main/ghostscript: upgrade to 9.06 and fix CVE-2012-4405

fixes #1566
author: Natanael Copa <ncopa@alpinelinux.org> 2013-01-18 09:16:09 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-01-18 09:16:09 +0000
commit: 31a7d0b0da6860482019514690b7d121980e5fb5 (patch)
tree: a74f25578ac8d7172a9d5b7ac101317e699fdab4
parent: 57891484d139952b27f898bb87e79a2ea73261bb (diff)
download: aports-31a7d0b0da6860482019514690b7d121980e5fb5.tar.bz2
aports-31a7d0b0da6860482019514690b7d121980e5fb5.tar.xz
2 files changed, 27 insertions, 9 deletions
diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD
index 7674f26681..283777d079 100644
--- a/main/ghostscript/APKBUILD
+++ b/main/ghostscript/APKBUILD
@@ -1,26 +1,29 @@
 # Contributor: Cameron Banta <cbanta@gmail.com>
 # Maintainer: Cameron Banta <cbanta@gmail.com>
 pkgname=ghostscript
-pkgver=9.00
-pkgrel=1
+pkgver=9.06
+pkgrel=0
 pkgdesc="An interpreter for the PostScript language and for PDF"
 url="http://ghostscript.com/"
 arch="all"
 license="GPL"
 makedepends="autoconf automake jpeg-dev libpng-dev jasper-dev expat-dev zlib-dev tiff-dev libiconv-dev"
 subpackages="$pkgname-doc $pkgname-dev"
-source="http://ghostscript.com/releases/$pkgname-$pkgver.tar.gz
-	ghostscript-system-jasper.patch"
+patches="CVE-2012-4405.patch"
+source="http://downloads.ghostscript.com/public/$pkgname-$pkgver.tar.gz
+	$patches"
 
 prepare() {
 	cd "$srcdir/$pkgname-$pkgver"
 
+	for i in $patches; do
+		msg $i
+		patch -p1 -i "$srcdir"/$i || return 1
+	done
+
 	# force it to use system-libs
 	rm -rf jpeg libpng jasper expat tiff zlib
 
-	# fix build with systems jasper
-	patch -Np1 -i "${srcdir}"/ghostscript-system-jasper.patch || return 1
-
 	# fix parallel builds
 	sed -i -e 's/ECHO_XE/ECHOGS_XE/g' \
 		-e 's/^\($(GLOBJ)md5.$(OBJ) :.*\)/\1 $(ECHOGS_XE)/' \
@@ -68,5 +71,5 @@ package() {
 	mv "$pkgdir/usr/share/$pkgname/$pkgver/examples" "$pkgdir/usr/share/doc/$pkgname"
 }
 
-md5sums="a402462478b4cdda3e1816899227b845  ghostscript-9.00.tar.gz
-f5bc029b0ed05ac8d602bff0e1c021bd  ghostscript-system-jasper.patch"
+md5sums="153ddb0622cb155d2f600146f1e28d84  ghostscript-9.06.tar.gz
+9b77fb067f77c15116bd9c5b2ab58805  CVE-2012-4405.patch"
diff --git a/main/ghostscript/CVE-2012-4405.patch b/main/ghostscript/CVE-2012-4405.patch
new file mode 100644
index 0000000000..a589992aee
--- /dev/null
+++ b/main/ghostscript/CVE-2012-4405.patch
@@ -0,0 +1,15 @@
+--- ./icclib/icc.c.orig
++++ ./icclib/icc.c
+@@ -4996,6 +4996,11 @@
+         p->clutPoints = read_UInt8Number(bp+10);
+ 
+         /* Sanity check */
++	if (p->inputChan < 1) {
++		sprintf(icp->err,"icmLut_read: No input channels!");
++		return icp->errc = 1;
++	}
++
+         if (p->inputChan > MAX_CHAN) {
+                 sprintf(icp->err,"icmLut_read: Can't handle > %d input channels\n",MAX_CHAN);
+                 return icp->errc = 1;
+
author	Natanael Copa <ncopa@alpinelinux.org>	2013-01-18 09:16:09 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-01-18 09:16:09 +0000
commit	31a7d0b0da6860482019514690b7d121980e5fb5 (patch)
tree	a74f25578ac8d7172a9d5b7ac101317e699fdab4
parent	57891484d139952b27f898bb87e79a2ea73261bb (diff)
download	aports-31a7d0b0da6860482019514690b7d121980e5fb5.tar.bz2 aports-31a7d0b0da6860482019514690b7d121980e5fb5.tar.xz