[CVS] OpenPKG: OPENPKG_1_1_SOLID: openpkg-src/ghostscript/ ghostscript...

Tue, 03 Jun 2003 22:18:16 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src openpkg-web          Date:   03-Jun-2003 14:11:20
  Branch: OPENPKG_1_1_SOLID HEAD           Handle: 2003060313111801

  Added files:              (Branch: OPENPKG_1_1_SOLID)
    openpkg-src/ghostscript ghostscript.patch
  Modified files:
    openpkg-web             news.txt
  Modified files:           (Branch: OPENPKG_1_1_SOLID)
    openpkg-src/ghostscript ghostscript.spec

  Log:
    SA-2003.030-ghostscript; CAN-2003-0354; execute arbitrary commands

  Summary:
    Revision    Changes     Path
    1.1.2.1     +104 -0     openpkg-src/ghostscript/ghostscript.patch
    1.21.2.2    +3  -1      openpkg-src/ghostscript/ghostscript.spec
    1.4704      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/ghostscript/ghostscript.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.2.1 ghostscript.patch
  --- /dev/null 2003-06-03 14:11:19.000000000 +0200
  +++ ghostscript.patch 2003-06-03 14:11:19.000000000 +0200
  @@ -0,0 +1,104 @@
  +--- gs7.04/src/zfile.c.orig  Wed Jan 30 21:08:31 2002
  ++++ gs7.04/src/zfile.c       Tue Jun  3 12:58:31 2003
  +@@ -53,7 +53,7 @@
  + extern const char iodev_dtype_stdio[];
  + 
  + /* Forward references: file name parsing. */
  +-private int parse_file_name(P2(const ref * op, gs_parsed_file_name_t * pfn));
  ++private int parse_file_name(P3(const ref * op, gs_parsed_file_name_t * pfn, bool 
safemode));
  + private int parse_real_file_name(P4(const ref * op,
  +                                 gs_parsed_file_name_t * pfn,
  +                                 gs_memory_t *mem, client_name_t cname));
  +@@ -153,20 +153,6 @@
  +     /* recognized as a file name separator as on DOS & Windows        */
  +     const char *filenamesep = gp_file_name_concat_string("\\", 1);
  + 
  +-    /*
  +-     * We can't know where we will get to if we reference the parent
  +-     * directory, so don't allow access if LockFilePermissions is true
  +-     * Also check here for the %pipe device which is illegal when
  +-     * LockFilePermissions is true. In the future we might want to allow
  +-     * the %pipe device to be included on the PermitFile... paths, but
  +-     * for now it is simply disallowed.
  +-     */
  +-    if (i_ctx_p->LockFilePermissions &&
  +-        (gp_file_name_references_parent(fname, len) ||
  +-               string_match(fname, len, "%pipe*", 5, NULL))
  +-       ) {
  +-    return e_invalidfileaccess;
  +-    }
  +     if (dict_find_string(&(i_ctx_p->userparams), permitgroup, &permitlist) <= 0)
  +         return 0;   /* if Permissions not found, just allow access */
  +     for (i=0; i<r_size(permitlist); i++) {
  +@@ -201,7 +187,7 @@
  + 
  +     if (code < 0)
  +     return code;
  +-    code = parse_file_name(op - 1, &pname);
  ++    code = parse_file_name(op - 1, &pname, i_ctx_p->LockFilePermissions);
  +     if (code < 0)
  +     return code;
  +     /*
  +@@ -382,7 +368,7 @@
  +         if (pname1.iodev != pname2.iodev ||
  +           (check_file_permissions(i_ctx_p, pname1.fname, pname1.len,
  +                                     "PermitFileControl") < 0 &&
  +-              !file_is_tempfile(i_ctx_p, op - 1) < 0) ||
  ++              !file_is_tempfile(i_ctx_p, op - 1)) ||
  +           check_file_permissions(i_ctx_p, pname2.fname, pname2.len,
  +                                     "PermitFileControl") < 0 ||
  +           check_file_permissions(i_ctx_p, pname2.fname, pname2.len,
  +@@ -422,7 +408,7 @@
  +         {
  +             gs_parsed_file_name_t pname;
  +             struct stat fstat;
  +-            int code = parse_file_name(op, &pname);
  ++            int code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
  + 
  +             if (code < 0)
  +                 return code;
  +@@ -558,7 +544,7 @@
  +     stream *s;
  + 
  +     check_ostack(2);
  +-    code = parse_file_name(op, &pname);
  ++    code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
  +     if (code < 0)
  +     return code;
  +     if (pname.iodev == NULL)
  +@@ -609,7 +595,7 @@
  +         }
  +     }
  +     if (code < 0) {
  +-        if (code == e_VMerror)
  ++        if (code == e_VMerror || code == e_invalidfileaccess)
  +             return code;
  +         push(1);
  +         make_false(op);
  +@@ -712,11 +698,24 @@
  + /* Parse a file name into device and individual name. */
  + /* See gsfname.c for details. */
  + private int
  +-parse_file_name(const ref * op, gs_parsed_file_name_t * pfn)
  ++parse_file_name(const ref * op, gs_parsed_file_name_t * pfn, bool safemode)
  + {
  ++    int code;
  ++
  +     check_read_type(*op, t_string);
  +-    return gs_parse_file_name(pfn, (const char *)op->value.const_bytes,
  ++    code = gs_parse_file_name(pfn, (const char *)op->value.const_bytes,
  +                           r_size(op));
  ++    if (code < 0)
  ++    return code;
  ++    /*
  ++     * Check here for the %pipe device which is illegal when
  ++     * LockFilePermissions is true. In the future we might want to allow
  ++     * the %pipe device to be included on the PermitFile... paths, but
  ++     * for now it is simply disallowed.
  ++     */
  ++    if (pfn->iodev && safemode && strcmp(pfn->iodev->dname, "%pipe%") == 0)
  ++    return e_invalidfileaccess;
  ++    return code;
  + }
  + 
  + /* Parse a real (non-device) file name and convert to a C string. */
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/ghostscript/ghostscript.spec
  ============================================================================
  $ cvs diff -u -r1.21.2.1 -r1.21.2.2 ghostscript.spec
  --- openpkg-src/ghostscript/ghostscript.spec  26 Aug 2002 19:53:45 -0000      
1.21.2.1
  +++ openpkg-src/ghostscript/ghostscript.spec  3 Jun 2003 12:11:19 -0000       
1.21.2.2
  @@ -33,7 +33,7 @@
   Group:        Graphics
   License:      Aladdin
   Version:      7.04
  -Release:      1.1.0
  +Release:      1.1.1
   
   #   list of sources
   Source0:      
ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/gs704/ghostscript-%{version}.tar.bz2
  @@ -42,6 +42,7 @@
   Source3:      
ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/gs704/zlib-1.1.4.tar.gz
   Source4:      
ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/fonts/ghostscript-fonts-std-6.0.tar.gz
   Source5:      
ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/fonts/ghostscript-fonts-other-6.0.tar.gz
  +Patch0:       ghostscript.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -62,6 +63,7 @@
       %setup3 -q -T -D -a 3
       %setup4 -q -T -D -a 4
       %setup5 -q -T -D -a 5
  +    %patch
       mv jpeg-6b      gs%{version}/jpeg
       mv libpng-1.2.1 gs%{version}/libpng
       mv zlib-1.1.4   gs%{version}/zlib
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.4703 -r1.4704 news.txt
  --- openpkg-web/news.txt      3 Jun 2003 10:28:27 -0000       1.4703
  +++ openpkg-web/news.txt      3 Jun 2003 12:11:18 -0000       1.4704
  @@ -1,3 +1,4 @@
  +03-Jun-2003: Upgraded package: P<ghostscript-7.04-1.1.1>
   03-Jun-2003: New package: P<gcc32-3.2.3-20030603>
   03-Jun-2003: Upgraded package: P<gcc-3.3-20030603>
   03-Jun-2003: Upgraded package: P<dia-0.91-20030603>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to