2

[alpine-aports] [PATCH] main/ghostscript: security fix for CVE-2017-8291

Daniel Sabogal
Details
Message ID
<20170503174131.31939-1-dsabogalcc@gmail.com>
Sender timestamp
1493833289
DKIM signature
missing
Download raw message
Patch: +68 -2
---
 main/ghostscript/APKBUILD            | 10 ++++--
 main/ghostscript/CVE-2017-8291.patch | 60 ++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+), 2 deletions(-)
 create mode 100644 main/ghostscript/CVE-2017-8291.patch

diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD
index ef5b1cdd10..697f2ffc73 100644
--- a/main/ghostscript/APKBUILD
+++ b/main/ghostscript/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Cameron Banta <cbanta@gmail.com>
 pkgname=ghostscript
 pkgver=9.21
-pkgrel=1
+pkgrel=2
 pkgdesc="An interpreter for the PostScript language and for PDF"
 url="http://ghostscript.com/"
 arch="all"
@@ -15,9 +15,14 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/
 	ghostscript-system-zlib.patch
 	fix-sprintf.patch
 	fix-alignment.patch
+	CVE-2017-8291.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   9.21-r2:
+#     - CVE-2017-8291
+
 prepare() {
 	cd "$builddir"
 
@@ -110,4 +115,5 @@ gtk() {
 sha512sums="c5ff632dc9b418ebeecaae796cecbaf9ffcb84d7a1b62c1af2e6c9082f7b9f24fe9dd9f6a57bde3640f54c3036f0b99b32aac9f8ca1f489c012369ab2b72ae92  ghostscript-9.21.tar.gz
 70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482  ghostscript-system-zlib.patch
 beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4  fix-sprintf.patch
-7c6f40217dc687df27ee6d33351fba12a737c2ae06d1c35208dc943776d8efa66c3e882f0b1b9aec566fad69fd28ce360cc243f1c1aa20834467e769889194f2  fix-alignment.patch"
+7c6f40217dc687df27ee6d33351fba12a737c2ae06d1c35208dc943776d8efa66c3e882f0b1b9aec566fad69fd28ce360cc243f1c1aa20834467e769889194f2  fix-alignment.patch
+c17121e564dd26033508199f3e587bfcee5589fec6e45e822c79f648c3a3b70363f04ad33538070c4d24c96e5795b277345359b66d2f360b996fca77239102b5  CVE-2017-8291.patch"
diff --git a/main/ghostscript/CVE-2017-8291.patch b/main/ghostscript/CVE-2017-8291.patch
new file mode 100644
index 0000000000..83f3b4fcc5
--- /dev/null
+++ b/main/ghostscript/CVE-2017-8291.patch
@@ -0,0 +1,60 @@
+From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:21:31 +0100
+Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+---
+ psi/zfrsd.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 191107d..950588d 100644
+--- a/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+     ref *pFilter;
+     ref *pDecodeParms;
+     int Intent = 0;
+-    bool AsyncRead;
++    bool AsyncRead = false;
+     ref empty_array, filter1_array, parms1_array;
+     uint i;
+-    int code;
++    int code = 0;
++
++    if (ref_stack_count(&o_stack) < 1)
++        return_error(gs_error_stackunderflow);
++    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++        return_error(gs_error_typecheck);
++    }
+ 
+     make_empty_array(&empty_array, a_readonly);
+-    if (dict_find_string(op, "Filter", &pFilter) > 0) {
++    if (r_has_type(op, t_dictionary)
++        && dict_find_string(op, "Filter", &pFilter) > 0) {
+         if (!r_is_array(pFilter)) {
+             if (!r_has_type(pFilter, t_name))
+                 return_error(gs_error_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+                 return_error(gs_error_typecheck);
+         }
+     }
+-    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++    if (r_has_type(op, t_dictionary))
++        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+     if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
+         return code;
+-    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+-        )
+-        return code;
++    if (r_has_type(op, t_dictionary))
++        if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++            return code;
+     push(1);
+     op[-1] = *pFilter;
+     if (pDecodeParms)
+-- 
+2.9.1
+
-- 
2.12.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 3.5-stable] main/mupdf: security fixes #6897 (CVE-2017-6060)

Daniel Sabogal
Details
Message ID
<20170503174131.31939-2-dsabogalcc@gmail.com>
In-Reply-To
<20170503174131.31939-1-dsabogalcc@gmail.com> (view parent)
Sender timestamp
1493833290
DKIM signature
missing
Download raw message
Patch: +51 -4
---
 main/mupdf/APKBUILD            | 14 ++++++++++----
 main/mupdf/CVE-2017-6060.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 main/mupdf/CVE-2017-6060.patch

diff --git a/main/mupdf/APKBUILD b/main/mupdf/APKBUILD
index 166d6d5075..4f6117af2c 100644
--- a/main/mupdf/APKBUILD
+++ b/main/mupdf/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Daniel Sabogal <dsabogalcc@gmail.com>
 pkgname=mupdf
 pkgver=1.10a
-pkgrel=2
+pkgrel=3
 pkgdesc="A lightweight PDF and XPS viewer"
 url="http://mupdf.com"
 arch="all"
@@ -18,9 +18,12 @@ source="http://mupdf.com/downloads/archive/$pkgname-$pkgver-source.tar.gz
 	openjpeg-2.1.patch
 	CVE-2017-5896.patch
 	CVE-2017-5991.patch
+	CVE-2017-6060.patch
 	"
 
 # secfixes:
+#   1.10a-r3:
+#   - CVE-2017-6060
 #   1.10a-r2:
 #   - CVE-2017-5991
 #   1.10a-r1:
@@ -86,14 +89,17 @@ md5sums="f80fbba2524d1d52f6ed09237d382411  mupdf-1.10a-source.tar.gz
 8c4c5ec03c3df7e87a672c79302f6df5  shared-lib.patch
 a5b85a55be0e958c16f900730ff24ad8  openjpeg-2.1.patch
 64d2931655dbea67a291032221b67e10  CVE-2017-5896.patch
-1c10386d9b536669c5c787b3b1585d6f  CVE-2017-5991.patch"
+1c10386d9b536669c5c787b3b1585d6f  CVE-2017-5991.patch
+b0a85e545d0ae1bfe8173c3034a1bab5  CVE-2017-6060.patch"
 sha256sums="aacc1f36b9180f562022ef1ab3439b009369d944364f3cff8a2a898834e3a836  mupdf-1.10a-source.tar.gz
 3ff3c9413c4c1005db7e41a085ce8e72ee1e956e8d1538a615f51f86f8bb1d14  shared-lib.patch
 12ea2a295b62ca85298273d54b423ec8e73fb52d712bcee20bab0507a595b7a0  openjpeg-2.1.patch
 23994ce0dc819b29f983328503d073595d56d75fd1001674d30275170fe96792  CVE-2017-5896.patch
-c600d516648c6324069930ea6b606a0a040dfaf7a9d3d323156c5e7d80bc4eb9  CVE-2017-5991.patch"
+c600d516648c6324069930ea6b606a0a040dfaf7a9d3d323156c5e7d80bc4eb9  CVE-2017-5991.patch
+0dd145a8ac2c11b0cf493b39c71b39b163b0ed0d05ee8c351500670e669bbe8b  CVE-2017-6060.patch"
 sha512sums="8c735963364985e74ceb38242afae555a3d2ee7c69abe3fe5c485e8613a83d996a58f231cb689a156019d431fa67d565503247d010b0a404054850483aed9fec  mupdf-1.10a-source.tar.gz
 bc38cc6935ed1c5941773e0671bea25d33897c1018c30f11ff3a1ec1e583276597f521b9e526f9bd38a6f9a1e76aa3e52782995ded72a618d07811abcd7ca734  shared-lib.patch
 bfb509c529e26c3d2dc827298ce3a6083640fbe3fd7491560ffb1e8f86d62bbd4a5d52721079caef8a38d6f332132b581859276000b397f9512673eedb0315a7  openjpeg-2.1.patch
 e9f29b909e016967fc9e6ca6723d63aecfea5c8aeadbd923bbf8a0fa1f4b0e16bd4eedac178bbf5fa359e47a55aa307b6581c6ce45b177ee12430f41c0b49cd7  CVE-2017-5896.patch
-b65a9dce7ba239be788d144c27edb7528ebcf08ead4defe887a08d7879cf72ca3b172a9a33ec3f9426743f45ecb9aac17baf1b526bf5f880beb00bdd84bdc42a  CVE-2017-5991.patch"
+b65a9dce7ba239be788d144c27edb7528ebcf08ead4defe887a08d7879cf72ca3b172a9a33ec3f9426743f45ecb9aac17baf1b526bf5f880beb00bdd84bdc42a  CVE-2017-5991.patch
+3e3f34e448967acb7772365065234c313cb014ebe6e3c3b3bcdbed2242b32ee5589ecd749d06fb4cd5f406eb37ca431e369c96b9adb3b5367d2e5296f1ca983e  CVE-2017-6060.patch"
diff --git a/main/mupdf/CVE-2017-6060.patch b/main/mupdf/CVE-2017-6060.patch
new file mode 100644
index 0000000000..cc03f6106b
--- /dev/null
+++ b/main/mupdf/CVE-2017-6060.patch
@@ -0,0 +1,41 @@
+squashed commits:
+06a012a42c9884e3cd653e7826cff1ddec04eb6e
+e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14
+
+From 05cb7595b61aa00a29f1609b75d280b589091356 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Tue, 11 Apr 2017 10:54:12 +0800
+Subject: [PATCH] Bug 697551: Make path and line buffers of equal size.
+
+Previously a too long line could be copied into the too short path buffer.
+
+jstest: Stop printing bogus script lines.
+---
+ platform/x11/jstest_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/platform/x11/jstest_main.c b/platform/x11/jstest_main.c
+index 13c3a0a3..36b32155 100644
+--- a/platform/x11/jstest_main.c
+@@ -346,7 +346,7 @@ main(int argc, char *argv[])
+ 				}
+ 				else if (match(&line, "OPEN"))
+ 				{
+-					char path[1024];
++					char path[LONGLINE];
+ 					if (file_open)
+ 						pdfapp_close(&gapp);
+ 					if (prefix)
+@@ -402,7 +402,7 @@ main(int argc, char *argv[])
+ 				}
+ 				else
+ 				{
+-					fprintf(stderr, "Unmatched: %s\n", line);
++					fprintf(stderr, "Ignoring line without script statement.\n");
+ 				}
+ 			}
+ 			while (!feof(script));
+-- 
+2.12.2
+
-- 
2.12.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH] main/tiff: improve CVE-2016-10268 patch

Daniel Sabogal
Details
Message ID
<20170503174131.31939-3-dsabogalcc@gmail.com>
In-Reply-To
<20170503174131.31939-1-dsabogalcc@gmail.com> (view parent)
Sender timestamp
1493833291
DKIM signature
missing
Download raw message
Patch: +2 -20
Ignore changes made to the ChangeLog
---
 main/tiff/APKBUILD             |  2 +-
 main/tiff/CVE-2016-10268.patch | 20 +-------------------
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 6f83689b14..ee9667c878 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -92,7 +92,7 @@ tools() {
 sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc  tiff-4.0.7.tar.gz
 5f7a86b6dc1c9bcf707a1fc9fc4b79cc0cfa457582d13f89cc5db1d59193db468ecc8fe976fe688ae7bb6cb451759420cd0a00d957b7c614dbe8fc762adc9734  CVE-2016-10266.patch
 fccbf981daedff8e4f3b610dc86823cdb0b2f1e08be345b775bd5c7ba89ef681b3cd4e04a97832753081e9df07db0a68a0a0a38cb4f538f260c475565c204f8b  CVE-2016-10267.patch
-57cd4f9aadaedac5f43d8085729ca5871a40c5bfc88fe01ec9db94162067fb9290ead0d5fba0fef1f6efc04fe2ec18a21703a314c0732be86ddfcca5275803c1  CVE-2016-10268.patch
+ed173f71e159a9bb22c602d067e455843e10484173aabdc085ee718afd404f4b58f77373a3526c16ac7c91395bbb277218b7a8ca840db4e3482d715661987236  CVE-2016-10268.patch
 3a807132bf751b9e3c0e5a014b6cd9c9b98f79581b2d70167af3e29797a204fe2977349052042757f9bc634faa1afbec01462a947c739fb1ee9b7249341e4879  CVE-2016-10269.patch
 1db4890259028c1c29c15137e743e376e1044475b1a3bbdeb946a1b54708a85422217228aed5f5c8ddf2cf156ec75264b430d1d3aa3539b805809d69522f84b5  CVE-2016-10270.patch
 001a2df978f51025771c243edee2d033c91114bdd5318a05730b910add9c70f219a848faad899f27421ca18da6ce9972013aa3ecf689cf4ea37ac5409b4b6244  CVE-2017-5225.patch
diff --git a/main/tiff/CVE-2016-10268.patch b/main/tiff/CVE-2016-10268.patch
index ce5f9be7a2..73e4552a77 100644
--- a/main/tiff/CVE-2016-10268.patch
+++ b/main/tiff/CVE-2016-10268.patch
@@ -7,27 +7,9 @@ Subject: [PATCH] * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips
  http://bugzilla.maptools.org/show_bug.cgi?id=2598
 
 ---
- ChangeLog      | 7 +++++++
  tools/tiffcp.c | 2 +-
- 2 files changed, 8 insertions(+), 1 deletion(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/ChangeLog b/ChangeLog
-index 668b66a..0f154d6 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,5 +1,12 @@
- 2016-12-02 Even Rouault <even.rouault at spatialys.com>
- 
-+	* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that 
-+	can cause various issues, such as buffer overflows in the library.
-+	Reported by Agostino Sarubbo.
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
-+
-+2016-12-02 Even Rouault <even.rouault at spatialys.com>
-+
- 	* libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
- 	TIFFReadEncodedStrip() that caused an integer division by zero.
- 	Reported by Agostino Sarubbo.
 diff --git a/tools/tiffcp.c b/tools/tiffcp.c
 index a99c906..f294ed1 100644
 --- a/tools/tiffcp.c
-- 
2.12.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---