Commit d7d7d0f8 authored by J0WI's avatar J0WI Committed by Leo
Browse files

main/ghostscript: patch CVE-2019-1486

parent 7cbabb42
......@@ -2,7 +2,7 @@
# Maintainer: Cameron Banta <cbanta@gmail.com>
pkgname=ghostscript
pkgver=9.27
pkgrel=4
pkgrel=5
pkgdesc="An interpreter for the PostScript language and for PDF"
url="https://ghostscript.com/"
arch="all"
......@@ -20,9 +20,12 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/
forceput-inaccessible.patch
0001-PDF-interpreter-Decode-ToUnicode-entries-of-the-form.patch
CVE-2019-14817.patch
CVE-2019-14869.patch
"
# secfixes:
# 9.27-r5:
# - CVE-2019-14869
# 9.27-r4:
# - CVE-2019-14817
# 9.27-r3:
......@@ -142,4 +145,5 @@ beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771
f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f CVE-2019-10216.patch
d7045aa5a02a3fc882552da0b9a60ea565a36d5d038cdf576dc7188158dc05a470ce9fa40bdf1e1003a48995f6707431980910372da549918caf789eb3a2f81f forceput-inaccessible.patch
0ec65d29eb7ade7a8c02190fc5358faf257f63dc50b30d222b231aed496c8ac1fb7c0710e78117e10a16886dfcaccab610afb434efbbd557f63396c12ccd5d64 0001-PDF-interpreter-Decode-ToUnicode-entries-of-the-form.patch
deed829b14223b2f99d49aea5575c9ad855f6815d238502d3109849acac239eb312fd89e802e12a85fe7e92375694c42422240a6e1759ecfd094762eccaed826 CVE-2019-14817.patch"
deed829b14223b2f99d49aea5575c9ad855f6815d238502d3109849acac239eb312fd89e802e12a85fe7e92375694c42422240a6e1759ecfd094762eccaed826 CVE-2019-14817.patch
d215906c7907816a5e053df470eec87dbed3628742a6dd3ee54364eb17901c9337dbc2fe279bc1b04382f51fbdc0ac2306ae1a42a94146915f15b94bf047e4f5 CVE-2019-14869.patch"
From 485904772c5f0aa1140032746e5a0abfc40f4cef Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Tue, 5 Nov 2019 09:45:27 +0000
Subject: [PATCH] Bug 701841: remove .forceput from /.charkeys
When loading Type 1 or Truetype fonts from disk, we attempt to extend the glyph
name table to include all identifiable glyph names from the Adobe Glyph List.
In the case of Type 1 fonts, the font itself (almost always) marks the
CharStrings dictionary as read-only, hence we have to use .forceput for that
case.
But for Truetype fonts, the CharStrings dictionary is created internally and is
not read-only until *after* we have fully populated it (including the extended
glyph names from the AGL), hence there is no need for .forceput, and no need to
carry the security risk of using it.
Replace with regular put.
---
Resource/Init/gs_ttf.ps | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
index 74043d1..6be8fe9 100644
--- a/Resource/Init/gs_ttf.ps
+++ b/Resource/Init/gs_ttf.ps
@@ -1304,7 +1304,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
TTFDEBUG { (\n1 setting alias: ) print dup ==only
( to be the same as ) print 2 index //== exec } if
- 7 index 2 index 3 -1 roll exch .forceput
+ 7 index 2 index 3 -1 roll exch put
} forall
pop pop pop
}
@@ -1322,7 +1322,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
exch pop
TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
( to use glyph index: ) print dup //== exec } if
- 5 index 3 1 roll .forceput
+ 5 index 3 1 roll put
//false
}
{
@@ -1339,7 +1339,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
{ % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
( to be index: ) print dup //== exec } if
- exch pop 5 index 3 1 roll .forceput
+ exch pop 5 index 3 1 roll put
}
{
pop pop
@@ -1369,7 +1369,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
} ifelse
]
TTFDEBUG { (Encoding: ) print dup === flush } if
-} .bind executeonly odef % hides .forceput
+} .bind odef
% ---------------- CIDFontType 2 font loading ---------------- %
--
2.9.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment