Fix CVE-2020-15900. https://cve.circl.lu/cve/CVE-2020-15900 https://artifex.com/security-advisories/CVE-2020-15900 Taken from upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b diff --git a/psi/zstring.c b/psi/zstring.c --- a/psi/zstring.c +++ b/psi/zstring.c @@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) return 0; found: op->tas.type_attrs = op1->tas.type_attrs; - op->value.bytes = ptr; - r_set_size(op, size); + op->value.bytes = ptr; /* match */ + op->tas.rsize = size; /* match */ push(2); - op[-1] = *op1; - r_set_size(op - 1, ptr - op[-1].value.bytes); - op1->value.bytes = ptr + size; - r_set_size(op1, count + (!forward ? (size - 1) : 0)); + op[-1] = *op1; /* pre */ + op[-3].value.bytes = ptr + size; /* post */ + if (forward) { + op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ + op[-3].tas.rsize = count; /* post */ + } else { + op[-1].tas.rsize = count; /* pre */ + op[-3].tas.rsize -= count + size; /* post */ + } make_true(op); return 0; } 7ee7e5da4ba8b4e6f32e70d'>refs</a><a class='active' href='/guix/log/gnu/packages/patches/inetutils-hurd.patch'>log</a><a href='/guix/tree/gnu/packages/patches/inetutils-hurd.patch?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>tree</a><a href='/guix/commit/gnu/packages/patches/inetutils-hurd.patch?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>commit</a><a href='/guix/diff/gnu/packages/patches/inetutils-hurd.patch?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/patches/inetutils-hurd.patch'> <input type='hidden' name='id' value='976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'/><select name='qt'> <option value='grep'>log msg</option> <option value='author'>author</option> <option value='committer'>committer</option> <option value='range'>range</option> </select> <input class='txt' type='search' size='10' name='q' value=''/> <input type='submit' value='search'/> </form> </td></tr></table> <div class='path'>path: <a href='/guix/log/?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>root</a>/<a href='/guix/log/gnu?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>gnu</a>/<a href='/guix/log/gnu/packages?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>packages</a>/<a href='/guix/log/gnu/packages/patches?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>patches</a>/<a href='/guix/log/gnu/packages/patches/inetutils-hurd.patch?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d'>inetutils-hurd.patch</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/patches/inetutils-hurd.patch?id=976a49bacc30ee4c77ee7e5da4ba8b4e6f32e70d&showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr> <tr><td><span title='2021-02-10 00:18:17 +0100'>2021-02-10</span></td><td><a href='/guix/commit/gnu/packages/patches/inetutils-hurd.patch?id=4590ee9bd0c3d1269724f6de8bdac70f20a61640'>Revert "gnu: inetutils: Update to 2.0."</a><span class='msg-avail'>...<span class='msg-tooltip'>This reverts commit 55050e54a987cd99b8477da1a4993e83adcca129, which rebuilds xdg-utils and hence a good part of the world (1838 packages). Reported by mroh in #guix. </span></span></td><td>Tobias Geerinckx-Rice</td></tr> <tr><td><span title='2021-02-09 23:38:33 +0100'>2021-02-09</span></td><td><a href='/guix/commit/gnu/packages/patches/inetutils-hurd.patch?id=55050e54a987cd99b8477da1a4993e83adcca129'>gnu: inetutils: Update to 2.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/admin.scm (inetutils): Update to 2.0. [source](patches): Remove. * gnu/packages/patches/inetutils-hurd.patch: Remove. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. </span></span></td><td>Ludovic Courtès</td></tr>