Commit 55c3f713 authored by J0WI's avatar J0WI Committed by Leonardo Arena
Browse files

main/ghostscript: security fixes (CVE-2019-3835, CVE-2019-3838, CVE-2019-6116)

parent e4824231
......@@ -2,7 +2,7 @@
# Maintainer: Cameron Banta <cbanta@gmail.com>
pkgname=ghostscript
pkgver=9.26
pkgrel=1
pkgrel=2
pkgdesc="An interpreter for the PostScript language and for PDF"
url="https://ghostscript.com/"
arch="all"
......@@ -13,12 +13,19 @@ makedepends="autoconf automake libjpeg-turbo-dev libpng-dev jasper-dev expat-dev
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-gtk"
source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostscript-$pkgver.tar.gz
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz
CVE-2019-6116.patch
CVE-2019-3835.patch
CVE-2019-3838.patch
ghostscript-system-zlib.patch
fix-sprintf.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 9.26-r2:
# - CVE-2019-3835
# - CVE-2019-3838
# - CVE-2019-6116
# 9.26-r1:
# - CVE-2019-6116
# 9.26-r0:
......@@ -128,5 +135,8 @@ gtk() {
sha512sums="670159c23618ffafa85c671642bf182a107a82c053a1fd8c3f45f73f203524077be1b212d2ddbabae7892c7713922877e03b020f78bd2aab1ae582c4fc7d820a ghostscript-9.26.tar.gz
289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e 0001-Bug700317-Address-.force-operators-exposure.tgz
31769852e75be4e1cd0e7c3f43cc7b3457bf9ba505fc2a5acda53779cc5626854bf15fef3e225f3d922f4038dd18c598dbac30abb863159202e4d0fe02c02d3b CVE-2019-3835.patch
dc3bd1de86e4a968ed35a35a125f682cffeed51fe4dbf9b3939dd78b07ef0748fe6b34816e689bcfffb4f819e51bcb5022f3151a5610aa24fd2468cdcbc665ea CVE-2019-3838.patch
78564c1dd878cb6a924663cb5d61901a413a867dedc8753e537e08a4da9cc0aaeb817bab266fd66e5d0e871d9ed6078af6e6f455b5426e0917875682d76638f5 CVE-2019-6116.patch
70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482 ghostscript-system-zlib.patch
beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch"
This diff is collapsed.
From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 20 Feb 2019 09:54:28 +0000
Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in
DefineResource).
This prevents access to .forceput
Solution originally suggested by cbuissar@redhat.com.
---
Resource/Init/gs_res.ps | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index d9b3459..b646329 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -425,7 +425,7 @@ status {
% so we have to use .forcedef here.
/.Instances 1 index .forcedef % Category dict is read-only
} executeonly if
- }
+ } executeonly
{ .LocalInstances dup //.emptydict eq
{ pop 3 dict localinstancedict Category 2 index put
}
--
2.20.1
From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 22 Feb 2019 12:28:23 +0000
Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs
executeonly'ed.
---
Resource/Init/gs_res.ps | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index b646329..8c1f29f 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -437,7 +437,7 @@ status {
% Now make the resource value read-only.
0 2 copy get { readonly } .internalstopped pop
dup 4 1 roll put exch pop exch pop
- }
+ } executeonly
{ /defineresource cvx /typecheck signaloperror
}
ifelse
--
2.20.1
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment