From unknown Tue Sep 09 06:47:18 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#26704 <26704@debbugs.gnu.org> To: bug#26704 <26704@debbugs.gnu.org> Subject: Status: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291. Reply-To: bug#26704 <26704@debbugs.gnu.org> Date: Tue, 09 Sep 2025 13:47:18 +0000 retitle 26704 [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291. reassign 26704 guix-patches submitter 26704 Leo Famulari severity 26704 normal tag 26704 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 28 16:53:13 2017 Received: (at submit) by debbugs.gnu.org; 28 Apr 2017 20:53:13 +0000 Received: from localhost ([127.0.0.1]:45123 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4Ct4-0001rs-9j for submit@debbugs.gnu.org; Fri, 28 Apr 2017 16:53:13 -0400 Received: from eggs.gnu.org ([208.118.235.92]:41045) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4Ct0-0001rM-6m for submit@debbugs.gnu.org; Fri, 28 Apr 2017 16:53:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d4Cst-0008UT-U3 for submit@debbugs.gnu.org; Fri, 28 Apr 2017 16:53:01 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47129) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d4Cst-0008UI-Qn for submit@debbugs.gnu.org; Fri, 28 Apr 2017 16:52:59 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60219) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d4Css-0001BO-8r for guix-patches@gnu.org; Fri, 28 Apr 2017 16:52:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d4Cso-0008SY-PX for guix-patches@gnu.org; Fri, 28 Apr 2017 16:52:58 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:44891) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d4Cso-0008SI-Kk for guix-patches@gnu.org; Fri, 28 Apr 2017 16:52:54 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DC61420BB6; Fri, 28 Apr 2017 16:52:52 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Fri, 28 Apr 2017 16:52:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=eYapmekP44JRpwB+O47645+e3q6 x62qnZ/4LTM7HtQE=; b=m+sSMtyZgk0Oc0DQCX0F4kNiynmG/smuBKqCE0SI5HX +33VOK+vnkLSFDLLpmuFlbfCpjvp/FJlqERqeS8/bpYusEKuT5BPUH93gcIiUvoK +4UxyNGWHNWy0gX5X8dopu00Nu/DXC0Xnrfs9Gtrn/6/q6IalHaqTqntvUoduxDE = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=eYapme kP44JRpwB+O47645+e3q6x62qnZ/4LTM7HtQE=; b=mlk9o5mtfblPxJIvECqAB7 EnFbBKqOCEbyANFYTRLz6IEVFWL/O2lpaTDJ7NDfsKTckDtgSBk/AcXGQ1VI89qc OdYsYbTZFp9r09ZxyeQ2i7pueSummyHvYHFe/q1knlWB1w8evSm8Lw8J58wFnu7v T9NkC57FrDBiUx7y9THYocH2o+Ygjcf8X6hVAT6ETkP7KsKXTb5vM6dV03fSwa16 hd0phl5tfTSeyLcIt3WuCSG88HrgwTSl0fm0tXWhmgY2/g4kBjYrQ/TWfECRsVd2 OwsnuKChvpDf9KHMzPVlUyIKhY6nWUPpCnjkYKE/cpY6CXxQtDhm32cGq1grOG6Q == X-ME-Sender: X-Sasl-enc: UYnZFxkiawMHkSqBSV6V4kDvuhJwFz1JH3jT+wZa6DqU 1493412772 Received: from localhost.localdomain (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 80AD87E15C for ; Fri, 28 Apr 2017 16:52:52 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291. Date: Fri, 28 Apr 2017 16:52:47 -0400 Message-Id: X-Mailer: git-send-email 2.12.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) * gnu/packages/patches/ghostscript-CVE-2017-8291.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field. (ghostscript/fixed): New variable. (ghostscript-with-x)[replacement]: New field. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 13 ++++ .../patches/ghostscript-CVE-2017-8291.patch | 73 ++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 gnu/packages/patches/ghostscript-CVE-2017-8291.patch diff --git a/gnu/local.mk b/gnu/local.mk index 40fd0f061..117da28fb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -603,6 +603,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-CVE-2016-7978.patch \ %D%/packages/patches/ghostscript-CVE-2016-7979.patch \ %D%/packages/patches/ghostscript-CVE-2016-8602.patch \ + %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 076046e72..5340107f9 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -130,6 +130,7 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") + (replacement ghostscript/fixed) (version "9.14.0") (source (origin (method url-fetch) @@ -209,11 +210,23 @@ output file formats and printers.") (define-public ghostscript/x (package (inherit ghostscript) + (replacement #f) (name (string-append (package-name ghostscript) "-with-x")) (inputs `(("libxext" ,libxext) ("libxt" ,libxt) ,@(package-inputs ghostscript))))) +(define ghostscript/fixed + (package + (inherit ghostscript) + (source + (origin + (inherit (package-source ghostscript)) + (patches + (append + (origin-patches (package-source ghostscript)) + (search-patches "ghostscript-CVE-2017-8291.patch"))))))) + (define-public ijs (package (name "ijs") diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch new file mode 100644 index 000000000..db80b6dde --- /dev/null +++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch @@ -0,0 +1,73 @@ +Fix CVE-2017-8291: + +https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291 + +This patch is adapted from these two Artifex Ghostscript commits by Leo +Famulari : + +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8 + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index fb4bce9..2629afa 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) + ref *pFilter; + ref *pDecodeParms; + int Intent = 0; +- bool AsyncRead; ++ bool AsyncRead = false; + ref empty_array, filter1_array, parms1_array; + uint i; +- int code; ++ int code = 0; ++ ++ if (ref_stack_count(&o_stack) < 1) ++ return_error(e_stackunderflow); ++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { ++ return_error(e_typecheck); ++ } + + make_empty_array(&empty_array, a_readonly); +- if (dict_find_string(op, "Filter", &pFilter) > 0) { ++ if (r_has_type(op, t_dictionary) ++ && dict_find_string(op, "Filter", &pFilter) > 0) { + if (!r_is_array(pFilter)) { + if (!r_has_type(pFilter, t_name)) + return_error(e_typecheck); +@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) + return_error(e_typecheck); + } + } +- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); ++ if (r_has_type(op, t_dictionary)) ++ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */ + return code; +- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 +- ) +- return code; ++ if (r_has_type(op, t_dictionary)) ++ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0) ++ return code; + push(1); + op[-1] = *pFilter; + if (pDecodeParms) +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 54b3042..0d357f1 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(e_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(e_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { -- 2.12.2 From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 28 17:05:16 2017 Received: (at 26704-done) by debbugs.gnu.org; 28 Apr 2017 21:05:16 +0000 Received: from localhost ([127.0.0.1]:45152 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4D4m-0002DS-0v for submit@debbugs.gnu.org; Fri, 28 Apr 2017 17:05:16 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:38067) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4D4i-0002DI-En for 26704-done@debbugs.gnu.org; Fri, 28 Apr 2017 17:05:14 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 22033207FB; Fri, 28 Apr 2017 17:05:12 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Fri, 28 Apr 2017 17:05:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=KdXJjySJ0vjoRk3cyxnj0vo2r8iccxW/TySv6w YERpw=; b=QgS7w2hRTYuXTdTDD3jWtkFlMw8zG+X+aZne3IoIGeHlc4CbL8Xe9z 0UIoyIF9oaIWu2/gfj0xWxURqAznxbBScz51Z4qmye+mSPD5oJ9rPnc6HC9rhjUD 8ECVPTuolBg/+jaUisY95KcLDA9Hx7STofo/YUQkx7U/rO1DxSmVM= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=KdXJjySJ0vjoRk3cyx nj0vo2r8iccxW/TySv6wYERpw=; b=Qx950KQYHKL6wHoNx3f8sypRhhGqTMjjTf l7FoRFpsv/ljDl70vDWPrr5MeGXGamku4PJFjaf7XjB/hcsy3qJnCBAPMAY2csLe rjYnzBuyfj4qsFilDckS9J817rKZ25wEyy0aHKmE0gcuEG7bRYs3U3zf+2oydPHp psdElct7tlsBjWYqmv8QZb75ZdWS9Zw5TtdQvDUlbpJueRlhHbR0ohtIsztTMU8Q d2RAV0PM4xRJslQXIW3myj9/G2YSyNG+CKA8Rt5M+QMFxtdqCTzboZRkOxhPnIE4 oyM52u5VXI9a01/aJi9l6LfIsAIDb4sgnIFFgvbw7fTHzgsknikw== X-ME-Sender: X-Sasl-enc: c5SWFbYTpU6OsProFNHOsgh1PgCrHTBfrzRINfxgtNna 1493413511 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id E5B0F7E354 for <26704-done@debbugs.gnu.org>; Fri, 28 Apr 2017 17:05:11 -0400 (EDT) Date: Fri, 28 Apr 2017 17:05:10 -0400 From: Leo Famulari To: 26704-done@debbugs.gnu.org Subject: Re: [PATCH 1/1] gnu: ghostscript: Fix CVE-2017-8291. Message-ID: <20170428210510.GA4319@jasmine> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.2 (2017-04-18) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 26704-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Apr 28, 2017 at 04:52:47PM -0400, Leo Famulari wrote: > * gnu/packages/patches/ghostscript-CVE-2017-8291.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/ghostscript.scm (ghostscript)[replacement]: New field. > (ghostscript/fixed): New variable. > (ghostscript-with-x)[replacement]: New field. I pushed this as a01f15759a00503101baa23af87cbd6095a1fbd6. Thanks to Eric for reviewing (I pinged him on IRC #guix)! --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkDroUACgkQJkb6MLrK fwikkA/8CloyfVAmUFn/B/LJFcGlXEA9FjWotRvYwU8q5y1C2HSwG1gD/e5acRWC ZA2KsMt4MDApsGx+ZRiSP88Hu9HDpcLnYZb+Wi5Oz5WrUJr6CHD0GNpXAuMD/6C5 YK6eTS3THp3s9KEQcS/DS4Dokc1/PZcCGaYbgMzpv3ULgaRoQN7v02lGhZBpc71C eL6rXnnrGY/CuTI5tvqK1xZcuC2TCOFrVKraM8PPclctf1zfkaCv4bwcDW6YHPi5 ppHmLX6MBFb9vKbSbDC+s/HXVBo5+7NgjKQyFQA0f6r009nPoo2Pio0ySc9XLGg3 la+LrF8/sDMM4aVUeeR543QBFBG1+MGBwCv4HJ5ymMKt2KhY1yHAvzkLoCVSJqBW OJwZFPsS1ci+jYc7+5GSW8xU72Vipjmq/9bAU+pIkGIXCPyRgdLErSr3UFR+j+Wp aCwszT9KysdBzp5YDhHfWWzarAlmHFUQhwRqgzdfneLqDI4L2H42vBXxayxUxqkb pZ38rh6xf2YU0JUbouUEMuI4qelldEhdx2FZ6dQUWsj6ce44VaSfKNK0bJkJBbik KmhNkjpEGRRLaHYRz6almck9tfx0b6ZjbJzvRI4AyLA9Q9fiNQvvD1gcJvJfFbT1 VGbd7bfMeN3BeiUhbxz5NqG3fb5+gOpGQsXCJamt6ZREGXkgHcM= =WjKK -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm-- From unknown Tue Sep 09 06:47:18 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 27 May 2017 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator