Received: by mail.netbsd.org (Postfix, from userid 605) id 7FF3084D75; Fri, 3 Jan 2020 23:56:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 04C6E84D6B for ; Fri, 3 Jan 2020 23:56:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id kZZNFVsF5_KI for ; Fri, 3 Jan 2020 23:56:09 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 632C184CD8 for ; Fri, 3 Jan 2020 23:56:09 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 52643FA97; Fri, 3 Jan 2020 23:56:09 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1578095769144350" MIME-Version: 1.0 Date: Fri, 3 Jan 2020 23:56:09 +0000 From: "Sevan Janiyan" Subject: CVS commit: pkgsrc/print/ghostscript-agpl To: pkgsrc-changes@NetBSD.org Reply-To: sevan@netbsd.org X-Mailer: log_accum Message-Id: <20200103235609.52643FA97@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1578095769144350 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: sevan Date: Fri Jan 3 23:56:09 UTC 2020 Modified Files: pkgsrc/print/ghostscript-agpl: Makefile distinfo Added Files: pkgsrc/print/ghostscript-agpl/patches: patch-Resource_Init_gs_ttf.ps Log Message: Patch CVE-2019-14869 To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 pkgsrc/print/ghostscript-agpl/Makefile cvs rdiff -u -r1.26 -r1.27 pkgsrc/print/ghostscript-agpl/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/print/ghostscript-agpl/patches/patch-Resource_Init_gs_ttf.ps Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1578095769144350 Content-Disposition: inline Content-Length: 3836 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/print/ghostscript-agpl/Makefile diff -u pkgsrc/print/ghostscript-agpl/Makefile:1.48 pkgsrc/print/ghostscript-agpl/Makefile:1.49 --- pkgsrc/print/ghostscript-agpl/Makefile:1.48 Fri Dec 13 11:25:01 2019 +++ pkgsrc/print/ghostscript-agpl/Makefile Fri Jan 3 23:56:09 2020 @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.48 2019/12/13 11:25:01 leot Exp $ +# $NetBSD: Makefile,v 1.49 2020/01/03 23:56:09 sevan Exp $ DISTNAME= ghostscript-${GS_VERSION} PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-agpl/} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_GITHUB:=ArtifexSoftware/} GITHUB_PROJECT= ghostpdl-downloads Index: pkgsrc/print/ghostscript-agpl/distinfo diff -u pkgsrc/print/ghostscript-agpl/distinfo:1.26 pkgsrc/print/ghostscript-agpl/distinfo:1.27 --- pkgsrc/print/ghostscript-agpl/distinfo:1.26 Tue Dec 10 10:44:09 2019 +++ pkgsrc/print/ghostscript-agpl/distinfo Fri Jan 3 23:56:09 2020 @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.26 2019/12/10 10:44:09 leot Exp $ +$NetBSD: distinfo,v 1.27 2020/01/03 23:56:09 sevan Exp $ SHA1 (ghostscript-9.50.tar.xz) = 3be5f36300e3031e68a28cd898b3eebc9151660b RMD160 (ghostscript-9.50.tar.xz) = 7ba4ac83bff4b2bb4b102002501cc6ee0a74ace2 SHA512 (ghostscript-9.50.tar.xz) = 3c1e5db519a427f4b6bfb8d93f3c3dfb67d5ec9ccd19c7afa7670deb768515f3fc617c5588e54934bbfbedfdf8609ce2ffa36dd7da3cb618937fe034f64f43ee Size (ghostscript-9.50.tar.xz) = 34613344 bytes +SHA1 (patch-Resource_Init_gs_ttf.ps) = 7a65887b86079836b44d77f69257c5d46c006503 SHA1 (patch-base_gserrors_h) = ce75cfb7528871842a3bd35e18a6d91c89823909 SHA1 (patch-base_lib.mak) = 723926f167b49568376ef0c0da6aa4ec01fe1516 SHA1 (patch-base_mkromfs.c) = 96006928e0b5381e7101027372b6e6408f1c4a0b Added files: Index: pkgsrc/print/ghostscript-agpl/patches/patch-Resource_Init_gs_ttf.ps diff -u /dev/null pkgsrc/print/ghostscript-agpl/patches/patch-Resource_Init_gs_ttf.ps:1.1 --- /dev/null Fri Jan 3 23:56:09 2020 +++ pkgsrc/print/ghostscript-agpl/patches/patch-Resource_Init_gs_ttf.ps Fri Jan 3 23:56:09 2020 @@ -0,0 +1,44 @@ +$NetBSD: patch-Resource_Init_gs_ttf.ps,v 1.1 2020/01/03 23:56:09 sevan Exp $ + +CVE-2019-14869 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f +https://nvd.nist.gov/vuln/detail/CVE-2019-14869 + +--- Resource/Init/gs_ttf.ps.orig 2020-01-03 16:02:12.889444420 +0000 ++++ Resource/Init/gs_ttf.ps +@@ -1304,7 +1304,7 @@ currentdict /.pickcmap_with_no_xlatmap . + TTFDEBUG { (\n1 setting alias: ) print dup ==only + ( to be the same as ) print 2 index //== exec } if + +- 7 index 2 index 3 -1 roll exch .forceput ++ 7 index 2 index 3 -1 roll exch put + } forall + pop pop pop + } +@@ -1322,7 +1322,7 @@ currentdict /.pickcmap_with_no_xlatmap . + exch pop + TTFDEBUG { (\n2 setting alias: ) print 1 index ==only + ( to use glyph index: ) print dup //== exec } if +- 5 index 3 1 roll .forceput ++ 5 index 3 1 roll put + //false + } + { +@@ -1339,7 +1339,7 @@ currentdict /.pickcmap_with_no_xlatmap . + { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer) + TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only + ( to be index: ) print dup //== exec } if +- exch pop 5 index 3 1 roll .forceput ++ exch pop 5 index 3 1 roll put + } + { + pop pop +@@ -1369,7 +1369,7 @@ currentdict /.pickcmap_with_no_xlatmap . + } ifelse + ] + TTFDEBUG { (Encoding: ) print dup === flush } if +-} .bind executeonly odef % hides .forceput ++} .bind odef + + % ---------------- CIDFontType 2 font loading ---------------- % + --_----------=_1578095769144350--