summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-10-13 03:20:46 -0400
committerMark H Weaver <mhw@netris.org>2016-10-13 03:30:21 -0400
commit1de17a648fa631f0074d315bfff0716220ce4880 (patch)
treee4fdfe5becce3f4c6ae03d366bacbfb5127a172b /gnu/packages/patches/ghostscript-CVE-2013-5653.patch
parente940a2713dc16c470b0ac7d94f3ee3a9e1251f3d (diff)
gnu: ghostscript: Fix CVE-2013-5653 and CVE-2016-{7976,7978,7979,8602}.
* gnu/packages/patches/ghostscript-CVE-2013-5653.patch, gnu/packages/patches/ghostscript-CVE-2016-7976.patch, gnu/packages/patches/ghostscript-CVE-2016-7978.patch, gnu/packages/patches/ghostscript-CVE-2016-7979.patch, gnu/packages/patches/ghostscript-CVE-2016-8602.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field. (ghostscript/fixed): New variable. (ghostscript/x): Inherit 'ghostscript/fixed'.
Diffstat (limited to 'gnu/packages/patches/ghostscript-CVE-2013-5653.patch')
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2013-5653.patch85
1 files changed, 85 insertions, 0 deletions
diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
new file mode 100644
index 0000000000..622266b176
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
@@ -0,0 +1,85 @@
+The following patch was adapted for GNU Ghostscript
+by Mark H Weaver <mhw@netris.org> based on:
+
+http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
+
+From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Sat, 5 Mar 2016 14:56:03 -0800
+Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
+
+---
+ Resource/Init/gs_init.ps | 2 ++
+ psi/zfile.c | 36 ++++++++++++++++++++----------------
+ 2 files changed, 22 insertions(+), 16 deletions(-)
+
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index fa33d88..99888ac 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2018,6 +2018,7 @@ readonly def
+
+ /.locksafe {
+ .locksafe_userparams
++ systemdict /getenv {pop //false} put
+ % setpagedevice has the side effect of clearing the page, but
+ % we will just document that. Using setpagedevice keeps the device
+ % properties and pagedevice .LockSafetyParams in agreement even
+@@ -2036,6 +2037,7 @@ readonly def
+ %%
+ /.locksafeglobal {
+ .locksafe_userparams
++ systemdict /getenv {pop //false} put
+ % setpagedevice has the side effect of clearing the page, but
+ % we will just document that. Using setpagedevice keeps the device
+ % properties and pagedevice .LockSafetyParams in agreement even
+diff --git a/psi/zfile.c b/psi/zfile.c
+index 320ecd5..0b9f299 100644
+--- a/psi/zfile.c
++++ b/psi/zfile.c
+@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
+
+ if (len < devlen)
+ return_error(e_rangecheck); /* not even room for device len */
+- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
+- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
+- len - devlen);
+- if (code == ~(uint) 0) { /* all done */
+- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
+- return o_pop_estack;
+- } else if (code > len) /* overran string */
+- return_error(e_rangecheck);
+- else {
+- push(1);
+- ref_assign(op, pscratch);
+- r_set_size(op, code + devlen);
+- push_op_estack(file_continue); /* come again */
+- *++esp = pscratch[2]; /* proc */
+- return o_push_estack;
+- }
++
++ do {
++ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
++ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
++ len - devlen);
++ if (code == ~(uint) 0) { /* all done */
++ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
++ return o_pop_estack;
++ } else if (code > len) /* overran string */
++ return_error(e_rangecheck);
++ else if (iodev != iodev_default(imemory)
++ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
++ push(1);
++ ref_assign(op, pscratch);
++ r_set_size(op, code + devlen);
++ push_op_estack(file_continue); /* come again */
++ *++esp = pscratch[2]; /* proc */
++ return o_push_estack;
++ }
++ } while(1);
+ }
+ /* Cleanup procedure for enumerating files */
+ static int
+--
+2.9.1
+