Commit 572bfae1 authored by Rasmus Thomsen's avatar Rasmus Thomsen Committed by Leonardo Arena

main/ghostscript: fix CVE-2019-10216

Fixes #10726
parent 0b7e7190
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# Maintainer: Cameron Banta <cbanta@gmail.com> # Maintainer: Cameron Banta <cbanta@gmail.com>
pkgname=ghostscript pkgname=ghostscript
pkgver=9.27 pkgver=9.27
pkgrel=1 pkgrel=2
pkgdesc="An interpreter for the PostScript language and for PDF" pkgdesc="An interpreter for the PostScript language and for PDF"
url="https://ghostscript.com/" url="https://ghostscript.com/"
arch="all" arch="all"
...@@ -16,10 +16,12 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/ ...@@ -16,10 +16,12 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz
ghostscript-system-zlib.patch ghostscript-system-zlib.patch
fix-sprintf.patch fix-sprintf.patch
CVE-2019-10216.patch
" "
builddir="$srcdir/$pkgname-$pkgver"
# secfixes: # secfixes:
# 9.27-r2:
# - CVE-2019-10216
# 9.26-r2: # 9.26-r2:
# - CVE-2019-3835 # - CVE-2019-3835
# - CVE-2019-3838 # - CVE-2019-3838
...@@ -69,7 +71,7 @@ prepare() { ...@@ -69,7 +71,7 @@ prepare() {
libtoolize --force && aclocal && autoconf && automake --add-missing libtoolize --force && aclocal && autoconf && automake --add-missing
} }
build(){ build() {
# build ijs # build ijs
cd "$builddir"/ijs cd "$builddir"/ijs
./configure \ ./configure \
...@@ -114,7 +116,7 @@ package() { ...@@ -114,7 +116,7 @@ package() {
cd .. cd ..
# create empty dir for future fonts # create empty dir for future fonts
mkdir -p "${pkgdir}"/usr/share/fonts/Type1 mkdir -p "$pkgdir"/usr/share/fonts/Type1
} }
gtk() { gtk() {
...@@ -127,4 +129,5 @@ gtk() { ...@@ -127,4 +129,5 @@ gtk() {
sha512sums="9ad7bd24b6d9b7d258e943783817be036a2e0234517baffa1016804ef9b6f3062fb5da20a890a0bfc9e58203ddcf25dc4465f5b3bf5e4a61db87bef0606a0884 ghostscript-9.27.tar.gz sha512sums="9ad7bd24b6d9b7d258e943783817be036a2e0234517baffa1016804ef9b6f3062fb5da20a890a0bfc9e58203ddcf25dc4465f5b3bf5e4a61db87bef0606a0884 ghostscript-9.27.tar.gz
289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e 0001-Bug700317-Address-.force-operators-exposure.tgz 289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e 0001-Bug700317-Address-.force-operators-exposure.tgz
70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482 ghostscript-system-zlib.patch 70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482 ghostscript-system-zlib.patch
beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch" beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch
f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f CVE-2019-10216.patch"
From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 2 Aug 2019 15:18:26 +0100
Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
---
Resource/Init/gs_type1.ps | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
index 6c7735b..a039cce 100644
--- a/Resource/Init/gs_type1.ps
+++ b/Resource/Init/gs_type1.ps
@@ -118,25 +118,25 @@
( to be the same as glyph: ) print 1 index //== exec } if
3 index exch 3 index .forceput
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
- }
+ }executeonly
{pop} ifelse
- } forall
+ } executeonly forall
pop pop
- }
+ } executeonly
{
pop pop pop
} ifelse
- }
+ } executeonly
{
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
pop pop
} ifelse
- } forall
+ } executeonly forall
3 1 roll pop pop
- } if
+ } executeonly if
pop
dup /.AGLprocessed~GS //true .forceput
- } if
+ } executeonly if
%% We need to excute the C .buildfont1 in a stopped context so that, if there
%% are errors we can put the stack back sanely and exit. Otherwise callers won't
--
2.9.1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment