1 |
tgurr 07/11/02 20:39:18 |
2 |
|
3 |
Added: ghostscript-CVE-2007-2721.patch |
4 |
digest-ghostscript-gpl-8.60-r1 |
5 |
digest-ghostscript-gpl-8.57-r1 |
6 |
digest-ghostscript-gpl-8.54-r1 |
7 |
Removed: digest-ghostscript-gpl-8.57 |
8 |
Log: |
9 |
Revbump adding the patch to fix CVE-2007-2721 in all available versions, see bug #196860. Also fix bug #197818, thanks Sven for reporting. |
10 |
(Portage version: 2.1.3.16) |
11 |
|
12 |
Revision Changes Path |
13 |
1.1 app-text/ghostscript-gpl/files/ghostscript-CVE-2007-2721.patch |
14 |
|
15 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/ghostscript-CVE-2007-2721.patch?rev=1.1&view=markup |
16 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/ghostscript-CVE-2007-2721.patch?rev=1.1&content-type=text/plain |
17 |
|
18 |
Index: ghostscript-CVE-2007-2721.patch |
19 |
=================================================================== |
20 |
--- /trunk/gs/jasper/src/libjasper/jp2/jp2_cod.c 2007/10/17 18:27:58 8297 |
21 |
+++ trunk/gs/jasper/src/libjasper/jp2/jp2_cod.c 2007/10/17 23:04:50 8298 |
22 |
@@ -247,7 +247,7 @@ |
23 |
box = 0; |
24 |
tmpstream = 0; |
25 |
|
26 |
- if (!(box = jas_malloc(sizeof(jp2_box_t)))) { |
27 |
+ if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) { |
28 |
goto error; |
29 |
} |
30 |
box->ops = &jp2_boxinfo_unk.ops; |
31 |
--- /trunk/gs/jasper/src/libjasper/jpc/jpc_cs.c 2007/10/17 18:27:58 8297 |
32 |
+++ trunk/gs/jasper/src/libjasper/jpc/jpc_cs.c 2007/10/17 23:04:50 8298 |
33 |
@@ -991,7 +991,10 @@ |
34 |
compparms->numstepsizes = (len - n) / 2; |
35 |
break; |
36 |
} |
37 |
-if (compparms->numstepsizes > 0) { |
38 |
+if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) { |
39 |
+ jpc_qcx_destroycompparms(compparms); |
40 |
+ return -1; |
41 |
+ } else if (compparms->numstepsizes > 0) { |
42 |
compparms->stepsizes = jas_malloc(compparms->numstepsizes * |
43 |
sizeof(uint_fast32_t)); |
44 |
assert(compparms->stepsizes); |
45 |
--- /trunk/gs/jasper/src/libjasper/jpc/jpc_dec.c 2007/10/17 18:27:58 8297 |
46 |
+++ trunk/gs/jasper/src/libjasper/jpc/jpc_dec.c 2007/10/17 23:04:50 8298 |
47 |
@@ -1219,7 +1219,7 @@ |
48 |
dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); |
49 |
dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); |
50 |
dec->numtiles = dec->numhtiles * dec->numvtiles; |
51 |
- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) { |
52 |
+ if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) { |
53 |
return -1; |
54 |
} |
55 |
|
56 |
@@ -1243,7 +1243,7 @@ |
57 |
tile->pkthdrstreampos = 0; |
58 |
tile->pptstab = 0; |
59 |
tile->cp = 0; |
60 |
- if (!(tile->tcomps = jas_malloc(dec->numcomps * |
61 |
+ if (!(tile->tcomps = jas_calloc(dec->numcomps, |
62 |
sizeof(jpc_dec_tcomp_t)))) { |
63 |
return -1; |
64 |
} |
65 |
|
66 |
|
67 |
|
68 |
|
69 |
|
70 |
1.1 app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.60-r1 |
71 |
|
72 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.60-r1?rev=1.1&view=markup |
73 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.60-r1?rev=1.1&content-type=text/plain |
74 |
|
75 |
Index: digest-ghostscript-gpl-8.60-r1 |
76 |
=================================================================== |
77 |
MD5 2fbae60417d42779f6488ab897dcaaf6 acro5-cmaps-2001.tar.gz 631653 |
78 |
RMD160 c723afc2207157a434988b46bcf0a458281c29a4 acro5-cmaps-2001.tar.gz 631653 |
79 |
SHA256 80abec481fd4b5e59ac3d3f5790542dbfabe3c9269a6ac17064160d6dab38ee4 acro5-cmaps-2001.tar.gz 631653 |
80 |
MD5 dfc93dd2aaaf2b86d2fd55f654c13261 adobe-cmaps-200406.tar.gz 5001983 |
81 |
RMD160 284b943b3476f6f7e2bc49842fd027c6f7f57552 adobe-cmaps-200406.tar.gz 5001983 |
82 |
SHA256 0f397255506cda4b20e362ab5e3f6cdacba09e0a0cca7f4d93afd980977c5689 adobe-cmaps-200406.tar.gz 5001983 |
83 |
MD5 89fc0a90e67caf151a9d6855200c68ca ghostscript-8.60.tar.bz2 12942029 |
84 |
RMD160 208168fcd6bc5fd931d15b288ce9324f59ba07a3 ghostscript-8.60.tar.bz2 12942029 |
85 |
SHA256 f615f936e38d2e7a6da588de6655f2b23207c0a906df1960b1d7e83c3241982a ghostscript-8.60.tar.bz2 12942029 |
86 |
MD5 cbb24f8c50b5a94ecf1635048d2f11d6 gsdjvu-1.2.tar.gz 214539 |
87 |
RMD160 6cf27e95955b5ae0cc15dacc36ce514ff8347ab0 gsdjvu-1.2.tar.gz 214539 |
88 |
SHA256 ab4a81eddb44241bb71b5ec813242036312effc9eb1b343b3c257fb563fa8a49 gsdjvu-1.2.tar.gz 214539 |
89 |
|
90 |
|
91 |
|
92 |
1.1 app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.57-r1 |
93 |
|
94 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.57-r1?rev=1.1&view=markup |
95 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.57-r1?rev=1.1&content-type=text/plain |
96 |
|
97 |
Index: digest-ghostscript-gpl-8.57-r1 |
98 |
=================================================================== |
99 |
MD5 2fbae60417d42779f6488ab897dcaaf6 acro5-cmaps-2001.tar.gz 631653 |
100 |
RMD160 c723afc2207157a434988b46bcf0a458281c29a4 acro5-cmaps-2001.tar.gz 631653 |
101 |
SHA256 80abec481fd4b5e59ac3d3f5790542dbfabe3c9269a6ac17064160d6dab38ee4 acro5-cmaps-2001.tar.gz 631653 |
102 |
MD5 dfc93dd2aaaf2b86d2fd55f654c13261 adobe-cmaps-200406.tar.gz 5001983 |
103 |
RMD160 284b943b3476f6f7e2bc49842fd027c6f7f57552 adobe-cmaps-200406.tar.gz 5001983 |
104 |
SHA256 0f397255506cda4b20e362ab5e3f6cdacba09e0a0cca7f4d93afd980977c5689 adobe-cmaps-200406.tar.gz 5001983 |
105 |
MD5 4ce09b1dce09b6b9398af0daae9adf63 cups-1.1.23-source.tar.bz2 8705521 |
106 |
RMD160 255ec4c22422b14f2367d69f3ec7e590dc46bea5 cups-1.1.23-source.tar.bz2 8705521 |
107 |
SHA256 87da0f7b1e03236e183045f1e787957132658ead56c4b0f80ac7f86c1574a85e cups-1.1.23-source.tar.bz2 8705521 |
108 |
MD5 ecf57b4597f1d8c54ba8e6068a9119ab gdevhl12.c.gz 7613 |
109 |
RMD160 3adffbf7df824abd02242dadf847b09246f411bb gdevhl12.c.gz 7613 |
110 |
SHA256 3905677ab494a1b82ee2a6cc78975a5fdc08d81a65c12af35746bb3d2889b3e2 gdevhl12.c.gz 7613 |
111 |
MD5 cc8368863fe6b666aaf13beb83ba300a ghostscript-8.57.tar.bz2 11934408 |
112 |
RMD160 034331d9713cb551e1081c6bd53dbe4c983c2908 ghostscript-8.57.tar.bz2 11934408 |
113 |
SHA256 29c4cbf8bd95a14046d72eba7edbec60ffd25c37b3b3427f7c8ad5f81636ab15 ghostscript-8.57.tar.bz2 11934408 |
114 |
MD5 46bce036ad0b9b284f4c8f3530f7c684 gsdjvu-1.1.tar.gz 214364 |
115 |
RMD160 aa1ff4a80b02b16e43bf8e14719613f98bdf13c6 gsdjvu-1.1.tar.gz 214364 |
116 |
SHA256 39f32b9946a65cbe8d5b7c2882ef0e82d5858e78e04b568bb525d2c4e2d6ce78 gsdjvu-1.1.tar.gz 214364 |
117 |
|
118 |
|
119 |
|
120 |
1.1 app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.54-r1 |
121 |
|
122 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.54-r1?rev=1.1&view=markup |
123 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gpl/files/digest-ghostscript-gpl-8.54-r1?rev=1.1&content-type=text/plain |
124 |
|
125 |
Index: digest-ghostscript-gpl-8.54-r1 |
126 |
=================================================================== |
127 |
MD5 2fbae60417d42779f6488ab897dcaaf6 acro5-cmaps-2001.tar.gz 631653 |
128 |
RMD160 c723afc2207157a434988b46bcf0a458281c29a4 acro5-cmaps-2001.tar.gz 631653 |
129 |
SHA256 80abec481fd4b5e59ac3d3f5790542dbfabe3c9269a6ac17064160d6dab38ee4 acro5-cmaps-2001.tar.gz 631653 |
130 |
MD5 dfc93dd2aaaf2b86d2fd55f654c13261 adobe-cmaps-200406.tar.gz 5001983 |
131 |
RMD160 284b943b3476f6f7e2bc49842fd027c6f7f57552 adobe-cmaps-200406.tar.gz 5001983 |
132 |
SHA256 0f397255506cda4b20e362ab5e3f6cdacba09e0a0cca7f4d93afd980977c5689 adobe-cmaps-200406.tar.gz 5001983 |
133 |
MD5 4ce09b1dce09b6b9398af0daae9adf63 cups-1.1.23-source.tar.bz2 8705521 |
134 |
RMD160 255ec4c22422b14f2367d69f3ec7e590dc46bea5 cups-1.1.23-source.tar.bz2 8705521 |
135 |
SHA256 87da0f7b1e03236e183045f1e787957132658ead56c4b0f80ac7f86c1574a85e cups-1.1.23-source.tar.bz2 8705521 |
136 |
MD5 ecf57b4597f1d8c54ba8e6068a9119ab gdevhl12.c.gz 7613 |
137 |
RMD160 3adffbf7df824abd02242dadf847b09246f411bb gdevhl12.c.gz 7613 |
138 |
SHA256 3905677ab494a1b82ee2a6cc78975a5fdc08d81a65c12af35746bb3d2889b3e2 gdevhl12.c.gz 7613 |
139 |
MD5 5d0ad0da8297fe459a788200f0eaeeba ghostscript-8.54-gpl.tar.bz2 12365361 |
140 |
RMD160 f61f6da568ffe440a466cd0d7b5871a3d87d1116 ghostscript-8.54-gpl.tar.bz2 12365361 |
141 |
SHA256 64f43553223390a3e519efed2b3dfee8a4c79df5a373a0e96861483565957e1b ghostscript-8.54-gpl.tar.bz2 12365361 |
142 |
MD5 46bce036ad0b9b284f4c8f3530f7c684 gsdjvu-1.1.tar.gz 214364 |
143 |
RMD160 aa1ff4a80b02b16e43bf8e14719613f98bdf13c6 gsdjvu-1.1.tar.gz 214364 |
144 |
SHA256 39f32b9946a65cbe8d5b7c2882ef0e82d5858e78e04b568bb525d2c4e2d6ce78 gsdjvu-1.1.tar.gz 214364 |
145 |
|
146 |
|
147 |
|
148 |
-- |
149 |
gentoo-commits@g.o mailing list |