[arch-commits] Commit in ghostscript/repos (3 files)
Andreas Radke
andyrtr at gemini.archlinux.org
Fri Sep 10 14:33:57 UTC 2021
Date: Friday, September 10, 2021 @ 14:33:57
Author: andyrtr
Revision: 423717
archrelease: copy trunk to testing-x86_64
Added:
ghostscript/repos/testing-x86_64/
ghostscript/repos/testing-x86_64/CVE-2021-3781.patch
(from rev 423716, ghostscript/trunk/CVE-2021-3781.patch)
ghostscript/repos/testing-x86_64/PKGBUILD
(from rev 423716, ghostscript/trunk/PKGBUILD)
---------------------+
CVE-2021-3781.patch | 232 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 120 +++++++++++++++++++++++++
2 files changed, 352 insertions(+)
Copied: ghostscript/repos/testing-x86_64/CVE-2021-3781.patch (from rev 423716, ghostscript/trunk/CVE-2021-3781.patch)
===================================================================
--- testing-x86_64/CVE-2021-3781.patch (rev 0)
+++ testing-x86_64/CVE-2021-3781.patch 2021-09-10 14:33:57 UTC (rev 423717)
@@ -0,0 +1,232 @@
+From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell at artifex.com>
+Date: Tue, 7 Sep 2021 20:36:12 +0100
+Subject: [PATCH] Bug 704342: Include device specifier strings in access
+ validation
+
+for the "%pipe%", %handle%" and %printer% io devices.
+
+We previously validated only the part after the "%pipe%" Postscript device
+specifier, but this proved insufficient.
+
+This rebuilds the original file name string, and validates it complete. The
+slight complication for "%pipe%" is it can be reached implicitly using
+"|" so we have to check both prefixes.
+
+Addresses CVE-2021-3781
+---
+ base/gdevpipe.c | 22 +++++++++++++++-
+ base/gp_mshdl.c | 11 +++++++-
+ base/gp_msprn.c | 10 ++++++-
+ base/gp_os2pr.c | 13 +++++++++-
+ base/gslibctx.c | 69 ++++++++++---------------------------------------
+ 5 files changed, 65 insertions(+), 60 deletions(-)
+
+diff --git a/base/gdevpipe.c b/base/gdevpipe.c
+index 96d71f5d8..5bdc485be 100644
+--- a/base/gdevpipe.c
++++ b/base/gdevpipe.c
+@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ #else
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ /* The pipe device can be reached in two ways, explicltly with %pipe%
++ or implicitly with "|", so we have to check for both
++ */
++ char f[gp_file_name_sizeof];
++ const char *pipestr = "|";
++ const size_t pipestrlen = strlen(pipestr);
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
++ int code1;
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ code1 = gp_validate_path(mem, f, access);
++
++ memcpy(f, pipestr, pipestrlen);
++ memcpy(f + pipestrlen, fname, nlen + 1);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
+ return gs_error_invalidfileaccess;
+
+ /*
+diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c
+index 2b964ed74..8d87ceadc 100644
+--- a/base/gp_mshdl.c
++++ b/base/gp_mshdl.c
+@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ long hfile; /* Correct for Win32, may be wrong for Win64 */
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ char f[gp_file_name_sizeof];
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, f, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_handle method. */
+diff --git a/base/gp_msprn.c b/base/gp_msprn.c
+index ed4827968..746a974f7 100644
+--- a/base/gp_msprn.c
++++ b/base/gp_msprn.c
+@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(pname, iodev->dname, preflen);
++ memcpy(pname + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, pname, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c
+index f852c71fc..ba54cde66 100644
+--- a/base/gp_os2pr.c
++++ b/base/gp_os2pr.c
+@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ FILE ** pfile, char *rfname, uint rnamelen)
+ {
+ os2_printer_t *pr = (os2_printer_t *)iodev->state;
+- char driver_name[256];
++ char driver_name[gp_file_name_sizeof];
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const int size_t = strlen(fname);
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(driver_name, iodev->dname, preflen);
++ memcpy(driver_name + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, driver_name, access) != 0)
++ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+ /* Note that the loop condition here ensures we don't
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 6dfed6cd5..318039fad 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
+ int
+ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+ rewrite_percent_specifiers(f);
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_add_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_add_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_add_control_path(mem, gs_permit_file_control, fp);
++
++ code = gs_add_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_add_control_path(mem, gs_permit_file_writing, fp);
++ return gs_add_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_remove_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_remove_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_remove_control_path(mem, gs_permit_file_control, fp);
++ rewrite_percent_specifiers(f);
++
++ code = gs_remove_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_remove_control_path(mem, gs_permit_file_writing, fp);
++ return gs_remove_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+--
+2.17.1
+
Copied: ghostscript/repos/testing-x86_64/PKGBUILD (from rev 423716, ghostscript/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2021-09-10 14:33:57 UTC (rev 423717)
@@ -0,0 +1,120 @@
+# Maintainer: AndyRTR <andyrtr at archlinux.org>
+
+pkgbase=ghostscript
+pkgname=(ghostscript ghostxps ghostpcl)
+pkgver=9.54.0
+pkgrel=3
+pkgdesc="An interpreter for the PostScript language"
+url="https://www.ghostscript.com/"
+arch=('x86_64')
+license=('AGPL3' 'custom')
+depends=('libxt' 'libcups' 'fontconfig' 'zlib' 'libpng' 'libjpeg' 'jbig2dec'
+ 'libtiff' 'lcms2' 'dbus' 'libpaper' 'ijs' 'openjpeg2' 'libidn')
+makedepends=('gtk3' 'gnutls' 'glu' 'freeglut')
+# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
+source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver//./}/ghostpdl-${pkgver}.tar.xz
+ CVE-2021-3781.patch)
+sha512sums=('fed500f5f267f0eeecc4ab44c2785ddaa9ad6965b689e9792021e2348296ee19150f10decb264a4689464088449be44fe8e6c30566a26e6e4e978c8b2d4654ec'
+ '26a625518b18433309ccf404cbe90e2240a75091ae8c38d197d5dce5e1ac7e3df73be83683b64de2d38f429ffa45cb3eda9ecf9388e40094a1ca84328457a8f4')
+
+### update jbig2dec first! ###
+
+### make sure to rebuild core/groff on version updates - https://bugs.archlinux.org/task/67751 ###
+
+prepare() {
+ cd ghostpdl-${pkgver}
+
+ # *** remove after final decision ***
+ # new in 9.54.0:
+ # https://www.ghostscript.com/doc/9.54.0/News.htm
+
+ # 1) inclusion of the tesseract/leptonica sources for OCR capabilities
+ # at the moment we do not support linking with tesseract/leptonica shared libraries.
+ # As is normal with such included libraries, deleting those directories and (re)running
+ # configure (on Unix like systems) will automatically build without the OCR functionality.
+ # increases package size ghostpcl 2.7->4.9MB | ghostscript 18->23MB | ghostxps 2,7->4.9MB
+ # https://www.ghostscript.com/doc/9.54.0/VectorDevices.htm#UseOCR -
+ # this doesn't seem to be worth to keep enabled until linking with shared libs is supported
+ rm -r tesseract leptonica
+
+ # 2) new directory addition in the source tree: "extract/".
+ # It contains the implementation for the writing of docx format files used by the
+ # new "docxwrite" device. This is *not* a "thirdparty library".
+ # For distribution package maintainers, if you want your packaged Ghostscript to include
+ # the "docxwrite" device, do not delete this directory.
+ # ^ this one doesn't affect package size - so let's keep it
+
+ # force it to use system-libs
+ rm -r cups/libs expat ijs jbig2dec jpeg lcms2mt libpng openjpeg tiff zlib
+ # using tree freetype because of https://bugs.archlinux.org/task/56849
+ # lcms2mt is the new lcms2 fork aimed to replace lcms2 in a thread safe way
+
+ # http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=40dc5b409c6262b18b4bf5386b5482ead4c511e3
+ # libs link unwanted to libgpdl that isn't installed
+ rm -rf gpdl
+
+
+ # CVE-2021-3781 / CVE-2021-3781.patch
+ patch -Np1 -i ../CVE-2021-3781.patch
+}
+
+build() {
+ cd ghostpdl-${pkgver}
+ ./configure --prefix=/usr \
+ --enable-dynamic \
+ --with-ijs \
+ --with-jbig2dec \
+ --with-x \
+ --with-drivers=ALL \
+ --with-openprinting \
+ --with-fontpath=/usr/share/fonts/gsfonts \
+ --enable-fontconfig \
+ --enable-freetype \
+ --enable-openjpeg \
+ --without-luratech \
+ --with-system-libtiff \
+ --with-libpaper \
+ --disable-compile-inits #--help # needed for linking with system-zlib
+ make
+}
+
+package_ghostscript() {
+ optdepends=('texlive-core: needed for dvipdf'
+ 'gtk3: needed for gsx')
+
+ cd ghostpdl-${pkgver}
+ make DESTDIR="${pkgdir}" install-gs install-so-gs
+ # replace statically linked gs binary with symlink to dynamically linked gsc
+ rm -v "${pkgdir}"/usr/bin/gs
+ ln -s gsc "${pkgdir}"/usr/bin/gs
+
+ # remove unwanted localized manpages
+ rm -rv "${pkgdir}"/usr/share/man/de
+
+ install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE
+}
+
+package_ghostxps() {
+ pkgdesc="${pkgdesc/PostScript/XPS document}"
+ depends=("ghostscript=${pkgver}-${pkgrel}")
+
+ cd ghostpdl-${pkgver}
+ make DESTDIR="${pkgdir}" install-gxps install-so-gxps
+ rm -r "${pkgdir}"/usr/include
+
+ install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE
+
+ # fix file conflict - FS#70238
+ rm -r "${pkgdir}"/usr/lib/libgxps.so
+}
+
+package_ghostpcl() {
+ pkgdesc="${pkgdesc/PostScript/PCL 6}"
+ depends=("ghostscript=${pkgver}-${pkgrel}")
+
+ cd ghostpdl-${pkgver}
+ make DESTDIR="${pkgdir}" install-gpcl6 install-so-gpcl6
+ rm -r "${pkgdir}"/usr/include
+
+ install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE
+}
More information about the arch-commits
mailing list