mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-27 06:42:14 -05:00
gnu: ghostscript: Fix CVE-2020-15900.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
This commit is contained in:
parent
9337c16cb6
commit
3bd218e8d4
3 changed files with 38 additions and 0 deletions
|
@ -1055,6 +1055,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
|
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
|
||||||
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
|
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
|
||||||
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
|
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
|
||||||
|
%D%/packages/patches/ghostscript-CVE-2020-15900.patch \
|
||||||
%D%/packages/patches/ghostscript-freetype-compat.patch \
|
%D%/packages/patches/ghostscript-freetype-compat.patch \
|
||||||
%D%/packages/patches/ghostscript-no-header-id.patch \
|
%D%/packages/patches/ghostscript-no-header-id.patch \
|
||||||
%D%/packages/patches/ghostscript-no-header-uuid.patch \
|
%D%/packages/patches/ghostscript-no-header-uuid.patch \
|
||||||
|
|
|
@ -171,6 +171,7 @@ (define-public ghostscript
|
||||||
(base32
|
(base32
|
||||||
"0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
|
"0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p"))
|
||||||
(patches (search-patches "ghostscript-freetype-compat.patch"
|
(patches (search-patches "ghostscript-freetype-compat.patch"
|
||||||
|
"ghostscript-CVE-2020-15900.patch"
|
||||||
"ghostscript-no-header-creationdate.patch"
|
"ghostscript-no-header-creationdate.patch"
|
||||||
"ghostscript-no-header-id.patch"
|
"ghostscript-no-header-id.patch"
|
||||||
"ghostscript-no-header-uuid.patch"))
|
"ghostscript-no-header-uuid.patch"))
|
||||||
|
|
36
gnu/packages/patches/ghostscript-CVE-2020-15900.patch
Normal file
36
gnu/packages/patches/ghostscript-CVE-2020-15900.patch
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
Fix CVE-2020-15900.
|
||||||
|
|
||||||
|
https://cve.circl.lu/cve/CVE-2020-15900
|
||||||
|
https://artifex.com/security-advisories/CVE-2020-15900
|
||||||
|
|
||||||
|
Taken from upstream:
|
||||||
|
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
|
||||||
|
|
||||||
|
diff --git a/psi/zstring.c b/psi/zstring.c
|
||||||
|
--- a/psi/zstring.c
|
||||||
|
+++ b/psi/zstring.c
|
||||||
|
@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
|
||||||
|
return 0;
|
||||||
|
found:
|
||||||
|
op->tas.type_attrs = op1->tas.type_attrs;
|
||||||
|
- op->value.bytes = ptr;
|
||||||
|
- r_set_size(op, size);
|
||||||
|
+ op->value.bytes = ptr; /* match */
|
||||||
|
+ op->tas.rsize = size; /* match */
|
||||||
|
push(2);
|
||||||
|
- op[-1] = *op1;
|
||||||
|
- r_set_size(op - 1, ptr - op[-1].value.bytes);
|
||||||
|
- op1->value.bytes = ptr + size;
|
||||||
|
- r_set_size(op1, count + (!forward ? (size - 1) : 0));
|
||||||
|
+ op[-1] = *op1; /* pre */
|
||||||
|
+ op[-3].value.bytes = ptr + size; /* post */
|
||||||
|
+ if (forward) {
|
||||||
|
+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
|
||||||
|
+ op[-3].tas.rsize = count; /* post */
|
||||||
|
+ } else {
|
||||||
|
+ op[-1].tas.rsize = count; /* pre */
|
||||||
|
+ op[-3].tas.rsize -= count + size; /* post */
|
||||||
|
+ }
|
||||||
|
make_true(op);
|
||||||
|
return 0;
|
||||||
|
}
|
Loading…
Reference in a new issue