gnu: ghostscript: Switch to Artifex Ghostcript and update to 9.21.

* gnu/packages/ghostscript.scm (ghostscript): Update to 9.21.
[source]: Fetch the source from Artifex.
[native-inputs]: Remove pkg-config.
[inputs]: Add jbig2dec and use libjpeg instead of libjpeg-8.
[arguments]: Add #:configure-flags.
[replacement]: Remove field.
(ghostcript/fixed): Remove variable.
* gnu/packages/patches/ghostscript-CVE-2017-8291.patch,
gnu/packages/patches/ghostscript-runpath.patch: Adjust to new upstream
source.
* gnu/packages/patches/ghostscript-CVE-2013-5653.patch,
gnu/packages/patches/ghostscript-CVE-2015-3228.patch,
gnu/packages/patches/ghostscript-CVE-2016-7976.patch,
gnu/packages/patches/ghostscript-CVE-2016-7978.patch,
gnu/packages/patches/ghostscript-CVE-2016-7979.patch,
gnu/packages/patches/ghostscript-CVE-2016-8602.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
This commit is contained in:
Leo Famulari 2017-05-29 13:47:39 -04:00
parent baf549df14
commit d6158fe70d
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
10 changed files with 240 additions and 532 deletions

View File

@ -614,12 +614,6 @@ dist_patch_DATA = \
%D%/packages/patches/gettext-multi-core.patch \
%D%/packages/patches/gettext-gnulib-multi-core.patch \
%D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \
%D%/packages/patches/ghostscript-CVE-2013-5653.patch \
%D%/packages/patches/ghostscript-CVE-2015-3228.patch \
%D%/packages/patches/ghostscript-CVE-2016-7976.patch \
%D%/packages/patches/ghostscript-CVE-2016-7978.patch \
%D%/packages/patches/ghostscript-CVE-2016-7979.patch \
%D%/packages/patches/ghostscript-CVE-2016-8602.patch \
%D%/packages/patches/ghostscript-CVE-2017-8291.patch \
%D%/packages/patches/ghostscript-runpath.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \

View File

@ -129,85 +129,98 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
(version "9.14.0")
;; XXX Try removing the bundled copy of jbig2dec.
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
version ".tar.xz"))
(sha256
(base32
"0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))
(patches (search-patches "ghostscript-CVE-2013-5653.patch"
"ghostscript-CVE-2015-3228.patch"
"ghostscript-CVE-2016-7976.patch"
"ghostscript-CVE-2016-7978.patch"
"ghostscript-CVE-2016-7979.patch"
"ghostscript-CVE-2016-8602.patch"
"ghostscript-CVE-2017-8291.patch"
"ghostscript-runpath.patch"))
(modules '((guix build utils)))
(snippet
;; Honor --docdir.
'(substitute* "Makefile.in"
(("^docdir=.*$") "docdir = @docdir@\n")
(("^exdir=.*$") "exdir = $(docdir)/examples\n")))))
(build-system gnu-build-system)
(outputs '("out" "doc")) ;16 MiB of HTML/PS doc + examples
(inputs `(("freetype" ,freetype)
("lcms" ,lcms)
("libjpeg-8" ,libjpeg-8)
("libpng" ,libpng)
("libpaper" ,libpaper)
("libtiff" ,libtiff)
("zlib" ,zlib)))
(native-inputs
`(("perl" ,perl)
("pkg-config" ,pkg-config) ; needed to find libtiff
("python" ,python-wrapper)
("tcl" ,tcl)))
(arguments
`(#:disallowed-references ("doc")
#:phases
(modify-phases %standard-phases
(add-after 'configure 'patch-config-files
(lambda _
(substitute* "base/all-arch.mak"
(("/bin/sh") (which "sh")))
(substitute* "base/unixhead.mak"
(("/bin/sh") (which "sh")))))
(name "ghostscript")
(version "9.21")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/ArtifexSoftware/"
"ghostpdl-downloads/releases/download/gs"
(string-delete #\. version)
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
"0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b"))
(patches (search-patches "ghostscript-runpath.patch"
"ghostscript-CVE-2017-8291.patch"))
(modules '((guix build utils)))
(snippet
;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so
;; we leave it, at least for now.
;; TODO Try unbundling ijs, which is developed alongside Ghostscript.
'(begin
(for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg"
"lcms2" "libpng"
"tiff" "zlib"))))))
(build-system gnu-build-system)
(outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples
(arguments
`(#:disallowed-references ("doc")
#:configure-flags
(list "--with-system-libtiff"
"LIBS=-lz"
(string-append "ZLIBDIR="
(assoc-ref %build-inputs "zlib") "/include")
"--enable-dynamic")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'fix-doc-dir
(lambda _
;; Honor --docdir.
(substitute* "Makefile.in"
(("^docdir=.*$") "docdir = @docdir@\n")
(("^exdir=.*$") "exdir = $(docdir)/examples\n"))
#t))
(add-after 'configure 'remove-doc-reference
(lambda _
;; Don't retain a reference to the 'doc' output in 'gs'.
;; The only use of this definition is in the output of
;; 'gs --help', so this change is fine.
(substitute* "base/gscdef.c"
(("GS_DOCDIR")
"\"~/.guix-profile/share/doc/ghostscript\""))))
(replace 'build
(lambda _
;; Build 'libgs.so', but don't build the statically-linked 'gs'
;; binary (saves 18 MiB).
(zero? (system* "make" "so" "-j"
(number->string (parallel-job-count))))))
(replace 'install
(lambda _
(zero? (system* "make" "soinstall"))))
(add-after 'install 'create-gs-symlink
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
;; some programs depend on having a 'gs' binary available
(symlink "gsc" (string-append out "/bin/gs"))))))))
(synopsis "PostScript and PDF interpreter")
(description
"Ghostscript is an interpreter for the PostScript language and the PDF
;; Don't retain a reference to the 'doc' output in 'gs'.
;; The only use of this definition is in the output of
;; 'gs --help', so this change is fine.
(substitute* "base/gscdef.c"
(("GS_DOCDIR")
"\"~/.guix-profile/share/doc/ghostscript\""))
#t))
(add-after 'configure 'patch-config-files
(lambda _
(substitute* "base/unixhead.mak"
(("/bin/sh") (which "sh")))
#t))
(replace 'build
(lambda _
;; Build 'libgs.so', but don't build the statically-linked 'gs'
;; binary (saves 22 MiB).
(zero? (system* "make" "so" "-j"
(number->string (parallel-job-count))))))
(replace 'install
(lambda _
(zero? (system* "make" "soinstall"))))
(add-after 'install 'create-gs-symlink
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
;; Some programs depend on having a 'gs' binary available.
(symlink "gsc" (string-append out "/bin/gs"))
#t))))))
(native-inputs
`(("perl" ,perl)
("python" ,python-wrapper)
("tcl" ,tcl)))
(inputs
`(("freetype" ,freetype)
("jbig2dec" ,jbig2dec)
("lcms2" ,lcms)
("libjpeg" ,libjpeg)
("libpaper" ,libpaper)
("libpng" ,libpng)
("libtiff" ,libtiff)
("zlib" ,zlib)))
(synopsis "PostScript and PDF interpreter")
(description
"Ghostscript is an interpreter for the PostScript language and the PDF
file format. It also includes a C library that implements the graphics
capabilities of the PostScript language. It supports a wide variety of
output file formats and printers.")
(license license:agpl3+)
(home-page "https://www.gnu.org/software/ghostscript/")
(properties '((upstream-name . "gnu-ghostscript")))))
(home-page "https://www.ghostscript.com/")
(license license:agpl3+)))
(define-public ghostscript/x
(package/inherit ghostscript

View File

@ -1,85 +0,0 @@
The following patch was adapted for GNU Ghostscript
by Mark H Weaver <mhw@netris.org> based on:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Sat, 5 Mar 2016 14:56:03 -0800
Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
---
Resource/Init/gs_init.ps | 2 ++
psi/zfile.c | 36 ++++++++++++++++++++----------------
2 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index fa33d88..99888ac 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -2018,6 +2018,7 @@ readonly def
/.locksafe {
.locksafe_userparams
+ systemdict /getenv {pop //false} put
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
% properties and pagedevice .LockSafetyParams in agreement even
@@ -2036,6 +2037,7 @@ readonly def
%%
/.locksafeglobal {
.locksafe_userparams
+ systemdict /getenv {pop //false} put
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
% properties and pagedevice .LockSafetyParams in agreement even
diff --git a/psi/zfile.c b/psi/zfile.c
index 320ecd5..0b9f299 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
if (len < devlen)
return_error(e_rangecheck); /* not even room for device len */
- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
- len - devlen);
- if (code == ~(uint) 0) { /* all done */
- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
- return o_pop_estack;
- } else if (code > len) /* overran string */
- return_error(e_rangecheck);
- else {
- push(1);
- ref_assign(op, pscratch);
- r_set_size(op, code + devlen);
- push_op_estack(file_continue); /* come again */
- *++esp = pscratch[2]; /* proc */
- return o_push_estack;
- }
+
+ do {
+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
+ len - devlen);
+ if (code == ~(uint) 0) { /* all done */
+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
+ return o_pop_estack;
+ } else if (code > len) /* overran string */
+ return_error(e_rangecheck);
+ else if (iodev != iodev_default(imemory)
+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
+ push(1);
+ ref_assign(op, pscratch);
+ r_set_size(op, code + devlen);
+ push_op_estack(file_continue); /* come again */
+ *++esp = pscratch[2]; /* proc */
+ return o_push_estack;
+ }
+ } while(1);
}
/* Cleanup procedure for enumerating files */
static int
--
2.9.1

View File

@ -1,32 +0,0 @@
The file names in the upstream patch below were modified to apply to GNU
ghostscript.
From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Tue, 7 Jul 2015 16:57:41 +0100
Subject: [PATCH] Bug 696041: sanity check for memory allocation.
In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
variable holding the actual number of bytes we allocate.
No cluster differences
---
gs/base/gsmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/gsmalloc.c b/base/gsmalloc.c
index 624552d..cad79c2 100644
--- a/base/gsmalloc.c
+++ b/base/gsmalloc.c
@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname)
} else {
uint added = size + sizeof(gs_malloc_block_t);
- if (mmem->limit - added < mmem->used)
+ if (added <= size || mmem->limit - added < mmem->used)
set_msg("exceeded limit");
else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
set_msg("failed");
--
2.4.6

View File

@ -1,185 +0,0 @@
The following patch was adapted for GNU Ghostscript
by Mark H Weaver <mhw@netris.org> based on:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 5 Oct 2016 09:55:55 +0100
Subject: [PATCH] Bug 697178: Add a file permissions callback
For the rare occasions when the graphics library directly opens a file
(currently for reading), this allows us to apply any restrictions on
file access normally applied in the interpteter.
---
base/gsicc_manage.c | 10 ++++++----
base/gslibctx.c | 12 +++++++++++-
base/gslibctx.h | 7 +++++++
psi/imain.c | 2 ++
psi/int.mak | 2 +-
psi/zfile.c | 19 +++++++++++++++++++
psi/zfile.h | 7 +++++++
7 files changed, 53 insertions(+), 6 deletions(-)
diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
index 931c2a6..e9c09c3 100644
--- a/base/gsicc_manage.c
+++ b/base/gsicc_manage.c
@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
}
/* First just try it like it is */
- str = sfopen(pname, "rb", mem_gc);
- if (str != NULL) {
- *strp = str;
- return 0;
+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
+ str = sfopen(pname, "rb", mem_gc);
+ if (str != NULL) {
+ *strp = str;
+ return 0;
+ }
}
/* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
diff --git a/base/gslibctx.c b/base/gslibctx.c
index eaa0458..37ce1ca 100644
--- a/base/gslibctx.c
+++ b/base/gslibctx.c
@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
mem->gs_lib_ctx = NULL;
return -1;
}
-
+ pio->client_check_file_permission = NULL;
gp_get_realtime(pio->real_time_0);
return 0;
@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem)
fflush(mem->gs_lib_ctx->fstderr);
/* else nothing to flush */
}
+
+int
+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
+{
+ int code = 0;
+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
+ }
+ return code;
+}
diff --git a/base/gslibctx.h b/base/gslibctx.h
index 7a4e110..020e2d9 100644
--- a/base/gslibctx.h
+++ b/base/gslibctx.h
@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
# define gs_font_dir_DEFINED
typedef struct gs_font_dir_s gs_font_dir;
#endif
+
+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
+
typedef struct gs_lib_ctx_s
{
gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */
@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s
bool dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */
/* A table of local copies of the IODevices */
struct gx_io_device_s **io_device_table;
+ client_check_file_permission_t client_check_file_permission;
/* Define the default value of AccurateScreens that affects setscreen
and setcolorscreen. */
bool screen_accurate_screens;
@@ -108,6 +112,9 @@ int
void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname,
int dir_namelen);
+int
+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
+
#define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
#define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
diff --git a/psi/imain.c b/psi/imain.c
index 9a9bb5d..6874128 100644
--- a/psi/imain.c
+++ b/psi/imain.c
@@ -57,6 +57,7 @@
#include "ivmspace.h"
#include "idisp.h" /* for setting display device callback */
#include "iplugin.h"
+#include "zfile.h"
#ifdef PACIFY_VALGRIND
#include "valgrind.h"
@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst)
"the_gs_name_table");
if (code < 0)
return code;
+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
}
code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */
if (code < 0)
diff --git a/psi/int.mak b/psi/int.mak
index 4654afc..bb30d51 100644
--- a/psi/int.mak
+++ b/psi/int.mak
@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
$(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
$(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
$(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)
+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)
$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
#****** $(CCINT) interp.c
diff --git a/psi/zfile.c b/psi/zfile.c
index 2c6c958..2f27f82 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
}
+/* z_check_file_permissions: see zfile.h for explanation
+ */
+int
+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
+{
+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
+ gs_parsed_file_name_t pname;
+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
+ int code = gs_parse_file_name(&pname, fname, len, imemory);
+ if (code < 0)
+ return code;
+
+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
+ return e_invalidfileaccess;
+
+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
+ return code;
+}
+
/* <name_string> <access_string> file <file> */
int /* exported for zsysvm.c */
zfile(i_ctx_t *i_ctx_p)
diff --git a/psi/zfile.h b/psi/zfile.h
index fdf1373..a9399c7 100644
--- a/psi/zfile.h
+++ b/psi/zfile.h
@@ -22,4 +22,11 @@
int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
const char *file_access, stream **ps, gs_memory_t *mem);
+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
+ * to allow applying the above permissions checks when opening file(s) from
+ * the graphics library
+ */
+int
+z_check_file_permissions(gs_memory_t *mem, const char *fname,
+ const int len, const char *permission);
#endif
--
2.9.1

View File

@ -1,25 +0,0 @@
From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 5 Oct 2016 09:59:25 +0100
Subject: [PATCH] Bug 697179: Reference count device icc profile
when copying a device
---
base/gsdevice.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/base/gsdevice.c b/base/gsdevice.c
index 778106f..aea986a 100644
--- a/base/gsdevice.c
+++ b/base/gsdevice.c
@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem,
dev->memory = mem;
dev->retained = !internal;
rc_init(dev, mem, (internal ? 0 : 1));
+ rc_increment(dev->icc_struct);
}
void
--
2.9.1

View File

@ -1,48 +0,0 @@
The following patch was adapted for GNU Ghostscript
by Mark H Weaver <mhw@netris.org> based on:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913
From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Wed, 5 Oct 2016 10:10:58 +0100
Subject: [PATCH] DSC parser - validate parameters
Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."
Regardless of any security implications, its simply wrong for a PostScript
operator not to validate its parameter(s).
No differences expected.
---
psi/zdscpars.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/psi/zdscpars.c b/psi/zdscpars.c
index c05e154..9b4b605 100644
--- a/psi/zdscpars.c
+++ b/psi/zdscpars.c
@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
ref local_ref;
int code;
os_ptr const op = osp;
- dict * const pdict = op->value.pdict;
- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
- dsc_data_t * const data =
- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
+ dict *pdict;
+ gs_memory_t *mem;
+ dsc_data_t *data;
+ check_read_type(*op, t_dictionary);
+
+ pdict = op->value.pdict;
+ mem = (gs_memory_t *)dict_memory(pdict);
+
+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
if (!data)
return_error(e_VMerror);
data->document_level = 0;
--
2.9.1

View File

@ -1,47 +0,0 @@
The following patch was adapted for GNU Ghostscript
by Mark H Weaver <mhw@netris.org> based on:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Sat, 8 Oct 2016 16:10:27 +0100
Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
and param types
---
psi/zht2.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/psi/zht2.c b/psi/zht2.c
index fb4a264..dfa27a4 100644
--- a/psi/zht2.c
+++ b/psi/zht2.c
@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
gs_memory_t *mem;
uint edepth = ref_stack_count(&e_stack);
int npop = 2;
- int dict_enum = dict_first(op);
+ int dict_enum;
ref rvalue[2];
int cname, colorant_number;
byte * pname;
uint name_size;
int halftonetype, type = 0;
gs_state *pgs = igs;
- int space_index = r_space_index(op - 1);
+ int space_index;
+
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(e_stackunderflow);
+ check_type(*op, t_dictionary);
+ check_type(*(op - 1), t_dictionary);
+
+ dict_enum = dict_first(op);
+ space_index = r_space_index(op - 1);
mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
--
2.9.1

View File

@ -1,15 +1,60 @@
Fix CVE-2017-8291:
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
https://bugs.ghostscript.com/show_bug.cgi?id=697799
https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
This patch is adapted from these two Artifex Ghostscript commits by Leo
Famulari <leo@famulari.name>:
Patches copied from upstream source repository:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 27 Apr 2017 13:03:33 +0100
Subject: [PATCH] Bug 697799: have .eqproc check its parameters
The Ghostscript custom operator .eqproc was not check the number or type of
the parameters it was given.
---
psi/zmisc3.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/psi/zmisc3.c b/psi/zmisc3.c
index 54b304246..37293ff4b 100644
--- a/psi/zmisc3.c
+++ b/psi/zmisc3.c
@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
ref2_t stack[MAX_DEPTH + 1];
ref2_t *top = stack;
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+ if (!r_is_array(op - 1) || !r_is_array(op)) {
+ return_error(gs_error_typecheck);
+ }
+
make_array(&stack[0].proc1, 0, 1, op - 1);
make_array(&stack[0].proc2, 0, 1, op);
for (;;) {
--
2.13.0
From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 27 Apr 2017 13:21:31 +0100
Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
The Ghostscript internal operator .rsdparams wasn't checking the number or
type of the operands it was being passed. Do so.
---
psi/zfrsd.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/psi/zfrsd.c b/psi/zfrsd.c
index fb4bce9..2629afa 100644
index 191107d8a..950588d69 100644
--- a/psi/zfrsd.c
+++ b/psi/zfrsd.c
@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644
+ int code = 0;
+
+ if (ref_stack_count(&o_stack) < 1)
+ return_error(e_stackunderflow);
+ return_error(gs_error_stackunderflow);
+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+ return_error(e_typecheck);
+ return_error(gs_error_typecheck);
+ }
make_empty_array(&empty_array, a_readonly);
@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644
+ && dict_find_string(op, "Filter", &pFilter) > 0) {
if (!r_is_array(pFilter)) {
if (!r_has_type(pFilter, t_name))
return_error(e_typecheck);
return_error(gs_error_typecheck);
@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
return_error(e_typecheck);
return_error(gs_error_typecheck);
}
}
- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (r_has_type(op, t_dictionary))
+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
return code;
- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
- )
@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644
push(1);
op[-1] = *pFilter;
if (pDecodeParms)
--
2.13.0
From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 3 May 2017 12:05:45 +0100
Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc)
When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
parameters that are not both procedures. In this case, it turns out, the
expectation is for the operator to return 'false', rather than throw an error.
---
psi/zmisc3.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/psi/zmisc3.c b/psi/zmisc3.c
index 54b3042..0d357f1 100644
index 37293ff4b..3f01d39a3 100644
--- a/psi/zmisc3.c
+++ b/psi/zmisc3.c
@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
return gs_cliprestore(igs);
}
+static inline bool
+eqproc_check_type(ref *r)
+{
+ return r_has_type(r, t_array)
+ || r_has_type(r, t_mixedarray)
+ || r_has_type(r, t_shortarray)
+ || r_has_type(r, t_oparray);
+}
+
/* <proc1> <proc2> .eqproc <bool> */
/*
* Test whether two procedures are equal to depth 10.
@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
if (ref_stack_count(&o_stack) < 2)
return_error(gs_error_stackunderflow);
- if (!r_is_array(op - 1) || !r_is_array(op)) {
- return_error(gs_error_typecheck);
+ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
+ make_false(op - 1);
+ pop(1);
+ return 0;
}
make_array(&stack[0].proc1, 0, 1, op - 1);
--
2.13.0
From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 11 May 2017 14:07:48 +0100
Subject: [PATCH] Bug 697892: fix check for op stack underflow.
In the original fix, I used the wrong method to check for stack underflow, this
is using the correct method.
---
psi/zfrsd.c | 3 +--
psi/zmisc3.c | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/psi/zfrsd.c b/psi/zfrsd.c
index 950588d69..9c035b96d 100644
--- a/psi/zfrsd.c
+++ b/psi/zfrsd.c
@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p)
uint i;
int code = 0;
- if (ref_stack_count(&o_stack) < 1)
- return_error(gs_error_stackunderflow);
+ check_op(1);
if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
return_error(gs_error_typecheck);
}
diff --git a/psi/zmisc3.c b/psi/zmisc3.c
index 3f01d39a3..43803b55b 100644
--- a/psi/zmisc3.c
+++ b/psi/zmisc3.c
@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p)
ref2_t stack[MAX_DEPTH + 1];
ref2_t *top = stack;
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(e_stackunderflow);
+ if (!r_is_array(op - 1) || !r_is_array(op)) {
+ return_error(e_typecheck);
+ }
+
make_array(&stack[0].proc1, 0, 1, op - 1);
make_array(&stack[0].proc2, 0, 1, op);
for (;;) {
- if (ref_stack_count(&o_stack) < 2)
- return_error(gs_error_stackunderflow);
+ check_op(2);
if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
make_false(op - 1);
pop(1);
--
2.13.0

View File

@ -1,17 +1,18 @@
This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'.
--- gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:45.386957927 +0200
+++ gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:49.222982359 +0200
@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR)
diff --git a/base/unix-dll.mak b/base/unix-dll.mak
index 9d57a99..36ef1ff 100644
--- a/base/unix-dll.mak
+++ b/base/unix-dll.mak
@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS)
# Build the small Ghostscript loaders, with Gtk+ and without
$(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
$(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
$(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \
- -L$(BINDIR) -l$(GS_SO_BASE)
+ -L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir)
$(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
$(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
$(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \
- -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS)
+ -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir)
# ------------------------- Recursive make targets ------------------------- #
$(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS)
$(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE)