Tue Nov 23 22:43:36 2010 UTC ()
Pullup ticket 3280 - requested by tron
security fixes
Revisions pulled up:
- pkgsrc/print/ghostscript/Makefile 1.82
- pkgsrc/print/ghostscript/distinfo 1.36
Files added:
pkgsrc/print/ghostscript/patches/patch-ae
pkgsrc/print/ghostscript/patches/patch-bd
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Nov 13 17:03:00 UTC 2010
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript/patches: patch-bd
Log Message:
Apply patch from official repository:
- Fixed memory reallocation on bitmap size change. Reallocation is not only
needed when dimendions and margins change, but also when the color depth
changes. Fixes bugs #691029 and #691108.
- Fixed arrayoption() macro in cups_put_params() function. Array values did
not get actually set in cups.header data structure. Bug only showed via
a compiler warning.
- Silenced compiler warning by presetting c0..c3 in cups_map_cmyk() to zero.
makes my epson USB printer work again with 2010Q3 cups+ghostscript
PKGREVISION++
To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/print/ghostscript/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/print/ghostscript/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/print/ghostscript/patches/patch-bd
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 23 11:10:16 UTC 2010
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript/patches: patch-ae
Log Message:
Add Dr. Werner Fink's patch for the vulnerability reported in CVE-2010-2055.
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 pkgsrc/print/ghostscript/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/print/ghostscript/distinfo
cvs rdiff -u -r0 -r1.6 pkgsrc/print/ghostscript/patches/patch-ae
(spz)
diff -r1.80 -r1.80.2.1 pkgsrc/print/ghostscript/Makefile
diff -r1.34 -r1.34.2.1 pkgsrc/print/ghostscript/distinfo
diff -r0 -r1.6.2.2 pkgsrc/print/ghostscript/patches/patch-ae
diff -r0 -r1.3.2.2 pkgsrc/print/ghostscript/patches/patch-bd
--- pkgsrc/print/ghostscript/Makefile 2010/06/30 12:44:55 1.80
+++ pkgsrc/print/ghostscript/Makefile 2010/11/23 22:43:36 1.80.2.1
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.80 2010/06/30 12:44:55 tron Exp $ | | 1 | # $NetBSD: Makefile,v 1.80.2.1 2010/11/23 22:43:36 spz Exp $ |
2 | | | 2 | |
3 | DISTNAME= ghostscript-8.71 | | 3 | DISTNAME= ghostscript-8.71 |
4 | PKGREVISION= 4 | | 4 | PKGREVISION= 6 |
5 | CATEGORIES= print | | 5 | CATEGORIES= print |
6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} | | 6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} |
7 | MASTER_SITES+= http://ghostscript.com/releases/ | | 7 | MASTER_SITES+= http://ghostscript.com/releases/ |
8 | | | 8 | |
9 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
10 | HOMEPAGE= http://ghostscript.sourceforge.net/ | | 10 | HOMEPAGE= http://ghostscript.sourceforge.net/ |
11 | COMMENT= Postscript interpreter | | 11 | COMMENT= Postscript interpreter |
12 | | | 12 | |
13 | # Plus adobe verbatim for Resources/CMap. | | 13 | # Plus adobe verbatim for Resources/CMap. |
14 | LICENSE= gnu-gpl-v3 | | 14 | LICENSE= gnu-gpl-v3 |
15 | | | 15 | |
16 | DEPENDS+= ghostscript-fonts>=6.0:../../fonts/ghostscript-fonts | | 16 | DEPENDS+= ghostscript-fonts>=6.0:../../fonts/ghostscript-fonts |
17 | | | 17 | |
--- pkgsrc/print/ghostscript/Attic/distinfo 2010/06/30 12:44:55 1.34
+++ pkgsrc/print/ghostscript/Attic/distinfo 2010/11/23 22:43:36 1.34.2.1
| @@ -1,20 +1,22 @@ | | | @@ -1,20 +1,22 @@ |
1 | $NetBSD: distinfo,v 1.34 2010/06/30 12:44:55 tron Exp $ | | 1 | $NetBSD: distinfo,v 1.34.2.1 2010/11/23 22:43:36 spz Exp $ |
2 | | | 2 | |
3 | SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 | | 3 | SHA1 (ghostscript-8.71.tar.gz) = 629299140f612fac32f6289be0904107dfd1b555 |
4 | RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb | | 4 | RMD160 (ghostscript-8.71.tar.gz) = efce74cf22cf99b2b1a145df466e79a86e3dfefb |
5 | Size (ghostscript-8.71.tar.gz) = 25240801 bytes | | 5 | Size (ghostscript-8.71.tar.gz) = 25240801 bytes |
6 | SHA1 (patch-aa) = 31f2107c474398a350916df6fe793a5920f81169 | | 6 | SHA1 (patch-aa) = 31f2107c474398a350916df6fe793a5920f81169 |
7 | SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 | | 7 | SHA1 (patch-ab) = 7a98cad37f94394f172bdac23f5dd73fb1f08006 |
8 | SHA1 (patch-ac) = b1f71dc446f433be0b07b0511dc1028e8e3b77f3 | | 8 | SHA1 (patch-ac) = b1f71dc446f433be0b07b0511dc1028e8e3b77f3 |
9 | SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 | | 9 | SHA1 (patch-ad) = 8b3b743b2d6405ea35bfb16970942ecd55702401 |
| | | 10 | SHA1 (patch-ae) = e015d340a69da3881d4c95ae169ff255f1ffcfd4 |
10 | SHA1 (patch-af) = 13aa7b5159cbd5413353b48380d5665ed879fe64 | | 11 | SHA1 (patch-af) = 13aa7b5159cbd5413353b48380d5665ed879fe64 |
11 | SHA1 (patch-ag) = bdfbe40c849537d84ac2b3def4a0a3a87ecc152f | | 12 | SHA1 (patch-ag) = bdfbe40c849537d84ac2b3def4a0a3a87ecc152f |
12 | SHA1 (patch-ah) = 2007d42df0bf1d93af90dedaadc882da9fc3e5bc | | 13 | SHA1 (patch-ah) = 2007d42df0bf1d93af90dedaadc882da9fc3e5bc |
13 | SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124 | | 14 | SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124 |
14 | SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c | | 15 | SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c |
15 | SHA1 (patch-al) = 86489b704c60320385794c3eb68170d9b9f1f6cc | | 16 | SHA1 (patch-al) = 86489b704c60320385794c3eb68170d9b9f1f6cc |
16 | SHA1 (patch-am) = 47a994e902d565f2a06b054766d6fa93c7534d21 | | 17 | SHA1 (patch-am) = 47a994e902d565f2a06b054766d6fa93c7534d21 |
17 | SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130 | | 18 | SHA1 (patch-an) = 875360319e486f4606627d8cfa3dbffd48d76130 |
18 | SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057 | | 19 | SHA1 (patch-ba) = 9c9f9aa27bcbcb43c9eb3b7f7ae6d70fb6545057 |
19 | SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac | | 20 | SHA1 (patch-bb) = 6487b61fafe39a4ac8141b9f84044fc210df66ac |
20 | SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c | | 21 | SHA1 (patch-bc) = c35ee6c3075b89714fbb74956d68747d3c17bf9c |
| | | 22 | SHA1 (patch-bd) = f7a0448317118bd46d84d9cbc8f4c553175f1e74 |
$NetBSD: patch-ae,v 1.6.2.2 2010/11/23 22:43:36 spz Exp $
Security patch for CVE-2010-2055 by Dr. Werner Fink taken from here:
http://bugs.ghostscript.com/attachment.cgi?id=6449
--- psi/zfile.c.orig 2009-10-04 13:42:07.000000000 +0100
+++ psi/zfile.c 2010-11-23 11:03:52.000000000 +0000
@@ -902,6 +902,90 @@
return 0;
}
+/* return zero for success, -ve for error, +1 for continue */
+static int
+lib_file_open_search_with_no_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
+ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
+ gx_io_device *iodev, bool starting_arg_file, char *fmode)
+{
+ stream *s;
+ uint blen1 = blen;
+ if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
+ goto skip;
+ if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
+ (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
+ if (starting_arg_file ||
+ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
+ *pclen = blen1;
+ make_stream_file(pfile, s, "r");
+ return 0;
+ }
+ sclose(s);
+ return_error(e_invalidfileaccess);
+ }
+ skip:;
+ return 1;
+}
+
+/* return zero for success, -ve for error, +1 for continue */
+static int
+lib_file_open_search_with_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
+ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
+ gx_io_device *iodev, bool starting_arg_file, char *fmode)
+{
+ stream *s;
+ const gs_file_path *pfpath = lib_path;
+ uint pi;
+
+ for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
+ const ref *prdir = pfpath->list.value.refs + pi;
+ const char *pstr = (const char *)prdir->value.const_bytes;
+ uint plen = r_size(prdir), blen1 = blen;
+ gs_parsed_file_name_t pname;
+ gp_file_name_combine_result r;
+
+ /* We need to concatenate and parse the file name here
+ * if this path has a %device% prefix. */
+ if (pstr[0] == '%') {
+ int code;
+
+ /* We concatenate directly since gp_file_name_combine_*
+ * rules are not correct for other devices such as %rom% */
+ code = gs_parse_file_name(&pname, pstr, plen);
+ if (code < 0)
+ continue;
+ memcpy(buffer, pname.fname, pname.len);
+ memcpy(buffer+pname.len, fname, flen);
+ code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
+ &s, (gs_memory_t *)mem);
+ if (code < 0)
+ continue;
+ make_stream_file(pfile, s, "r");
+ /* fill in the buffer with the device concatenated */
+ memcpy(buffer, pstr, plen);
+ memcpy(buffer+plen, fname, flen);
+ *pclen = plen + flen;
+ return 0;
+ } else {
+ r = gp_file_name_combine(pstr, plen,
+ fname, flen, false, buffer, &blen1);
+ if (r != gp_combine_success)
+ continue;
+ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
+ &s, (gs_memory_t *)mem) == 0) {
+ if (starting_arg_file ||
+ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
+ *pclen = blen1;
+ make_stream_file(pfile, s, "r");
+ return 0;
+ }
+ sclose(s);
+ return_error(e_invalidfileaccess);
+ }
+ }
+ }
+ return 1;
+}
/* Return a file object of of the file searched for using the search paths. */
/* The fname cannot contain a device part (%...%) but the lib paths might. */
@@ -919,6 +1003,8 @@
char fmode[4] = { 'r', 0, 0, 0 }; /* room for binary suffix */
stream *s;
gx_io_device *iodev = iodev_default;
+ gs_main_instance *minst = get_minst_from_memory(mem);
+ int code;
/* when starting arg files (@ files) iodev_default is not yet set */
if (iodev == 0)
@@ -932,75 +1018,36 @@
search_with_no_combine = starting_arg_file;
search_with_combine = true;
}
- if (search_with_no_combine) {
- uint blen1 = blen;
-
- if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
- goto skip;
- if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
- (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
- if (starting_arg_file ||
- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
- *pclen = blen1;
- make_stream_file(pfile, s, "r");
- return 0;
- }
- sclose(s);
- return_error(e_invalidfileaccess);
- }
- skip:;
- }
- if (search_with_combine) {
- const gs_file_path *pfpath = lib_path;
- uint pi;
-
- for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
- const ref *prdir = pfpath->list.value.refs + pi;
- const char *pstr = (const char *)prdir->value.const_bytes;
- uint plen = r_size(prdir), blen1 = blen;
- gs_parsed_file_name_t pname;
- gp_file_name_combine_result r;
-
- /* We need to concatenate and parse the file name here
- * if this path has a %device% prefix. */
- if (pstr[0] == '%') {
- int code;
-
- /* We concatenate directly since gp_file_name_combine_*
- * rules are not correct for other devices such as %rom% */
- code = gs_parse_file_name(&pname, pstr, plen);
- if (code < 0)
- continue;
- memcpy(buffer, pname.fname, pname.len);
- memcpy(buffer+pname.len, fname, flen);
- code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
- &s, (gs_memory_t *)mem);
- if (code < 0)
- continue;
- make_stream_file(pfile, s, "r");
- /* fill in the buffer with the device concatenated */
- memcpy(buffer, pstr, plen);
- memcpy(buffer+plen, fname, flen);
- *pclen = plen + flen;
- return 0;
- } else {
- r = gp_file_name_combine(pstr, plen,
- fname, flen, false, buffer, &blen1);
- if (r != gp_combine_success)
- continue;
- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
- &s, (gs_memory_t *)mem) == 0) {
- if (starting_arg_file ||
- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
- *pclen = blen1;
- make_stream_file(pfile, s, "r");
- return 0;
- }
- sclose(s);
- return_error(e_invalidfileaccess);
- }
- }
- }
+ if (minst->search_here_first) {
+ if (search_with_no_combine) {
+ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue continue */
+ return code;
+ }
+ if (search_with_combine) {
+ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue searching */
+ return code;
+ }
+ } else {
+ if (search_with_combine) {
+ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue searching */
+ return code;
+ }
+ if (search_with_no_combine) {
+ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
+ fname, flen, buffer, blen, pclen, pfile,
+ iodev, starting_arg_file, fmode);
+ if (code <= 0) /* +ve means continue searching */
+ return code;
+ }
}
return_error(e_undefinedfilename);
}
$NetBSD: patch-bd,v 1.3.2.2 2010/11/23 22:43:36 spz Exp $
From 6d26e9b1c38d8c0f0ab4af42c513cb23f3ae1656 Mon Sep 17 00:00:00 2001
From: till <till@a1074d23-0009-0410-80fe-cf8c14f379e6>
Date: Tue, 9 Mar 2010 16:35:06 +0000
Subject: [PATCH] Fixes on CUPS Raster output device:
- Fixed memory reallocation on bitmap size change. Reallocation is not only
needed when dimendions and margins change, but also when the color depth
changes. Fixes bugs #691029 and #691108.
- Fixed arrayoption() macro in cups_put_params() function. Array values did
not get actually set in cups.header data structure. Bug only showed via
a compiler warning.
- Silenced compiler warning by presetting c0..c3 in cups_map_cmyk() to zero.
git-svn-id: http://svn.ghostscript.com/ghostscript/trunk/gs@10890 a1074d23-0009-0410-80fe-cf8c14f379e6
---
cups/gdevcups.c | 32 +++++++++++++++++++++++---------
1 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/cups/gdevcups.c b/cups/gdevcups.c
index 551b806..4000abf 100644
--- a/cups/gdevcups.c
+++ cups/gdevcups.c
@@ -975,7 +975,8 @@ cups_map_cmyk(gx_device *pdev, /* I - Device info */
frac k, /* I - Black value */
frac *out) /* O - Device colors */
{
- int c0, c1, c2, c3; /* Temporary color values */
+ int c0 = 0, c1 = 0,
+ c2 = 0, c3 = 0; /* Temporary color values */
float rr, rg, rb, /* Real RGB colors */
ciex, ciey, ciez, /* CIE XYZ colors */
ciey_yn, /* Normalized luminance */
@@ -2703,9 +2704,13 @@ cups_put_params(gx_device *pdev, /* I - Device info */
int color_set; /* Were the color attrs set? */
gdev_prn_space_params sp; /* Space parameter data */
int width, /* New width of page */
- height; /* New height of page */
+ height, /* New height of page */
+ colorspace, /* New color space */
+ bitspercolor; /* New bits per color */
static int width_old = 0, /* Previous width */
- height_old = 0; /* Previous height */
+ height_old = 0, /* Previous height */
+ colorspace_old = 0,/* Previous color space */
+ bitspercolor_old = 0;/* Previous bits per color */
ppd_attr_t *backside = NULL,
*backsiderequiresflippedmargins = NULL;
float swap;
@@ -2800,9 +2805,10 @@ cups_put_params(gx_device *pdev, /* I - Device info */
else if (code == 0) \
{ \
dprintf1("DEBUG: Setting %s to", sname); \
- for (i = 0; i < count; i ++) \
- dprintf1(" %d", (unsigned)(arrayval.data[i])); \
- cups->header.name[i] = (unsigned)arrayval.data[i]; \
+ for (i = 0; i < count; i ++) { \
+ dprintf1(" %d", (unsigned)(arrayval.data[i])); \
+ cups->header.name[i] = (unsigned)(arrayval.data[i]); \
+ } \
dprintf("...\n"); \
}
@@ -3243,23 +3249,31 @@ cups_put_params(gx_device *pdev, /* I - Device info */
}
#endif /* CUPS_RASTER_SYNCv1 */
+ colorspace = cups->header.cupsColorSpace;
+ bitspercolor = cups->header.cupsBitsPerColor;
+
/*
* Don't reallocate memory unless the device has been opened...
* Also reallocate only if the size has actually changed...
*/
- if (pdev->is_open && (width != width_old || height != height_old))
+ if (pdev->is_open &&
+ (width != width_old || height != height_old ||
+ colorspace != colorspace_old || bitspercolor != bitspercolor_old))
{
width_old = width;
height_old = height;
+ colorspace_old = colorspace;
+ bitspercolor_old = bitspercolor;
/*
* Device is open and size has changed, so reallocate...
*/
- dprintf4("DEBUG2: Reallocating memory, [%.0f %.0f] = %dx%d pixels...\n",
- pdev->MediaSize[0], pdev->MediaSize[1], width, height);
+ dprintf6("DEBUG2: Reallocating memory, [%.0f %.0f] = %dx%d pixels, color space: %d, bits per color: %d...\n",
+ pdev->MediaSize[0], pdev->MediaSize[1], width, height,
+ colorspace, bitspercolor);
sp = ((gx_device_printer *)pdev)->space_params;