diff options
| author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2021-01-13 23:39:52 -0500 |
|---|---|---|
| committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2021-01-13 23:45:53 -0500 |
| commit | 01f0707207741ce2a5d7509a175464799b08aea6 (patch) | |
| tree | 08e8f4da56f26363c3b53e0442a21b286b55e0e5 /gnu/packages/patches/ghostscript-CVE-2020-15900.patch | |
| parent | 734bcf13139119daf8685f93b056c3422dbfa264 (diff) | |
| parent | 6985a1acb3e9cc4cad8b6f63d77154842d25c929 (diff) | |
Merge branch 'staging' into 'core-updates'.
Conflicts:
gnu/local.mk
gnu/packages/cmake.scm
gnu/packages/curl.scm
gnu/packages/gl.scm
gnu/packages/glib.scm
gnu/packages/guile.scm
gnu/packages/node.scm
gnu/packages/openldap.scm
gnu/packages/package-management.scm
gnu/packages/python-xyz.scm
gnu/packages/python.scm
gnu/packages/tls.scm
gnu/packages/vpn.scm
gnu/packages/xorg.scm
Diffstat (limited to 'gnu/packages/patches/ghostscript-CVE-2020-15900.patch')
| -rw-r--r-- | gnu/packages/patches/ghostscript-CVE-2020-15900.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch new file mode 100644 index 0000000000..b6658d7c7f --- /dev/null +++ b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch @@ -0,0 +1,36 @@ +Fix CVE-2020-15900. + +https://cve.circl.lu/cve/CVE-2020-15900 +https://artifex.com/security-advisories/CVE-2020-15900 + +Taken from upstream: +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b + +diff --git a/psi/zstring.c b/psi/zstring.c +--- a/psi/zstring.c ++++ b/psi/zstring.c +@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) + return 0; + found: + op->tas.type_attrs = op1->tas.type_attrs; +- op->value.bytes = ptr; +- r_set_size(op, size); ++ op->value.bytes = ptr; /* match */ ++ op->tas.rsize = size; /* match */ + push(2); +- op[-1] = *op1; +- r_set_size(op - 1, ptr - op[-1].value.bytes); +- op1->value.bytes = ptr + size; +- r_set_size(op1, count + (!forward ? (size - 1) : 0)); ++ op[-1] = *op1; /* pre */ ++ op[-3].value.bytes = ptr + size; /* post */ ++ if (forward) { ++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ ++ op[-3].tas.rsize = count; /* post */ ++ } else { ++ op[-1].tas.rsize = count; /* pre */ ++ op[-3].tas.rsize -= count + size; /* post */ ++ } + make_true(op); + return 0; + } |