The following patch was adapted for GNU Ghostscript
by Mark H Weaver <mhw@netris.org> based on:

http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913

From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Wed, 5 Oct 2016 10:10:58 +0100
Subject: [PATCH] DSC parser - validate parameters

Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."

Regardless of any security implications, its simply wrong for a PostScript
operator not to validate its parameter(s).

No differences expected.
---
 psi/zdscpars.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/psi/zdscpars.c b/psi/zdscpars.c
index c05e154..9b4b605 100644
--- a/psi/zdscpars.c
+++ b/psi/zdscpars.c
@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
     ref local_ref;
     int code;
     os_ptr const op = osp;
-    dict * const pdict = op->value.pdict;
-    gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
-    dsc_data_t * const data =
-        gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
+    dict *pdict;
+    gs_memory_t *mem;
+    dsc_data_t *data;
 
+    check_read_type(*op, t_dictionary);
+
+    pdict = op->value.pdict;
+    mem = (gs_memory_t *)dict_memory(pdict);
+
+    data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
     if (!data)
         return_error(e_VMerror);
     data->document_level = 0;
-- 
2.9.1

pe='hidden' name='id' value='1f96da1f49e847fc3b001ae3bfccaba92a08fc6d'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=1f96da1f49e847fc3b001ae3bfccaba92a08fc6d'>root</a>/<a href='/guix/log/configure.ac?id=1f96da1f49e847fc3b001ae3bfccaba92a08fc6d'>configure.ac</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/configure.ac?id=1f96da1f49e847fc3b001ae3bfccaba92a08fc6d&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-06-03 00:27:11 +0200'>2024-06-03</span></td><td><a href='/guix/commit/configure.ac?id=f65bd477b0c7f58004a810cc9ba5f29bc231ee35'>build: Use the po4a command for the translation generation.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac (Documentation translation): Remove the po4a-translate command.
This command has been replaced by the po4a command and are not used from
anywhere.
* doc/local.mk ($(srcdir)/%D%/guix.%.texi, $(srcdir)/%D%/guix-cookbook.%.texi)
($(srcdir)/%D%/contributing.%.texi): Use the po4a command instead of the
po4a-translate for the translation generation.  This eliminates the warning of
po4a-translate; "po4a-translate is deprecated.  The unified po4a(1) program is
more convenient and less error prone."
(PO4A_PARAMS): Remove the Texinfo format option.  This option is specified in
the configuration file (po/doc/po4a.cfg).
(dummy_pot): Add a variable for the temporary POT file location.

Change-Id: I542b934c3c03b8701e9f86823191224f8b0ccf81
Signed-off-by: Florian Pelz &lt;pelzflorian@pelzflorian.de&gt;
</span></span></td><td>gemmaro</td></tr>
<tr><td><span title='2024-06-03 00:27:11 +0200'>2024-06-03</span></td><td><a href='/guix/commit/configure.ac?id=2d4af5247057505956e841d396ec78af9f769837'>build: Update the POT creation task with the po4a command.</a><span class='msg-avail'>...<span class='msg-tooltip'>* configure.ac (Documentation translation): Add the po4a program and remove
the po4a-updatepo program.  The PO4A defined here can be used in
Makefiles (e.g. po/doc/local.mk below).  The po4a command integrates the
functionality of po4a-updatepo and is currently recommended for use [1].  The
po4a-updatepo command has been replaced by the po4a command and are not used
from anywhere.
* po/doc/local.mk (%D%/%.pot): Use a po4a command instead of the po4a-updatepo
for the POT generation.  This eliminates the warning of po4a-updatepo;
"po4a-updatepo is deprecated.  The unified po4a(1) program is more convenient
and less error prone."  Here, the file paths are passed using variables.  This
is because the po4a command needs to be executed for each language and each
file.  Dummy values are passed for those that are not needed to update the POT
file.
* po/doc/po4a.cfg: Add a po4a config file for the POT generation.  The po4a
command requires a configulation file.

[1] https://po4a.org/man/man7/po4a.7.php.en#lbAS

Change-Id: Ica39a0d1f77b6a64d37c592ac2e693319443d3c5
Signed-off-by: Florian Pelz &lt;pelzflorian@pelzflorian.de&gt;
</span></span></td><td>gemmaro</td></tr>
<tr><td><span title='2024-05-25 23:28:30 -0400'>2024-05-25</span></td><td><a href='/guix/commit/configure.ac?id=77771036f0970083c146b709d792d128f4235125'>configure.ac: Set default value for the 'prefix' variable.</a><span class='msg-avail'>...<span class='msg-tooltip'>The Guix standard configuration uses a localstatedir of /var and a sysconfdir
of /etc.  To ease things for everyone, make the default values match that
standard expected configuration.  See
&lt;https://lists.gnu.org/archive/html/guix-devel/2024-05/msg00003.html&gt; for a
related discussion.

* configure.ac: Default $prefix to '' unless already set.
* doc/contributing.texi (Building from Git): Streamline doc.
* doc/guix-cookbook.texi (Guix environment via direnv): Likewise.

Reviewed-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
Change-Id: I23cd12b58a842d246fbc9fdc740311c573eb0212
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2024-04-19 16:45:38 +0200'>2024-04-19</span></td><td><a href='/guix/commit/configure.ac?id=bb089f76227666e11e6949038c4fd9e130e047a3'>maint: Resurrect running `make' from a tarball.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a follow-up to commit
    8b972da068708a8b17f3ab153ea940690ca49ca9
    Makefile.am: Auto-configure Git on 'make'.

* configure.ac (in_git_p): New conditional.
* Makefile.am (nodist_noinst_DATA): Use it to only enable this when building
from Git.

Change-Id: I09a90a59a4933a8cdb04124467d38209171f2a57
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>

Age	Commit message (Expand)	Author
2024-06-03	build: Use the po4a command for the translation generation....* configure.ac (Documentation translation): Remove the po4a-translate command. This command has been replaced by the po4a command and are not used from anywhere. * doc/local.mk ($(srcdir)/%D%/guix.%.texi, $(srcdir)/%D%/guix-cookbook.%.texi) ($(srcdir)/%D%/contributing.%.texi): Use the po4a command instead of the po4a-translate for the translation generation. This eliminates the warning of po4a-translate; "po4a-translate is deprecated. The unified po4a(1) program is more convenient and less error prone." (PO4A_PARAMS): Remove the Texinfo format option. This option is specified in the configuration file (po/doc/po4a.cfg). (dummy_pot): Add a variable for the temporary POT file location. Change-Id: I542b934c3c03b8701e9f86823191224f8b0ccf81 Signed-off-by: Florian Pelz <pelzflorian@pelzflorian.de>	gemmaro
2024-06-03	build: Update the POT creation task with the po4a command....* configure.ac (Documentation translation): Add the po4a program and remove the po4a-updatepo program. The PO4A defined here can be used in Makefiles (e.g. po/doc/local.mk below). The po4a command integrates the functionality of po4a-updatepo and is currently recommended for use [1]. The po4a-updatepo command has been replaced by the po4a command and are not used from anywhere. * po/doc/local.mk (%D%/%.pot): Use a po4a command instead of the po4a-updatepo for the POT generation. This eliminates the warning of po4a-updatepo; "po4a-updatepo is deprecated. The unified po4a(1) program is more convenient and less error prone." Here, the file paths are passed using variables. This is because the po4a command needs to be executed for each language and each file. Dummy values are passed for those that are not needed to update the POT file. * po/doc/po4a.cfg: Add a po4a config file for the POT generation. The po4a command requires a configulation file. [1] https://po4a.org/man/man7/po4a.7.php.en#lbAS Change-Id: Ica39a0d1f77b6a64d37c592ac2e693319443d3c5 Signed-off-by: Florian Pelz <pelzflorian@pelzflorian.de>	gemmaro
2024-05-25	configure.ac: Set default value for the 'prefix' variable....The Guix standard configuration uses a localstatedir of /var and a sysconfdir of /etc. To ease things for everyone, make the default values match that standard expected configuration. See <https://lists.gnu.org/archive/html/guix-devel/2024-05/msg00003.html> for a related discussion. * configure.ac: Default $prefix to '' unless already set. * doc/contributing.texi (Building from Git): Streamline doc. * doc/guix-cookbook.texi (Guix environment via direnv): Likewise. Reviewed-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I23cd12b58a842d246fbc9fdc740311c573eb0212	Maxim Cournoyer
2024-04-19	maint: Resurrect running `make' from a tarball....This is a follow-up to commit 8b972da068708a8b17f3ab153ea940690ca49ca9 Makefile.am: Auto-configure Git on 'make'. * configure.ac (in_git_p): New conditional. * Makefile.am (nodist_noinst_DATA): Use it to only enable this when building from Git. Change-Id: I09a90a59a4933a8cdb04124467d38209171f2a57	Janneke Nieuwenhuizen