* bug#26704: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291.
@ 2017-04-28 20:52 Leo Famulari
2017-04-28 21:05 ` Leo Famulari
0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2017-04-28 20:52 UTC (permalink / raw)
To: 26704
* gnu/packages/patches/ghostscript-CVE-2017-8291.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
(ghostscript/fixed): New variable.
(ghostscript-with-x)[replacement]: New field.
---
gnu/local.mk | 1 +
gnu/packages/ghostscript.scm | 13 ++++
.../patches/ghostscript-CVE-2017-8291.patch | 73 ++++++++++++++++++++++
3 files changed, 87 insertions(+)
create mode 100644 gnu/packages/patches/ghostscript-CVE-2017-8291.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 40fd0f061..117da28fb 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -603,6 +603,7 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-CVE-2016-7978.patch \
%D%/packages/patches/ghostscript-CVE-2016-7979.patch \
%D%/packages/patches/ghostscript-CVE-2016-8602.patch \
+ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \
%D%/packages/patches/ghostscript-runpath.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-tests-timer.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 076046e72..5340107f9 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -130,6 +130,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
+ (replacement ghostscript/fixed)
(version "9.14.0")
(source (origin
(method url-fetch)
@@ -209,11 +210,23 @@ output file formats and printers.")
(define-public ghostscript/x
(package (inherit ghostscript)
+ (replacement #f)
(name (string-append (package-name ghostscript) "-with-x"))
(inputs `(("libxext" ,libxext)
("libxt" ,libxt)
,@(package-inputs ghostscript)))))
+(define ghostscript/fixed
+ (package
+ (inherit ghostscript)
+ (source
+ (origin
+ (inherit (package-source ghostscript))
+ (patches
+ (append
+ (origin-patches (package-source ghostscript))
+ (search-patches "ghostscript-CVE-2017-8291.patch")))))))
+
(define-public ijs
(package
(name "ijs")
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
new file mode 100644
index 000000000..db80b6dde
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
@@ -0,0 +1,73 @@
+Fix CVE-2017-8291:
+
+https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
+
+This patch is adapted from these two Artifex Ghostscript commits by Leo
+Famulari <leo@famulari.name>:
+
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index fb4bce9..2629afa 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ ref *pFilter;
+ ref *pDecodeParms;
+ int Intent = 0;
+- bool AsyncRead;
++ bool AsyncRead = false;
+ ref empty_array, filter1_array, parms1_array;
+ uint i;
+- int code;
++ int code = 0;
++
++ if (ref_stack_count(&o_stack) < 1)
++ return_error(e_stackunderflow);
++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++ return_error(e_typecheck);
++ }
+
+ make_empty_array(&empty_array, a_readonly);
+- if (dict_find_string(op, "Filter", &pFilter) > 0) {
++ if (r_has_type(op, t_dictionary)
++ && dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (!r_is_array(pFilter)) {
+ if (!r_has_type(pFilter, t_name))
+ return_error(e_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+ return_error(e_typecheck);
+ }
+ }
+- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++ if (r_has_type(op, t_dictionary))
++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+ return code;
+- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+- )
+- return code;
++ if (r_has_type(op, t_dictionary))
++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++ return code;
+ push(1);
+ op[-1] = *pFilter;
+ if (pDecodeParms)
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b3042..0d357f1 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+ ref2_t stack[MAX_DEPTH + 1];
+ ref2_t *top = stack;
+
++ if (ref_stack_count(&o_stack) < 2)
++ return_error(e_stackunderflow);
++ if (!r_is_array(op - 1) || !r_is_array(op)) {
++ return_error(e_typecheck);
++ }
++
+ make_array(&stack[0].proc1, 0, 1, op - 1);
+ make_array(&stack[0].proc2, 0, 1, op);
+ for (;;) {
--
2.12.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* bug#26704: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291.
2017-04-28 20:52 bug#26704: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291 Leo Famulari
@ 2017-04-28 21:05 ` Leo Famulari
0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2017-04-28 21:05 UTC (permalink / raw)
To: 26704-done
[-- Attachment #1: Type: text/plain, Size: 449 bytes --]
On Fri, Apr 28, 2017 at 04:52:47PM -0400, Leo Famulari wrote:
> * gnu/packages/patches/ghostscript-CVE-2017-8291.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field.
> (ghostscript/fixed): New variable.
> (ghostscript-with-x)[replacement]: New field.
I pushed this as a01f15759a00503101baa23af87cbd6095a1fbd6. Thanks to
Eric for reviewing (I pinged him on IRC #guix)!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-28 21:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-28 20:52 bug#26704: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291 Leo Famulari
2017-04-28 21:05 ` Leo Famulari
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.