Tue Nov 23 11:10:16 2010 UTC ()
Add Dr. Werner Fink's patch for the vulnerability reported in CVE-2010-2055.
(tron)
diff -r1.81 -r1.82 pkgsrc/print/ghostscript/Makefile
diff -r1.35 -r1.36 pkgsrc/print/ghostscript/distinfo
diff -r0 -r1.6 pkgsrc/print/ghostscript/patches/patch-ae
--- pkgsrc/print/ghostscript/Makefile 2010/11/13 17:03:00 1.81
+++ pkgsrc/print/ghostscript/Makefile 2010/11/23 11:10:15 1.82
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.81 2010/11/13 17:03:00 bouyer Exp $ | | 1 | # $NetBSD: Makefile,v 1.82 2010/11/23 11:10:15 tron Exp $ |
2 | | | 2 | |
3 | DISTNAME= ghostscript-8.71 | | 3 | DISTNAME= ghostscript-8.71 |
4 | PKGREVISION= 5 | | 4 | PKGREVISION= 6 |
5 | CATEGORIES= print | | 5 | CATEGORIES= print |
6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} | | 6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} |
7 | MASTER_SITES+= http://ghostscript.com/releases/ | | 7 | MASTER_SITES+= http://ghostscript.com/releases/ |
8 | | | 8 | |
9 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
10 | HOMEPAGE= http://ghostscript.sourceforge.net/ | | 10 | HOMEPAGE= http://ghostscript.sourceforge.net/ |
11 | COMMENT= Postscript interpreter | | 11 | COMMENT= Postscript interpreter |
12 | | | 12 | |
13 | # Plus adobe verbatim for Resources/CMap. | | 13 | # Plus adobe verbatim for Resources/CMap. |
14 | LICENSE= gnu-gpl-v3 | | 14 | LICENSE= gnu-gpl-v3 |
15 | | | 15 | |
16 | DEPENDS+= ghostscript-fonts>=6.0:../../fonts/ghostscript-fonts | | 16 | DEPENDS+= ghostscript-fonts>=6.0:../../fonts/ghostscript-fonts |
17 | | | 17 | |
--- pkgsrc/print/ghostscript/Attic/distinfo 2010/11/13 17:03:00 1.35
+++ pkgsrc/print/ghostscript/Attic/distinfo 2010/11/23 11:10:15 1.36
| @@ -1,21 +1,22 @@ | | | @@ -1,21 +1,22 @@ |
1 | $NetBSD: distinfo,v 1.35 2010/11/13 17:03:00 bouyer Exp $ | | 1 | $NetBSD: distinfo,v 1.36 2010/11/23 11:10:15 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 | | 3 | SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 |
4 | RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb | | 4 | RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb |
5 | Size (ghostscript-8.71.tar.gz) = 25240801 bytes | | 5 | Size (ghostscript-8.71.tar.gz) = 25240801 bytes |
6 | SHA1 (patch-aa) = 31f2107c474398a350916df6fe793a5920f81169 | | 6 | SHA1 (patch-aa) = 31f2107c474398a350916df6fe793a5920f81169 |
7 | SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 | | 7 | SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 |
8 | SHA1 (patch-ac) = b1f71dc446f433be0b07b0511dc1028e8e3b77f3 | | 8 | SHA1 (patch-ac) = b1f71dc446f433be0b07b0511dc1028e8e3b77f3 |
9 | SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 | | 9 | SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 |
| | | 10 | SHA1 (patch-ae) = e015d340a69da3881d4c95ae169ff255f1ffcfd4 |
10 | SHA1 (patch-af) = 13aa7b5159cbd5413353b48380d5665ed879fe64 | | 11 | SHA1 (patch-af) = 13aa7b5159cbd5413353b48380d5665ed879fe64 |
11 | SHA1 (patch-ag) = bdfbe40c849537d84ac2b3def4a0a3a87ecc152f | | 12 | SHA1 (patch-ag) = bdfbe40c849537d84ac2b3def4a0a3a87ecc152f |
12 | SHA1 (patch-ah) = 2007d42df0bf1d93af90dedaadc882da9fc3e5bc | | 13 | SHA1 (patch-ah) = 2007d42df0bf1d93af90dedaadc882da9fc3e5bc |
13 | SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124 | | 14 | SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124 |
14 | SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c | | 15 | SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c |
15 | SHA1 (patch-al) = 86489b704c60320385794c3eb68170d9b9f1f6cc | | 16 | SHA1 (patch-al) = 86489b704c60320385794c3eb68170d9b9f1f6cc |
16 | SHA1 (patch-am) = 47a994e902d565f2a06b054766d6fa93c7534d21 | | 17 | SHA1 (patch-am) = 47a994e902d565f2a06b054766d6fa93c7534d21 |
17 | SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130 | | 18 | SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130 |
18 | SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057 | | 19 | SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057 |
19 | SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac | | 20 | SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac |
20 | SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c | | 21 | SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c |
21 | SHA1 (patch-bd) = f7a0448317118bd46d84d9cbc8f4c553175f1e74 | | 22 | SHA1 (patch-bd) = f7a0448317118bd46d84d9cbc8f4c553175f1e74 |
$NetBSD: patch-ae,v 1.6 2010/11/23 11:10:16 tron Exp $
Security patch for CVE-2010-2055 by Dr. Werner Fink taken from here:
http://bugs.ghostscript.com/attachment.cgi?id=6449
--- psi/zfile.c.orig 2009-10-04 13:42:07.000000000 +0100
+++ psi/zfile.c 2010-11-23 11:03:52.000000000 +0000
@@ -902,6 +902,90 @@
return 0;
}
+/* return zero for success, -ve for error, +1 for continue */
+static int
+lib_file_open_search_with_no_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
+ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
+ gx_io_device *iodev, bool starting_arg_file, char *fmode)
+{
+ stream *s;
+ uint blen1 = blen;
+ if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
+ goto skip;
+ if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
+ (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
+ if (starting_arg_file ||
+ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
+ *pclen = blen1;
+ make_stream_file(pfile, s, "r");
+ return 0;
+ }
+ sclose(s);
+ return_error(e_invalidfileaccess);
+ }
+ skip:;
+ return 1;
+}
+
+/* return zero for success, -ve for error, +1 for continue */
+static int
+lib_file_open_search_with_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
+ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
+ gx_io_device *iodev, bool starting_arg_file, char *fmode)
+{
+ stream *s;
+ const gs_file_path *pfpath = lib_path;
+ uint pi;
+
+ for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
+ const ref *prdir = pfpath->list.value.refs + pi;
+ const char *pstr = (const char *)prdir->value.const_bytes;
+ uint plen = r_size(prdir), blen1 = blen;
+ gs_parsed_file_name_t pname;
+ gp_file_name_combine_result r;
+
+ /* We need to concatenate and parse the file name here
+ * if this path has a %device% prefix. */
+ if (pstr[0] == '%') {
+ int code;
+
+ /* We concatenate directly since gp_file_name_combine_*
+ * rules are not correct for other devices such as %rom% */
+ code = gs_parse_file_name(&pname, pstr, plen);
+ if (code < 0)
+ continue;
+ memcpy(buffer, pname.fname, pname.len);
+ memcpy(buffer+pname.len, fname, flen);
+ code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
+ &s, (gs_memory_t *)mem);
+ if (code < 0)
+ continue;
+ make_stream_file(pfile, s, "r");
+ /* fill in the buffer with the device concatenated */
+ memcpy(buffer, pstr, plen);
+ memcpy(buffer+plen, fname, flen);
+ *pclen = plen + flen;
+ return 0;
+ } else {
+ r = gp_file_name_combine(pstr, plen,
+ fname, flen, false, buffer, &blen1);
+ if (r != gp_combine_success)
+ continue;
+ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
+ &s, (gs_memory_t *)mem) == 0) {
+ if (starting_arg_file ||
+ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
+ *pclen = blen1;
+ make_stream_file(pfile, s, "r");
+ return 0;
+ }
+ sclose(s);
+ return_error(e_invalidfileaccess);
+ }
+ }
+ }
+ return 1;
+}
/* Return a file object of of the file searched for using the search paths. */
/* The fname cannot contain a device part (%...%) but the lib paths might. */
@@ -919,6 +1003,8 @@
char fmode[4] = { 'r', 0, 0, 0 }; /* room for binary suffix */
stream *s;
gx_io_device *iodev = iodev_default;
+ gs_main_instance *minst = get_minst_from_memory(mem);
+ int code;
/* when starting arg files (@ files) iodev_default is not yet set */
if (iodev == 0)
@@ -932,75 +1018,36 @@
search_with_no_combine = starting_arg_file;
search_with_combine = true;
}
- if (search_with_no_combine) {
- uint blen1 = blen;
-
- if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
- goto skip;
- if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
- (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
- if (starting_arg_file ||
- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
- *pclen = blen1;
- make_stream_file(pfile, s, "r");
- return 0;
- }
- sclose(s);
- return_error(e_invalidfileaccess);
- }
- skip:;
- }
- if (search_with_combine) {
- const gs_file_path *pfpath = lib_path;
- uint pi;
-
- for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
- const ref *prdir = pfpath->list.value.refs + pi;
- const char *pstr = (const char *)prdir->value.const_bytes;
- uint plen = r_size(prdir), blen1 = blen;
- gs_parsed_file_name_t pname;
- gp_file_name_combine_result r;
-
- /* We need to concatenate and parse the file name here
- * if this path has a %device% prefix. */
- if (pstr[0] == '%') {
- int code;
-
- /* We concatenate directly since gp_file_name_combine_*
- * rules are not correct for other devices such as %rom% */
- code = gs_parse_file_name(&pname, pstr, plen);
- if (code < 0)
- continue;
- memcpy(buffer, pname.fname, pname.len);
- memcpy(buffer+pname.len, fname, flen);
- code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
- &s, (gs_memory_t *)mem);
- if (code < 0)
- continue;
- make_stream_file(pfile, s, "r");
- /* fill in the buffer with the device concatenated */
- memcpy(buffer, pstr, plen);
- memcpy(buffer+plen, fname, flen);
- *pclen = plen + flen;
- return 0;
- } else {
- r = gp_file_name_combine(pstr, plen,
- fname, flen, false, buffer, &blen1);
- if (r != gp_combine_success)
- continue;
- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
- &s, (gs_memory_t *)mem) == 0) {
- if (starting_arg_file ||
- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
- *pclen = blen1;
- make_stream_file(pfile, s, "r");
- return 0;
- }
- sclose(s);
- return_error(e_invalidfileaccess);
- }
- }
- }
+ if (minst->search_here_first) {
+ if (search_with_no_combine) {
+ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue continue */
+ return code;
+ }
+ if (search_with_combine) {
+ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue searching */
+ return code;
+ }
+ } else {
+ if (search_with_combine) {
+ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue searching */
+ return code;
+ }
+ if (search_with_no_combine) {
+ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue searching */
+ return code;
+ }
}
return_error(e_undefinedfilename);
}