Pullup ticket 2738 - requested by tron Security fix Revisions pulled up: - pkgsrc/graphics/ghostscript/Makefile 1.61 - pkgsrc/graphics/ghostscript/distinfo 1.23 - pkgsrc/graphics/ghostscript/patches/patch-aa 1.4 Module Name: pkgsrc Committed By: tron Date: Tue Apr 14 19:32:54 UTC 2009 Modified Files: pkgsrc/print/ghostscript: Makefile distinfo Added Files: pkgsrc/print/ghostscript/patches: patch-aa Log Message: Add patch for the security vulnerability reported in CVE-2009-0196 taken from Redhat's Bugzilla. To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 pkgsrc/print/ghostscript/Makefile cvs rdiff -u -r1.22 -r1.23 pkgsrc/print/ghostscript/distinfo cvs rdiff -u -r0 -r1.4 pkgsrc/print/ghostscript/patches/patch-aadiff -r1.60 -r1.60.2.1 pkgsrc/print/ghostscript/Makefile
(spz)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.60 2009/03/25 10:42:13 drochner Exp $ | 1 | # $NetBSD: Makefile,v 1.60.2.1 2009/04/17 21:43:51 spz Exp $ | |
2 | 2 | |||
3 | DISTNAME= ghostscript-8.64 | 3 | DISTNAME= ghostscript-8.64 | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= print | 5 | CATEGORIES= print | |
6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} | 6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} | |
7 | EXTRACT_SUFX= .tar.bz2 | 7 | EXTRACT_SUFX= .tar.bz2 | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://ghostscript.sourceforge.net/ | 10 | HOMEPAGE= http://ghostscript.sourceforge.net/ | |
11 | COMMENT= Postscript interpreter | 11 | COMMENT= Postscript interpreter | |
12 | 12 | |||
13 | PKG_DESTDIR_SUPPORT= user-destdir | 13 | PKG_DESTDIR_SUPPORT= user-destdir | |
14 | 14 | |||
15 | CONFLICTS+= ghostscript-afpl-[0-9]* | 15 | CONFLICTS+= ghostscript-afpl-[0-9]* | |
16 | CONFLICTS+= ghostscript-esp{,-nox11}-[0-9]* | 16 | CONFLICTS+= ghostscript-esp{,-nox11}-[0-9]* | |
17 | CONFLICTS+= ghostscript-gnu{,-nox11,-x11}-[0-9]* | 17 | CONFLICTS+= ghostscript-gnu{,-nox11,-x11}-[0-9]* |
@@ -1,13 +1,14 @@ | @@ -1,13 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.22 2009/03/25 10:42:13 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.22.2.1 2009/04/17 21:43:51 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (ghostscript-8.64.tar.bz2) = 4c2a6e04145428d35da73fbc4db9c66a75e336e0 | 3 | SHA1 (ghostscript-8.64.tar.bz2) = 4c2a6e04145428d35da73fbc4db9c66a75e336e0 | |
4 | RMD160 (ghostscript-8.64.tar.bz2) = 565134dcfe1e823b435c3761461c5eb394bd633c | 4 | RMD160 (ghostscript-8.64.tar.bz2) = 565134dcfe1e823b435c3761461c5eb394bd633c | |
5 | Size (ghostscript-8.64.tar.bz2) = 16921504 bytes | 5 | Size (ghostscript-8.64.tar.bz2) = 16921504 bytes | |
6 | SHA1 (patch-aa) = 31d077502dba343c5834e5ee9fdb42102ef47668 | |||
6 | SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 | 7 | SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 | |
7 | SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 | 8 | SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 | |
8 | SHA1 (patch-ae) = 50335e72adebe95ab0cb5873d1c6dd00e971579a | 9 | SHA1 (patch-ae) = 50335e72adebe95ab0cb5873d1c6dd00e971579a | |
9 | SHA1 (patch-af) = e4d56f13f5eb595a3929aac6c257012961f59c2b | 10 | SHA1 (patch-af) = e4d56f13f5eb595a3929aac6c257012961f59c2b | |
10 | SHA1 (patch-ag) = dd452d29253e20bb8fa453a1e4f139a40b2ab3e3 | 11 | SHA1 (patch-ag) = dd452d29253e20bb8fa453a1e4f139a40b2ab3e3 | |
11 | SHA1 (patch-ah) = efc85dead838505ee462714167f196db2deeb0aa | 12 | SHA1 (patch-ah) = efc85dead838505ee462714167f196db2deeb0aa | |
12 | SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124 | 13 | SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124 | |
13 | SHA1 (patch-aj) = 5608e834189c9746f4ad40d11cc36e76609e5d6c | 14 | SHA1 (patch-aj) = 5608e834189c9746f4ad40d11cc36e76609e5d6c |
$NetBSD: patch-aa,v 1.4.2.2 2009/04/17 21:43:51 spz Exp $
Patch for CVE-2009-0196 taken from Redhat's Bugzilla:
https://bugzilla.redhat.com/attachment.cgi?id=337747
--- jbig2dec/jbig2_symbol_dict.c.orig 2007-12-11 08:29:58.000000000 +0000
+++ jbig2dec/jbig2_symbol_dict.c 2009-04-14 20:19:01.000000000 +0100
@@ -699,6 +699,15 @@
exrunlength = params->SDNUMEXSYMS;
else
code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
+ if (exrunlength > params->SDNUMEXSYMS - j) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "runlength too large in export symbol table (%d > %d - %d)\n",
+ exrunlength, params->SDNUMEXSYMS, j);
+ jbig2_sd_release(ctx, SDEXSYMS);
+ /* skip to the cleanup code and return SDEXSYMS = NULL */
+ SDEXSYMS = NULL;
+ break;
+ }
for(k = 0; k < exrunlength; k++)
if (exflag) {
SDEXSYMS->glyphs[j++] = (i < m) ?