Fri Apr 17 21:43:51 2009 UTC ()

Pullup ticket 2738 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/graphics/ghostscript/Makefile			1.61
- pkgsrc/graphics/ghostscript/distinfo			1.23
- pkgsrc/graphics/ghostscript/patches/patch-aa		1.4

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Tue Apr 14 19:32:54 UTC 2009

   Modified Files:
   	pkgsrc/print/ghostscript: Makefile distinfo
   Added Files:
   	pkgsrc/print/ghostscript/patches: patch-aa

   Log Message:
   Add patch for the security vulnerability reported in CVE-2009-0196
   taken from Redhat's Bugzilla.

   To generate a diff of this commit:
   cvs rdiff -u -r1.60 -r1.61 pkgsrc/print/ghostscript/Makefile
   cvs rdiff -u -r1.22 -r1.23 pkgsrc/print/ghostscript/distinfo
   cvs rdiff -u -r0 -r1.4 pkgsrc/print/ghostscript/patches/patch-aa


(spz)

diff -r1.60 -r1.60.2.1 pkgsrc/print/ghostscript/Makefile
diff -r1.22 -r1.22.2.1 pkgsrc/print/ghostscript/distinfo
diff -r0 -r1.4.2.2 pkgsrc/print/ghostscript/patches/patch-aa

--- pkgsrc/print/ghostscript/Makefile 2009/03/25 10:42:13 1.60
+++ pkgsrc/print/ghostscript/Makefile 2009/04/17 21:43:51 1.60.2.1

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.60 2009/03/25 10:42:13 drochner Exp $
+# $NetBSD: Makefile,v 1.60.2.1 2009/04/17 21:43:51 spz Exp $
 DISTNAME=	ghostscript-8.64
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	print
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 EXTRACT_SUFX=	.tar.bz2
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://ghostscript.sourceforge.net/
 COMMENT=	Postscript interpreter
 PKG_DESTDIR_SUPPORT=	user-destdir
 CONFLICTS+=		ghostscript-afpl-[0-9]*
 CONFLICTS+=		ghostscript-esp{,-nox11}-[0-9]*
 CONFLICTS+=		ghostscript-gnu{,-nox11,-x11}-[0-9]*

--- pkgsrc/print/ghostscript/Attic/distinfo 2009/03/25 10:42:13 1.22
+++ pkgsrc/print/ghostscript/Attic/distinfo 2009/04/17 21:43:51 1.22.2.1

 @@ -1,13 +1,14 @@
-$NetBSD: distinfo,v 1.22 2009/03/25 10:42:13 drochner Exp $
+$NetBSD: distinfo,v 1.22.2.1 2009/04/17 21:43:51 spz Exp $
 SHA1 (ghostscript-8.64.tar.bz2) = 4c2a6e04145428d35da73fbc4db9c66a75e336e0
 RMD160 (ghostscript-8.64.tar.bz2) = 565134dcfe1e823b435c3761461c5eb394bd633c
 Size (ghostscript-8.64.tar.bz2) = 16921504 bytes
 SHA1 (patch-aa) = 31d077502dba343c5834e5ee9fdb42102ef47668
 SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006
 SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401
 SHA1 (patch-ae) = 50335e72adebe95ab0cb5873d1c6dd00e971579a
 SHA1 (patch-af) = e4d56f13f5eb595a3929aac6c257012961f59c2b
 SHA1 (patch-ag) = dd452d29253e20bb8fa453a1e4f139a40b2ab3e3
 SHA1 (patch-ah) = efc85dead838505ee462714167f196db2deeb0aa
 SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124
 SHA1 (patch-aj) = 5608e834189c9746f4ad40d11cc36e76609e5d6c

$NetBSD: patch-aa,v 1.4.2.2 2009/04/17 21:43:51 spz Exp $

Patch for CVE-2009-0196 taken from Redhat's Bugzilla:

https://bugzilla.redhat.com/attachment.cgi?id=337747

--- jbig2dec/jbig2_symbol_dict.c.orig	2007-12-11 08:29:58.000000000 +0000
+++ jbig2dec/jbig2_symbol_dict.c	2009-04-14 20:19:01.000000000 +0100
@@ -699,6 +699,15 @@
         exrunlength = params->SDNUMEXSYMS;
       else
         code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
+      if (exrunlength > params->SDNUMEXSYMS - j) {
+        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+          "runlength too large in export symbol table (%d > %d - %d)\n",
+          exrunlength, params->SDNUMEXSYMS, j);
+        jbig2_sd_release(ctx, SDEXSYMS);
+        /* skip to the cleanup code and return SDEXSYMS = NULL */
+        SDEXSYMS = NULL;
+        break;
+      }
       for(k = 0; k < exrunlength; k++)
         if (exflag) {
           SDEXSYMS->glyphs[j++] = (i < m) ?