Bug#862779: ghostscript: diff for NMU version 9.20~dfsg-3.2
Control: tags 862779 + pending
Hi Jonas,
I've prepared an NMU for ghostscript (versioned as 9.20~dfsg-3.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru ghostscript-9.20~dfsg/debian/changelog ghostscript-9.20~dfsg/debian/changelog
--- ghostscript-9.20~dfsg/debian/changelog 2017-04-28 06:50:05.000000000 +0200
+++ ghostscript-9.20~dfsg/debian/changelog 2017-05-21 19:22:52.000000000 +0200
@@ -1,3 +1,14 @@
+ghostscript (9.20~dfsg-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix regression introduced by CVE-2017-8291 fix.
+ When using the "DELAYBIND" feature, it turns out that .eqproc can be
+ called with parameters that are not both procedures. In this case, it
+ turns out, the expectation is for the operator to return 'false', rather
+ than throw an error. (Closes: #862779)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sun, 21 May 2017 19:22:52 +0200
+
ghostscript (9.20~dfsg-3.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch
--- ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch 1970-01-01 01:00:00.000000000 +0100
+++ ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch 2017-05-21 19:22:52.000000000 +0200
@@ -0,0 +1,51 @@
+Description: Bug 697846: revision to commit 4f83478c88 (.eqproc)
+ When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
+ parameters that are not both procedures. In this case, it turns out, the
+ expectation is for the operator to return 'false', rather than throw an error.
+Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=697846
+Bug-Debian: https://bugs.debian.org/862779
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/1687614
+Forwarded: not-needed
+Author: Chris Liddell <chris.liddell@artifex.com>
+Last-Update: 2017-05-21
+---
+ psi/zmisc3.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 37293ff..3f01d39 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
+ return gs_cliprestore(igs);
+ }
+
++static inline bool
++eqproc_check_type(ref *r)
++{
++ return r_has_type(r, t_array)
++ || r_has_type(r, t_mixedarray)
++ || r_has_type(r, t_shortarray)
++ || r_has_type(r, t_oparray);
++}
++
+ /* <proc1> <proc2> .eqproc <bool> */
+ /*
+ * Test whether two procedures are equal to depth 10.
+@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
+
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+- if (!r_is_array(op - 1) || !r_is_array(op)) {
+- return_error(gs_error_typecheck);
++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
++ make_false(op - 1);
++ pop(1);
++ return 0;
+ }
+
+ make_array(&stack[0].proc1, 0, 1, op - 1);
+--
+2.1.4
+
diff -Nru ghostscript-9.20~dfsg/debian/patches/series ghostscript-9.20~dfsg/debian/patches/series
--- ghostscript-9.20~dfsg/debian/patches/series 2017-04-28 06:50:05.000000000 +0200
+++ ghostscript-9.20~dfsg/debian/patches/series 2017-05-21 19:22:52.000000000 +0200
@@ -13,6 +13,7 @@
0004-fix-crash-with-bad-data-supplied-to-makeimagedevice.patch
0005-Bug-697453-Avoid-divide-by-0-in-scan-conversion-code.patch
0006-Bug-697456.-Dont-create-new-ctx-when-pdf14-device-re.patch
+020170503~57f2071.patch
1001_fix_openjp2_dynamic_linking.patch
2001_docdir_fix_for_debian.patch
2002_gs_man_fix_debian.patch
Reply to: