[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/07: gnu: ghostscript: Fix CVE-2020-15900.
From: |
guix-commits |
Subject: |
03/07: gnu: ghostscript: Fix CVE-2020-15900. |
Date: |
Tue, 8 Dec 2020 16:59:23 -0500 (EST) |
mbakke pushed a commit to branch ungrafting
in repository guix.
commit 3bd218e8d4abde56e7ce9149311df5e60db0e321
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Tue Dec 8 21:11:19 2020 +0100
gnu: ghostscript: Fix CVE-2020-15900.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
---
gnu/local.mk | 1 +
gnu/packages/ghostscript.scm | 1 +
.../patches/ghostscript-CVE-2020-15900.patch | 36 ++++++++++++++++++++++
3 files changed, 38 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index 97dd9a7..7f0b69c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1055,6 +1055,7 @@ dist_patch_DATA =
\
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
+ %D%/packages/patches/ghostscript-CVE-2020-15900.patch \
%D%/packages/patches/ghostscript-freetype-compat.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index b132fba..03a516d 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -171,6 +171,7 @@ printing, and psresize, for adjusting page sizes.")
(base32
"0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
(patches (search-patches "ghostscript-freetype-compat.patch"
+ "ghostscript-CVE-2020-15900.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
new file mode 100644
index 0000000..b6658d7
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
@@ -0,0 +1,36 @@
+Fix CVE-2020-15900.
+
+https://cve.circl.lu/cve/CVE-2020-15900
+https://artifex.com/security-advisories/CVE-2020-15900
+
+Taken from upstream:
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
+
+diff --git a/psi/zstring.c b/psi/zstring.c
+--- a/psi/zstring.c
++++ b/psi/zstring.c
+@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
+ return 0;
+ found:
+ op->tas.type_attrs = op1->tas.type_attrs;
+- op->value.bytes = ptr;
+- r_set_size(op, size);
++ op->value.bytes = ptr; /* match */
++ op->tas.rsize = size; /* match */
+ push(2);
+- op[-1] = *op1;
+- r_set_size(op - 1, ptr - op[-1].value.bytes);
+- op1->value.bytes = ptr + size;
+- r_set_size(op1, count + (!forward ? (size - 1) : 0));
++ op[-1] = *op1; /* pre */
++ op[-3].value.bytes = ptr + size; /* post */
++ if (forward) {
++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
++ op[-3].tas.rsize = count; /* post */
++ } else {
++ op[-1].tas.rsize = count; /* pre */
++ op[-3].tas.rsize -= count + size; /* post */
++ }
+ make_true(op);
+ return 0;
+ }
- branch ungrafting updated (3eb34c66 -> f936a30), guix-commits, 2020/12/08
- 06/07: gnu: OpenSSL: Update to 1.1.1i [fixes CVE-2020-1971]., guix-commits, 2020/12/08
- 01/07: gnu: node: Update to 10.22.1., guix-commits, 2020/12/08
- 04/07: gnu: libspiro: Update source URI., guix-commits, 2020/12/08
- 07/07: gnu: Python: Fix CVE-2020-26116., guix-commits, 2020/12/08
- 03/07: gnu: ghostscript: Fix CVE-2020-15900.,
guix-commits <=
- 02/07: gnu: ghostscript: Fix build with FreeType 2.10.4., guix-commits, 2020/12/08
- 05/07: gnu: cURL: Update to 7.73.0 [fixes CVE-2020-8231]., guix-commits, 2020/12/08