Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Sep 2015 23:15:07 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r395804 - in branches/2015Q3/print: ghostscript7 ghostscript7/files ghostscript8 ghostscript8/files ghostscript9 ghostscript9-agpl ghostscript9-agpl/files ghostscript9/files
Message-ID:  <201509012315.t81NF72A061328@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: junovitch
Date: Tue Sep  1 23:15:06 2015
New Revision: 395804
URL: https://svnweb.freebsd.org/changeset/ports/395804

Log:
  MFH: r395047 (security relevant change only)
  
  - Apply fix for CVE-2015-3228, denial of service via crafted Postscript files.
  
  The security relevant change was applied manually as r395047 split the
  Ghostscript ports into separate X11-independent and -dependent parts.
  
  PR:		202781
  Security:	CVE-2015-3228
  Security:	fc1f6658-4f53-11e5-934b-002590263bf5
  Approved by:	ports-secteam (feld), feld,delphij (mentors)

Added:
  branches/2015Q3/print/ghostscript7/files/patch-src-gsmalloc.c
     - copied unchanged from r395637, head/print/ghostscript7-base/files/patch-src-gsmalloc.c
  branches/2015Q3/print/ghostscript8/files/patch-base-gsmalloc.c
     - copied unchanged from r395637, head/print/ghostscript8-base/files/patch-base-gsmalloc.c
  branches/2015Q3/print/ghostscript9-agpl/files/patch-base-gsmalloc.c
     - copied unchanged from r395637, head/print/ghostscript9-agpl-base/files/patch-base-gsmalloc.c
  branches/2015Q3/print/ghostscript9/files/patch-base-gsmalloc.c
     - copied unchanged from r395637, head/print/ghostscript9-base/files/patch-base-gsmalloc.c
Modified:
  branches/2015Q3/print/ghostscript7/Makefile
  branches/2015Q3/print/ghostscript8/Makefile
  branches/2015Q3/print/ghostscript9-agpl/Makefile
  branches/2015Q3/print/ghostscript9/Makefile

Modified: branches/2015Q3/print/ghostscript7/Makefile
==============================================================================
--- branches/2015Q3/print/ghostscript7/Makefile	Tue Sep  1 22:49:57 2015	(r395803)
+++ branches/2015Q3/print/ghostscript7/Makefile	Tue Sep  1 23:15:06 2015	(r395804)
@@ -3,7 +3,7 @@
 
 PORTNAME=	ghostscript
 PORTVERSION=	7.07
-PORTREVISION=	31
+PORTREVISION=	32
 CATEGORIES=	print
 MASTER_SITES=	SF/ghostscript/gnu-gs/${PORTVERSION}:gs_srcs \
 		ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/gnu/gs${PORTVERSION:S/.//}/:gs_srcs \

Copied: branches/2015Q3/print/ghostscript7/files/patch-src-gsmalloc.c (from r395637, head/print/ghostscript7-base/files/patch-src-gsmalloc.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/print/ghostscript7/files/patch-src-gsmalloc.c	Tue Sep  1 23:15:06 2015	(r395804, copy of r395637, head/print/ghostscript7-base/files/patch-src-gsmalloc.c)
@@ -0,0 +1,11 @@
+--- src/gsmalloc.c.orig	2015-07-24 09:55:54.032137000 +0900
++++ src/gsmalloc.c	2015-07-24 09:57:15.070246000 +0900
+@@ -170,7 +170,7 @@
+     } else {
+ 	uint added = size + sizeof(gs_malloc_block_t);
+ 
+-	if (mmem->limit - added < mmem->used)
++	if (added <= size || mmem->limit - added < mmem->used)
+ 	    set_msg("exceeded limit");
+ 	else if ((ptr = (byte *) malloc(added)) == 0)
+ 	    set_msg("failed");

Modified: branches/2015Q3/print/ghostscript8/Makefile
==============================================================================
--- branches/2015Q3/print/ghostscript8/Makefile	Tue Sep  1 22:49:57 2015	(r395803)
+++ branches/2015Q3/print/ghostscript8/Makefile	Tue Sep  1 23:15:06 2015	(r395804)
@@ -3,7 +3,7 @@
 
 PORTNAME=	ghostscript
 PORTVERSION=	8.71
-PORTREVISION=	18
+PORTREVISION=	19
 CATEGORIES=	print
 MASTER_SITES=	http://downloads.ghostscript.com/public/:gs_srcs \
 		SF/ghostscript/GPL%20Ghostscript/${PORTVERSION}:gs_srcs \

Copied: branches/2015Q3/print/ghostscript8/files/patch-base-gsmalloc.c (from r395637, head/print/ghostscript8-base/files/patch-base-gsmalloc.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/print/ghostscript8/files/patch-base-gsmalloc.c	Tue Sep  1 23:15:06 2015	(r395804, copy of r395637, head/print/ghostscript8-base/files/patch-base-gsmalloc.c)
@@ -0,0 +1,11 @@
+--- base/gsmalloc.c.orig	2015-07-24 09:52:39.718916000 +0900
++++ base/gsmalloc.c	2015-07-24 09:54:31.761202000 +0900
+@@ -174,7 +174,7 @@
+     } else {
+ 	uint added = size + sizeof(gs_malloc_block_t);
+ 
+-	if (mmem->limit - added < mmem->used)
++	if (added <= size || mmem->limit - added < mmem->used)
+ 	    set_msg("exceeded limit");
+ 	else if ((ptr = (byte *) malloc(added)) == 0)
+ 	    set_msg("failed");

Modified: branches/2015Q3/print/ghostscript9-agpl/Makefile
==============================================================================
--- branches/2015Q3/print/ghostscript9-agpl/Makefile	Tue Sep  1 22:49:57 2015	(r395803)
+++ branches/2015Q3/print/ghostscript9-agpl/Makefile	Tue Sep  1 23:15:06 2015	(r395804)
@@ -2,7 +2,7 @@
 
 PORTNAME=	ghostscript
 PORTVERSION=	9.15
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	print
 MASTER_SITES=	http://downloads.ghostscript.com/public/:gs_srcs \
 		SF/ghostscript/GPL%20Ghostscript/${PORTVERSION}:gs_srcs \

Copied: branches/2015Q3/print/ghostscript9-agpl/files/patch-base-gsmalloc.c (from r395637, head/print/ghostscript9-agpl-base/files/patch-base-gsmalloc.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/print/ghostscript9-agpl/files/patch-base-gsmalloc.c	Tue Sep  1 23:15:06 2015	(r395804, copy of r395637, head/print/ghostscript9-agpl-base/files/patch-base-gsmalloc.c)
@@ -0,0 +1,11 @@
+--- base/gsmalloc.c.orig	2015-08-22 03:09:16.838614000 +0900
++++ base/gsmalloc.c	2015-08-22 03:09:34.776354000 +0900
+@@ -178,7 +178,7 @@
+     } else {
+         uint added = size + sizeof(gs_malloc_block_t);
+ 
+-        if (mmem->limit - added < mmem->used)
++        if (added <= size || mmem->limit - added < mmem->used)
+             set_msg("exceeded limit");
+         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
+             set_msg("failed");

Modified: branches/2015Q3/print/ghostscript9/Makefile
==============================================================================
--- branches/2015Q3/print/ghostscript9/Makefile	Tue Sep  1 22:49:57 2015	(r395803)
+++ branches/2015Q3/print/ghostscript9/Makefile	Tue Sep  1 23:15:06 2015	(r395804)
@@ -2,7 +2,7 @@
 
 PORTNAME=	ghostscript
 PORTVERSION=	9.06
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	print
 MASTER_SITES=	http://downloads.ghostscript.com/public/:gs_srcs \
 		SF/ghostscript/GPL%20Ghostscript/${PORTVERSION}:gs_srcs \

Copied: branches/2015Q3/print/ghostscript9/files/patch-base-gsmalloc.c (from r395637, head/print/ghostscript9-base/files/patch-base-gsmalloc.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/print/ghostscript9/files/patch-base-gsmalloc.c	Tue Sep  1 23:15:06 2015	(r395804, copy of r395637, head/print/ghostscript9-base/files/patch-base-gsmalloc.c)
@@ -0,0 +1,11 @@
+--- base/gsmalloc.c.orig	2015-07-24 09:41:05.295969000 +0900
++++ base/gsmalloc.c	2015-07-24 09:41:15.146305000 +0900
+@@ -178,7 +178,7 @@
+     } else {
+         uint added = size + sizeof(gs_malloc_block_t);
+ 
+-        if (mmem->limit - added < mmem->used)
++        if (added <= size || mmem->limit - added < mmem->used)
+             set_msg("exceeded limit");
+         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
+             set_msg("failed");



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509012315.t81NF72A061328>