diff options
author | Marius Bakke <marius@gnu.org> | 2020-12-08 21:11:19 +0100 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-12-08 22:57:53 +0100 |
commit | 3bd218e8d4abde56e7ce9149311df5e60db0e321 (patch) | |
tree | 156d70367f257d68b2066d8840d34600dea330f3 | |
parent | 9337c16cb69fd47ca31ebe184d2a37028b978249 (diff) | |
download | guix-3bd218e8d4abde56e7ce9149311df5e60db0e321.tar guix-3bd218e8d4abde56e7ce9149311df5e60db0e321.tar.gz |
gnu: ghostscript: Fix CVE-2020-15900.
* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/ghostscript.scm | 1 | ||||
-rw-r--r-- | gnu/packages/patches/ghostscript-CVE-2020-15900.patch | 36 |
3 files changed, 38 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 97dd9a74d0..7f0b69cacf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1055,6 +1055,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghc-monad-par-fix-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-html-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-latex-test.patch \ + %D%/packages/patches/ghostscript-CVE-2020-15900.patch \ %D%/packages/patches/ghostscript-freetype-compat.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index b132fba7eb..03a516dc52 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -171,6 +171,7 @@ printing, and psresize, for adjusting page sizes.") (base32 "0z1w42y2jmcpl2m1l3z0sfii6zmvzcwcgzn6bydklia6ig7jli2p")) (patches (search-patches "ghostscript-freetype-compat.patch" + "ghostscript-CVE-2020-15900.patch" "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch new file mode 100644 index 0000000000..b6658d7c7f --- /dev/null +++ b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch @@ -0,0 +1,36 @@ +Fix CVE-2020-15900. + +https://cve.circl.lu/cve/CVE-2020-15900 +https://artifex.com/security-advisories/CVE-2020-15900 + +Taken from upstream: +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b + +diff --git a/psi/zstring.c b/psi/zstring.c +--- a/psi/zstring.c ++++ b/psi/zstring.c +@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) + return 0; + found: + op->tas.type_attrs = op1->tas.type_attrs; +- op->value.bytes = ptr; +- r_set_size(op, size); ++ op->value.bytes = ptr; /* match */ ++ op->tas.rsize = size; /* match */ + push(2); +- op[-1] = *op1; +- r_set_size(op - 1, ptr - op[-1].value.bytes); +- op1->value.bytes = ptr + size; +- r_set_size(op1, count + (!forward ? (size - 1) : 0)); ++ op[-1] = *op1; /* pre */ ++ op[-3].value.bytes = ptr + size; /* post */ ++ if (forward) { ++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ ++ op[-3].tas.rsize = count; /* post */ ++ } else { ++ op[-1].tas.rsize = count; /* pre */ ++ op[-3].tas.rsize -= count + size; /* post */ ++ } + make_true(op); + return 0; + } |