head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.74 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.72 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.70 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.68 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.66 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.64 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.62 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.60 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.58 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.56 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.54 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.52 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.50 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.48 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.46 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.44 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.42 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.40 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.38 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.36 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.34 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.32 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.30 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.26 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.6 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.28 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.24 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.22 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.20 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.18 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.16 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.14 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.12 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.10 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.8 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.4 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.2; locks; strict; comment @# @; 1.1 date 2017.04.18.22.07.07; author tez; state Exp; branches 1.1.2.1; next ; commitid K7cusG8PSpdK54Oz; 1.1.2.1 date 2017.04.18.22.07.07; author bsiegert; state dead; branches; next 1.1.2.2; commitid 0HTIQeLdKQcUYaOz; 1.1.2.2 date 2017.04.19.18.51.44; author bsiegert; state Exp; branches; next ; commitid 0HTIQeLdKQcUYaOz; desc @@ 1.1 log @Patches for CVE-2016-10217, CVE-2016-10219, CVE-2016-10220 & CVE-2017-5951 @ text @$NetBSD$ Patch for CVE-2016-10219 from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4bef1a1d32e29b68855616020dbff574b9cda08f;hp=0aeb0bbd41cc16e70ab6e4b1d56e0c510bf2a758 --- base/gxfill.c.orig 2017-04-05 20:56:07.869067200 +0000 +++ base/gxfill.c @@@@ -1743,7 +1743,7 @@@@ intersect(active_line *endp, active_line fixed dx_old = alp->x_current - endp->x_current; fixed dx_den = dx_old + endp->x_next - alp->x_next; - if (dx_den <= dx_old) + if (dx_den <= dx_old || dx_den == 0) return false; /* Intersection isn't possible. */ dy = y1 - y; if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n", @@@@ -1752,7 +1752,7 @@@@ intersect(active_line *endp, active_line /* Do the computation in single precision */ /* if the values are small enough. */ y_new = - ((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ? + (((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ? dy * dx_old / dx_den : (INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den))) + y; @ 1.1.2.1 log @file patch-CVE-2016-10219 was added on branch pkgsrc-2017Q1 on 2017-04-19 18:51:44 +0000 @ text @d1 26 @ 1.1.2.2 log @Pullup ticket #5323 - requested by sevan print/ghostscript-gpl: security fix Revisions pulled up: - print/ghostscript-gpl/Makefile 1.25 - print/ghostscript-gpl/distinfo 1.17 - print/ghostscript-gpl/patches/patch-CVE-2016-10217 1.1 - print/ghostscript-gpl/patches/patch-CVE-2016-10219 1.1 - print/ghostscript-gpl/patches/patch-CVE-2016-10220 1.1 - print/ghostscript-gpl/patches/patch-CVE-2017-5951 1.1 --- Module Name: pkgsrc Committed By: tez Date: Tue Apr 18 22:07:07 UTC 2017 Modified Files: pkgsrc/print/ghostscript-gpl: Makefile distinfo Added Files: pkgsrc/print/ghostscript-gpl/patches: patch-CVE-2016-10217 patch-CVE-2016-10219 patch-CVE-2016-10220 patch-CVE-2017-5951 Log Message: Patches for CVE-2016-10217, CVE-2016-10219, CVE-2016-10220 & CVE-2017-5951 @ text @a0 26 $NetBSD: patch-CVE-2016-10219,v 1.1 2017/04/18 22:07:07 tez Exp $ Patch for CVE-2016-10219 from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4bef1a1d32e29b68855616020dbff574b9cda08f;hp=0aeb0bbd41cc16e70ab6e4b1d56e0c510bf2a758 --- base/gxfill.c.orig 2017-04-05 20:56:07.869067200 +0000 +++ base/gxfill.c @@@@ -1743,7 +1743,7 @@@@ intersect(active_line *endp, active_line fixed dx_old = alp->x_current - endp->x_current; fixed dx_den = dx_old + endp->x_next - alp->x_next; - if (dx_den <= dx_old) + if (dx_den <= dx_old || dx_den == 0) return false; /* Intersection isn't possible. */ dy = y1 - y; if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n", @@@@ -1752,7 +1752,7 @@@@ intersect(active_line *endp, active_line /* Do the computation in single precision */ /* if the values are small enough. */ y_new = - ((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ? + (((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ? dy * dx_old / dx_den : (INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den))) + y; @