Bug 248580

Summary: print/ghostscript9-agpl-base: Fix SAFER Sandbox Breakout vulnerability (CVE-2020-15900)
Product: Ports & Packages Reporter: VVD <vvd>
Component: Individual Port(s)Assignee: Hiroki Sato <hrs>
Status: In Progress ---    
Severity: Affects Many People CC: blackend, doceng, hrs, joneum, koobs, ports-secteam
Priority: Normal Keywords: needs-qa, security
Version: LatestFlags: blackend: maintainer-feedback+
blackend: maintainer-feedback-
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://insomniasec.com/blog/ghostscript-cve-2020-15900
Attachments:
Description Flags
Fixed CVE-2020-15900 vvd: maintainer-approval? (doceng)

Description VVD 2020-08-10 17:03:55 UTC
Created attachment 217132 [details]
Fixed CVE-2020-15900

Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)

This patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
Comment 1 VVD 2020-08-14 11:03:25 UTC
Something wrong with patch?

Tested build on 12.1 and 11.4 amd64.
Comment 2 Marc Fonvieille freebsd_committer 2020-08-14 11:45:27 UTC
(In reply to VVD from comment #1)
Approved.
Thanks.
Comment 3 commit-hook freebsd_committer 2020-08-15 02:35:01 UTC
A commit references this bug:

Author: hrs
Date: Sat Aug 15 02:34:43 UTC 2020
New revision: 544907
URL: https://svnweb.freebsd.org/changeset/ports/544907

Log:
  Fix a memory corruption issue which can allow overriding of file
  access controls.

  Security:	CVE-2020-15900
  Security:	https://insomniasec.com/blog/ghostscript-cve-2020-15900
  Obtained from:	https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499
  272b95a6b890a1397e11d20937de000d31b
  PR:		248580

Changes:
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/files/patch-Resource_Init_FAPIcidfmap
  head/print/ghostscript9-agpl-base/files/patch-configure
  head/print/ghostscript9-agpl-base/files/patch-lcms2mt
  head/print/ghostscript9-agpl-base/files/patch-psi-zstring.c
Comment 4 Hiroki Sato freebsd_committer 2020-08-15 02:38:14 UTC
Committed to head and will be merged to the quarterly branch.  Thanks for the report.
Comment 5 Jochen Neumeister freebsd_committer 2020-08-15 09:50:17 UTC
(In reply to Hiroki Sato from comment #4)

Thanks for the commit.

Unfortunately the field "MFH" was not used, so ports-secteam was not informed. 

Please create a vuxml entry for the CVE, after that it is released for 2020Q3.

Best regards
joneum (ports-secteam)
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-15 10:34:52 UTC
^Triage: Leave merge-quarterly flag open ? until merged