David Kaspar [Dee'Kej]
parent
8cbe74c4f1
commit
e40ca66c63
80
ghostscript-bz1380416.patch
Normal file
80
ghostscript-bz1380416.patch
Normal file
@ -0,0 +1,80 @@
|
||||
From dea6ef9be04e25df06a02cbefa45811f640d3298 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Liddell <chris.liddell@artifex.com>
|
||||
Date: Sat, 5 Mar 2016 14:56:03 -0800
|
||||
Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
|
||||
|
||||
---
|
||||
Resource/Init/gs_init.ps | 2 ++
|
||||
psi/zfile.c | 36 ++++++++++++++++++++----------------
|
||||
2 files changed, 22 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
|
||||
index 13f11cb..722b78d 100644
|
||||
--- a/Resource/Init/gs_init.ps
|
||||
+++ b/Resource/Init/gs_init.ps
|
||||
@@ -2030,6 +2030,7 @@ readonly def
|
||||
|
||||
/.locksafe {
|
||||
.locksafe_userparams
|
||||
+ systemdict /getenv {pop //false} put
|
||||
% setpagedevice has the side effect of clearing the page, but
|
||||
% we will just document that. Using setpagedevice keeps the device
|
||||
% properties and pagedevice .LockSafetyParams in agreement even
|
||||
@@ -2048,6 +2049,7 @@ readonly def
|
||||
%%
|
||||
/.locksafeglobal {
|
||||
.locksafe_userparams
|
||||
+ systemdict /getenv {pop //false} put
|
||||
% setpagedevice has the side effect of clearing the page, but
|
||||
% we will just document that. Using setpagedevice keeps the device
|
||||
% properties and pagedevice .LockSafetyParams in agreement even
|
||||
diff --git a/psi/zfile.c b/psi/zfile.c
|
||||
index 93fd78c..e323899 100644
|
||||
--- a/psi/zfile.c
|
||||
+++ b/psi/zfile.c
|
||||
@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
|
||||
|
||||
if (len < devlen)
|
||||
return_error(e_rangecheck); /* not even room for device len */
|
||||
- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
|
||||
- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
|
||||
- len - devlen);
|
||||
- if (code == ~(uint) 0) { /* all done */
|
||||
- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
|
||||
- return o_pop_estack;
|
||||
- } else if (code > len) /* overran string */
|
||||
- return_error(e_rangecheck);
|
||||
- else {
|
||||
- push(1);
|
||||
- ref_assign(op, pscratch);
|
||||
- r_set_size(op, code + devlen);
|
||||
- push_op_estack(file_continue); /* come again */
|
||||
- *++esp = pscratch[2]; /* proc */
|
||||
- return o_push_estack;
|
||||
- }
|
||||
+
|
||||
+ do {
|
||||
+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
|
||||
+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
|
||||
+ len - devlen);
|
||||
+ if (code == ~(uint) 0) { /* all done */
|
||||
+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
|
||||
+ return o_pop_estack;
|
||||
+ } else if (code > len) /* overran string */
|
||||
+ return_error(gs_error_rangecheck);
|
||||
+ else if (iodev != iodev_default(imemory)
|
||||
+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
|
||||
+ push(1);
|
||||
+ ref_assign(op, pscratch);
|
||||
+ r_set_size(op, code + devlen);
|
||||
+ push_op_estack(file_continue); /* come again */
|
||||
+ *++esp = pscratch[2]; /* proc */
|
||||
+ return o_push_estack;
|
||||
+ }
|
||||
+ } while(1);
|
||||
}
|
||||
/* Cleanup procedure for enumerating files */
|
||||
static int
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@ -31,6 +31,7 @@ Patch6: ghostscript-Fontmap.local.patch
|
||||
Patch7: ghostscript-wrf-snprintf.patch
|
||||
Patch9: ghostscript-system-zlib.patch
|
||||
Patch10: ghostscript-urw-fonts-naming.patch
|
||||
Patch11: ghostscript-bz1380416.patch
|
||||
|
||||
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
||||
@ -149,6 +150,10 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib
|
||||
# Use old names for urw-fonts (bug #1207577).
|
||||
%patch10 -p1 -b .urw-fonts-naming
|
||||
|
||||
# Fix for ghostscript security issue (bug # ).
|
||||
# NOTE: This patch is part of 9.20 release.
|
||||
%patch11 -p1
|
||||
|
||||
# Convert manual pages to UTF-8
|
||||
from8859_1() {
|
||||
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
||||
@ -350,6 +355,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%changelog
|
||||
* Tue Oct 4 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.16-5
|
||||
- [TEMPORARY] Support for OpenJPEG disabled for builds to pass.
|
||||
- Security fix for BZ #1380416 backported.
|
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 9.16-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
Loading…
Reference in New Issue
Block a user