Date: Thursday, January 24, 2019 @ 17:22:55 Author: andyrtr Revision: 344657
upgpkg: ghostscript 9.26-2 apply upstream fix for FS#61513 fixing some segfault + apply upstream fixes for CVE-2019-6116 Added: ghostscript/trunk/segfault.patch Modified: ghostscript/trunk/PKGBUILD ----------------+ PKGBUILD | 17 ++++++++++++++--- segfault.patch | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-01-24 16:55:54 UTC (rev 344656) +++ PKGBUILD 2019-01-24 17:22:55 UTC (rev 344657) @@ -3,7 +3,7 @@ pkgbase=ghostscript pkgname=(ghostscript ghostxps ghostpcl) pkgver=9.26 -pkgrel=1 +pkgrel=2 pkgdesc="An interpreter for the PostScript language" url="https://www.ghostscript.com/"; arch=('x86_64') @@ -12,8 +12,12 @@ 'libtiff' 'lcms2' 'dbus' 'libpaper' 'ijs' 'openjpeg2' 'libidn') makedepends=('gtk3' 'gnutls' 'glu' 'freeglut') # https://github.com/ArtifexSoftware/ghostpdl-downloads/releases -source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.gz) -sha512sums=('8862a4e7328a217b383a4c38caaabcc31930d38a80c3456668bb9de3aae943dec52dfbcc5eb5c18a9987a5f9b447bd4afe0e0c2e995a7de4eafa306fe246d229') +source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.gz + segfault.patch + https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz) +sha512sums=('8862a4e7328a217b383a4c38caaabcc31930d38a80c3456668bb9de3aae943dec52dfbcc5eb5c18a9987a5f9b447bd4afe0e0c2e995a7de4eafa306fe246d229' + '4c36dacedc38a981140d910316b1e6358882c02f86b7e8cff2addaf5c056ef7c6c6aaa1071e73cb56d781e891482da13706ca1a72b31cd7db9104dff5aad8b19' + '289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e') prepare() { cd ghostpdl-${pkgver} @@ -22,6 +26,13 @@ rm -r cups/libs expat ijs jbig2dec jpeg lcms2mt libpng openjpeg tiff zlib # using tree freetype because of https://bugs.archlinux.org/task/56849 # lcms2mt is the new lcms2 fork aimed to replace lcms2 in a thread safe way + + + # apply upstream fix for some segfaults FS#61513 + patch -Np1 -i ../segfault.patch + + # CVE-2019-6116 + patch -Np1 -i ../0001-Bug700317-Address-.force-operators-exposure.patch } build() { Added: segfault.patch =================================================================== --- segfault.patch (rev 0) +++ segfault.patch 2019-01-24 17:22:55 UTC (rev 344657) @@ -0,0 +1,35 @@ +From fae21f1668d2b44b18b84cf0923a1d5f3008a696 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <[email protected]> +Date: Tue, 4 Dec 2018 21:31:31 +0000 +Subject: [PATCH] subclassing devices - fix put_image method + +The subclassing devices need to change the 'memory device' parameter to +be the child device, when its the same as the subclassing device. + +Otherwise we end up trying to access the child device's memory pointers +in the subclassing device, which may not contain valid copies of +those pointers. +--- + base/gdevsclass.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/base/gdevsclass.c b/base/gdevsclass.c +index d9c85d2..5109258 100644 +--- a/base/gdevsclass.c ++++ b/base/gdevsclass.c +@@ -797,7 +797,10 @@ int default_subclass_put_image(gx_device *dev, gx_device *mdev, const byte **buf + int alpha_plane_index, int tag_plane_index) + { + if (dev->child) +- return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); ++ if (dev == mdev) ++ return dev_proc(dev->child, put_image)(dev->child, dev->child, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); ++ else ++ return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); + + return 0; + } +-- +2.9.1 + +
