Wed Apr 5 20:11:01 2017 UTC ()

Fix for CVE-2017-7207


(tez)

diff -r1.23 -r1.24 pkgsrc/print/ghostscript-gpl/Makefile
diff -r1.14 -r1.15 pkgsrc/print/ghostscript-gpl/distinfo
diff -r0 -r1.1 pkgsrc/print/ghostscript-gpl/patches/patch-CVE-2017-7207

--- pkgsrc/print/ghostscript-gpl/Makefile 2017/03/23 20:38:24 1.23
+++ pkgsrc/print/ghostscript-gpl/Makefile 2017/04/05 20:11:01 1.24

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.23 2017/03/23 20:38:24 tez Exp $
+# $NetBSD: Makefile,v 1.24 2017/04/05 20:11:01 tez Exp $
 DISTNAME=	ghostscript-${GS_VERSION}
 PKGNAME=	${DISTNAME:S/ghostscript/ghostscript-gpl/}
-PKGREVISION=	10
+PKGREVISION=	11
 CATEGORIES=	print
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 MASTER_SITES+=	http://ghostscript.com/releases/
 EXTRACT_SUFX=	.tar.bz2
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://ghostscript.sourceforge.net/
 COMMENT=	Postscript interpreter
 # Plus adobe verbatim for Resources/CMap.
 LICENSE=	gnu-gpl-v3
 .include	"Makefile.common"

--- pkgsrc/print/ghostscript-gpl/distinfo 2017/03/23 20:38:24 1.14
+++ pkgsrc/print/ghostscript-gpl/distinfo 2017/04/05 20:11:01 1.15

 @@ -1,25 +1,26 @@
-$NetBSD: distinfo,v 1.14 2017/03/23 20:38:24 tez Exp $
+$NetBSD: distinfo,v 1.15 2017/04/05 20:11:01 tez Exp $
 SHA1 (ghostscript-9.06.tar.bz2) = 4c1c2b4cddd16d86b21f36ad4fc15f6100162238
 RMD160 (ghostscript-9.06.tar.bz2) = 11ef74cf783ec5f7cde0ceaaf2823a1f62fb4d1d
 SHA512 (ghostscript-9.06.tar.bz2) = 99f7a56316bf96d55c0cd7b07c0791ad4e6ee0d3a8f3bfa04ea28890ea9ed822ebcd7084cc8118cc38dc5def27c91c24eebc08a20a630463a9bf9d0193d0923b
 Size (ghostscript-9.06.tar.bz2) = 29246039 bytes
 SHA1 (patch-CVE-2012-4405) = 1dcb4cfeceb366c144e0a1337c6ccc2d8e13e4ca
 SHA1 (patch-CVE-2014-8137) = 5375f56f3d7cdfed0c9f900d291d75bbc3182b96
 SHA1 (patch-CVE-2014-8138) = be161051680e3c6c9246f31237019470a447ee49
 SHA1 (patch-CVE-2014-8157) = 18822069b9791fc3553e812878cfca483d881cd4
 SHA1 (patch-CVE-2014-8158) = 71387f152a205caaef0fcc518dbb0fbb7b78e531
 SHA1 (patch-CVE-2014-9029) = 9636c7d6909fc0dec7ad2102b59fb14d599bac6a
 SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc
 SHA1 (patch-CVE-2017-7207) = 31f4a73b49b52942385eaa3c8cf2a94b5bbde6df
 SHA1 (patch-af) = 79af4d253001f879f1b5d3ef93584ae7300361de
 SHA1 (patch-ah) = 73a05ee51845ca70e1b18c50dee98d6799a46d52
 SHA1 (patch-ai) = 3962a3acac1d4537dbbe3fc3b205aba87387d485
 SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c
 SHA1 (patch-al) = e5a5be44f997a450afef15e172acc771b4818ac9
 SHA1 (patch-an) = 22ed9965aec5d540adb31334d8dd9e05eab8e0c2
 SHA1 (patch-base_configure_ac) = c0f5ee586df05d1d136b7c89b4776c0bf480cc57
 SHA1 (patch-base_gdevpng.c) = 24120e26bd2a846f6d4c8ab9753dfe91f151343f
 SHA1 (patch-base_gserrors_h) = fde64bd096a6e6f94005c8352a6295df06c19bae
 SHA1 (patch-base_gsmalloc.c) = 891bdcef49e0f2c435744eaf7bbcd31f5dbcbaba
 SHA1 (patch-base_memento.c) = d30cfb9285a0268e743c90cdf831674eaa24789b
 SHA1 (patch-openjpeg_libopenjpeg_opj_malloc_h) = 24f15c55cd7961afc1254f6c4bccd6d0c2a5e737

$NetBSD: patch-CVE-2017-7207,v 1.1 2017/04/05 20:11:01 tez Exp $

Fix for CVE-2017-7207 from
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091;hp=dd5da2cb3e08398ac6d86598b36b00994d058308


--- base/gdevmem.c.orig	2017-04-05 19:13:09.561063700 +0000
+++ base/gdevmem.c
@@ -562,6 +562,8 @@ mem_get_bits_rectangle(gx_device * dev,
             GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
         return_error(gs_error_rangecheck);
     }
+    if (mdev->line_ptrs == 0x00)
+	return_error(gs_error_rangecheck);
     if ((w <= 0) | (h <= 0)) {
         if ((w | h) < 0)
             return_error(gs_error_rangecheck);