..950588d 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ ref *pFilter;
+ ref *pDecodeParms;
+ int Intent = 0;
+- bool AsyncRead;
++ bool AsyncRead = false;
+ ref empty_array, filter1_array, parms1_array;
+ uint i;
+- int code;
++ int code = 0;
++
++ if (ref_stack_count(&o_stack) < 1)
++ return_error(gs_error_stackunderflow);
++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++ return_error(gs_error_typecheck);
++ }
+
+ make_empty_array(&empty_array, a_readonly);
+- if (dict_find_string(op, "Filter", &pFilter) > 0) {
++ if (r_has_type(op, t_dictionary)
++ && dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (!r_is_array(pFilter)) {
+ if (!r_has_type(pFilter, t_name))
+ return_error(gs_error_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ return_error(gs_error_typecheck);
+ }
+ }
+- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++ if (r_has_type(op, t_dictionary))
++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
+ return code;
+- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+- )
+- return code;
++ if (r_has_type(op, t_dictionary))
++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++ return code;
+ push(1);
+ op[-1] = *pFilter;
+ if (pDecodeParms)
+
+From: Chris Liddell <chris.liddell at artifex.com>
+Date: Wed, 3 May 2017 11:05:45 +0000 (+0100)
+Subject: Bug 697846: revision to commit 4f83478c88 (.eqproc)
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=57f20719
+
+Bug 697846: revision to commit 4f83478c88 (.eqproc)
+
+When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
+parameters that are not both procedures. In this case, it turns out, the
+expectation is for the operator to return 'false', rather than throw an error.
+---
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 37293ff..3f01d39 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
+ return gs_cliprestore(igs);
+ }
+
++static inline bool
++eqproc_check_type(ref *r)
++{
++ return r_has_type(r, t_array)
++ || r_has_type(r, t_mixedarray)
++ || r_has_type(r, t_shortarray)
++ || r_has_type(r, t_oparray);
++}
++
+ /* <proc1> <proc2> .eqproc <bool> */
+ /*
+ * Test whether two procedures are equal to depth 10.
+@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
+
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+- if (!r_is_array(op - 1) || !r_is_array(op)) {
+- return_error(gs_error_typecheck);
++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
++ make_false(op - 1);
++ pop(1);
++ return 0;
+ }
+
+ make_array(&stack[0].proc1, 0, 1, op - 1);
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-05-07 15:49:28 UTC (rev 295428)
+++ PKGBUILD 2017-05-07 16:07:39 UTC (rev 295429)
@@ -3,7 +3,7 @@
pkgname=ghostscript
pkgver=9.21
-pkgrel=1
+pkgrel=2
pkgdesc="An interpreter for the PostScript language"
arch=('i686' 'x86_64')
license=('AGPL' 'custom')
@@ -14,16 +14,20 @@
'gtk3: needed for gsx')
url="http://www.ghostscript.com/"
source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostscript-${pkgver}.tar.xz
- ghostscript-sys-zlib.patch)
+ ghostscript-sys-zlib.patch
+ CVE-2017-8291.patch)
options=('!makeflags')
# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
sha256sums=('2be1d014888a34187ad4bbec19ab5692cc943bd1cb14886065aeb43a3393d053'
- 'c08c7e1354aaa243e753517c61ff86a799a49e0177c7bf6fe0029abc693386f6')
+ 'c08c7e1354aaa243e753517c61ff86a799a49e0177c7bf6fe0029abc693386f6'
+ '9cf9b04c274eba318907807b24d813fdfd5e7e2f88352a4b88dfc728a5b1e6c3')
prepare() {
cd ghostscript-${pkgver}
# fix build with system zlib
patch -Np1 -i ${srcdir}/ghostscript-sys-zlib.patch
+ # CVE-2017-8291; https://bugs.ghostscript.com/show_bug.cgi?id=697808
+ patch -Np1 -i ${srcdir}/CVE-2017-8291.patch
}
build() {
More information about the arch-commits
mailing list