guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: ghostscript: Fix CVE-2017-8291.


From: Leo Famulari
Subject: 01/01: gnu: ghostscript: Fix CVE-2017-8291.
Date: Fri, 28 Apr 2017 17:03:38 -0400 (EDT)

lfam pushed a commit to branch master
in repository guix.

commit a01f15759a00503101baa23af87cbd6095a1fbd6
Author: Leo Famulari <address@hidden>
Date:   Fri Apr 28 16:34:05 2017 -0400

    gnu: ghostscript: Fix CVE-2017-8291.
    
    * gnu/packages/patches/ghostscript-CVE-2017-8291.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
    (ghostscript/fixed): New variable.
    (ghostscript-with-x)[replacement]: New field.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/ghostscript.scm                       | 13 ++++
 .../patches/ghostscript-CVE-2017-8291.patch        | 73 ++++++++++++++++++++++
 3 files changed, 87 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index 40fd0f0..117da28 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -603,6 +603,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/ghostscript-CVE-2016-7978.patch         \
   %D%/packages/patches/ghostscript-CVE-2016-7979.patch         \
   %D%/packages/patches/ghostscript-CVE-2016-8602.patch         \
+  %D%/packages/patches/ghostscript-CVE-2017-8291.patch         \
   %D%/packages/patches/ghostscript-runpath.patch               \
   %D%/packages/patches/glib-networking-ssl-cert-file.patch     \
   %D%/packages/patches/glib-tests-timer.patch                  \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 076046e..5340107 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -130,6 +130,7 @@ printing, and psresize, for adjusting page sizes.")
 (define-public ghostscript
   (package
    (name "ghostscript")
+   (replacement ghostscript/fixed)
    (version "9.14.0")
    (source (origin
             (method url-fetch)
@@ -209,11 +210,23 @@ output file formats and printers.")
 
 (define-public ghostscript/x
   (package (inherit ghostscript)
+    (replacement #f)
     (name (string-append (package-name ghostscript) "-with-x"))
     (inputs `(("libxext" ,libxext)
               ("libxt" ,libxt)
               ,@(package-inputs ghostscript)))))
 
+(define ghostscript/fixed
+  (package
+    (inherit ghostscript)
+    (source
+      (origin
+        (inherit (package-source ghostscript))
+        (patches
+          (append
+            (origin-patches (package-source ghostscript))
+            (search-patches "ghostscript-CVE-2017-8291.patch")))))))
+
 (define-public ijs
   (package
    (name "ijs")
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch 
b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
new file mode 100644
index 0000000..db80b6d
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
@@ -0,0 +1,73 @@
+Fix CVE-2017-8291:
+
+https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
+
+This patch is adapted from these two Artifex Ghostscript commits by Leo
+Famulari <address@hidden>:
+
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index fb4bce9..2629afa 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+     ref *pFilter;
+     ref *pDecodeParms;
+     int Intent = 0;
+-    bool AsyncRead;
++    bool AsyncRead = false;
+     ref empty_array, filter1_array, parms1_array;
+     uint i;
+-    int code;
++    int code = 0;
++
++    if (ref_stack_count(&o_stack) < 1)
++        return_error(e_stackunderflow);
++    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++        return_error(e_typecheck);
++    }
+ 
+     make_empty_array(&empty_array, a_readonly);
+-    if (dict_find_string(op, "Filter", &pFilter) > 0) {
++    if (r_has_type(op, t_dictionary)
++        && dict_find_string(op, "Filter", &pFilter) > 0) {
+         if (!r_is_array(pFilter)) {
+             if (!r_has_type(pFilter, t_name))
+                 return_error(e_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+                 return_error(e_typecheck);
+         }
+     }
+-    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++    if (r_has_type(op, t_dictionary))
++        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+     if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+         return code;
+-    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+-        )
+-        return code;
++    if (r_has_type(op, t_dictionary))
++        if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++            return code;
+     push(1);
+     op[-1] = *pFilter;
+     if (pDecodeParms)
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b3042..0d357f1 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(e_stackunderflow);
++    if (!r_is_array(op - 1) || !r_is_array(op)) {
++        return_error(e_typecheck);
++    }
++
+     make_array(&stack[0].proc1, 0, 1, op - 1);
+     make_array(&stack[0].proc2, 0, 1, op);
+     for (;;) {



reply via email to

[Prev in Thread] Current Thread [Next in Thread]