summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-08-29 20:49:47 +0100
committerV3n3RiX <venerix@redcorelinux.org>2018-08-29 20:49:47 +0100
commitb462edcb5c295f19190a376dda59e34c7066599d (patch)
treeaba961b910e23787f10f1e7d5e6c3bfc24133ee2
parent4c78498d730f3b55b33f83de316df32ac9799c8d (diff)
app-text/ghostscript-gpl : import from gentoo, version bump, added 12 patches to fix https://www.kb.cert.org/vuls/id/332928
-rw-r--r--app-text/ghostscript-gpl/Manifest2
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githash0d390118.patch47
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githash0edd3d6c.patch22
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githash241d9111.patch44
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githash5516c614.patch231
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githash78911a01.patch31
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch49
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githasha054156d.patch52
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githashb326a716.patch27
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch34
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githashc3476dde.patch44
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githashc432131c.patch110
-rw-r--r--app-text/ghostscript-gpl/files/VU332928-githashe01e77a3.patch12
-rw-r--r--app-text/ghostscript-gpl/ghostscript-gpl-9.23.ebuild212
14 files changed, 917 insertions, 0 deletions
diff --git a/app-text/ghostscript-gpl/Manifest b/app-text/ghostscript-gpl/Manifest
new file mode 100644
index 00000000..7b24d859
--- /dev/null
+++ b/app-text/ghostscript-gpl/Manifest
@@ -0,0 +1,2 @@
+DIST ghostscript-9.23.tar.xz 33426160 BLAKE2B 9bae1b508c6452af1f7210a080d0bd4943cf3c8dad3a2813124d632c42854c3e34a6af444c3272c574d7f7514daf2d6aedd2a3eba85ef3433e4410dec915cc3d SHA512 0c1f59b743f92f9cf7000b06f6209010e583ef4d6899c20ed245721dea3c08fd58b9e2d1513fe83765ab6be233bc7ab250cf18054e4d09de4073b1111e38035f
+DIST ghostscript-gpl-9.21-patchset-1.tar.xz 6196 BLAKE2B d2bccba582873d29c1724469af66a5aa72755d6ff73bbdadbf33e5eb4a2027c2cf14415319c3c3c6d03a9fbd9bad43e3bf7ef57eb7a3361305f6efb7fa550675 SHA512 58fef7080ca17a238231fb528be48f52bcfa771b1e496d7fede6df45fb927f1bb1c755cb77e02aa739295b0ccf0b3d3959f9a05a1628d32ffd11e134c0e0d355
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash0d390118.patch b/app-text/ghostscript-gpl/files/VU332928-githash0d390118.patch
new file mode 100644
index 00000000..891daf81
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githash0d390118.patch
@@ -0,0 +1,47 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 21 Aug 2018 19:17:05 +0000 (+0100)
+Subject: Bug 699657: properly apply file permissions to .tempfile
+X-Git-Tag: ghostpdl-9.24rc1~22
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=0d390118
+
+Bug 699657: properly apply file permissions to .tempfile
+---
+
+diff --git a/psi/zfile.c b/psi/zfile.c
+index a0acd5a..19996b0 100644
+--- a/psi/zfile.c
++++ b/psi/zfile.c
+@@ -134,7 +134,7 @@ check_file_permissions_reduced(i_ctx_t *i_ctx_p, const char *fname, int len,
+ /* we're protecting arbitrary file system accesses, not Postscript device accesses.
+ * Although, note that %pipe% is explicitly checked for and disallowed elsewhere
+ */
+- if (iodev != iodev_default(imemory)) {
++ if (iodev && iodev != iodev_default(imemory)) {
+ return 0;
+ }
+
+@@ -734,7 +734,23 @@ ztempfile(i_ctx_t *i_ctx_p)
+ }
+
+ if (gp_file_name_is_absolute(pstr, strlen(pstr))) {
+- if (check_file_permissions(i_ctx_p, pstr, strlen(pstr),
++ int plen = strlen(pstr);
++ const char *sep = gp_file_name_separator();
++#ifdef DEBUG
++ int seplen = strlen(sep);
++ if (seplen != 1)
++ return_error(gs_error_Fatal);
++#endif
++ /* strip off the file name prefix, leave just the directory name
++ * so we can check if we are allowed to write to it
++ */
++ for ( ; plen >=0; plen--) {
++ if (pstr[plen] == sep[0])
++ break;
++ }
++ memcpy(fname, pstr, plen);
++ fname[plen] = '\0';
++ if (check_file_permissions(i_ctx_p, fname, strlen(fname),
+ NULL, "PermitFileWriting") < 0) {
+ code = gs_note_error(gs_error_invalidfileaccess);
+ goto done;
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash0edd3d6c.patch b/app-text/ghostscript-gpl/files/VU332928-githash0edd3d6c.patch
new file mode 100644
index 00000000..21d77eae
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githash0edd3d6c.patch
@@ -0,0 +1,22 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 21 Aug 2018 19:36:52 +0000 (+0100)
+Subject: Bug 699659: Don't just assume an object is a t_(a)struct
+X-Git-Tag: ghostpdl-9.24rc1~20
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=0edd3d6c
+
+Bug 699659: Don't just assume an object is a t_(a)struct
+---
+
+diff --git a/psi/ztype.c b/psi/ztype.c
+index ad248d9..8307956 100644
+--- a/psi/ztype.c
++++ b/psi/ztype.c
+@@ -76,7 +76,7 @@ ztype(i_ctx_t *i_ctx_p)
+ /* Must be either a stack underflow or a t_[a]struct. */
+ check_op(2);
+ { /* Get the type name from the structure. */
+- if (op[-1].value.pstruct != 0x00) {
++ if ((r_has_type(&op[-1], t_struct) || r_has_type(&op[-1], t_astruct)) && op[-1].value.pstruct != 0x00) {
+ const char *sname =
+ gs_struct_type_name_string(gs_object_type(imemory,
+ op[-1].value.pstruct));
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash241d9111.patch b/app-text/ghostscript-gpl/files/VU332928-githash241d9111.patch
new file mode 100644
index 00000000..4941c20b
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githash241d9111.patch
@@ -0,0 +1,44 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 23 Aug 2018 14:41:18 +0000 (+0100)
+Subject: Bug 699664: Ensure the correct is in place before cleanup
+X-Git-Tag: ghostpdl-9.24rc1~14
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=241d9111
+
+Bug 699664: Ensure the correct is in place before cleanup
+
+If the PS job replaces the device and leaves that graphics state in place, we
+wouldn't cleanup the default device in the normal way, but rely on the garbage
+collector.
+
+This works (but isn't ideal), *except* when the job replaces the device with
+the null device (using the nulldevice operator) - this means that
+.uninstallpagedevice doesn't replace the existing device with the nulldevice
+(since it is already installed), the device from the graphics ends up being
+freed - and as it is the nulldevice, which we rely on, memory corruption
+and a segfault can happen.
+
+We avoid this by checking if the current device is the nulldevice, and if so,
+restoring it away, before continuing with the device cleanup.
+---
+
+diff --git a/psi/imain.c b/psi/imain.c
+index 2fe1546..138bfc8 100644
+--- a/psi/imain.c
++++ b/psi/imain.c
+@@ -936,6 +936,16 @@ gs_main_finit(gs_main_instance * minst, int exit_status, int code)
+ i_ctx_p = minst->i_ctx_p; /* interp_reclaim could change it. */
+ }
+
++ if (i_ctx_p->pgs != NULL && i_ctx_p->pgs->device != NULL &&
++ gx_device_is_null(i_ctx_p->pgs->device)) {
++ /* if the job replaced the device with the nulldevice, we we need to grestore
++ away that device, so the block below can properly dispense
++ with the default device.
++ */
++ int code = gs_grestoreall(i_ctx_p->pgs);
++ if (code < 0) return_error(gs_error_Fatal);
++ }
++
+ if (i_ctx_p->pgs != NULL && i_ctx_p->pgs->device != NULL) {
+ gx_device *pdev = i_ctx_p->pgs->device;
+ const char * dname = pdev->dname;
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash5516c614.patch b/app-text/ghostscript-gpl/files/VU332928-githash5516c614.patch
new file mode 100644
index 00000000..a5f22d1b
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githash5516c614.patch
@@ -0,0 +1,231 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 24 Aug 2018 08:26:04 +0000 (+0100)
+Subject: Improve restore robustness
+X-Git-Tag: ghostpdl-9.24rc1~10
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=5516c614
+
+Improve restore robustness
+
+Prompted by looking at Bug 699654:
+
+There are two variants of the restore operator in Ghostscript: one is Level 1
+(restoring VM), the other is Level 2+ (adding page device restoring to the
+Level operator).
+
+This was implemented by the Level 2+ version restoring the device in the
+graphics state, then calling the Level 1 implementation to handle actually
+restoring the VM state.
+
+The problem was that the operand checking, and sanity of the save object was
+only done by the Level 1 variant, thus meaning an invalid save object could
+leave a (Level 2+) restore partially complete - with the page device part
+restored, but not VM, and the page device not configured.
+
+To solve that, this commit splits the operand and sanity checking, and the
+core of the restore operation into separate functions, so the relevant
+operators can validate the operand *before* taking any further action. That
+reduces the chances of an invalid restore leaving the interpreter in an
+unknown state.
+
+If an error occurs during the actual VM restore it is essentially fatal, and the
+interpreter cannot continue, but as an extra surety for security, in the event
+of such an error, we'll explicitly preserve the LockSafetyParams of the device,
+rather than rely on the post-restore device configuration (which won't happen
+in the event of an error).
+---
+
+diff --git a/psi/int.mak b/psi/int.mak
+index 1968820..16db0cf 100644
+--- a/psi/int.mak
++++ b/psi/int.mak
+@@ -1086,8 +1086,8 @@ $(PSD)pagedev.dev : $(ECHOGS_XE) $(pagedev_)\
+
+ $(PSOBJ)zdevice2.$(OBJ) : $(PSSRC)zdevice2.c $(OP) $(math__h) $(memory__h)\
+ $(dstack_h) $(estack_h)\
+- $(idict_h) $(idparam_h) $(igstate_h) $(iname_h) $(iutil_h) $(store_h)\
+- $(gxdevice_h) $(gsstate_h) $(INT_MAK) $(MAKEDIRS)
++ $(idict_h) $(idparam_h) $(igstate_h) $(iname_h) $(isave) $(iutil_h) \
++ $(store_h) $(gxdevice_h) $(gsstate_h) $(INT_MAK) $(MAKEDIRS)
+ $(PSCC) $(PSO_)zdevice2.$(OBJ) $(C_) $(PSSRC)zdevice2.c
+
+ $(PSOBJ)zmedia2.$(OBJ) : $(PSSRC)zmedia2.c $(OP) $(math__h) $(memory__h)\
+diff --git a/psi/isave.h b/psi/isave.h
+index 3021639..7eaaced 100644
+--- a/psi/isave.h
++++ b/psi/isave.h
+@@ -128,4 +128,10 @@ int font_restore(const alloc_save_t * save);
+ express purpose of getting the library context. */
+ gs_memory_t *gs_save_any_memory(const alloc_save_t *save);
+
++int
++restore_check_save(i_ctx_t *i_ctx_p, alloc_save_t **asave);
++
++int
++dorestore(i_ctx_t *i_ctx_p, alloc_save_t *asave);
++
+ #endif /* isave_INCLUDED */
+diff --git a/psi/zdevice2.c b/psi/zdevice2.c
+index 9fbb4e3..0c7080d 100644
+--- a/psi/zdevice2.c
++++ b/psi/zdevice2.c
+@@ -26,6 +26,7 @@
+ #include "igstate.h"
+ #include "iname.h"
+ #include "iutil.h"
++#include "isave.h"
+ #include "store.h"
+ #include "gxdevice.h"
+ #include "gsstate.h"
+@@ -307,13 +308,24 @@ z2grestoreall(i_ctx_t *i_ctx_p)
+ }
+ return 0;
+ }
+-
++/* This is the Level 2+ variant of restore - which adds restoring
++ of the page device to the Level 1 variant in zvmem.c.
++ Previous this restored the device state before calling zrestore.c
++ which validated operands etc, meaning a restore could error out
++ partially complete.
++ The operand checking, and actual VM restore are now in two functions
++ so they can called separately thus, here, we can do as much
++ checking as possible, before embarking on actual changes
++ */
+ /* <save> restore - */
+ static int
+ z2restore(i_ctx_t *i_ctx_p)
+ {
+- os_ptr op = osp;
+- check_type(*op, t_save);
++ alloc_save_t *asave;
++ bool saveLockSafety = gs_currentdevice_inline(igs)->LockSafetyParams;
++ int code = restore_check_save(i_ctx_p, &asave);
++
++ if (code < 0) return code;
+
+ while (gs_gstate_saved(gs_gstate_saved(igs))) {
+ if (restore_page_device(igs, gs_gstate_saved(igs)))
+@@ -322,7 +334,20 @@ z2restore(i_ctx_t *i_ctx_p)
+ }
+ if (restore_page_device(igs, gs_gstate_saved(igs)))
+ return push_callout(i_ctx_p, "%restorepagedevice");
+- return zrestore(i_ctx_p);
++
++ code = dorestore(i_ctx_p, asave);
++
++ if (code < 0) {
++ /* An error here is basically fatal, but....
++ restore_page_device() has to set LockSafetyParams false so it can
++ configure the restored device correctly - in normal operation, that
++ gets reset by that configuration. If we hit an error, though, that
++ may not happen - at least ensure we keep the setting through the
++ error.
++ */
++ gs_currentdevice_inline(igs)->LockSafetyParams = saveLockSafety;
++ }
++ return code;
+ }
+
+ /* <gstate> setgstate - */
+diff --git a/psi/zvmem.c b/psi/zvmem.c
+index 44cd7a8..87a0a4f 100644
+--- a/psi/zvmem.c
++++ b/psi/zvmem.c
+@@ -99,19 +99,18 @@ zsave(i_ctx_t *i_ctx_p)
+ static int restore_check_operand(os_ptr, alloc_save_t **, gs_dual_memory_t *);
+ static int restore_check_stack(const i_ctx_t *i_ctx_p, const ref_stack_t *, const alloc_save_t *, bool);
+ static void restore_fix_stack(i_ctx_t *i_ctx_p, ref_stack_t *, const alloc_save_t *, bool);
++
++/* Do as many up front checks of the save object as we reasonably can */
+ int
+-zrestore(i_ctx_t *i_ctx_p)
++restore_check_save(i_ctx_t *i_ctx_p, alloc_save_t **asave)
+ {
+ os_ptr op = osp;
+- alloc_save_t *asave;
+- bool last;
+- vm_save_t *vmsave;
+- int code = restore_check_operand(op, &asave, idmemory);
++ int code = restore_check_operand(op, asave, idmemory);
+
+ if (code < 0)
+ return code;
+ if_debug2m('u', imemory, "[u]vmrestore 0x%lx, id = %lu\n",
+- (ulong) alloc_save_client_data(asave),
++ (ulong) alloc_save_client_data(*asave),
+ (ulong) op->value.saveid);
+ if (I_VALIDATE_BEFORE_RESTORE)
+ ivalidate_clean_spaces(i_ctx_p);
+@@ -120,14 +119,37 @@ zrestore(i_ctx_t *i_ctx_p)
+ {
+ int code;
+
+- if ((code = restore_check_stack(i_ctx_p, &o_stack, asave, false)) < 0 ||
+- (code = restore_check_stack(i_ctx_p, &e_stack, asave, true)) < 0 ||
+- (code = restore_check_stack(i_ctx_p, &d_stack, asave, false)) < 0
++ if ((code = restore_check_stack(i_ctx_p, &o_stack, *asave, false)) < 0 ||
++ (code = restore_check_stack(i_ctx_p, &e_stack, *asave, true)) < 0 ||
++ (code = restore_check_stack(i_ctx_p, &d_stack, *asave, false)) < 0
+ ) {
+ osp++;
+ return code;
+ }
+ }
++ osp++;
++ return 0;
++}
++
++/* the semantics of restore differ slightly between Level 1 and
++ Level 2 and later - the latter includes restoring the device
++ state (whilst Level 1 didn't have "page devices" as such).
++ Hence we have two restore operators - one here (Level 1)
++ and one in zdevice2.c (Level 2+). For that reason, the
++ operand checking and guts of the restore operation are
++ separated so both implementations can use them to best
++ effect.
++ */
++int
++dorestore(i_ctx_t *i_ctx_p, alloc_save_t *asave)
++{
++ os_ptr op = osp;
++ bool last;
++ vm_save_t *vmsave;
++ int code;
++
++ osp--;
++
+ /* Reset l_new in all stack entries if the new save level is zero. */
+ /* Also do some special fixing on the e-stack. */
+ restore_fix_stack(i_ctx_p, &o_stack, asave, false);
+@@ -170,9 +192,24 @@ zrestore(i_ctx_t *i_ctx_p)
+ /* cause an 'invalidaccess' in setuserparams. Temporarily set */
+ /* LockFilePermissions false until the gs_lev2.ps can do a */
+ /* setuserparams from the restored userparam dictionary. */
++ /* NOTE: This is safe to do here, since the restore has */
++ /* successfully completed - this should never come before any */
++ /* operation that can trigger an error */
+ i_ctx_p->LockFilePermissions = false;
+ return 0;
+ }
++
++int
++zrestore(i_ctx_t *i_ctx_p)
++{
++ alloc_save_t *asave;
++ int code = restore_check_save(i_ctx_p, &asave);
++ if (code < 0)
++ return code;
++
++ return dorestore(i_ctx_p, asave);
++}
++
+ /* Check the operand of a restore. */
+ static int
+ restore_check_operand(os_ptr op, alloc_save_t ** pasave,
+@@ -193,6 +230,7 @@ restore_check_operand(os_ptr op, alloc_save_t ** pasave,
+ *pasave = asave;
+ return 0;
+ }
++
+ /* Check a stack to make sure all its elements are older than a save. */
+ static int
+ restore_check_stack(const i_ctx_t *i_ctx_p, const ref_stack_t * pstack,
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash78911a01.patch b/app-text/ghostscript-gpl/files/VU332928-githash78911a01.patch
new file mode 100644
index 00000000..5d4dfde2
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githash78911a01.patch
@@ -0,0 +1,31 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 23 Aug 2018 08:54:59 +0000 (+0100)
+Subject: Bug 699654: Check the restore operand type
+X-Git-Tag: ghostpdl-9.24rc1~19
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=78911a01
+
+Bug 699654: Check the restore operand type
+
+The primary function that implements restore correctly checked its parameter,
+but a function that does some preliminary work for the restore (gstate and
+device handling) did not check.
+
+So, even though the restore correctly errored out, it left things partially done
+and, in particular, the device in partially restored state. Meaning the
+LockSafetyParams was not correctly set.
+---
+
+diff --git a/psi/zdevice2.c b/psi/zdevice2.c
+index de16dd2..9fbb4e3 100644
+--- a/psi/zdevice2.c
++++ b/psi/zdevice2.c
+@@ -312,6 +312,9 @@ z2grestoreall(i_ctx_t *i_ctx_p)
+ static int
+ z2restore(i_ctx_t *i_ctx_p)
+ {
++ os_ptr op = osp;
++ check_type(*op, t_save);
++
+ while (gs_gstate_saved(gs_gstate_saved(igs))) {
+ if (restore_page_device(igs, gs_gstate_saved(igs)))
+ return push_callout(i_ctx_p, "%restore1pagedevice");
diff --git a/app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch b/app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch
new file mode 100644
index 00000000..ca6b2272
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githash8e9ce501.patch
@@ -0,0 +1,49 @@
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Thu, 23 Aug 2018 14:42:02 +0000 (+0100)
+Subject: Bug 699665 "memory corruption in aesdecode"
+X-Git-Tag: ghostpdl-9.24rc1~13
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=8e9ce501
+
+Bug 699665 "memory corruption in aesdecode"
+
+The specimen file calls aesdecode without specifying the key to be
+used, though it does manage to do enough work with the PDF interpreter
+routines to get access to aesdecode (which isn't normally available).
+
+This causes us to read uninitialised memory, which can (and often does)
+lead to a segmentation fault.
+
+In this commit we set the key to NULL explicitly during intialisation
+and then check it before we read it. If its NULL we just return.
+
+It seems bizarre that we don't return error codes, we should probably
+look into that at some point, but this prevents the code trying to
+read uninitialised memory.
+---
+
+diff --git a/base/aes.c b/base/aes.c
+index a6bce93..e86f000 100644
+--- a/base/aes.c
++++ b/base/aes.c
+@@ -662,6 +662,9 @@ void aes_crypt_ecb( aes_context *ctx,
+ }
+ #endif
+
++ if (ctx == NULL || ctx->rk == NULL)
++ return;
++
+ RK = ctx->rk;
+
+ GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++;
+diff --git a/base/saes.c b/base/saes.c
+index 6db0e8b..307ed74 100644
+--- a/base/saes.c
++++ b/base/saes.c
+@@ -120,6 +120,7 @@ s_aes_process(stream_state * ss, stream_cursor_read * pr,
+ gs_throw(gs_error_VMerror, "could not allocate aes context");
+ return ERRC;
+ }
++ memset(state->ctx, 0x00, sizeof(aes_context));
+ if (state->keylength < 1 || state->keylength > SAES_MAX_KEYLENGTH) {
+ gs_throw1(gs_error_rangecheck, "invalid aes key length (%d bytes)",
+ state->keylength);
diff --git a/app-text/ghostscript-gpl/files/VU332928-githasha054156d.patch b/app-text/ghostscript-gpl/files/VU332928-githasha054156d.patch
new file mode 100644
index 00000000..08079b31
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githasha054156d.patch
@@ -0,0 +1,52 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 21 Aug 2018 19:17:51 +0000 (+0100)
+Subject: Bug 699658: Fix handling of pre-SAFER opened files.
+X-Git-Tag: ghostpdl-9.24rc1~21
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=a054156d
+
+Bug 699658: Fix handling of pre-SAFER opened files.
+
+Temp files opened for writing before SAFER is engaged are not subject to the
+SAFER restrictions - that is handled by recording in a dictionary, and
+checking that as part of the permissions checks.
+
+By adding a custom error handler for invalidaccess, that allowed the filename
+to be added to the dictionary (despite the attempted open throwing the error)
+thus meaning subsequent accesses were erroneously permitted.
+---
+
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index a6e49f0..5a5a428 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2036,6 +2036,19 @@ readonly def
+ concatstrings concatstrings .generate_dir_list_templates
+ } if
+ ]
++ /PermitFileWriting [
++ currentuserparams /PermitFileWriting get aload pop
++ (TMPDIR) getenv not
++ {
++ (TEMP) getenv not
++ {
++ (TMP) getenv not
++ {
++ (/temp) (/tmp)
++ } if
++ } if
++ } if
++ ]
+ /LockFilePermissions //true
+ >> setuserparams
+ }
+@@ -2122,7 +2135,9 @@ readonly def
+ % the file can be deleted later, even if SAFER is set.
+ /.tempfile {
+ .tempfile % filename file
+- //SAFETY /tempfiles get 2 .argindex //true .forceput
++ //SAFETY /safe get not { % only add the filename if we're not yet safe
++ //SAFETY /tempfiles get 2 .argindex //true .forceput
++ } if
+ } .bind executeonly odef
+
+ % If we are running in SAFER mode, lock things down
diff --git a/app-text/ghostscript-gpl/files/VU332928-githashb326a716.patch b/app-text/ghostscript-gpl/files/VU332928-githashb326a716.patch
new file mode 100644
index 00000000..2c8533fa
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githashb326a716.patch
@@ -0,0 +1,27 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 21 Aug 2018 15:24:05 +0000 (+0100)
+Subject: Bug 699655: Properly check the return value....
+X-Git-Tag: ghostpdl-9.24rc1~24
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b326a716
+
+Bug 699655: Properly check the return value....
+
+...when getting a value from a dictionary
+---
+
+diff --git a/psi/zcolor.c b/psi/zcolor.c
+index 4c0f258..e27baf9 100644
+--- a/psi/zcolor.c
++++ b/psi/zcolor.c
+@@ -283,8 +283,9 @@ zsetcolor(i_ctx_t * i_ctx_p)
+ if (r_has_type(op, t_dictionary)) {
+ ref *pImpl, pPatInst;
+
+- code = dict_find_string(op, "Implementation", &pImpl);
+- if (code != 0) {
++ if ((code = dict_find_string(op, "Implementation", &pImpl)) < 0)
++ return code;
++ if (code > 0) {
+ code = array_get(imemory, pImpl, 0, &pPatInst);
+ if (code < 0)
+ return code;
diff --git a/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch
new file mode 100644
index 00000000..b33c5220
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githashb575e1ec.patch
@@ -0,0 +1,34 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 23 Aug 2018 11:20:56 +0000 (+0100)
+Subject: Bug 699668: handle stack overflow during error handling
+X-Git-Tag: ghostpdl-9.24rc1~17
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=b575e1ec
+
+Bug 699668: handle stack overflow during error handling
+
+When handling a Postscript error, we push the object throwing the error onto
+the operand stack for the error handling procedure to access - we were not
+checking the available stack before doing so, thus causing a crash.
+
+Basically, if we get a stack overflow when already handling an error, we're out
+of options, return to the caller with a fatal error.
+---
+
+diff --git a/psi/interp.c b/psi/interp.c
+index 8b49556..6150838 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -676,7 +676,12 @@ again:
+ /* Push the error object on the operand stack if appropriate. */
+ if (!GS_ERROR_IS_INTERRUPT(code)) {
+ /* Replace the error object if within an oparray or .errorexec. */
+- *++osp = *perror_object;
++ osp++;
++ if (osp >= ostop) {
++ *pexit_code = gs_error_Fatal;
++ return_error(gs_error_Fatal);
++ }
++ *osp = *perror_object;
+ errorexec_find(i_ctx_p, osp);
+ }
+ goto again;
diff --git a/app-text/ghostscript-gpl/files/VU332928-githashc3476dde.patch b/app-text/ghostscript-gpl/files/VU332928-githashc3476dde.patch
new file mode 100644
index 00000000..6c9c3aee
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githashc3476dde.patch
@@ -0,0 +1,44 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 21 Aug 2018 15:42:45 +0000 (+0100)
+Subject: Bug 699656: Handle LockDistillerParams not being a boolean
+X-Git-Tag: ghostpdl-9.24rc1~23
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=c3476dde
+
+Bug 699656: Handle LockDistillerParams not being a boolean
+
+This caused a function call commented as "Can't fail" to fail, and resulted
+in memory correuption and a segfault.
+---
+
+diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
+index e942682..7c58af7 100644
+--- a/devices/vector/gdevpdfp.c
++++ b/devices/vector/gdevpdfp.c
+@@ -364,7 +364,7 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
+ * LockDistillerParams is read again, and reset if necessary, in
+ * psdf_put_params.
+ */
+- ecode = param_read_bool(plist, "LockDistillerParams", &locked);
++ ecode = param_read_bool(plist, (param_name = "LockDistillerParams"), &locked);
+ if (ecode < 0)
+ param_signal_error(plist, param_name, ecode);
+
+diff --git a/psi/iparam.c b/psi/iparam.c
+index 68c20d4..0279455 100644
+--- a/psi/iparam.c
++++ b/psi/iparam.c
+@@ -822,10 +822,11 @@ static int
+ ref_param_read_signal_error(gs_param_list * plist, gs_param_name pkey, int code)
+ {
+ iparam_list *const iplist = (iparam_list *) plist;
+- iparam_loc loc;
++ iparam_loc loc = {0};
+
+- ref_param_read(iplist, pkey, &loc, -1); /* can't fail */
+- *loc.presult = code;
++ ref_param_read(iplist, pkey, &loc, -1);
++ if (loc.presult)
++ *loc.presult = code;
+ switch (ref_param_read_get_policy(plist, pkey)) {
+ case gs_param_policy_ignore:
+ return 0;
diff --git a/app-text/ghostscript-gpl/files/VU332928-githashc432131c.patch b/app-text/ghostscript-gpl/files/VU332928-githashc432131c.patch
new file mode 100644
index 00000000..62ed42b4
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githashc432131c.patch
@@ -0,0 +1,110 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 23 Aug 2018 13:13:25 +0000 (+0100)
+Subject: Bug 699661: Avoid sharing pointers between pdf14 compositors
+X-Git-Tag: ghostpdl-9.24rc1~15
+X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=c432131c
+
+Bug 699661: Avoid sharing pointers between pdf14 compositors
+
+If a copdevice is triggered when the pdf14 compositor is the device, we make
+a copy of the device, then throw an error because, by default we're only allowed
+to copy the device prototype - then freeing it calls the finalize, which frees
+several pointers shared with the parent.
+
+Make a pdf14 specific finish_copydevice() which NULLs the relevant pointers,
+before, possibly, throwing the same error as the default method.
+
+This also highlighted a problem with reopening the X11 devices, where a custom
+error handler could be replaced with itself, meaning it also called itself,
+and infifite recursion resulted.
+
+Keep a note of if the handler replacement has been done, and don't do it a
+second time.
+---
+
+diff --git a/base/gdevp14.c b/base/gdevp14.c
+index d9f8e79..eb9cc23 100644
+--- a/base/gdevp14.c
++++ b/base/gdevp14.c
+@@ -178,6 +178,7 @@ static dev_proc_fill_mask(pdf14_fill_mask);
+ static dev_proc_stroke_path(pdf14_stroke_path);
+ static dev_proc_begin_typed_image(pdf14_begin_typed_image);
+ static dev_proc_text_begin(pdf14_text_begin);
++static dev_proc_finish_copydevice(pdf14_finish_copydevice);
+ static dev_proc_create_compositor(pdf14_create_compositor);
+ static dev_proc_create_compositor(pdf14_forward_create_compositor);
+ static dev_proc_begin_transparency_group(pdf14_begin_transparency_group);
+@@ -245,7 +246,7 @@ static const gx_color_map_procs *
+ pdf14_create_compositor, /* create_compositor */\
+ NULL, /* get_hardware_params */\
+ pdf14_text_begin, /* text_begin */\
+- NULL, /* finish_copydevice */\
++ pdf14_finish_copydevice, /* finish_copydevice */\
+ pdf14_begin_transparency_group,\
+ pdf14_end_transparency_group,\
+ pdf14_begin_transparency_mask,\
+@@ -3935,6 +3936,19 @@ pdf14_text_begin(gx_device * dev, gs_gstate * pgs,
+ return code;
+ }
+
++static int
++pdf14_finish_copydevice(gx_device *new_dev, const gx_device *from_dev)
++{
++ pdf14_device *pdev = (pdf14_device*)new_dev;
++
++ pdev->ctx = NULL;
++ pdev->trans_group_parent_cmap_procs = NULL;
++ pdev->smaskcolor = NULL;
++
++ /* Only allow copying the prototype. */
++ return (from_dev->memory ? gs_note_error(gs_error_rangecheck) : 0);
++}
++
+ /*
+ * Implement copy_mono by filling lots of small rectangles.
+ */
+@@ -8093,6 +8107,7 @@ c_pdf14trans_clist_read_update(gs_composite_t * pcte, gx_device * cdev,
+ before reopening the device */
+ if (p14dev->ctx != NULL) {
+ pdf14_ctx_free(p14dev->ctx);
++ p14dev->ctx = NULL;
+ }
+ dev_proc(tdev, open_device) (tdev);
+ }
+diff --git a/devices/gdevxini.c b/devices/gdevxini.c
+index 8511eac..23b8c35 100644
+--- a/devices/gdevxini.c
++++ b/devices/gdevxini.c
+@@ -59,7 +59,8 @@ static struct xv_ {
+ Boolean alloc_error;
+ XErrorHandler orighandler;
+ XErrorHandler oldhandler;
+-} x_error_handler;
++ Boolean set;
++} x_error_handler = {0};
+
+ static int
+ x_catch_alloc(Display * dpy, XErrorEvent * err)
+@@ -74,7 +75,8 @@ x_catch_alloc(Display * dpy, XErrorEvent * err)
+ int
+ x_catch_free_colors(Display * dpy, XErrorEvent * err)
+ {
+- if (err->request_code == X_FreeColors)
++ if (err->request_code == X_FreeColors ||
++ x_error_handler.orighandler == x_catch_free_colors)
+ return 0;
+ return x_error_handler.orighandler(dpy, err);
+ }
+@@ -274,8 +276,10 @@ gdev_x_open(gx_device_X * xdev)
+ return_error(gs_error_ioerror);
+ }
+ /* Buggy X servers may cause a Bad Access on XFreeColors. */
+- x_error_handler.orighandler = XSetErrorHandler(x_catch_free_colors);
+-
++ if (!x_error_handler.set) {
++ x_error_handler.orighandler = XSetErrorHandler(x_catch_free_colors);
++ x_error_handler.set = True;
++ }
+ /* Get X Resources. Use the toolkit for this. */
+ XtToolkitInitialize();
+ app_con = XtCreateApplicationContext();
diff --git a/app-text/ghostscript-gpl/files/VU332928-githashe01e77a3.patch b/app-text/ghostscript-gpl/files/VU332928-githashe01e77a3.patch
new file mode 100644
index 00000000..59498108
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/VU332928-githashe01e77a3.patch
@@ -0,0 +1,12 @@
+diff -Naur ghostscript-9.23/Resource/Init/gs_init.ps ghostscript-9.23-sec-p5/Resource/Init/gs_init.ps
+--- ghostscript-9.23/Resource/Init/gs_init.ps 2018-03-21 09:48:06.000000000 +0100
++++ ghostscript-9.23-sec-p5/Resource/Init/gs_init.ps 2018-08-29 21:22:22.330062903 +0200
+@@ -2182,7 +2182,7 @@
+ /.oserrno /.setoserrno /.oserrorstring /.getCPSImode
+ /.getscanconverter /.setscanconverter /.type1encrypt /.type1decrypt/.languagelevel /.setlanguagelevel /.eqproc /.fillpage /.buildpattern1 /.saslprep
+ /.buildshading1 /.buildshadin2 /.buildshading3 /.buildshading4 /.buildshading5 /.buildshading6 /.buildshading7 /.buildshadingpattern
+-/.argindex /.bytestring /.namestring /.stringbreak /.stringmatch /.globalvmarray /.globalvmdict /.globalvmpackedarray /.globalvmstring
++/.shfill /.argindex /.bytestring /.namestring /.stringbreak /.stringmatch /.globalvmarray /.globalvmdict /.globalvmpackedarray /.globalvmstring
+ /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile
+ /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
+ /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath
diff --git a/app-text/ghostscript-gpl/ghostscript-gpl-9.23.ebuild b/app-text/ghostscript-gpl/ghostscript-gpl-9.23.ebuild
new file mode 100644
index 00000000..ce35517f
--- /dev/null
+++ b/app-text/ghostscript-gpl/ghostscript-gpl-9.23.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools multilib versionator flag-o-matic toolchain-funcs
+
+DESCRIPTION="Ghostscript is an interpreter for the PostScript language and for PDF"
+HOMEPAGE="https://ghostscript.com/"
+
+MY_P=${P/-gpl}
+PVM=$(get_version_component_range 1-2)
+PVM_S=$(replace_all_version_separators "" ${PVM})
+
+SRC_URI="
+ https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${PVM_S}/${MY_P}.tar.xz
+"
+
+LICENSE="AGPL-3 CPL-1.0"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="cups dbus gtk l10n_de static-libs tiff unicode X"
+
+COMMON_DEPEND="
+ app-text/libpaper
+ media-libs/fontconfig
+ >=media-libs/freetype-2.4.9:2=
+ media-libs/jbig2dec
+ >=media-libs/lcms-2.6:2
+ >=media-libs/libpng-1.6.2:0=
+ >=media-libs/openjpeg-2.1.0:2=
+ >=sys-libs/zlib-1.2.7:=
+ virtual/jpeg:0
+ cups? ( >=net-print/cups-1.3.8 )
+ dbus? ( sys-apps/dbus )
+ gtk? ( || ( x11-libs/gtk+:3 x11-libs/gtk+:2 ) )
+ unicode? ( net-dns/libidn:= )
+ tiff? ( >=media-libs/tiff-4.0.1:0= )
+ X? ( x11-libs/libXt x11-libs/libXext )
+"
+
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig
+"
+
+RDEPEND="${COMMON_DEPEND}
+ >=app-text/poppler-data-0.4.5-r1
+ >=media-fonts/urw-fonts-2.4.9
+ l10n_ja? ( media-fonts/kochi-substitute )
+ l10n_ko? ( media-fonts/baekmuk-fonts )
+ l10n_zh-CN? ( media-fonts/arphicfonts )
+ l10n_zh-TW? ( media-fonts/arphicfonts )
+ !!media-fonts/gnu-gs-fonts-std
+ !!media-fonts/gnu-gs-fonts-other
+ !<net-print/cups-filters-1.0.36-r2
+"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=( "${FILESDIR}"/VU332928-githashb575e1ec.patch
+ "${FILESDIR}"/VU332928-githash8e9ce501.patch
+ "${FILESDIR}"/VU332928-githash241d9111.patch
+ "${FILESDIR}"/VU332928-githashc432131c.patch
+ "${FILESDIR}"/VU332928-githashe01e77a3.patch
+ "${FILESDIR}"/VU332928-githash0edd3d6c.patch
+ "${FILESDIR}"/VU332928-githasha054156d.patch
+ "${FILESDIR}"/VU332928-githash0d390118.patch
+ "${FILESDIR}"/VU332928-githashc3476dde.patch
+ "${FILESDIR}"/VU332928-githashb326a716.patch
+ "${FILESDIR}"/VU332928-githash78911a01.patch
+ "${FILESDIR}"/VU332928-githash5516c614.patch )
+
+LANGS="ja ko zh-CN zh-TW"
+for X in ${LANGS} ; do
+ IUSE="${IUSE} l10n_${X}"
+done
+
+src_prepare() {
+ default
+
+ # remove internal copies of various libraries
+ rm -rf "${S}"/cups/libs || die
+ rm -rf "${S}"/expat || die
+ rm -rf "${S}"/freetype || die
+ rm -rf "${S}"/jbig2dec || die
+ rm -rf "${S}"/jpeg{,xr} || die
+ rm -rf "${S}"/lcms{,2} || die
+ rm -rf "${S}"/libpng || die
+ rm -rf "${S}"/tiff || die
+ rm -rf "${S}"/zlib || die
+ rm -rf "${S}"/openjpeg || die
+ # remove internal CMaps (CMaps from poppler-data are used instead)
+ rm -rf "${S}"/Resource/CMap || die
+
+ if ! use gtk ; then
+ sed -i -e "s:\$(GSSOX)::" \
+ -e "s:.*\$(GSSOX_XENAME)$::" \
+ "${S}"/base/unix-dll.mak || die "sed failed"
+ fi
+
+ # Force the include dirs to a neutral location.
+ sed -i \
+ -e "/^ZLIBDIR=/s:=.*:=${T}:" \
+ configure.ac || die
+ # Some files depend on zlib.h directly. Redirect them. #573248
+ # Also make sure to not define OPJ_STATIC to avoid linker errors due to
+ # hidden symbols (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203327#c1)
+ sed -i \
+ -e '/^zlib_h/s:=.*:=:' \
+ -e 's|-DOPJ_STATIC ||' \
+ base/lib.mak || die
+
+ # search path fix
+ # put LDFLAGS after BINDIR, bug #383447
+ sed -i -e "s:\$\(gsdatadir\)/lib:@datarootdir@/ghostscript/${PVM}/$(get_libdir):" \
+ -e "s:exdir=.*:exdir=@datarootdir@/doc/${PF}/examples:" \
+ -e "s:docdir=.*:docdir=@datarootdir@/doc/${PF}/html:" \
+ -e "s:GS_DOCDIR=.*:GS_DOCDIR=@datarootdir@/doc/${PF}/html:" \
+ -e 's:-L$(BINDIR):& $(LDFLAGS):g' \
+ "${S}"/Makefile.in "${S}"/base/*.mak || die "sed failed"
+
+ cd "${S}" || die
+ # remove incorrect symlink, bug 590384
+ rm -f ijs/ltmain.sh || die
+ eautoreconf
+
+ cd "${S}/ijs" || die
+ eautoreconf
+}
+
+src_configure() {
+ local FONTPATH
+ for path in \
+ "${EPREFIX}"/usr/share/fonts/urw-fonts \
+ "${EPREFIX}"/usr/share/fonts/Type1 \
+ "${EPREFIX}"/usr/share/fonts \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-CNS1 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-GB1 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-Japan1 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-Japan2 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-Korea1
+ do
+ FONTPATH="$FONTPATH${FONTPATH:+:}${EPREFIX}$path"
+ done
+
+ PKGCONFIG=$(type -P $(tc-getPKG_CONFIG)) \
+ econf \
+ --enable-dynamic \
+ --enable-freetype \
+ --enable-fontconfig \
+ --enable-openjpeg \
+ --disable-compile-inits \
+ --with-drivers=ALL \
+ --with-fontpath="$FONTPATH" \
+ --with-ijs \
+ --with-jbig2dec \
+ --with-libpaper \
+ --without-luratech \
+ $(use_enable cups) \
+ $(use_enable dbus) \
+ $(use_enable gtk) \
+ $(use_with cups pdftoraster) \
+ $(use_with unicode libidn) \
+ $(use_with tiff system-libtiff) \
+ $(use_with X x)
+
+ cd "${S}/ijs" || die
+ econf \
+ --enable-shared \
+ $(use_enable static-libs static)
+}
+
+src_compile() {
+ emake so all
+
+ cd "${S}/ijs" || die
+ emake
+}
+
+src_install() {
+ emake DESTDIR="${D}" install-so install
+
+ # move gsc to gs, bug #343447
+ # gsc collides with gambit, bug #253064
+ mv -f "${ED}"/usr/bin/{gsc,gs} || die
+
+ cd "${S}/ijs" || die
+ emake DESTDIR="${D}" install
+
+ # rename the original cidfmap to cidfmap.GS
+ mv "${ED}/usr/share/ghostscript/${PVM}/Resource/Init/cidfmap"{,.GS} || die
+
+ # install our own cidfmap to handle CJK fonts
+ insinto /usr/share/ghostscript/${PVM}/Resource/Init
+ doins \
+ "${WORKDIR}/fontmaps/CIDFnmap" \
+ "${WORKDIR}/fontmaps/cidfmap"
+ for X in ${LANGS} ; do
+ if use l10n_${X} ; then
+ doins "${WORKDIR}/fontmaps/cidfmap.${X/-/_}"
+ fi
+ done
+
+ # install the CMaps from poppler-data properly, bug #409361
+ dosym ../../../poppler/cMaps "/usr/share/ghostscript/${PVM}/Resource/CMap"
+
+ use static-libs || find "${ED}" -name '*.la' -delete
+
+ if ! use l10n_de; then
+ rm -r "${ED}"/usr/share/man/de || die
+ fi
+}