diff --git a/print/ghostscript-gpl/Makefile b/print/ghostscript-gpl/Makefile index 3ef5c8fc78d8..a19d822084ad 100644 --- a/print/ghostscript-gpl/Makefile +++ b/print/ghostscript-gpl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.37 2017/11/23 17:19:43 wiz Exp $ +# $NetBSD: Makefile,v 1.42 2018/04/17 22:29:33 wiz Exp $ DISTNAME= ghostscript-${GS_VERSION} PKGNAME= ${DISTNAME:S/ghostscript/ghostscript-gpl/} -PKGREVISION= 20 +PKGREVISION= 25 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ghostscript/} MASTER_SITES+= https://ghostscript.com/releases/ @@ -76,8 +76,9 @@ CONFIGURE_ENV.HPUX+= ac_cv_func_fopen64=no CFLAGS+= -fPIC .endif -.if ${OPSYS} == "SunOS" && !empty(CC_VERSION:Mgcc-[6-9]*) -CPPFLAGS+= -D_XOPEN_SOURCE=600 -D__EXTENSIONS__ +# Not ideal but too many files hardcode _XOPEN_SOURCE=500. +.if !empty(CC_VERSION:Mgcc-[6-9]*) || !empty(PKGSRC_COMPILER:Mclang) +CPPFLAGS.SunOS+= -D_XOPEN_SOURCE=600 -D__EXTENSIONS__ .endif # Interim IRIX build fix, the real problem is that fontconfig.pc doesn't diff --git a/print/ghostscript-gpl/buildlink3.mk b/print/ghostscript-gpl/buildlink3.mk index cb833db15a9c..00ed552a2626 100644 --- a/print/ghostscript-gpl/buildlink3.mk +++ b/print/ghostscript-gpl/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.10 2017/11/23 17:19:43 wiz Exp $ +# $NetBSD: buildlink3.mk,v 1.14 2018/04/17 22:29:33 wiz Exp $ BUILDLINK_TREE+= ghostscript-gpl @@ -6,7 +6,7 @@ BUILDLINK_TREE+= ghostscript-gpl GHOSTSCRIPT_GPL_BUILDLINK3_MK:= BUILDLINK_API_DEPENDS.ghostscript-gpl+= ghostscript-gpl>=8.63nb1 -BUILDLINK_ABI_DEPENDS.ghostscript-gpl+= ghostscript-gpl>=9.06nb20 +BUILDLINK_ABI_DEPENDS.ghostscript-gpl+= ghostscript-gpl>=9.06nb24 BUILDLINK_PKGSRCDIR.ghostscript-gpl?= ../../print/ghostscript-gpl .include "../../graphics/png/buildlink3.mk" diff --git a/print/ghostscript-gpl/distinfo b/print/ghostscript-gpl/distinfo index d44950a54935..985f338efaac 100644 --- a/print/ghostscript-gpl/distinfo +++ b/print/ghostscript-gpl/distinfo @@ -16,7 +16,9 @@ SHA1 (patch-CVE-2016-10220) = 6edfa87948ff0f9412a5509efb98bf2d063a5951 SHA1 (patch-CVE-2017-5951) = a4af8e561b9f5a6a330fbc2f915257bf5ba3cb2a SHA1 (patch-CVE-2017-6196) = 311d9236dd5abcd48ae0f412bf481e105b6207dc SHA1 (patch-CVE-2017-7207) = 31f4a73b49b52942385eaa3c8cf2a94b5bbde6df -SHA1 (patch-af) = 9644b665deee3e11a4510f9edf4c35ebabc192ea +SHA1 (patch-CVE-2017-8291_eqproc) = 542fdd73dbf631f63851090a53836d3326643fe4 +SHA1 (patch-CVE-2017-8291_rsdparams) = 93ba6dc53bcb0d0b46c39d4fc96d712f8a0ff86c +SHA1 (patch-af) = ade76a99fdf5a1c5b05caf7641c4833fde612fd7 SHA1 (patch-ah) = 7548f6f78b8029febec044bc11214f9d6674c9d3 SHA1 (patch-ai) = 3962a3acac1d4537dbbe3fc3b205aba87387d485 SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c @@ -30,4 +32,3 @@ SHA1 (patch-base_gsmalloc.c) = 891bdcef49e0f2c435744eaf7bbcd31f5dbcbaba SHA1 (patch-base_memento.c) = d30cfb9285a0268e743c90cdf831674eaa24789b SHA1 (patch-cups_colord.h) = ab5c4bfa7184d2c1756697b87e7046645bdc2bc2 SHA1 (patch-openjpeg_libopenjpeg_opj_malloc_h) = 24f15c55cd7961afc1254f6c4bccd6d0c2a5e737 -SHA1 (patch-psi_zfile.c) = 24626fed9b161a77d9ab43233bad4c8391120b16 diff --git a/print/ghostscript-gpl/patches/patch-CVE-2017-8291_eqproc b/print/ghostscript-gpl/patches/patch-CVE-2017-8291_eqproc new file mode 100644 index 000000000000..38cf1fb96bff --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-CVE-2017-8291_eqproc @@ -0,0 +1,18 @@ +--- psi/zmisc3.c ++++ psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(e_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(e_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { +-- +2.1.4 + diff --git a/print/ghostscript-gpl/patches/patch-CVE-2017-8291_rsdparams b/print/ghostscript-gpl/patches/patch-CVE-2017-8291_rsdparams new file mode 100644 index 000000000000..583d8a7ecaf6 --- /dev/null +++ b/print/ghostscript-gpl/patches/patch-CVE-2017-8291_rsdparams @@ -0,0 +1,44 @@ +--- psi/zfrsd.c ++++ psi/zfrsd.c +@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) + ref *pFilter; + ref *pDecodeParms; + int Intent = 0; +- bool AsyncRead; ++ bool AsyncRead = false; + ref empty_array, filter1_array, parms1_array; + uint i; +- int code; ++ int code = 0; ++ ++ if (ref_stack_count(&o_stack) < 1) ++ return_error(e_stackunderflow); ++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { ++ return_error(e_typecheck); ++ } + + make_empty_array(&empty_array, a_readonly); +- if (dict_find_string(op, "Filter", &pFilter) > 0) { ++ if (r_has_type(op, t_dictionary) ++ && dict_find_string(op, "Filter", &pFilter) > 0) { + if (!r_is_array(pFilter)) { + if (!r_has_type(pFilter, t_name)) + return_error(e_typecheck); +@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) + return_error(e_typecheck); + } + } +- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); ++ if (r_has_type(op, t_dictionary)) ++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */ + return code; +- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 +- ) +- return code; ++ if (r_has_type(op, t_dictionary)) ++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0) ++ return code; + push(1); + op[-1] = *pFilter; + if (pDecodeParms)