David Kaspar [Dee'Kej]
parent
8cbe74c4f1
commit
e40ca66c63
80
ghostscript-bz1380416.patch
Normal file
80
ghostscript-bz1380416.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
From dea6ef9be04e25df06a02cbefa45811f640d3298 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris Liddell <chris.liddell@artifex.com>
|
||||||
|
Date: Sat, 5 Mar 2016 14:56:03 -0800
|
||||||
|
Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
|
||||||
|
|
||||||
|
---
|
||||||
|
Resource/Init/gs_init.ps | 2 ++
|
||||||
|
psi/zfile.c | 36 ++++++++++++++++++++----------------
|
||||||
|
2 files changed, 22 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
|
||||||
|
index 13f11cb..722b78d 100644
|
||||||
|
--- a/Resource/Init/gs_init.ps
|
||||||
|
+++ b/Resource/Init/gs_init.ps
|
||||||
|
@@ -2030,6 +2030,7 @@ readonly def
|
||||||
|
|
||||||
|
/.locksafe {
|
||||||
|
.locksafe_userparams
|
||||||
|
+ systemdict /getenv {pop //false} put
|
||||||
|
% setpagedevice has the side effect of clearing the page, but
|
||||||
|
% we will just document that. Using setpagedevice keeps the device
|
||||||
|
% properties and pagedevice .LockSafetyParams in agreement even
|
||||||
|
@@ -2048,6 +2049,7 @@ readonly def
|
||||||
|
%%
|
||||||
|
/.locksafeglobal {
|
||||||
|
.locksafe_userparams
|
||||||
|
+ systemdict /getenv {pop //false} put
|
||||||
|
% setpagedevice has the side effect of clearing the page, but
|
||||||
|
% we will just document that. Using setpagedevice keeps the device
|
||||||
|
% properties and pagedevice .LockSafetyParams in agreement even
|
||||||
|
diff --git a/psi/zfile.c b/psi/zfile.c
|
||||||
|
index 93fd78c..e323899 100644
|
||||||
|
--- a/psi/zfile.c
|
||||||
|
+++ b/psi/zfile.c
|
||||||
|
@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
|
||||||
|
|
||||||
|
if (len < devlen)
|
||||||
|
return_error(e_rangecheck); /* not even room for device len */
|
||||||
|
- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
|
||||||
|
- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
|
||||||
|
- len - devlen);
|
||||||
|
- if (code == ~(uint) 0) { /* all done */
|
||||||
|
- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
|
||||||
|
- return o_pop_estack;
|
||||||
|
- } else if (code > len) /* overran string */
|
||||||
|
- return_error(e_rangecheck);
|
||||||
|
- else {
|
||||||
|
- push(1);
|
||||||
|
- ref_assign(op, pscratch);
|
||||||
|
- r_set_size(op, code + devlen);
|
||||||
|
- push_op_estack(file_continue); /* come again */
|
||||||
|
- *++esp = pscratch[2]; /* proc */
|
||||||
|
- return o_push_estack;
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
+ do {
|
||||||
|
+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
|
||||||
|
+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
|
||||||
|
+ len - devlen);
|
||||||
|
+ if (code == ~(uint) 0) { /* all done */
|
||||||
|
+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
|
||||||
|
+ return o_pop_estack;
|
||||||
|
+ } else if (code > len) /* overran string */
|
||||||
|
+ return_error(gs_error_rangecheck);
|
||||||
|
+ else if (iodev != iodev_default(imemory)
|
||||||
|
+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
|
||||||
|
+ push(1);
|
||||||
|
+ ref_assign(op, pscratch);
|
||||||
|
+ r_set_size(op, code + devlen);
|
||||||
|
+ push_op_estack(file_continue); /* come again */
|
||||||
|
+ *++esp = pscratch[2]; /* proc */
|
||||||
|
+ return o_push_estack;
|
||||||
|
+ }
|
||||||
|
+ } while(1);
|
||||||
|
}
|
||||||
|
/* Cleanup procedure for enumerating files */
|
||||||
|
static int
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
|
|
||||||
@ -31,6 +31,7 @@ Patch6: ghostscript-Fontmap.local.patch
|
|||||||
Patch7: ghostscript-wrf-snprintf.patch
|
Patch7: ghostscript-wrf-snprintf.patch
|
||||||
Patch9: ghostscript-system-zlib.patch
|
Patch9: ghostscript-system-zlib.patch
|
||||||
Patch10: ghostscript-urw-fonts-naming.patch
|
Patch10: ghostscript-urw-fonts-naming.patch
|
||||||
|
Patch11: ghostscript-bz1380416.patch
|
||||||
|
|
||||||
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
||||||
@ -149,6 +150,10 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib
|
|||||||
# Use old names for urw-fonts (bug #1207577).
|
# Use old names for urw-fonts (bug #1207577).
|
||||||
%patch10 -p1 -b .urw-fonts-naming
|
%patch10 -p1 -b .urw-fonts-naming
|
||||||
|
|
||||||
|
# Fix for ghostscript security issue (bug # ).
|
||||||
|
# NOTE: This patch is part of 9.20 release.
|
||||||
|
%patch11 -p1
|
||||||
|
|
||||||
# Convert manual pages to UTF-8
|
# Convert manual pages to UTF-8
|
||||||
from8859_1() {
|
from8859_1() {
|
||||||
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
||||||
@ -350,6 +355,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%changelog
|
%changelog
|
||||||
* Tue Oct 4 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.16-5
|
* Tue Oct 4 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.16-5
|
||||||
- [TEMPORARY] Support for OpenJPEG disabled for builds to pass.
|
- [TEMPORARY] Support for OpenJPEG disabled for builds to pass.
|
||||||
|
- Security fix for BZ #1380416 backported.
|
||||||
|
|
||||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 9.16-4
|
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 9.16-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user