Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
647
Issues
647
List
Boards
Labels
Service Desk
Milestones
Merge Requests
205
Merge Requests
205
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
9ce86c9b
Commit
9ce86c9b
authored
Nov 12, 2018
by
J0WI
Committed by
Natanael Copa
Dec 07, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/ghostscript: security fixes (CVE-2018-17961, CVE-2018-18073, CVE-2018-18284)
parent
55ef7390
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
1002 additions
and
134 deletions
+1002
-134
main/ghostscript/APKBUILD
main/ghostscript/APKBUILD
+8
-2
main/ghostscript/CVE-2017-5951.patch
main/ghostscript/CVE-2017-5951.patch
+0
-39
main/ghostscript/CVE-2017-7207.patch
main/ghostscript/CVE-2017-7207.patch
+0
-33
main/ghostscript/CVE-2017-8291.patch
main/ghostscript/CVE-2017-8291.patch
+0
-60
main/ghostscript/ghostscript-9.25-security_fixes-2.patch
main/ghostscript/ghostscript-9.25-security_fixes-2.patch
+994
-0
No files found.
main/ghostscript/APKBUILD
View file @
9ce86c9b
...
...
@@ -2,7 +2,7 @@
# Maintainer: Cameron Banta <cbanta@gmail.com>
pkgname
=
ghostscript
pkgver
=
9.25
pkgrel
=
0
pkgrel
=
1
pkgdesc
=
"An interpreter for the PostScript language and for PDF"
url
=
"https://ghostscript.com/"
arch
=
"all"
...
...
@@ -14,10 +14,15 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-gtk"
source
=
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs
${
pkgver
/./
}
/ghostscript-
$pkgver
.tar.gz
ghostscript-system-zlib.patch
fix-sprintf.patch
ghostscript-9.25-security_fixes-2.patch
"
builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
# secfixes:
# 9.25-r1:
# - CVE-2018-17961
# - CVE-2018-18073
# - CVE-2018-18284
# 9.25-r0:
# - CVE-2018-16802
# 9.24-r0:
...
...
@@ -116,4 +121,5 @@ gtk() {
sha512sums
=
"6710bf00e6246bf07173d4012c7742dd2315b6888b883d63372c0dc2fef76e8be5672f10e4c529244ba153f4ae8ab713403209365a3f7a76c469d69d797761b1 ghostscript-9.25.tar.gz
70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482 ghostscript-system-zlib.patch
beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch"
beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch
f3d225a913780364df04588ba08afb9a9547082a801ad23ff3429e117c6c9f511c4c0f35c464710c7d503fa8b80c3a2cbc77bf50bf0c2e846db2a6ec15f77e2e ghostscript-9.25-security_fixes-2.patch"
main/ghostscript/CVE-2017-5951.patch
deleted
100644 → 0
View file @
55ef7390
From bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 6 Apr 2017 16:44:54 +0100
Subject: [PATCH] Bug 697548: use the correct param list enumerator
When we encountered dictionary in a ref_param_list, we were using the enumerator
for the "parent" param_list, rather than the enumerator for the param_list
we just created for the dictionary. That parent was usually the stack
list enumerator, and caused a segfault.
Using the correct enumerator works better.
---
psi/iparam.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/psi/iparam.c b/psi/iparam.c
index 4e63b6d..b2fa85f 100644
--- a/psi/iparam.c
+++ b/psi/iparam.c
@@ -770,12 +770,13 @@
ref_param_read_typed(gs_param_list * plist, gs_param_name pkey,
gs_param_enumerator_t enumr;
gs_param_key_t key;
ref_type keytype;
+ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list;
param_init_enumerator(&enumr);
- if (!(*((iparam_list *) plist)->enumerate)
- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype)
+ if (!(*(dlist->enumerate))
+ ((iparam_list *) dlist, &enumr, &key, &keytype)
&& keytype == t_integer) {
- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1;
+ dlist->int_keys = 1;
pvalue->type = gs_param_type_dict_int_keys;
}
}
--
2.9.1
main/ghostscript/CVE-2017-7207.patch
deleted
100644 → 0
View file @
55ef7390
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Mon, 20 Mar 2017 09:34:11 +0000
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
This is only possible by abusing/mis-using Ghostscript-specific
language extensions, so cannot happen in a general PostScript program.
Nevertheless, Ghostscript should not crash. So this commit checks the
memory device to see if raster memory has been allocated, before trying
to read from it.
---
base/gdevmem.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/base/gdevmem.c b/base/gdevmem.c
index afd05bd..d52d684 100644
--- a/base/gdevmem.c
+++ b/base/gdevmem.c
@@ -606,6 +606,8 @@
mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
return_error(gs_error_rangecheck);
}
+ if (mdev->line_ptrs == 0x00)
+ return_error(gs_error_rangecheck);
if ((w <= 0) | (h <= 0)) {
if ((w | h) < 0)
return_error(gs_error_rangecheck);
--
2.9.1
main/ghostscript/CVE-2017-8291.patch
deleted
100644 → 0
View file @
55ef7390
From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 27 Apr 2017 13:21:31 +0100
Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
The Ghostscript internal operator .rsdparams wasn't checking the number or
type of the operands it was being passed. Do so.
---
psi/zfrsd.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/psi/zfrsd.c b/psi/zfrsd.c
index 191107d..950588d 100644
--- a/psi/zfrsd.c
+++ b/psi/zfrsd.c
@@ -49,13 +49,20 @@
zrsdparams(i_ctx_t *i_ctx_p)
ref *pFilter;
ref *pDecodeParms;
int Intent = 0;
- bool AsyncRead;
+ bool AsyncRead = false;
ref empty_array, filter1_array, parms1_array;
uint i;
- int code;
+ int code = 0;
+
+ if (ref_stack_count(&o_stack) < 1)
+ return_error(gs_error_stackunderflow);
+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+ return_error(gs_error_typecheck);
+ }
make_empty_array(&empty_array, a_readonly);
- if (dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (r_has_type(op, t_dictionary)
+ && dict_find_string(op, "Filter", &pFilter) > 0) {
if (!r_is_array(pFilter)) {
if (!r_has_type(pFilter, t_name))
return_error(gs_error_typecheck);
@@ -94,12 +101,13 @@
zrsdparams(i_ctx_t *i_ctx_p)
return_error(gs_error_typecheck);
}
}
- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (r_has_type(op, t_dictionary))
+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
return code;
- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
- )
- return code;
+ if (r_has_type(op, t_dictionary))
+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
+ return code;
push(1);
op[-1] = *pFilter;
if (pDecodeParms)
--
2.9.1
main/ghostscript/ghostscript-9.25-security_fixes-2.patch
0 → 100644
View file @
9ce86c9b
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment