From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-text/ghostscript-gpl/, app-text/ghostscript-gpl/files/
Date: Mon, 13 Sep 2021 00:54:30 +0000 (UTC) [thread overview]
Message-ID: <1631494458.eeb37a3981b77ed60be7975287e1a503375fa493.sam@gentoo> (raw)
commit: eeb37a3981b77ed60be7975287e1a503375fa493
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 13 00:53:50 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep 13 00:54:18 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eeb37a39
app-text/ghostscript-gpl: patch CVE-2021-3781
Bug: https://bugs.gentoo.org/812509
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../ghostscript-gpl-9.54.0-CVE-2021-3781.patch | 213 +++++++++++++++++++++
.../ghostscript-gpl-9.54.0-r1.ebuild | 191 ++++++++++++++++++
2 files changed, 404 insertions(+)
diff --git a/app-text/ghostscript-gpl/files/ghostscript-gpl-9.54.0-CVE-2021-3781.patch b/app-text/ghostscript-gpl/files/ghostscript-gpl-9.54.0-CVE-2021-3781.patch
new file mode 100644
index 00000000000..779bedad4bd
--- /dev/null
+++ b/app-text/ghostscript-gpl/files/ghostscript-gpl-9.54.0-CVE-2021-3781.patch
@@ -0,0 +1,213 @@
+https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
+https://bugs.gentoo.org/812509
+
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 7 Sep 2021 20:36:12 +0100
+Subject: [PATCH 1/1] Bug 704342: Include device specifier strings in access
+ validation
+
+for the "%pipe%", %handle%" and %printer% io devices.
+
+We previously validated only the part after the "%pipe%" Postscript device
+specifier, but this proved insufficient.
+
+This rebuilds the original file name string, and validates it complete. The
+slight complication for "%pipe%" is it can be reached implicitly using
+"|" so we have to check both prefixes.
+
+Addresses CVE-2021-3781
+--- a/base/gdevpipe.c
++++ b/base/gdevpipe.c
+@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ #else
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ /* The pipe device can be reached in two ways, explicltly with %pipe%
++ or implicitly with "|", so we have to check for both
++ */
++ char f[gp_file_name_sizeof];
++ const char *pipestr = "|";
++ const size_t pipestrlen = strlen(pipestr);
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
++ int code1;
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ code1 = gp_validate_path(mem, f, access);
++
++ memcpy(f, pipestr, pipestrlen);
++ memcpy(f + pipestrlen, fname, nlen + 1);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
+ return gs_error_invalidfileaccess;
+
+ /*
+--- a/base/gp_mshdl.c
++++ b/base/gp_mshdl.c
+@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ long hfile; /* Correct for Win32, may be wrong for Win64 */
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ char f[gp_file_name_sizeof];
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, f, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_handle method. */
+--- a/base/gp_msprn.c
++++ b/base/gp_msprn.c
+@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(pname, iodev->dname, preflen);
++ memcpy(pname + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, pname, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+--- a/base/gp_os2pr.c
++++ b/base/gp_os2pr.c
+@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ FILE ** pfile, char *rfname, uint rnamelen)
+ {
+ os2_printer_t *pr = (os2_printer_t *)iodev->state;
+- char driver_name[256];
++ char driver_name[gp_file_name_sizeof];
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const int size_t = strlen(fname);
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(driver_name, iodev->dname, preflen);
++ memcpy(driver_name + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, driver_name, access) != 0)
++ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+ /* Note that the loop condition here ensures we don't
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
+ int
+ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+ rewrite_percent_specifiers(f);
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_add_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_add_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_add_control_path(mem, gs_permit_file_control, fp);
++
++ code = gs_add_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_add_control_path(mem, gs_permit_file_writing, fp);
++ return gs_add_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_remove_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_remove_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_remove_control_path(mem, gs_permit_file_control, fp);
++ rewrite_percent_specifiers(f);
++
++ code = gs_remove_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_remove_control_path(mem, gs_permit_file_writing, fp);
++ return gs_remove_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
diff --git a/app-text/ghostscript-gpl/ghostscript-gpl-9.54.0-r1.ebuild b/app-text/ghostscript-gpl/ghostscript-gpl-9.54.0-r1.ebuild
new file mode 100644
index 00000000000..f494a7875d2
--- /dev/null
+++ b/app-text/ghostscript-gpl/ghostscript-gpl-9.54.0-r1.ebuild
@@ -0,0 +1,191 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Interpreter for the PostScript language and PDF"
+HOMEPAGE="https://ghostscript.com/"
+
+MY_PN=${PN/-gpl}
+MY_P="${MY_PN}-${PV/_}"
+PVM=$(ver_cut 1-2)
+PVM_S=$(ver_rs 1-2 "")
+
+MY_PATCHSET="ghostscript-gpl-9.54-patchset-01.tar.xz"
+
+SRC_URI="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${PVM_S}/${MY_P}.tar.xz"
+
+if [[ -n "${MY_PATCHSET}" ]] ; then
+ SRC_URI+=" https://dev.gentoo.org/~whissi/dist/ghostscript-gpl/${MY_PATCHSET}"
+fi
+
+LICENSE="AGPL-3 CPL-1.0"
+SLOT="0/$(ver_cut 1-2)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="cups dbus gtk +jpeg2k l10n_de static-libs unicode X"
+
+LANGS="ja ko zh-CN zh-TW"
+for X in ${LANGS} ; do
+ IUSE="${IUSE} l10n_${X}"
+done
+
+DEPEND="
+ app-text/libpaper
+ media-libs/fontconfig
+ >=media-libs/freetype-2.4.9:2=
+ >=media-libs/jbig2dec-0.19:=
+ >=media-libs/lcms-2.6:2
+ >=media-libs/libpng-1.6.2:0=
+ >=media-libs/tiff-4.0.1:0=
+ >=sys-libs/zlib-1.2.7
+ virtual/jpeg:0
+ cups? ( >=net-print/cups-1.3.8 )
+ dbus? ( sys-apps/dbus )
+ gtk? ( || ( x11-libs/gtk+:3 x11-libs/gtk+:2 ) )
+ jpeg2k? ( >=media-libs/openjpeg-2.1.0:2= )
+ unicode? ( net-dns/libidn:0= )
+ X? ( x11-libs/libXt x11-libs/libXext )
+"
+BDEPEND="virtual/pkgconfig"
+RDEPEND="${DEPEND}
+ app-text/poppler-data
+ >=media-fonts/urw-fonts-2.4.9
+ l10n_ja? ( media-fonts/kochi-substitute )
+ l10n_ko? ( media-fonts/baekmuk-fonts )
+ l10n_zh-CN? ( media-fonts/arphicfonts )
+ l10n_zh-TW? ( media-fonts/arphicfonts )
+"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ if [[ -n "${MY_PATCHSET}" ]] ; then
+ # apply various patches, many borrowed from Fedora
+ # https://src.fedoraproject.org/rpms/ghostscript
+ # and Debian
+ # https://salsa.debian.org/printing-team/ghostscript/-/tree/debian/latest/debian/patches
+ eapply "${WORKDIR}/patches/"*.patch
+ fi
+
+ eapply "${FILESDIR}"/${P}-CVE-2021-3781.patch
+
+ default
+
+ # remove internal copies of various libraries
+ rm -r cups/libs || die
+ rm -r freetype || die
+ rm -r jbig2dec || die
+ rm -r jpeg || die
+ rm -r lcms2mt || die
+ rm -r libpng || die
+ rm -r tiff || die
+ rm -r zlib || die
+ rm -r openjpeg || die
+ # remove internal CMaps (CMaps from poppler-data are used instead)
+ rm -r Resource/CMap || die
+
+ if ! use gtk ; then
+ sed -e "s:\$(GSSOX)::" \
+ -e "s:.*\$(GSSOX_XENAME)$::" \
+ -i base/unix-dll.mak || die "sed failed"
+ fi
+
+ # Force the include dirs to a neutral location.
+ sed -e "/^ZLIBDIR=/s:=.*:=${T}:" \
+ -i configure.ac || die
+ # Some files depend on zlib.h directly. Redirect them. #573248
+ # Also make sure to not define OPJ_STATIC to avoid linker errors due to
+ # hidden symbols (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203327#c1)
+ sed -e '/^zlib_h/s:=.*:=:' \
+ -e 's|-DOPJ_STATIC ||' \
+ -i base/lib.mak || die
+
+ # search path fix
+ # put LDFLAGS after BINDIR, bug #383447
+ sed -e "s:\$\(gsdatadir\)/lib:@datarootdir@/ghostscript/${PV}/$(get_libdir):" \
+ -e "s:exdir=.*:exdir=@datarootdir@/doc/${PF}/examples:" \
+ -e "s:docdir=.*:docdir=@datarootdir@/doc/${PF}/html:" \
+ -e "s:GS_DOCDIR=.*:GS_DOCDIR=@datarootdir@/doc/${PF}/html:" \
+ -e 's:-L$(BINDIR):& $(LDFLAGS):g' \
+ -i Makefile.in base/*.mak || die "sed failed"
+
+ # remove incorrect symlink, bug 590384
+ rm ijs/ltmain.sh || die
+ eautoreconf
+
+ cd ijs || die
+ eautoreconf
+}
+
+src_configure() {
+ local FONTPATH
+ for path in \
+ "${EPREFIX}"/usr/share/fonts/urw-fonts \
+ "${EPREFIX}"/usr/share/fonts/Type1 \
+ "${EPREFIX}"/usr/share/fonts \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-CNS1 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-GB1 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-Japan1 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-Japan2 \
+ "${EPREFIX}"/usr/share/poppler/cMap/Adobe-Korea1
+ do
+ FONTPATH="$FONTPATH${FONTPATH:+:}${EPREFIX}$path"
+ done
+
+ PKGCONFIG=$(type -P $(tc-getPKG_CONFIG)) \
+ econf \
+ --enable-dynamic \
+ --enable-freetype \
+ --enable-fontconfig \
+ $(use_enable jpeg2k openjpeg) \
+ --disable-compile-inits \
+ --with-drivers=ALL \
+ --with-fontpath="$FONTPATH" \
+ --with-ijs \
+ --with-jbig2dec \
+ --with-libpaper \
+ --with-system-libtiff \
+ $(use_enable cups) \
+ $(use_enable dbus) \
+ $(use_enable gtk) \
+ $(use_with cups pdftoraster) \
+ $(use_with unicode libidn) \
+ $(use_with X x) \
+ DARWIN_LDFLAGS_SO_PREFIX="${EPREFIX}/usr/lib/"
+
+ cd "${S}/ijs" || die
+ econf \
+ --enable-shared \
+ $(use_enable static-libs static)
+}
+
+src_compile() {
+ emake so all
+
+ cd ijs || die
+ emake
+}
+
+src_install() {
+ emake DESTDIR="${D}" install-so install
+
+ # move gsc to gs, bug #343447
+ # gsc collides with gambit, bug #253064
+ mv -f "${ED}"/usr/bin/{gsc,gs} || die
+
+ cd "${S}/ijs" || die
+ emake DESTDIR="${D}" install
+
+ # install the CMaps from poppler-data properly, bug #409361
+ dosym ../../../poppler/cMaps "/usr/share/ghostscript/${PV}/Resource/CMap"
+
+ if ! use static-libs; then
+ find "${ED}" -name '*.la' -delete || die
+ fi
+
+ if ! use l10n_de; then
+ rm -r "${ED}"/usr/share/man/de || die
+ fi
+}
next reply other threads:[~2021-09-13 0:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-13 0:54 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-09-01 7:33 [gentoo-commits] repo/gentoo:master commit in: app-text/ghostscript-gpl/, app-text/ghostscript-gpl/files/ Sam James
2024-03-12 17:01 Sam James
2022-01-15 14:15 Andreas Sturmlechner
2021-09-21 19:02 Sam James
2020-12-14 20:10 Thomas Deutschmann
2020-10-20 8:09 Sam James
2015-10-23 10:00 Justin Lecher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1631494458.eeb37a3981b77ed60be7975287e1a503375fa493.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox