summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript
diff options
context:
space:
mode:
authorOvidiu Panait <ovidiu.panait@windriver.com>2019-04-05 17:56:31 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-04-09 13:44:39 +0100
commit327513ee83499827b6f4a8fae2ba0336b65bb68a (patch)
tree4fcd2fded9d4cc1f302db18cfabe3fea7425215e /meta/recipes-extended/ghostscript
parenta1fb2c59e82fd5ccc1d8ae649af7f1979cee3939 (diff)
downloadpoky-327513ee83499827b6f4a8fae2ba0336b65bb68a.tar.gz
ghostscript: Fix 3 CVEs
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. References: https://nvd.nist.gov/vuln/detail/CVE-2019-6116 https://www.openwall.com/lists/oss-security/2019/01/23/5 https://nvd.nist.gov/vuln/detail/CVE-2019-3835 https://nvd.nist.gov/vuln/detail/CVE-2019-3838 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e (From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/ghostscript')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch99
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch71
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch295
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch167
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch34
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch30
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch177
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch442
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch32
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch136
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch250
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch596
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch346
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.26.bb13
14 files changed, 2688 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
new file mode 100644
index 0000000000..30ce04a7b1
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
@@ -0,0 +1,99 @@
1From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Mon, 26 Nov 2018 18:01:25 +0000
4Subject: [PATCH] Have gs_cet.ps run from gs_init.ps
5
6Previously gs_cet.ps was run on the command line, to set up the interpreter
7state so our output more closely matches the example output for the QL CET
8tests.
9
10Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the
11file directly.
12
13This works better for gpdl as it means the changes are made in the intial
14interpreter state, rather than after initialisation is complete.
15
16This also means adding a definition of the default procedure for black
17generation and under color removal (rather it being defined in-line in
18.setdefaultbgucr
19
20Also, add a check so gs_cet.ps only runs once - if we try to run it a second
21time, we'll just skip over the file, flushing through to the end.
22
23CVE: CVE-2019-3835
24Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
25
26Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
27---
28 Resource/Init/gs_cet.ps | 11 ++++++++++-
29 Resource/Init/gs_init.ps | 13 ++++++++++++-
30 2 files changed, 22 insertions(+), 2 deletions(-)
31
32diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
33index d3e1686..75534bb 100644
34--- a/Resource/Init/gs_cet.ps
35+++ b/Resource/Init/gs_cet.ps
36@@ -1,6 +1,11 @@
37 %!PS
38 % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
39
40+systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
41+{
42+ (%END GS_CET) .skipeof
43+} if
44+
45 % do this in the server level so it is persistent across jobs
46 //true 0 startjob not {
47 (*** Warning: CET startup is not in server default) = flush
48@@ -25,7 +30,9 @@ currentglobal //true setglobal
49
50 /UNROLLFORMS true def
51
52-{ } bind dup
53+(%.defaultbgrucrproc) cvn { } bind def
54+
55+(%.defaultbgrucrproc) cvn load dup
56 setblackgeneration
57 setundercolorremoval
58 0 array cvx readonly dup dup dup setcolortransfer
59@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put
60 % end of slightly nasty hack to give consistent cluster results
61
62 //false 0 startjob pop % re-enter encapsulated mode
63+
64+%END GS_CET
65diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
66index 45bebf4..e6b9cd2 100644
67--- a/Resource/Init/gs_init.ps
68+++ b/Resource/Init/gs_init.ps
69@@ -1538,10 +1538,18 @@ setpacking
70 % any-part-of-pixel rule.
71 0.5 .setfilladjust
72 } bind def
73+
74 % Set the default screen and BG/UCR.
75+% We define the proc here, rather than inline in .setdefaultbgucr
76+% for the benefit of gs_cet.ps so jobs that do anything that causes
77+% .setdefaultbgucr to be called will still get the redefined proc
78+% in gs_cet.ps
79+(%.defaultbgrucrproc) cvn { pop 0 } def
80+
81 /.setdefaultbgucr {
82 systemdict /setblackgeneration known {
83- { pop 0 } dup setblackgeneration setundercolorremoval
84+ (%.defaultbgrucrproc) cvn load dup
85+ setblackgeneration setundercolorremoval
86 } if
87 } bind def
88 /.useloresscreen { % - .useloresscreen <bool>
89@@ -2491,4 +2499,7 @@ WRITESYSTEMDICT {
90 % be 'true' in some cases.
91 userdict /AGM_preserve_spots //false put
92
93+systemdict /CETMODE .knownget
94+{ { (gs_cet.ps) runlibfile } if } if
95+
96 % The interpreter will run the initial procedure (start).
97--
982.18.1
99
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
new file mode 100644
index 0000000000..590b92e186
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
@@ -0,0 +1,71 @@
1From ba6dbd6e61dbb3cc6ee6db9dd3a4f70cc18f706e Mon Sep 17 00:00:00 2001
2From: Nancy Durgin <nancy.durgin@artifex.com>
3Date: Thu, 14 Feb 2019 10:09:00 -0800
4Subject: [PATCH] Undef /odef in gs_init.ps
5
6Made a new temporary utility function in gs_cet.ps (.odef) to use instead
7of /odef. This makes it fine to undef odef with all the other operators in
8gs_init.ps
9
10This punts the bigger question of what to do with .makeoperator, but it
11doesn't make the situation any worse than it already was.
12
13CVE: CVE-2019-3835
14Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
15
16Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
17---
18 Resource/Init/gs_cet.ps | 10 ++++++++--
19 Resource/Init/gs_init.ps | 1 +
20 2 files changed, 9 insertions(+), 2 deletions(-)
21
22diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
23index 75534bb..dbc5c4e 100644
24--- a/Resource/Init/gs_cet.ps
25+++ b/Resource/Init/gs_cet.ps
26@@ -1,6 +1,10 @@
27 %!PS
28 % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
29
30+/.odef { % <name> <proc> odef -
31+ 1 index exch .makeoperator def
32+} bind def
33+
34 systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
35 {
36 (%END GS_CET) .skipeof
37@@ -93,8 +97,8 @@ userdict /.smoothness currentsmoothness put
38 } {
39 /setsmoothness .systemvar /typecheck signalerror
40 } ifelse
41-} bind odef
42-/currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS .
43+} bind //.odef exec
44+/currentsmoothness { userdict /.smoothness get } bind //.odef exec % for 09-55.PS, 09-57.PS .
45
46 % slightly nasty hack to give consistent cluster results
47 /ofnfa systemdict /filenameforall get def
48@@ -113,6 +117,8 @@ userdict /.smoothness currentsmoothness put
49 } ifelse
50 ofnfa
51 } bind def
52+
53+currentdict /.odef undef
54 % end of slightly nasty hack to give consistent cluster results
55
56 //false 0 startjob pop % re-enter encapsulated mode
57diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
58index e6b9cd2..80d9585 100644
59--- a/Resource/Init/gs_init.ps
60+++ b/Resource/Init/gs_init.ps
61@@ -2257,6 +2257,7 @@ SAFER { .setsafeglobal } if
62 /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
63 /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath /.currentoutputdevice
64 /.type /.writecvs /.setSMask /.currentSMask /.needinput /.countexecstack /.execstack /.applypolicies
65+ /odef
66
67 % Used by a free user in the Library of Congress. Apparently this is used to
68 % draw a partial page, which is then filled in by the results of a barcode
69--
702.18.1
71
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
new file mode 100644
index 0000000000..a339fa2f33
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
@@ -0,0 +1,295 @@
1From 4203e04ef9e6ca22ed68a1ab10a878aa9ceaeedc Mon Sep 17 00:00:00 2001
2From: Ray Johnston <ray.johnston@artifex.com>
3Date: Thu, 14 Feb 2019 10:20:03 -0800
4Subject: [PATCH] Fix bug 700585: Restrict superexec and remove it from
5 internals and gs_cet.ps
6
7Also while changing things, restructure the CETMODE so that it will
8work with -dSAFER. The gs_cet.ps is now run when we are still at save
9level 0 with systemdict writeable. Allows us to undefine .makeoperator
10and .setCPSImode internal operators after CETMODE is handled.
11
12Change previous uses of superexec to using .forceput (with the usual
13.bind executeonly to hide it).
14
15CVE: CVE-2019-3835
16Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
17
18Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
19---
20 Resource/Init/gs_cet.ps | 38 ++++++++++++++------------------------
21 Resource/Init/gs_dps1.ps | 2 +-
22 Resource/Init/gs_fonts.ps | 8 ++++----
23 Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++-----------
24 Resource/Init/gs_ttf.ps | 8 ++++----
25 Resource/Init/gs_type1.ps | 6 +++---
26 6 files changed, 53 insertions(+), 47 deletions(-)
27
28diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
29index dbc5c4e..3cc6883 100644
30--- a/Resource/Init/gs_cet.ps
31+++ b/Resource/Init/gs_cet.ps
32@@ -1,37 +1,29 @@
33 %!PS
34 % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
35
36-/.odef { % <name> <proc> odef -
37- 1 index exch .makeoperator def
38-} bind def
39-
40+% skip if we've already run this -- based on fake "product"
41 systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
42 {
43 (%END GS_CET) .skipeof
44 } if
45
46-% do this in the server level so it is persistent across jobs
47-//true 0 startjob not {
48- (*** Warning: CET startup is not in server default) = flush
49-} if
50+% Note: this must be run at save level 0 and when systemdict is writeable
51+currentglobal //true setglobal
52+systemdict dup dup dup
53+/version (3017.102) readonly .forceput % match CPSI 3017.102
54+/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102
55+/revision 0 put % match CPSI 3017.103 Tek shows revision 5
56+/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461
57+
58+systemdict /.odef { % <name> <proc> odef -
59+ 1 index exch //.makeoperator def
60+} .bind .forceput % this will be undefined at the end
61
62 300 .sethiresscreen % needed for language switch build since it
63 % processes gs_init.ps BEFORE setting the resolution
64
65 0 array 0 setdash % CET 09-08 wants local setdash
66
67-currentglobal //true setglobal
68-
69-{
70- systemdict dup dup dup
71- /version (3017.102) readonly put % match CPSI 3017.102
72- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102
73- /revision 0 put % match CPSI 3017.103 Tek shows revision 5
74- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461
75- systemdict /deviceinfo undef % for CET 20-23-1
76-% /UNROLLFORMS true put % CET files do unreasonable things inside forms
77-} 1183615869 internaldict /superexec get exec
78-
79 /UNROLLFORMS true def
80
81 (%.defaultbgrucrproc) cvn { } bind def
82@@ -118,9 +110,7 @@ userdict /.smoothness currentsmoothness put
83 ofnfa
84 } bind def
85
86-currentdict /.odef undef
87-% end of slightly nasty hack to give consistent cluster results
88-
89-//false 0 startjob pop % re-enter encapsulated mode
90+systemdict /.odef .undef
91
92+% end of slightly nasty hack to give consistent cluster results
93 %END GS_CET
94diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
95index 3d2cf7a..c4fd839 100644
96--- a/Resource/Init/gs_dps1.ps
97+++ b/Resource/Init/gs_dps1.ps
98@@ -89,7 +89,7 @@ level2dict begin
99 % definition, copy it into the local directory.
100 //systemdict /SharedFontDirectory .knownget
101 { 1 index .knownget
102- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
103+ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly
104 if
105 }
106 if
107diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
108index 0562235..f2b4e19 100644
109--- a/Resource/Init/gs_fonts.ps
110+++ b/Resource/Init/gs_fonts.ps
111@@ -519,11 +519,11 @@ buildfontdict 3 /.buildfont3 cvx put
112 % the font in LocalFontDirectory.
113 .currentglobal
114 { //systemdict /LocalFontDirectory .knownget
115- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
116+ { 2 index 2 index .forceput } % readonly
117 if
118 }
119 if
120- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
121+ dup //.FontDirectory 4 -2 roll .forceput % readonly
122 % If the font originated as a resource, register it.
123 currentfile .currentresourcefile eq { dup .registerfont } if
124 readonly
125@@ -1191,13 +1191,13 @@ $error /SubstituteFont { } put
126 //.FontDirectory 1 index known not {
127 2 dict dup /FontName 3 index put
128 dup /FontType 1 put
129- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
130+ //.FontDirectory 3 1 roll //.forceput exec % readonly
131 } {
132 pop
133 } ifelse
134 } forall
135 } forall
136- }
137+ } executeonly % hide .forceput
138 FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
139
140 % Install initial fonts from Fontmap.
141diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
142index 80d9585..0d5c4f7 100644
143--- a/Resource/Init/gs_init.ps
144+++ b/Resource/Init/gs_init.ps
145@@ -2188,9 +2188,6 @@ SAFER { .setsafeglobal } if
146 /.endtransparencygroup % transparency-example.ps
147 /.setdotlength % Bug687720.ps
148 /.sort /.setdebug /.mementolistnewblocks /getenv
149-
150- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER
151-
152 /unread
153 ]
154 {systemdict exch .forceundef} forall
155@@ -2270,7 +2267,6 @@ SAFER { .setsafeglobal } if
156
157 % Used by our own test suite files
158 %/.fileposition %image-qa.ps
159- %/.makeoperator /.setCPSImode % gs_cet.ps
160
161 % Either our code uses these in ways which mean they can't be undefined, or they are used directly by
162 % test files/utilities, or engineers expressed a desire to keep them visible.
163@@ -2457,6 +2453,16 @@ end
164 /vmreclaim where
165 { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if
166 } if
167+
168+% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps)
169+systemdict /CETMODE .knownget {
170+ {
171+ (gs_cet.ps) runlibfile
172+ } if
173+} if
174+systemdict /.makeoperator .undef % must be after gs_cet.ps
175+systemdict /.setCPSImode .undef % must be after gs_cet.ps
176+
177 DELAYBIND not {
178 systemdict /.bindnow .undef % We only need this for DELAYBIND
179 systemdict /.forcecopynew .undef % remove temptation
180@@ -2464,16 +2470,29 @@ DELAYBIND not {
181 systemdict /.forceundef .undef % ditto
182 } if
183
184-% Move superexec to internaldict if superexec is defined.
185-systemdict /superexec .knownget {
186- 1183615869 internaldict /superexec 3 -1 roll put
187- systemdict /superexec .undef
188+% Move superexec to internaldict if superexec is defined. (Level 2 or later)
189+systemdict /superexec known {
190+ % restrict superexec to single known use by PScript5.dll
191+ % We could do this only for SAFER mode, but internaldict and superexec are
192+ % not very well documented, and we don't want them to be used.
193+ 1183615869 internaldict /superexec {
194+ 2 index /Private eq % first check for typical use in PScript5.dll
195+ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec
196+ 1 index 0 get systemdict /put get eq and
197+ {
198+ //superexec exec % the only usage we allow
199+ } {
200+ /superexec load /invalidaccess signalerror
201+ } ifelse
202+ } bind cvx executeonly put
203+ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator
204 } if
205
206 % Can't remove this one until the last minute :-)
207 DELAYBIND not {
208 systemdict /.undef .undef
209 } if
210+
211 WRITESYSTEMDICT {
212 SAFER {
213 (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print
214@@ -2500,7 +2519,4 @@ WRITESYSTEMDICT {
215 % be 'true' in some cases.
216 userdict /AGM_preserve_spots //false put
217
218-systemdict /CETMODE .knownget
219-{ { (gs_cet.ps) runlibfile } if } if
220-
221 % The interpreter will run the initial procedure (start).
222diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
223index 05943c5..da97afa 100644
224--- a/Resource/Init/gs_ttf.ps
225+++ b/Resource/Init/gs_ttf.ps
226@@ -1421,7 +1421,7 @@ mark
227 TTFDEBUG { (\n1 setting alias: ) print dup ==only
228 ( to be the same as ) print 2 index //== exec } if
229
230- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
231+ 7 index 2 index 3 -1 roll exch .forceput
232 } forall
233 pop pop pop
234 }
235@@ -1439,7 +1439,7 @@ mark
236 exch pop
237 TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
238 ( to use glyph index: ) print dup //== exec } if
239- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
240+ 5 index 3 1 roll .forceput
241 //false
242 }
243 {
244@@ -1456,7 +1456,7 @@ mark
245 { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
246 TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
247 ( to be index: ) print dup //== exec } if
248- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
249+ exch pop 5 index 3 1 roll .forceput
250 }
251 {
252 pop pop
253@@ -1486,7 +1486,7 @@ mark
254 } ifelse
255 ]
256 TTFDEBUG { (Encoding: ) print dup === flush } if
257-} bind def
258+} .bind executeonly odef % hides .forceput
259
260 % to be removed 9.09......
261 currentdict /postalias undef
262diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
263index 96e1ced..61f5269 100644
264--- a/Resource/Init/gs_type1.ps
265+++ b/Resource/Init/gs_type1.ps
266@@ -116,7 +116,7 @@
267 { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname
268 CFFDEBUG { (\nsetting alias: ) print dup ==only
269 ( to be the same as glyph: ) print 1 index //== exec } if
270- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
271+ 3 index exch 3 index .forceput
272 % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
273 }
274 {pop} ifelse
275@@ -135,7 +135,7 @@
276 3 1 roll pop pop
277 } if
278 pop
279- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
280+ dup /.AGLprocessed~GS //true .forceput
281 } if
282
283 %% We need to excute the C .buildfont1 in a stopped context so that, if there
284@@ -148,7 +148,7 @@
285 {//.buildfont1} stopped
286 4 3 roll .setglobal
287 {//.buildfont1 $error /errorname get signalerror} if
288- } bind def
289+ } .bind executeonly def % hide .forceput
290
291 % If the diskfont feature isn't included, define a dummy .loadfontdict.
292 /.loadfontdict where
293--
2942.20.1
295
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
new file mode 100644
index 0000000000..5228cace24
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
@@ -0,0 +1,167 @@
1From 5845e667dda3c945ee793fbe6af021533cb4fbec Mon Sep 17 00:00:00 2001
2From: Ray Johnston <ray.johnston@artifex.com>
3Date: Sun, 24 Feb 2019 22:01:04 -0800
4Subject: [PATCH] Bug 700585: Obliterate "superexec". We don't need it, nor
5 do any known apps.
6
7We were under the impression that the Windows driver 'PScript5.dll' used
8superexec, but after testing with our extensive suite of PostScript file,
9and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear
10that this operator is needed anymore. Get rid of superexec and all of the
11references to it, since it is a potential security hole.
12
13CVE: CVE-2019-3835
14Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
15
16Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
17---
18 Resource/Init/gs_init.ps | 18 ------------------
19 psi/icontext.c | 1 -
20 psi/icstate.h | 1 -
21 psi/zcontrol.c | 30 ------------------------------
22 psi/zdict.c | 6 ++----
23 psi/zgeneric.c | 3 +--
24 6 files changed, 3 insertions(+), 56 deletions(-)
25
26diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
27index 0d5c4f7..c5ac82a 100644
28--- a/Resource/Init/gs_init.ps
29+++ b/Resource/Init/gs_init.ps
30@@ -2470,24 +2470,6 @@ DELAYBIND not {
31 systemdict /.forceundef .undef % ditto
32 } if
33
34-% Move superexec to internaldict if superexec is defined. (Level 2 or later)
35-systemdict /superexec known {
36- % restrict superexec to single known use by PScript5.dll
37- % We could do this only for SAFER mode, but internaldict and superexec are
38- % not very well documented, and we don't want them to be used.
39- 1183615869 internaldict /superexec {
40- 2 index /Private eq % first check for typical use in PScript5.dll
41- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec
42- 1 index 0 get systemdict /put get eq and
43- {
44- //superexec exec % the only usage we allow
45- } {
46- /superexec load /invalidaccess signalerror
47- } ifelse
48- } bind cvx executeonly put
49- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator
50-} if
51-
52 % Can't remove this one until the last minute :-)
53 DELAYBIND not {
54 systemdict /.undef .undef
55diff --git a/psi/icontext.c b/psi/icontext.c
56index 1fbe486..7462ea3 100644
57--- a/psi/icontext.c
58+++ b/psi/icontext.c
59@@ -151,7 +151,6 @@ context_state_alloc(gs_context_state_t ** ppcst,
60 pcst->rand_state = rand_state_initial;
61 pcst->usertime_total = 0;
62 pcst->keep_usertime = false;
63- pcst->in_superexec = 0;
64 pcst->plugin_list = 0;
65 make_t(&pcst->error_object, t__invalid);
66 { /*
67diff --git a/psi/icstate.h b/psi/icstate.h
68index 4c6a14d..1009d85 100644
69--- a/psi/icstate.h
70+++ b/psi/icstate.h
71@@ -54,7 +54,6 @@ struct gs_context_state_s {
72 long usertime_total; /* total accumulated usertime, */
73 /* not counting current time if running */
74 bool keep_usertime; /* true if context ever executed usertime */
75- int in_superexec; /* # of levels of superexec */
76 /* View clipping is handled in the graphics state. */
77 ref error_object; /* t__invalid or error object from operator */
78 ref userparams; /* t_dictionary */
79diff --git a/psi/zcontrol.c b/psi/zcontrol.c
80index 0362cf4..dc813e8 100644
81--- a/psi/zcontrol.c
82+++ b/psi/zcontrol.c
83@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p)
84 return o_push_estack;
85 }
86
87-/* <obj> superexec - */
88-static int end_superexec(i_ctx_t *);
89-static int
90-zsuperexec(i_ctx_t *i_ctx_p)
91-{
92- os_ptr op = osp;
93- es_ptr ep;
94-
95- check_op(1);
96- if (!r_has_attr(op, a_executable))
97- return 0; /* literal object just gets pushed back */
98- check_estack(2);
99- ep = esp += 3;
100- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */
101- make_op_estack(ep - 1, end_superexec); /* normal case */
102- ref_assign(ep, op);
103- esfile_check_cache();
104- pop(1);
105- i_ctx_p->in_superexec++;
106- return o_push_estack;
107-}
108-static int
109-end_superexec(i_ctx_t *i_ctx_p)
110-{
111- i_ctx_p->in_superexec--;
112- return 0;
113-}
114-
115 /* <array> <executable> .runandhide <obj> */
116 /* before executing <executable>, <array> is been removed from */
117 /* the operand stack and placed on the execstack with attributes */
118@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = {
119 {"0%loop_continue", loop_continue},
120 {"0%repeat_continue", repeat_continue},
121 {"0%stopped_push", stopped_push},
122- {"1superexec", zsuperexec},
123- {"0%end_superexec", end_superexec},
124 {"2.runandhide", zrunandhide},
125 {"0%end_runandhide", end_runandhide},
126 op_def_end(0)
127diff --git a/psi/zdict.c b/psi/zdict.c
128index b0deaaa..e2e525d 100644
129--- a/psi/zdict.c
130+++ b/psi/zdict.c
131@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p)
132 int code;
133
134 check_type(*op1, t_dictionary);
135- if (i_ctx_p->in_superexec == 0)
136- check_dict_write(*op1);
137+ check_dict_write(*op1);
138 code = idict_undef(op1, op);
139 if (code < 0 && code != gs_error_undefined) /* ignore undefined error */
140 return code;
141@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p)
142 int code;
143
144 check_type(*op1, t_dictionary);
145- if (i_ctx_p->in_superexec == 0)
146- check_dict_write(*op1);
147+ check_dict_write(*op1);
148 check_type(*op, t_integer);
149 if (op->value.intval < 0)
150 return_error(gs_error_rangecheck);
151diff --git a/psi/zgeneric.c b/psi/zgeneric.c
152index 8048e28..d4edddb 100644
153--- a/psi/zgeneric.c
154+++ b/psi/zgeneric.c
155@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p)
156
157 switch (r_type(op2)) {
158 case t_dictionary:
159- if (i_ctx_p->in_superexec == 0)
160- check_dict_write(*op2);
161+ check_dict_write(*op2);
162 {
163 int code = idict_put(op2, op1, op);
164
165--
1662.18.1
167
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
new file mode 100644
index 0000000000..593109fb9f
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
@@ -0,0 +1,34 @@
1From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Wed, 20 Feb 2019 09:54:28 +0000
4Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in
5 DefineResource).
6
7This prevents access to .forceput
8
9Solution originally suggested by cbuissar@redhat.com.
10
11CVE: CVE-2019-3838
12Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
13
14Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
15---
16 Resource/Init/gs_res.ps | 2 +-
17 1 file changed, 1 insertion(+), 1 deletion(-)
18
19diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
20index 89c0ed6..a163541 100644
21--- a/Resource/Init/gs_res.ps
22+++ b/Resource/Init/gs_res.ps
23@@ -426,7 +426,7 @@ status {
24 % so we have to use .forceput here.
25 currentdict /.Instances 2 index .forceput % Category dict is read-only
26 } executeonly if
27- }
28+ } executeonly
29 { .LocalInstances dup //.emptydict eq
30 { pop 3 dict localinstancedict Category 2 index put
31 }
32--
332.18.1
34
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch
new file mode 100644
index 0000000000..921e5b6876
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch
@@ -0,0 +1,30 @@
1From 0cb5e967c0200559f946291b5b54f8da30c32cd6 Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Fri, 22 Feb 2019 12:28:23 +0000
4Subject: [PATCH] Bug 700576(redux): an extra transient proc needs
5 executeonly'ed.
6
7CVE: CVE-2019-3838
8Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
9
10Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
11---
12 Resource/Init/gs_res.ps | 2 +-
13 1 file changed, 1 insertion(+), 1 deletion(-)
14
15diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
16index a163541..8ce4ae3 100644
17--- a/Resource/Init/gs_res.ps
18+++ b/Resource/Init/gs_res.ps
19@@ -438,7 +438,7 @@ status {
20 % Now make the resource value read-only.
21 0 2 copy get { readonly } .internalstopped pop
22 dup 4 1 roll put exch pop exch pop
23- }
24+ } executeonly
25 { /defineresource cvx /typecheck signaloperror
26 }
27 ifelse
28--
292.18.1
30
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
new file mode 100644
index 0000000000..b2c1ade4be
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
@@ -0,0 +1,177 @@
1From c8c77690199b677f70093824382f0881e643e17b Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Wed, 5 Dec 2018 12:22:13 +0000
4Subject: [PATCH 1/7] Sanitize op stack for error conditions
5
6We save the stacks to an array and store the array for the error handler to
7access.
8
9For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
10we make these copies, we check for operators that do *not* exist in systemdict,
11when we find one, we replace the operator with a name object (of the form
12"/--opname--").
13
14CVE: CVE-2019-6116
15Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
16
17Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
18---
19 psi/int.mak | 3 +-
20 psi/interp.c | 8 ++++++
21 psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
22 psi/istack.h | 3 ++
23 4 files changed, 91 insertions(+), 1 deletion(-)
24
25diff --git a/psi/int.mak b/psi/int.mak
26index 6ab5bf0..6b349cb 100644
27--- a/psi/int.mak
28+++ b/psi/int.mak
29@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
30 $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
31 $(ierrors_h) $(gsstruct_h) $(gsutil_h)\
32 $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
33- $(store_h) $(INT_MAK) $(MAKEDIRS)
34+ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
35+ $(INT_MAK) $(MAKEDIRS)
36 $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
37
38 $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
39diff --git a/psi/interp.c b/psi/interp.c
40index 6dc0dda..aa5779c 100644
41--- a/psi/interp.c
42+++ b/psi/interp.c
43@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
44 uint size = ref_stack_count(pstack) - skip;
45 uint save_space = ialloc_space(idmemory);
46 int code, i;
47+ ref *safety, *safe;
48
49 if (size > 65535)
50 size = 65535;
51@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
52 make_null(&arr->value.refs[i]);
53 }
54 }
55+ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
56+ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
57+ safe->value.boolval == true) {
58+ code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
59+ if (code < 0)
60+ return code;
61+ }
62 ialloc_set_space(idmemory, save_space);
63 return code;
64 }
65diff --git a/psi/istack.c b/psi/istack.c
66index 8fe151f..f1a3e51 100644
67--- a/psi/istack.c
68+++ b/psi/istack.c
69@@ -27,6 +27,10 @@
70 #include "iutil.h"
71 #include "ivmspace.h" /* for local/global test */
72 #include "store.h"
73+#include "icstate.h"
74+#include "iname.h"
75+#include "dstack.h"
76+#include "idict.h"
77
78 /* Forward references */
79 static void init_block(ref_stack_t *pstack, const ref *pblock_array,
80@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
81 return 0;
82 }
83
84+int
85+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
86+{
87+ int i, code;
88+ ref obj, arr2;
89+ ref *pobj2;
90+ gs_memory_t *mem = (gs_memory_t *)idmemory->current;
91+
92+ if (!r_is_array(sarr) || !r_has_type(darr, t_array))
93+ return_error(gs_error_typecheck);
94+
95+ for (i = 0; i < r_size(sarr); i++) {
96+ code = array_get(mem, sarr, i, &obj);
97+ if (code < 0)
98+ make_null(&obj);
99+ switch(r_type(&obj)) {
100+ case t_operator:
101+ {
102+ int index = op_index(&obj);
103+
104+ if (index > 0 && index < op_def_count) {
105+ const byte *data = (const byte *)(op_index_def(index)->oname + 1);
106+ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
107+ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
108+ if (s) {
109+ s[0] = '\0';
110+ strcpy((char *)s, "--");
111+ strcpy((char *)s + 2, (char *)data);
112+ strcpy((char *)s + strlen((char *)data) + 2, "--");
113+ }
114+ else {
115+ s = (byte *)data;
116+ }
117+ code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
118+ if (code < 0) make_null(&obj);
119+ if (s != data)
120+ gs_free_object(mem, s, "ref_stack_array_sanitize");
121+ }
122+ }
123+ else {
124+ make_null(&obj);
125+ }
126+ ref_assign(darr->value.refs + i, &obj);
127+ break;
128+ }
129+ case t_array:
130+ case t_shortarray:
131+ case t_mixedarray:
132+ {
133+ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
134+ /* We only want to copy executable arrays */
135+ if (attrs & (a_execute | a_executable)) {
136+ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
137+ if (code < 0) {
138+ make_null(&arr2);
139+ }
140+ else {
141+ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
142+ }
143+ ref_assign(darr->value.refs + i, &arr2);
144+ }
145+ else {
146+ ref_assign(darr->value.refs + i, &obj);
147+ }
148+ break;
149+ }
150+ default:
151+ ref_assign(darr->value.refs + i, &obj);
152+ }
153+ }
154+ return 0;
155+}
156+
157+
158 /*
159 * Store the top 'count' elements of a stack, starting 'skip' elements below
160 * the top, into an array, with or without store/undo checking. age=-1 for
161diff --git a/psi/istack.h b/psi/istack.h
162index 051dcbe..54be405 100644
163--- a/psi/istack.h
164+++ b/psi/istack.h
165@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
166 uint skip, int age, bool check,
167 gs_dual_memory_t *idmem, client_name_t cname);
168
169+int
170+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
171+
172 /*
173 * Pop the top N elements off a stack.
174 * The number must not exceed the number of elements in use.
175--
1762.18.1
177
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch
new file mode 100644
index 0000000000..97c74e7e31
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch
@@ -0,0 +1,442 @@
1From 20001d2bdf3cc60e76241a6ae72b1df01c5424c5 Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Thu, 13 Dec 2018 15:28:34 +0000
4Subject: [PATCH 2/7] Any transient procedures that call .force* operators
5
6(i.e. for conditionals or loops) make them executeonly.
7
8CVE: CVE-2019-6116
9Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
10
11Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
12---
13 Resource/Init/gs_diskn.ps | 2 +-
14 Resource/Init/gs_dps1.ps | 4 ++--
15 Resource/Init/gs_fntem.ps | 4 ++--
16 Resource/Init/gs_fonts.ps | 12 ++++++------
17 Resource/Init/gs_init.ps | 4 ++--
18 Resource/Init/gs_lev2.ps | 11 ++++++-----
19 Resource/Init/gs_pdfwr.ps | 2 +-
20 Resource/Init/gs_res.ps | 4 ++--
21 Resource/Init/gs_setpd.ps | 2 +-
22 Resource/Init/pdf_base.ps | 13 ++++++++-----
23 Resource/Init/pdf_draw.ps | 16 +++++++++-------
24 Resource/Init/pdf_font.ps | 6 +++---
25 Resource/Init/pdf_main.ps | 4 ++--
26 Resource/Init/pdf_ops.ps | 7 ++++---
27 14 files changed, 49 insertions(+), 42 deletions(-)
28
29diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps
30index fd694bc..8bf2054 100644
31--- a/Resource/Init/gs_diskn.ps
32+++ b/Resource/Init/gs_diskn.ps
33@@ -51,7 +51,7 @@ systemdict begin
34 mark 5 1 roll ] mark exch { { } forall } forall ]
35 //systemdict /.searchabledevs 2 index .forceput
36 exch .setglobal
37- }
38+ } executeonly
39 if
40 } .bind executeonly odef % must be bound and hidden for .forceput
41
42diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
43index ec5db61..4fae283 100644
44--- a/Resource/Init/gs_dps1.ps
45+++ b/Resource/Init/gs_dps1.ps
46@@ -78,7 +78,7 @@ level2dict begin
47 .currentglobal
48 { % Current mode is global; delete from local directory too.
49 //systemdict /LocalFontDirectory .knownget
50- { 1 index .forceundef } % LocalFontDirectory is readonly
51+ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly
52 if
53 }
54 { % Current mode is local; if there was a shadowed global
55@@ -126,7 +126,7 @@ level2dict begin
56 }
57 ifelse
58 } forall
59- pop counttomark 2 idiv { .forceundef } repeat pop % readonly
60+ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly
61 }
62 if
63 //SharedFontDirectory exch .forcecopynew pop
64diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps
65index c1f7651..6eb672a 100644
66--- a/Resource/Init/gs_fntem.ps
67+++ b/Resource/Init/gs_fntem.ps
68@@ -401,12 +401,12 @@ currentdict end def
69 .forceput % FontInfo can be read-only.
70 pop % bool <font>
71 exit
72- } if
73+ } executeonly if
74 dup /FontInfo get % bool <font> <FI>
75 /GlyphNames2Unicode /Unicode /Decoding findresource
76 .forceput % FontInfo can be read-only.
77 exit
78- } loop
79+ } executeonly loop
80 exch setglobal
81 } .bind executeonly odef % must be bound and hidden for .forceput
82
83diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
84index 803faca..290da0c 100644
85--- a/Resource/Init/gs_fonts.ps
86+++ b/Resource/Init/gs_fonts.ps
87@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
88 /.setnativefontmapbuilt { % set whether we've been run
89 dup type /booleantype eq {
90 systemdict exch /.nativefontmapbuilt exch .forceput
91- }
92+ } executeonly
93 {pop}
94 ifelse
95 } .bind executeonly odef
96@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put
97 { 2 index gcheck currentglobal
98 2 copy eq {
99 pop pop .forceput
100- } {
101+ } executeonly {
102 5 1 roll setglobal
103 dup length string copy
104 .forceput setglobal
105- } ifelse
106+ } executeonly ifelse
107 } .bind executeonly odef % must be bound and hidden for .forceput
108
109 % Attempt to load a font from a file.
110@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put
111 .FontDirectory 3 index .forceundef % readonly
112 1 index (r) file .loadfont .FontDirectory exch
113 /.setglobal .systemvar exec
114- }
115+ } executeonly
116 { .loadfont .FontDirectory
117 }
118 ifelse
119@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put
120 dup 3 index .fontknownget
121 { dup /PathLoad 4 index .putgstringcopy
122 4 1 roll pop pop pop //true exit
123- } if
124+ } executeonly if
125
126 % Maybe the file had a different FontName.
127 % See if we can get a FontName from the file, and if so,
128@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put
129 ifelse % Stack: origfontname fontdict
130 exch pop //true exit
131 % Stack: fontdict
132- }
133+ } executeonly
134 if pop % Stack: origfontname fontdirectory path
135 }
136 if pop pop % Stack: origfontname
137diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
138index d733124..56c0bd2 100644
139--- a/Resource/Init/gs_init.ps
140+++ b/Resource/Init/gs_init.ps
141@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if
142 % Update the copy of the user parameters.
143 mark .currentuserparams counttomark 2 idiv {
144 userparams 3 1 roll .forceput % userparams is read-only
145- } repeat pop
146+ } executeonly repeat pop
147 % Turn on idiom recognition, if available.
148 currentuserparams /IdiomRecognition known {
149 /IdiomRecognition //true .definepsuserparam
150@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if
151 % Remove real system params from pssystemparams.
152 mark .currentsystemparams counttomark 2 idiv {
153 pop pssystemparams exch .forceundef
154- } repeat pop
155+ } executeonly repeat pop
156 } if
157
158 % Set up AlignToPixels :
159diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
160index 44fe619..0f0d573 100644
161--- a/Resource/Init/gs_lev2.ps
162+++ b/Resource/Init/gs_lev2.ps
163@@ -154,7 +154,8 @@ end
164 % protect top level of parameters that we copied
165 dup type dup /arraytype eq exch /stringtype eq or { readonly } if
166 /userparams .systemvar 3 1 roll .forceput % userparams is read-only
167- } {
168+ } executeonly
169+ {
170 pop pop
171 } ifelse
172 } forall
173@@ -224,7 +225,7 @@ end
174 % protect top level parameters that we copied
175 dup type dup /arraytype eq exch /stringtype eq or { readonly } if
176 //pssystemparams 3 1 roll .forceput % pssystemparams is read-only
177- }
178+ } executeonly
179 { pop pop
180 }
181 ifelse
182@@ -934,7 +935,7 @@ mark
183 dup /PaintProc get
184 1 index /Implementation known not {
185 1 index dup /Implementation //null .forceput readonly pop
186- } if
187+ } executeonly if
188 exec
189 }.bind odef
190
191@@ -958,7 +959,7 @@ mark
192 dup /PaintProc get
193 1 index /Implementation known not {
194 1 index dup /Implementation //null .forceput readonly pop
195- } if
196+ } executeonly if
197 /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not
198 %% [CTM] <<Form>> PaintProc .beginform -
199 {
200@@ -1005,7 +1006,7 @@ mark
201 %% Form dictioanry using the /Implementation key).
202 1 dict dup /FormID 4 -1 roll put
203 1 index exch /Implementation exch .forceput readonly pop
204- }
205+ } executeonly
206 ifelse
207 }
208 {
209diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
210index 58e75d3..b425103 100644
211--- a/Resource/Init/gs_pdfwr.ps
212+++ b/Resource/Init/gs_pdfwr.ps
213@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef
214 } ifelse
215 } bind .makeoperator .forceput
216 systemdict /.pdf_hooked_DSC_Creator //true .forceput
217- } if
218+ } executeonly if
219 pop
220 } if
221 } {
222diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
223index 8eb8bb0..d9b3459 100644
224--- a/Resource/Init/gs_res.ps
225+++ b/Resource/Init/gs_res.ps
226@@ -152,7 +152,7 @@ setglobal
227 % use .forceput / .forcedef later to replace the dummy,
228 % empty .Instances dictionary with the real one later.
229 readonly
230- } {
231+ }{
232 /defineresource cvx /typecheck signaloperror
233 } ifelse
234 } bind executeonly odef
235@@ -424,7 +424,7 @@ status {
236 % As noted above, Category dictionaries are read-only,
237 % so we have to use .forcedef here.
238 /.Instances 1 index .forcedef % Category dict is read-only
239- } if
240+ } executeonly if
241 }
242 { .LocalInstances dup //.emptydict eq
243 { pop 3 dict localinstancedict Category 2 index put
244diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
245index e22597e..7875d1f 100644
246--- a/Resource/Init/gs_setpd.ps
247+++ b/Resource/Init/gs_setpd.ps
248@@ -634,7 +634,7 @@ NOMEDIAATTRS {
249 SETPDDEBUG { (Rolling back.) = pstack flush } if
250 3 index 2 index 3 -1 roll .forceput
251 4 index 1 index .knownget
252- { 4 index 3 1 roll .forceput }
253+ { 4 index 3 1 roll .forceput } executeonly
254 { 3 index exch .undef }
255 ifelse
256 } bind executeonly odef
257diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
258index b45e980..7312729 100644
259--- a/Resource/Init/pdf_base.ps
260+++ b/Resource/Init/pdf_base.ps
261@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef
262
263 /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
264 PDFDEBUG {
265- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if
266+ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
267 PDFSTEP {
268 pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
269 PDFSTEPcount 1 gt {
270 pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
271- } {
272+ } executeonly
273+ {
274 dup ==only
275 ( step # ) print PDFtokencount =only
276 ( ? ) print flush 1 //false .outputpage
277 (%stdin) (r) file 255 string readline {
278 token {
279 exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
280- } {
281+ } executeonly
282+ {
283 pdfdict /PDFSTEPcount 1 .forceput
284- } ifelse % token
285+ } executeonly ifelse % token
286 } {
287 pop /PDFSTEP //false def % EOF on stdin
288 } ifelse % readline
289 } ifelse % PDFSTEPcount > 1
290- } {
291+ } executeonly
292+ {
293 dup ==only () = flush
294 } ifelse % PDFSTEP
295 } if % PDFDEBUG
296diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
297index 6b0ba93..40c6ac8 100644
298--- a/Resource/Init/pdf_draw.ps
299+++ b/Resource/Init/pdf_draw.ps
300@@ -1118,14 +1118,14 @@ currentdict end readonly def
301 pdfdict /.Qqwarning_issued //true .forceput
302 .setglobal
303 pdfformaterror
304- } ifelse
305+ } executeonly ifelse
306 }
307 {
308 currentglobal pdfdict gcheck .setglobal
309 pdfdict /.Qqwarning_issued //true .forceput
310 .setglobal
311 pdfformaterror
312- } ifelse
313+ } executeonly ifelse
314 end
315 } ifelse
316 } loop
317@@ -1141,14 +1141,14 @@ currentdict end readonly def
318 pdfdict /.Qqwarning_issued //true .forceput
319 .setglobal
320 pdfformaterror
321- } ifelse
322+ } executeonly ifelse
323 }
324 {
325 currentglobal pdfdict gcheck .setglobal
326 pdfdict /.Qqwarning_issued //true .forceput
327 .setglobal
328 pdfformaterror
329- } ifelse
330+ } executeonly ifelse
331 } if
332 pop
333
334@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef
335 /IncrementAppearanceNumber {
336 pdfdict /AppearanceNumber .knownget {
337 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput
338- }{
339+ } executeonly
340+ {
341 pdfdict /AppearanceNumber 0 .forceput
342- } ifelse
343+ } executeonly ifelse
344 }bind executeonly odef
345
346 /MakeAppearanceName {
347@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef
348 %% want to preserve it.
349 pdfdict /.PreservePDFForm false .forceput
350 /q cvx /execform cvx 5 -2 roll
351- }{
352+ } executeonly
353+ {
354 /q cvx /PDFexecform cvx 5 -2 roll
355 } ifelse
356
357diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
358index bea9ea9..4cd62b9 100644
359--- a/Resource/Init/pdf_font.ps
360+++ b/Resource/Init/pdf_font.ps
361@@ -714,7 +714,7 @@ currentdict end readonly def
362 pop pop pop
363 currentdict /.stackdepth .forceundef
364 currentdict /.dstackdepth .forceundef
365- }
366+ } executeonly
367 {pop pop pop}
368 ifelse
369
370@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef
371 (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
372 pdfformatwarning
373 pdfdict /.Qqwarning_issued //true .forceput
374- } if
375+ } executeonly if
376 Q
377 } repeat
378 Q
379@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef
380 /CIDFallBack /CIDFont findresource
381 } if
382 exit
383- } if
384+ } executeonly if
385 } if
386 } if
387
388diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
389index 00da47a..37e69b3 100644
390--- a/Resource/Init/pdf_main.ps
391+++ b/Resource/Init/pdf_main.ps
392@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef
393 pdfdict /.Qqwarning_issued //true .forceput
394 .setglobal
395 pdfformaterror
396- } ifelse
397+ } executeonly ifelse
398 }
399 {
400 currentglobal pdfdict gcheck .setglobal
401 pdfdict /.Qqwarning_issued //true .forceput
402 .setglobal
403 pdfformaterror
404- } ifelse
405+ } executeonly ifelse
406 } if
407 } if
408 pop
409diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
410index 8672d61..aa09641 100644
411--- a/Resource/Init/pdf_ops.ps
412+++ b/Resource/Init/pdf_ops.ps
413@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef
414 pdfdict /.Qqwarning_issued //true .forceput
415 .setglobal
416 pdfformaterror
417- } ifelse
418+ } executeonly ifelse
419 }
420 {
421 currentglobal pdfdict gcheck .setglobal
422 pdfdict /.Qqwarning_issued //true .forceput
423 .setglobal
424 pdfformaterror
425- } ifelse
426+ } executeonly ifelse
427 } if
428 } bind executeonly odef
429
430@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef
431 dup type /booleantype eq {
432 .currentSMask type /dicttype eq {
433 .currentSMask /Processed 2 index .forceput
434- } {
435+ } executeonly
436+ {
437 .setSMask
438 }ifelse
439 }{
440--
4412.18.1
442
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch
new file mode 100644
index 0000000000..02b1dc962f
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch
@@ -0,0 +1,32 @@
1From 60b77b8bf8b6e4d30519c47724631012b530cf0e Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Sat, 15 Dec 2018 09:08:32 +0000
4Subject: [PATCH 3/7] Bug700317: Fix logic for an older change
5
6Unlike almost every other function in gs, dict_find_string() returns 1 on
7success 0 or <0 on failure. The logic for this case was wrong.
8
9CVE: CVE-2019-6116
10Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
11
12Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
13---
14 psi/interp.c | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-)
16
17diff --git a/psi/interp.c b/psi/interp.c
18index aa5779c..f6c45bb 100644
19--- a/psi/interp.c
20+++ b/psi/interp.c
21@@ -703,7 +703,7 @@ again:
22 * i.e. it's an internal operator we have hidden
23 */
24 code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
25- if (code < 0) {
26+ if (code <= 0) {
27 buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
28 rlen += 4;
29 bufptr = buf;
30--
312.18.1
32
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch
new file mode 100644
index 0000000000..cc15453f00
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch
@@ -0,0 +1,136 @@
1From d739565534e955c4336731e4ea4eebc895c09c5c Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Tue, 18 Dec 2018 10:42:10 +0000
4Subject: [PATCH 4/7] Harden some uses of .force* operators
5
6by adding a few immediate evalutions
7
8CVE: CVE-2019-6116
9Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
10
11Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
12---
13 Resource/Init/gs_dps1.ps | 4 ++--
14 Resource/Init/gs_fonts.ps | 20 ++++++++++----------
15 Resource/Init/gs_init.ps | 6 +++---
16 3 files changed, 15 insertions(+), 15 deletions(-)
17
18diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
19index 4fae283..b75ea14 100644
20--- a/Resource/Init/gs_dps1.ps
21+++ b/Resource/Init/gs_dps1.ps
22@@ -74,7 +74,7 @@ level2dict begin
23 } odef
24 % undefinefont has to take local/global VM into account.
25 /undefinefont % <fontname> undefinefont -
26- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
27+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
28 .currentglobal
29 { % Current mode is global; delete from local directory too.
30 //systemdict /LocalFontDirectory .knownget
31@@ -85,7 +85,7 @@ level2dict begin
32 % definition, copy it into the local directory.
33 //systemdict /SharedFontDirectory .knownget
34 { 1 index .knownget
35- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
36+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
37 if
38 }
39 if
40diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
41index 290da0c..c13a2fc 100644
42--- a/Resource/Init/gs_fonts.ps
43+++ b/Resource/Init/gs_fonts.ps
44@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
45 if
46 }
47 if
48- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
49+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
50 % If the font originated as a resource, register it.
51 currentfile .currentresourcefile eq { dup .registerfont } if
52 readonly
53@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
54 % Try to find a font using only the present contents of Fontmap.
55 /.tryfindfont { % <fontname> .tryfindfont <font> true
56 % <fontname> .tryfindfont false
57- .FontDirectory 1 index .fontknownget
58+ //.FontDirectory 1 index .fontknownget
59 { % Already loaded
60 exch pop //true
61 }
62@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
63 { % Font with a procedural definition
64 exec % The procedure will load the font.
65 % Check to make sure this really happened.
66- .FontDirectory 1 index .knownget
67+ //.FontDirectory 1 index .knownget
68 { exch pop //true exit }
69 if
70 }
71@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
72 % because it's different depending on language level.
73 .currentglobal exch /.setglobal .systemvar exec
74 % Remove the fake definition, if any.
75- .FontDirectory 3 index .forceundef % readonly
76- 1 index (r) file .loadfont .FontDirectory exch
77+ //.FontDirectory 3 index .forceundef % readonly
78+ 1 index (r) file .loadfont //.FontDirectory exch
79 /.setglobal .systemvar exec
80 } executeonly
81- { .loadfont .FontDirectory
82+ { .loadfont //.FontDirectory
83 }
84 ifelse
85 % Stack: fontname fontfilename fontdirectory
86@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
87 % Stack: origfontname fontdirectory filefontname fontdict
88 3 -1 roll pop
89 % Stack: origfontname filefontname fontdict
90- dup /FontName get dup FontDirectory exch .forceundef
91- GlobalFontDirectory exch .forceundef
92+ dup /FontName get dup //.FontDirectory exch .forceundef
93+ /GlobalFontDirectory .systemvar exch .forceundef
94 dup length dict .copydict dup 3 index /FontName exch put
95 2 index exch definefont
96 exch
97@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
98 {
99 {
100 pop dup type /stringtype eq { cvn } if
101- .FontDirectory 1 index known not {
102+ //.FontDirectory 1 index known not {
103 2 dict dup /FontName 3 index put
104 dup /FontType 1 put
105- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
106+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
107 } {
108 pop
109 } ifelse
110diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
111index 56c0bd2..d9a0829 100644
112--- a/Resource/Init/gs_init.ps
113+++ b/Resource/Init/gs_init.ps
114@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
115 }ifelse
116 }forall
117 noaccess pop
118- systemdict /.setsafeerrors .forceundef
119- systemdict /.SAFERERRORLIST .forceundef
120+ //systemdict /.setsafeerrors .forceundef
121+ //systemdict /.SAFERERRORLIST .forceundef
122 } bind executeonly odef
123
124 SAFERERRORS {.setsafererrors} if
125@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
126
127 /.locksafe {
128 .locksafe_userparams
129- systemdict /getenv {pop //false} .forceput
130+ //systemdict /getenv {pop //false} .forceput
131 % setpagedevice has the side effect of clearing the page, but
132 % we will just document that. Using setpagedevice keeps the device
133 % properties and pagedevice .LockSafetyParams in agreement even
134--
1352.18.1
136
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
new file mode 100644
index 0000000000..db70bba215
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
@@ -0,0 +1,250 @@
1From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001
2From: Nancy Durgin <nancy.durgin@artifex.com>
3Date: Tue, 27 Nov 2018 12:36:14 -0800
4Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps
5
6CVE: CVE-2019-6116
7Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
8
9Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
10---
11 Resource/Init/gs_res.ps | 72 +++++++++++++++++++++++++--------------
12 Resource/Init/gs_resmp.ps | 4 +--
13 2 files changed, 49 insertions(+), 27 deletions(-)
14
15diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
16index d9b3459..18d5452 100644
17--- a/Resource/Init/gs_res.ps
18+++ b/Resource/Init/gs_res.ps
19@@ -197,7 +197,7 @@ setglobal
20 /.findresource { % <key> <category> findresource <instance>
21 2 copy dup /Category eq
22 { pop //Category 0 get begin } { .findcategory } ifelse
23- /FindResource .resourceexec exch pop exch pop
24+ /FindResource //.resourceexec exec exch pop exch pop
25 } bind
26 end % .Instances of Category
27 def
28@@ -223,7 +223,7 @@ def
29 not { /defineresource cvx /typecheck signaloperror } if
30 } if
31 } if
32- /DefineResource .resourceexec
33+ /DefineResource //.resourceexec exec
34 4 1 roll pop pop pop
35 } .errorexec
36 } bind executeonly odef
37@@ -252,7 +252,7 @@ def
38 % without the check.
39 /resourcestatus cvx /typecheck signalerror
40 } if
41- 2 copy .findcategory /ResourceStatus .resourceexec
42+ 2 copy .findcategory /ResourceStatus //.resourceexec exec
43 { 4 2 roll pop pop //true } { pop pop //false } ifelse
44 } stopped {
45 % Although resourcestatus is an operator, Adobe uses executable name
46@@ -266,7 +266,7 @@ def
47 } if
48 1 .argindex 1 index % catch stackunderflow
49
50- { .findcategory /UndefineResource .resourceexec pop pop
51+ { .findcategory /UndefineResource //.resourceexec exec pop pop
52 } stopped {
53 % Although undefineresource is an operator, Adobe uses executable name
54 % here but uses operator for the errors above. CET 23-33
55@@ -315,10 +315,10 @@ currentdict /pssystemparams known not {
56 /pssystemparams 10 dict readonly def
57 } if
58 pssystemparams begin
59- .default_resource_dir
60- /FontResourceDir (Font) .resource_dir_name
61+ //.default_resource_dir exec
62+ /FontResourceDir (Font) //.resource_dir_name exec
63 readonly .forcedef % pssys'params is r-o
64- /GenericResourceDir () .resource_dir_name
65+ /GenericResourceDir () //.resource_dir_name exec
66 readonly .forcedef % pssys'params is r-o
67 pop % .default_resource_dir
68 /GenericResourcePathSep
69@@ -387,13 +387,13 @@ status {
70 } bind def
71 /.localresourceforall { % <key> <value> <args> .localr'forall -
72 exch pop
73- 2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse
74+ 2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse
75 } bind def
76 /.globalresourceforall { % <key> <value> <args> .globalr'forall -
77 exch pop
78 2 copy 0 get .stringmatch {
79 dup 3 get begin .LocalInstances end 2 index known not {
80- .enumerateresource
81+ //.enumerateresource exec
82 } {
83 pop pop
84 } ifelse
85@@ -408,7 +408,7 @@ status {
86 3 index known {
87 pop pop pop
88 } {
89- 2 index known { pop pop } { .enumerateresource } ifelse
90+ 2 index known { pop pop } { //.enumerateresource exec } ifelse
91 } ifelse
92 } bind def
93
94@@ -468,19 +468,19 @@ status {
95 % .knownget doesn't fail on null
96 /findresource cvx /typecheck signaloperror
97 } if
98- dup .getvminstance {
99+ dup //.getvminstance exec {
100 exch pop 0 get
101 } {
102 dup ResourceStatus {
103 pop 1 gt {
104- .DoLoadResource .getvminstance not {
105- /findresource cvx .undefinedresource
106+ .DoLoadResource //.getvminstance exec not {
107+ /findresource cvx //.undefinedresource exec
108 } if 0 get
109 } {
110 .GetInstance pop 0 get
111 } ifelse
112 } {
113- /findresource cvx .undefinedresource
114+ /findresource cvx //.undefinedresource exec
115 } ifelse
116 } ifelse
117 } bind executeonly
118@@ -621,7 +621,7 @@ status {
119 .currentglobal not .setglobal
120 vmstatus pop exch pop add
121 } repeat
122-} bind def
123+} bind executeonly odef
124 /.DoLoadResource {
125 % .LoadResource may push entries on the operand stack.
126 % It is an undocumented feature of Adobe implementations,
127@@ -633,8 +633,8 @@ status {
128 {.LoadResource} 4 1 roll 4 .execn
129 % Stack: ... count key memused
130 .vmused exch sub
131- 1 index .getvminstance not {
132- pop dup .undefinedresource % didn't load
133+ 1 index //.getvminstance exec not {
134+ pop dup //.undefinedresource exec % didn't load
135 } if
136 dup 1 1 put
137 2 3 -1 roll put
138@@ -648,7 +648,7 @@ status {
139 { //true setglobal { .runresource } stopped //false setglobal { stop } if }
140 ifelse
141 }
142- { dup .undefinedresource
143+ { dup //.undefinedresource exec
144 }
145 ifelse
146 } bind
147@@ -758,7 +758,7 @@ counttomark 2 idiv
148 /FindResource
149 { .Instances 1 index .knownget
150 { exch pop }
151- { /findresource cvx .undefinedresource }
152+ { /findresource cvx //.undefinedresource exec }
153 ifelse
154 } bind executeonly
155 /ResourceStatus
156@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put
157 2 copy /Generic /Category findresource /DefineResource get exec
158 exch pop
159 exch //.defaultcsnames exch .knownget {
160- 1 index .definedefaultcs
161+ 1 index //.definedefaultcs exec
162 currentglobal not { .userdict /.localcsdefaults //true put } if
163 } if
164 } bind executeonly
165@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put
166 //.defaultcsnames 1 index .knownget {
167 % Stack: resname index
168 currentglobal {
169- .undefinedefaultcs pop
170+ //.undefinedefaultcs exec pop
171 } {
172 % We removed the local definition, but there might be a global one.
173 exch .GetInstance {
174- 0 get .definedefaultcs
175+ 0 get //.definedefaultcs exec
176 } {
177- .undefinedefaultcs
178+ //.undefinedefaultcs exec
179 } ifelse
180 % Recompute .localcsdefaults by scanning. This is rarely needed.
181 .userdict /.localcsdefaults //false //.defaultcsnames {
182@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef
183 /Generic /Category findresource /UndefineResource get exec
184 } bind executeonly
185 /FindResource {
186- dup .getvminstance {
187+ dup //.getvminstance exec {
188 exch pop 0 get
189 } {
190 dup ResourceStatus {
191@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef
192 % stack: name font vmused
193 % findfont has the prerogative of not calling definefont
194 % in certain obscure cases of font substitution.
195- 2 index .getvminstance {
196+ 2 index //.getvminstance exec {
197 dup 1 1 put
198 2 3 -1 roll put
199 } {
200@@ -1159,3 +1159,25 @@ end % level2dict
201
202 %% Replace 1 (gs_resmp.ps)
203 (gs_resmp.ps) dup runlibfile VMDEBUG
204+
205+[
206+ /.default_resource_dir
207+ /.resource_dir_name
208+]
209+{systemdict exch .forceundef} forall
210+
211+[
212+ /.definedefaultcs
213+ /.undefinedefaultcs
214+ /.defaultcsnames
215+ /.enumerateresource
216+ /.externalresourceforall
217+ /.getvminstance
218+ /.globalresourceforall
219+ /.localresourceforall
220+ /resourceforall1
221+ /.resourceexec
222+ /.undefinedresource
223+ /.vmused
224+]
225+{level2dict exch .forceundef} forall
226diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps
227index 9bb4263..cb948d1 100644
228--- a/Resource/Init/gs_resmp.ps
229+++ b/Resource/Init/gs_resmp.ps
230@@ -230,7 +230,7 @@ currentpacking //false setpacking
231 } {
232 dup dup .map exch .knownget { % /Name /Name <<record>>
233 dup dup /RecordVirtualMethods get /IsActive get exec {
234- 1 index .getvminstance { % /Name /Name <<record>> holder
235+ 1 index //.getvminstance exec { % /Name /Name <<record>> holder
236 1 get 1 eq
237 } {
238 //true
239@@ -242,7 +242,7 @@ currentpacking //false setpacking
240 DefineResource exec % size bStatusIs1 /Name Instance
241 % Make ResourceStatus to return correct values for this instance :
242 % Hack: we replace status values in the instance holder :
243- exch .getvminstance pop % size bStatusIs1 Instance holder
244+ exch //.getvminstance exec pop % size bStatusIs1 Instance holder
245 dup 5 -1 roll 2 exch put % bStatusIs1 Instance holder
246 3 2 roll { % Instance holder
247 1 1 put % Instance
248--
2492.18.1
250
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch
new file mode 100644
index 0000000000..79e640b18f
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch
@@ -0,0 +1,596 @@
1From 97f9052ce49e6844b06a49ff9e4b8fc1eaf6bd10 Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Wed, 9 Jan 2019 14:24:07 +0000
4Subject: [PATCH 6/7] Undefine a bunch of gs_fonts.ps specific procs
5
6Also reorder and add some immediate evaluation, so it still works with the
7undefining.
8
9CVE: CVE-2019-6116
10Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
11
12Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
13---
14 Resource/Init/gs_dps1.ps | 3 +-
15 Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++-----------------
16 Resource/Init/gs_res.ps | 7 +-
17 3 files changed, 157 insertions(+), 128 deletions(-)
18
19diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
20index b75ea14..8700c8c 100644
21--- a/Resource/Init/gs_dps1.ps
22+++ b/Resource/Init/gs_dps1.ps
23@@ -67,7 +67,8 @@ level2dict begin
24
25 /selectfont % <fontname> <size> selectfont -
26 {
27- { 1 .argindex findfont
28+ {
29+ 1 .argindex findfont
30 1 index dup type /arraytype eq { makefont } { scalefont } ifelse
31 setfont pop pop
32 } stopped { /selectfont .systemvar $error /errorname get signalerror } if
33diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
34index c13a2fc..0562235 100644
35--- a/Resource/Init/gs_fonts.ps
36+++ b/Resource/Init/gs_fonts.ps
37@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put
38 { 2 index token not
39 { (Fontmap entry for ) print 1 index =only
40 ( ends prematurely! Giving up.) = flush
41- {.loadFontmap} 0 get 1 .quit
42+ {//.loadFontmap exec} 0 get 1 .quit
43 } if
44 dup /; eq { pop 3 index 3 1 roll .growput exit } if
45 pop
46@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if
47 { pop }
48 { /FONTPATH (GS_FONTPATH) getenv not { () } if def }
49 ifelse
50+
51+% The following are dummy definitions that, if we have a FONTPATH, will
52+% be replaced in the following section.
53+% They are here so immediately evaulation will work, and allow them to
54+% undefined at the bottom of the file.
55+/.scanfontbegin{} bind def
56+/.scanfontdir {} bind def
57+
58 FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
59 /FONTPATH [ FONTPATH .pathlist ] def
60
61@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
62 /.scanfontbegin
63 { % Construct the table of all file names already in Fontmap.
64 currentglobal //true setglobal
65- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
66+ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
67 Fontmap
68 { exch pop
69 { dup type /stringtype eq
70- { .splitfilename pop .fonttempstring copy .lowerstring cvn
71- .scanfontdict exch //true put
72+ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn
73+ //.scanfontdict exch //true put
74 }
75 { pop
76 }
77@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
78 /txt //true
79 .dicttomark def
80 /.scan1fontstring 8192 string def
81-% %%BeginFont: is not per Adobe documentation, but a few fonts have it.
82+% BeginFont: is not per Adobe documentation, but a few fonts have it.
83 /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def
84-0 .scanfontheaders { length .max } forall 6 add % extra for PFB header
85+0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header
86 /.scan1fontfirst exch string def
87 /.scanfontdir % <dirname> .scanfontdir -
88 { currentglobal exch //true setglobal
89@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
90 0 0 0 4 -1 roll % found scanned files
91 { % stack: <fontcount> <scancount> <filecount> <filename>
92 exch 1 add exch % increment filecount
93- dup .splitfilename .fonttempstring copy .lowerstring
94+ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec
95 % stack: <fontcount> <scancount> <filecount+1> <filename>
96 % <BASE> <ext>
97- .scanfontskip exch known exch .scanfontdict exch known or
98+ //.scanfontskip exch known exch //.scanfontdict exch known or
99 { pop
100 % stack: <fontcount> <scancount> <filecount+1>
101 }
102@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
103 % On some platforms, the file operator will open directories,
104 % but an error will occur if we try to read from one.
105 % Handle this possibility here.
106- dup .scan1fontfirst { readstring } .internalstopped
107+ dup //.scan1fontfirst { readstring } .internalstopped
108 { pop pop () }
109 { pop }
110 ifelse
111@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
112 { dup length 6 sub 6 exch getinterval }
113 if
114 % Check for font file headers.
115- //false .scanfontheaders
116+ //false //.scanfontheaders
117 { 2 index exch .stringmatch or
118 }
119 forall exch pop
120@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
121 { exch copystring exch
122 DEBUG { ( ) print dup =only flush } if
123 1 index .definenativefontmap
124- .splitfilename pop //true .scanfontdict 3 1 roll .growput
125+ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput
126 % Increment fontcount.
127 3 -1 roll 1 add 3 1 roll
128 }
129@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
130 }
131 ifelse
132 }
133- .scan1fontstring filenameforall
134+ //.scan1fontstring filenameforall
135 QUIET
136 { pop pop pop }
137 { ( ) print =only ( files, ) print =only ( scanned, ) print
138@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt
139 //true .setnativefontmapbuilt
140 } ifelse
141 } bind def
142-currentdict /.setnativefontmapbuilt .forceundef
143
144 % Create the dictionary that registers the .buildfont procedure
145 % (called by definefont) for each FontType.
146@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put
147 % We use this only for explicitly aliased fonts, not substituted fonts:
148 % we think this matches the observed behavior of Adobe interpreters.
149 /.aliasfont % <name> <font> .aliasfont <newFont>
150- { .currentglobal 3 1 roll dup .gcheck .setglobal
151+ {
152+ currentglobal 3 1 roll dup gcheck setglobal
153 % <bool> <name> <font>
154 dup length 2 add dict % <bool> <name> <font> <dict>
155 dup 3 -1 roll % <bool> <name> <dict> <dict> <font>
156@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put
157 % whose FontName is a local non-string, if someone passed a
158 % garbage value to findfont. In this case, just don't
159 % call definefont at all.
160- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or
161+ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or
162 { pop % <bool> <name> <dict>
163 1 index dup type /stringtype eq { cvn } if
164 % <bool> <name> <dict> <name1>
165@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put
166 % Don't bind in definefont, since Level 2 redefines it.
167 /definefont .systemvar exec
168 }
169- { /findfont cvx {.completefont} .errorexec pop exch pop
170+ {
171+ /findfont cvx {.completefont} //.errorexec exec pop exch pop
172 }
173 ifelse
174- exch .setglobal
175+ exch setglobal
176 } odef % so findfont will bind it
177
178 % Define .loadfontfile for loading a font. If we recognize Type 1 and/or
179@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put
180 [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4]
181 [(Serif) 8] [(Sans) -8]
182 ] readonly def
183+
184+/.fontnamestring { % <fontname> .fontnamestring <string|name>
185+ dup type dup /nametype eq {
186+ pop .namestring
187+ } {
188+ /stringtype ne { pop () } if
189+ } ifelse
190+} bind def
191+
192 /.fontnameproperties { % <int> <string|name> .fontnameproperties
193 % <int'>
194- .fontnamestring
195- .substituteproperties {
196+ //.fontnamestring exec
197+ //.substituteproperties {
198 2 copy 0 get search {
199 pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch {
200 dup 0 ge { or } { neg not and } ifelse
201@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put
202 % <other> .nametostring <other>
203 dup type /nametype eq { .namestring } if
204 } bind def
205-/.fontnamestring { % <fontname> .fontnamestring <string|name>
206- dup type dup /nametype eq {
207- pop .namestring
208- } {
209- /stringtype ne { pop () } if
210- } ifelse
211-} bind def
212+
213 /.substitutefontname { % <fontname> <properties> .substitutefontname
214 % <altname|null>
215 % Look for properties and/or a face name in the font name.
216@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put
217 % base font; otherwise, use the default font.
218 % Note that the "substituted" font name may be the same as
219 % the requested one; the caller must check this.
220- exch .fontnamestring {
221+ exch //.fontnamestring exec {
222 defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique
223 /Helvetica-Narrow /Helvetica-Narrow-Oblique
224 /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique
225@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put
226 } 3 1 roll
227 % Stack: facelist properties fontname
228 % Look for a face name.
229- .substitutefaces {
230+ //.substitutefaces {
231 2 copy 0 get search {
232 pop pop pop
233 % Stack: facelist properties fontname [(pattern) family properties]
234 dup 2 get 4 -1 roll or 3 1 roll
235- 1 get .substitutefamilies exch get
236+ 1 get //.substitutefamilies exch get
237 4 -1 roll pop 3 1 roll
238 } {
239 pop pop
240@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put
241 1 index length mod get exec
242 } bind def
243 /.substitutefont { % <fontname> .substitutefont <altname>
244- dup 0 exch .fontnameproperties .substitutefontname
245+ dup 0 exch //.fontnameproperties exec .substitutefontname
246 % Only accept fonts known in the Fontmap.
247 Fontmap 1 index known not
248 {
249@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
250 counttomark 1 sub { .aliasfont } repeat end
251 % <fontname> mark <font>
252 exch pop exch pop
253-} odef
254+} bind odef
255 /findfont {
256 .findfont
257 } bind def
258@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
259 } {
260 dup .substitutefont
261 2 copy eq { pop defaultfontname } if
262- .checkalias
263+ //.checkalias exec
264 QUIET not {
265 SHORTERRORS {
266 (%%[) print 1 index =only
267@@ -886,8 +898,8 @@ $error /SubstituteFont { } put
268 //null 0 1 FONTPATH length 1 sub {
269 FONTPATH 1 index get //null ne { exch pop exit } if pop
270 } for dup //null ne {
271- dup 0 eq { .scanfontbegin } if
272- FONTPATH 1 index get .scanfontdir
273+ dup 0 eq { //.scanfontbegin exec} if
274+ FONTPATH 1 index get //.scanfontdir exec
275 FONTPATH exch //null put //true
276 } {
277 pop //false
278@@ -897,11 +909,10 @@ $error /SubstituteFont { } put
279 % scanning of FONTPATH.
280 /.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font>
281 .tryfindfont not {
282-
283 % We didn't find the font. If we haven't scanned
284 % all the directories in FONTPATH, scan the next one
285 % now and look for the font again.
286- .scannextfontdir {
287+ //.scannextfontdir exec {
288 % Start over with an empty alias list.
289 counttomark 1 sub { pop } repeat % mark <fontname>
290 .dofindfont
291@@ -927,6 +938,7 @@ $error /SubstituteFont { } put
292 } if
293 % Substitute for the font. Don't alias.
294 % Same stack as at the beginning of .dofindfont.
295+
296 $error /SubstituteFont get exec
297 %
298 % igorm: I guess the surrounding code assumes that .stdsubstfont
299@@ -935,72 +947,11 @@ $error /SubstituteFont { } put
300 % used in .dofindfont and through .stdsubstfont
301 % just to represent a simple iteration,
302 % which accumulates the aliases after the mark.
303- .stdsubstfont
304+ //.stdsubstfont exec
305 } ifelse
306 } ifelse
307 } if
308 } bind def
309-% Try to find a font using only the present contents of Fontmap.
310-/.tryfindfont { % <fontname> .tryfindfont <font> true
311- % <fontname> .tryfindfont false
312- //.FontDirectory 1 index .fontknownget
313- { % Already loaded
314- exch pop //true
315- }
316- {
317- dup Fontmap exch .knownget
318- { //true //true }
319- { % Unknown font name. Look for a file with the
320- % same name as the requested font.
321- dup .tryloadfont
322- { exch pop //true //false }
323- {
324- % if we can't load by name check the native font map
325- dup .nativeFontmap exch .knownget
326- { //true //true }
327- { //false //false } ifelse
328- } ifelse
329- } ifelse
330-
331- { % Try each element of the Fontmap in turn.
332- pop
333- //false exch % (in case we exhaust the list)
334- % Stack: fontname false fontmaplist
335- { exch pop
336- dup type /nametype eq
337- { % Font alias
338- .checkalias .tryfindfont exit
339- }
340- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
341- { % Font with a procedural definition
342- exec % The procedure will load the font.
343- % Check to make sure this really happened.
344- //.FontDirectory 1 index .knownget
345- { exch pop //true exit }
346- if
347- }
348- { % Font file name
349- //true .loadfontloop { //true exit } if
350- }
351- ifelse
352- }
353- ifelse //false
354- }
355- forall
356- % Stack: font true -or- fontname false
357- { //true
358- }
359- { % None of the Fontmap entries worked.
360- % Try loading a file with the same name
361- % as the requested font.
362- .tryloadfont
363- }
364- ifelse
365- }
366- if
367- }
368- ifelse
369- } bind def
370
371 % any user of .putgstringcopy must use bind and executeonly
372 /.putgstringcopy % <dict> <name> <string> .putgstringcopy -
373@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put
374 } executeonly ifelse
375 } .bind executeonly odef % must be bound and hidden for .forceput
376
377-% Attempt to load a font from a file.
378-/.tryloadfont { % <fontname> .tryloadfont <font> true
379- % <fontname> .tryloadfont false
380- dup .nametostring
381- % Hack: check for the presence of the resource machinery.
382- /.genericrfn where {
383- pop
384- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
385- {//false .loadfontloop} .internalstopped {//false} if {
386- //true
387- } {
388- dup .nametostring
389- {//true .loadfontloop} .internalstopped {//false} if
390- } ifelse
391- } {
392- {//true .loadfontloop} .internalstopped {//false} if
393- } ifelse
394-} bind def
395-
396 /.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop
397 % <font> true
398 % -or-
399@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put
400 } if
401
402 % Check to make sure the font was actually loaded.
403- dup 3 index .fontknownget
404+ dup 3 index //.fontknownget exec
405 { dup /PathLoad 4 index .putgstringcopy
406 4 1 roll pop pop pop //true exit
407 } executeonly if
408@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put
409 exch dup % Stack: origfontname fontdirectory path path
410 (r) file .findfontname
411 { % Stack: origfontname fontdirectory path filefontname
412- 2 index 1 index .fontknownget
413+ 2 index 1 index //.fontknownget exec
414 { % Yes. Stack: origfontname fontdirectory path filefontname fontdict
415 dup 4 -1 roll /PathLoad exch .putgstringcopy
416 % Stack: origfontname fontdirectory filefontname fontdict
417@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put
418 % Stack: fontdict
419 } executeonly
420 if pop % Stack: origfontname fontdirectory path
421- }
422+ } executeonly
423 if pop pop % Stack: origfontname
424
425 % The font definitely did not load correctly.
426@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put
427
428 } bind executeonly odef % must be bound and hidden for .putgstringcopy
429
430-currentdict /.putgstringcopy .undef
431+% Attempt to load a font from a file.
432+/.tryloadfont { % <fontname> .tryloadfont <font> true
433+ % <fontname> .tryloadfont false
434+ dup //.nametostring exec
435+ % Hack: check for the presence of the resource machinery.
436+ /.genericrfn where {
437+ pop
438+ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
439+ {//false .loadfontloop} .internalstopped {//false} if {
440+ //true
441+ } {
442+ dup //.nametostring exec
443+ {//true .loadfontloop} .internalstopped {//false} if
444+ } ifelse
445+ } {
446+ {//true .loadfontloop} .internalstopped {//false} if
447+ } ifelse
448+} bind def
449+
450+% Try to find a font using only the present contents of Fontmap.
451+/.tryfindfont { % <fontname> .tryfindfont <font> true
452+ % <fontname> .tryfindfont false
453+ //.FontDirectory 1 index //.fontknownget exec
454+ { % Already loaded
455+ exch pop //true
456+ }
457+ {
458+ dup Fontmap exch .knownget
459+ { //true //true }
460+ { % Unknown font name. Look for a file with the
461+ % same name as the requested font.
462+ dup //.tryloadfont exec
463+ { exch pop //true //false }
464+ {
465+ % if we can't load by name check the native font map
466+ dup .nativeFontmap exch .knownget
467+ { //true //true }
468+ { //false //false } ifelse
469+ } ifelse
470+ } ifelse
471+
472+ { % Try each element of the Fontmap in turn.
473+ pop
474+ //false exch % (in case we exhaust the list)
475+ % Stack: fontname false fontmaplist
476+ { exch pop
477+ dup type /nametype eq
478+ { % Font alias
479+ //.checkalias exec
480+ .tryfindfont exit
481+ }
482+ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
483+ { % Font with a procedural definition
484+ exec % The procedure will load the font.
485+ % Check to make sure this really happened.
486+ //.FontDirectory 1 index .knownget
487+ { exch pop //true exit }
488+ if
489+ }
490+ { % Font file name
491+ //true .loadfontloop { //true exit } if
492+ }
493+ ifelse
494+ }
495+ ifelse //false
496+ }
497+ forall
498+ % Stack: font true -or- fontname false
499+ { //true
500+ }
501+ { % None of the Fontmap entries worked.
502+ % Try loading a file with the same name
503+ % as the requested font.
504+ //.tryloadfont exec
505+ }
506+ ifelse
507+ }
508+ if
509+ }
510+ ifelse
511+ } bind def
512
513 % Define a procedure to load all known fonts.
514 % This isn't likely to be very useful.
515@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
516 /.loadinitialfonts
517 { NOFONTMAP not
518 { /FONTMAP where
519- { pop [ FONTMAP .pathlist ]
520+ { pop [ FONTMAP //.pathlist exec]
521 { dup VMDEBUG findlibfile
522- { exch pop .loadFontmap }
523+ { exch pop //.loadFontmap exec }
524 { /undefinedfilename signalerror }
525 ifelse
526 }
527@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
528 pop pop
529 defaultfontmap_content { .definefontmap } forall
530 } {
531- .loadFontmap
532+ //.loadFontmap exec
533 } ifelse
534 } {
535 pop pop
536@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
537 { .makemodifiedfont
538 dup /FontName get exch definefont pop
539 } bind def
540+
541+% Undef these, not needed outside this file
542+[
543+ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there
544+ % /.fontnameproperties - is used in pdf_font.ps
545+ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps
546+ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring
547+ /.splitfilename /.scanfontdict /.scanfontbegin
548+ /.scanfontskip /.scan1fontstring
549+ /.scan1fontfirst /.scanfontdir
550+ /.setnativefontmapbuilt /.aliasfont
551+ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies
552+ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont
553+ /.putgstringcopy
554+] {systemdict exch .forceundef} forall
555diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
556index 18d5452..b016113 100644
557--- a/Resource/Init/gs_res.ps
558+++ b/Resource/Init/gs_res.ps
559@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put
560 dup type /nametype eq { .namestring } if
561 dup type /stringtype ne { //false exit } if
562 % Check the resource directory.
563- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
564+ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
565 status {
566 pop pop pop pop //true exit
567 } if
568@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put
569 % as the font.
570 findlibfile { closefile //true exit } if
571 % Scan a FONTPATH directory and try again.
572- .scannextfontdir not { //false exit } if
573+ //.scannextfontdir exec not { //false exit } if
574 } loop
575 } bind def
576
577@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef
578 } ifelse
579 } bind executeonly
580 /ResourceForAll {
581- { .scannextfontdir not { exit } if } loop
582+ { //.scannextfontdir exec not { exit } if } loop
583 /Generic /Category findresource /ResourceForAll get exec
584 } bind executeonly
585 /.ResourceFileStatus {
586@@ -1163,6 +1163,7 @@ end % level2dict
587 [
588 /.default_resource_dir
589 /.resource_dir_name
590+ /.fonttempstring /.scannextfontdir % from gs_fonts.ps
591 ]
592 {systemdict exch .forceundef} forall
593
594--
5952.18.1
596
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
new file mode 100644
index 0000000000..5c1f839597
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
@@ -0,0 +1,346 @@
1From 5c49efe24dda0f2dbd2a09b9159e683cce99b6d8 Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Fri, 11 Jan 2019 13:36:36 +0000
4Subject: [PATCH 7/7] Remove .forcedef, and harden .force* ops more
5
6Remove .forcedef and replace all uses with a direct call to .forceput instead.
7
8Ensure every procedure (named and trasient) that calls .forceput is
9executeonly.
10
11CVE: CVE-2019-6116
12Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
13
14Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
15---
16 Resource/Init/gs_dps1.ps | 15 +++++++-----
17 Resource/Init/gs_init.ps | 28 ++++++++-------------
18 Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++--------------------
19 Resource/Init/gs_ll3.ps | 5 ++--
20 Resource/Init/gs_res.ps | 29 +++++++++++-----------
21 Resource/Init/gs_statd.ps | 4 +--
22 6 files changed, 63 insertions(+), 69 deletions(-)
23
24diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
25index 8700c8c..3d2cf7a 100644
26--- a/Resource/Init/gs_dps1.ps
27+++ b/Resource/Init/gs_dps1.ps
28@@ -33,14 +33,17 @@ systemdict begin
29
30 /SharedFontDirectory .FontDirectory .gcheck
31 { .currentglobal //false .setglobal
32+ currentdict
33 /LocalFontDirectory .FontDirectory dup maxlength dict copy
34- .forcedef % LocalFontDirectory is local, systemdict is global
35+ .forceput % LocalFontDirectory is local, systemdict is global
36 .setglobal .FontDirectory
37- }
38- { /LocalFontDirectory .FontDirectory
39- .forcedef % LocalFontDirectory is local, systemdict is global
40+ } executeonly
41+ {
42+ currentdict
43+ /LocalFontDirectory .FontDirectory
44+ .forceput % LocalFontDirectory is local, systemdict is global
45 50 dict
46- }
47+ }executeonly
48 ifelse def
49
50 end % systemdict
51@@ -55,7 +58,7 @@ level2dict begin
52 { //SharedFontDirectory }
53 { /LocalFontDirectory .systemvar } % can't embed ref to local VM
54 ifelse .forceput pop % LocalFontDirectory is local, systemdict is global
55- } .bind odef
56+ } .bind executeonly odef
57 % Don't just copy (load) the definition of .setglobal:
58 % it gets redefined for LL3.
59 /setshared { /.setglobal .systemvar exec } odef
60diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
61index d9a0829..45bebf4 100644
62--- a/Resource/Init/gs_init.ps
63+++ b/Resource/Init/gs_init.ps
64@@ -54,7 +54,7 @@ systemdict exch
65 dup /userdict
66 currentdict dup 200 .setmaxlength % userdict
67 .forceput % userdict is local, systemdict is global
68- }
69+ } executeonly
70 if begin
71
72 % Define dummy local/global operators if needed.
73@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if
74 1 index exch .makeoperator def
75 } .bind def
76
77-% Define a special version of def for storing local objects into global
78-% dictionaries. Like .forceput, this exists only during initialization.
79-/.forcedef { % <key> <value> .forcedef -
80- 1 .argindex pop % check # of args
81- currentdict 3 1 roll .forceput
82-} .bind odef
83-
84 % Define procedures for accessing variables in systemdict and userdict
85 % regardless of the contents of the dictionary stack.
86 /.systemvar { % <name> .systemvar <value>
87@@ -347,7 +340,7 @@ DELAYBIND
88 }
89 ifelse
90 } .bind def
91-} if
92+} executeonly if
93
94 %**************** BACKWARD COMPATIBILITY ****************
95 /hwsizedict mark /HWSize //null .dicttomark readonly def
96@@ -655,7 +648,7 @@ currentdict /.typenames .undef
97 /ifelse .systemvar
98 ] cvx executeonly
99 exch .setglobal
100-} odef
101+} executeonly odef
102 systemdict /internaldict dup .makeinternaldict .makeoperator
103 .forceput % proc is local, systemdict is global
104
105@@ -1093,7 +1086,7 @@ def
106
107 % Define $error. This must be in local VM.
108 .currentglobal //false .setglobal
109-/$error 40 dict .forcedef % $error is local, systemdict is global
110+currentdict /$error 40 dict .forceput % $error is local, systemdict is global
111 % newerror, errorname, command, errorinfo,
112 % ostack, estack, dstack, recordstacks,
113 % binary, globalmode,
114@@ -1112,8 +1105,8 @@ end
115 % Define errordict similarly. It has one entry per error name,
116 % plus handleerror. However, some astonishingly badly written PostScript
117 % files require it to have at least one empty slot.
118-/errordict ErrorNames length 3 add dict
119-.forcedef % errordict is local, systemdict is global
120+currentdict /errordict ErrorNames length 3 add dict
121+.forceput % errordict is local, systemdict is global
122 .setglobal % back to global VM
123 % gserrordict contains all the default error handling methods, but unlike
124 % errordict it is noaccess after creation (also it is in global VM).
125@@ -1273,8 +1266,9 @@ end
126 (END PROCS) VMDEBUG
127
128 % Define the font directory.
129+currentdict
130 /FontDirectory //false .setglobal 100 dict //true .setglobal
131-.forcedef % FontDirectory is local, systemdict is global
132+.forceput % FontDirectory is local, systemdict is global
133
134 % Define the encoding dictionary.
135 /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings
136@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if
137 //systemdict /UndefinePostScriptOperators get exec
138 //systemdict /UndefinePDFOperators get exec
139 //systemdict /.forcecopynew .forceundef % remove temptation
140- //systemdict /.forcedef .forceundef % ditto
141 //systemdict /.forceput .forceundef % ditto
142 //systemdict /.undef .forceundef % ditto
143 //systemdict /.forceundef .forceundef % ditto
144@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if
145 % (and, if implemented, context switching).
146 .currentglobal //false .setglobal
147 mark userparams { } forall .dicttomark readonly
148- /userparams exch .forcedef % systemdict is read-only
149+ currentdict exch /userparams exch .forceput % systemdict is read-only
150 .setglobal
151-} if
152+} executeonly if
153 /.currentsystemparams where {
154 pop
155 % Remove real system params from pssystemparams.
156@@ -2458,7 +2451,6 @@ end
157 DELAYBIND not {
158 systemdict /.bindnow .undef % We only need this for DELAYBIND
159 systemdict /.forcecopynew .undef % remove temptation
160- systemdict /.forcedef .undef % ditto
161 systemdict /.forceput .undef % ditto
162 systemdict /.forceundef .undef % ditto
163 } if
164diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
165index 0f0d573..9c0c3a6 100644
166--- a/Resource/Init/gs_lev2.ps
167+++ b/Resource/Init/gs_lev2.ps
168@@ -304,31 +304,30 @@ end
169 psuserparams exch /.checkFilePermitparams load put
170 .setglobal
171
172-pssystemparams begin
173- /CurDisplayList 0 .forcedef
174- /CurFormCache 0 .forcedef
175- /CurInputDevice () .forcedef
176- /CurOutlineCache 0 .forcedef
177- /CurOutputDevice () .forcedef
178- /CurPatternCache 0 .forcedef
179- /CurUPathCache 0 .forcedef
180- /CurScreenStorage 0 .forcedef
181- /CurSourceList 0 .forcedef
182- /DoPrintErrors //false .forcedef
183- /JobTimeout 0 .forcedef
184- /LicenseID (LN-001) .forcedef % bogus
185- /MaxDisplayList 140000 .forcedef
186- /MaxFormCache 100000 .forcedef
187- /MaxImageBuffer 524288 .forcedef
188- /MaxOutlineCache 65000 .forcedef
189- /MaxPatternCache 100000 .forcedef
190- /MaxUPathCache 300000 .forcedef
191- /MaxScreenStorage 84000 .forcedef
192- /MaxSourceList 25000 .forcedef
193- /PrinterName product .forcedef
194- /RamSize 4194304 .forcedef
195- /WaitTimeout 40 .forcedef
196-end
197+pssystemparams
198+dup /CurDisplayList 0 .forceput
199+dup /CurFormCache 0 .forceput
200+dup /CurInputDevice () .forceput
201+dup /CurOutlineCache 0 .forceput
202+dup /CurOutputDevice () .forceput
203+dup /CurPatternCache 0 .forceput
204+dup /CurUPathCache 0 .forceput
205+dup /CurScreenStorage 0 .forceput
206+dup /CurSourceList 0 .forceput
207+dup /DoPrintErrors //false .forceput
208+dup /JobTimeout 0 .forceput
209+dup /LicenseID (LN-001) .forceput % bogus
210+dup /MaxDisplayList 140000 .forceput
211+dup /MaxFormCache 100000 .forceput
212+dup /MaxImageBuffer 524288 .forceput
213+dup /MaxOutlineCache 65000 .forceput
214+dup /MaxPatternCache 100000 .forceput
215+dup /MaxUPathCache 300000 .forceput
216+dup /MaxScreenStorage 84000 .forceput
217+dup /MaxSourceList 25000 .forceput
218+dup /PrinterName product .forceput
219+dup /RamSize 4194304 .forceput
220+ /WaitTimeout 40 .forceput
221
222 % Define the procedures for handling comment scanning. The names
223 % %ProcessComment and %ProcessDSCComment are known to the interpreter.
224@@ -710,7 +709,7 @@ pop % currentsystemparams
225 /statusdict currentdict def
226
227 currentdict end
228-/statusdict exch .forcedef % statusdict is local, systemdict is global
229+currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global
230
231 % The following compatibility operators are in systemdict. They are
232 % defined here, rather than in gs_init.ps, because they require the
233diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps
234index c86721f..881af44 100644
235--- a/Resource/Init/gs_ll3.ps
236+++ b/Resource/Init/gs_ll3.ps
237@@ -521,9 +521,8 @@ end
238 % Define additional user and system parameters.
239 /HalftoneMode 0 .definepsuserparam
240 /MaxSuperScreen 1016 .definepsuserparam
241-pssystemparams begin % read-only, so use .forcedef
242- /MaxDisplayAndSourceList 160000 .forcedef
243-end
244+% read-only, so use .forceput
245+pssystemparams /MaxDisplayAndSourceList 160000 .forceput
246
247 % Define the IdiomSet resource category.
248 { /IdiomSet } {
249diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
250index b016113..89c0ed6 100644
251--- a/Resource/Init/gs_res.ps
252+++ b/Resource/Init/gs_res.ps
253@@ -41,10 +41,10 @@ level2dict begin
254 % However, Ed Taft of Adobe says their interpreters don't implement this
255 % either, so we aren't going to worry about it for a while.
256
257-currentglobal //false setglobal systemdict begin
258- /localinstancedict 5 dict
259- .forcedef % localinstancedict is local, systemdict is global
260-end //true setglobal
261+currentglobal //false setglobal
262+ systemdict /localinstancedict 5 dict
263+ .forceput % localinstancedict is local, systemdict is global
264+//true setglobal
265 /.emptydict 0 dict readonly def
266 setglobal
267
268@@ -149,7 +149,7 @@ setglobal
269 dup [ exch 0 -1 ] exch
270 .Instances 4 2 roll put
271 % Make the Category dictionary read-only. We will have to
272- % use .forceput / .forcedef later to replace the dummy,
273+ % use .forceput / .forceput later to replace the dummy,
274 % empty .Instances dictionary with the real one later.
275 readonly
276 }{
277@@ -304,7 +304,8 @@ systemdict begin
278 dup () ne {
279 .file_name_directory_separator concatstrings
280 } if
281- 2 index exch //false .file_name_combine not {
282+ 2 index exch //false
283+ .file_name_combine not {
284 (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print =
285 /.default_resource_dir cvx /configurationerror signalerror
286 } if
287@@ -317,14 +318,14 @@ currentdict /pssystemparams known not {
288 pssystemparams begin
289 //.default_resource_dir exec
290 /FontResourceDir (Font) //.resource_dir_name exec
291- readonly .forcedef % pssys'params is r-o
292+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
293 /GenericResourceDir () //.resource_dir_name exec
294- readonly .forcedef % pssys'params is r-o
295+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
296 pop % .default_resource_dir
297 /GenericResourcePathSep
298- .file_name_separator readonly .forcedef % pssys'params is r-o
299- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o
300- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o
301+ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o
302+ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o
303+ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o
304 end
305 end
306
307@@ -422,8 +423,8 @@ status {
308 .Instances dup //.emptydict eq {
309 pop 3 dict
310 % As noted above, Category dictionaries are read-only,
311- % so we have to use .forcedef here.
312- /.Instances 1 index .forcedef % Category dict is read-only
313+ % so we have to use .forceput here.
314+ currentdict /.Instances 2 index .forceput % Category dict is read-only
315 } executeonly if
316 }
317 { .LocalInstances dup //.emptydict eq
318@@ -441,7 +442,7 @@ status {
319 { /defineresource cvx /typecheck signaloperror
320 }
321 ifelse
322-} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef
323+} .bind executeonly .makeoperator % executeonly to prevent access to .forceput
324 /UndefineResource
325 { { dup 2 index .knownget
326 { dup 1 get 1 ge
327diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps
328index 20d4c96..b6a7659 100644
329--- a/Resource/Init/gs_statd.ps
330+++ b/Resource/Init/gs_statd.ps
331@@ -21,10 +21,10 @@ systemdict begin
332 % We make statusdict a little larger for Level 2 stuff.
333 % Note that it must be allocated in local VM.
334 .currentglobal //false .setglobal
335- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global
336+ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global
337 % To support the Level 2 job control features,
338 % serverdict must also be in local VM.
339- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global
340+ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global
341 .setglobal
342 end
343
344--
3452.18.1
346
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
index 5ca978f86c..bb32347880 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
@@ -32,6 +32,19 @@ SRC_URI = "${SRC_URI_BASE} \
32 file://ghostscript-9.02-genarch.patch \ 32 file://ghostscript-9.02-genarch.patch \
33 file://objarch.h \ 33 file://objarch.h \
34 file://cups-no-gcrypt.patch \ 34 file://cups-no-gcrypt.patch \
35 file://CVE-2019-6116-0001.patch \
36 file://CVE-2019-6116-0002.patch \
37 file://CVE-2019-6116-0003.patch \
38 file://CVE-2019-6116-0004.patch \
39 file://CVE-2019-6116-0005.patch \
40 file://CVE-2019-6116-0006.patch \
41 file://CVE-2019-6116-0007.patch \
42 file://CVE-2019-3835-0001.patch \
43 file://CVE-2019-3835-0002.patch \
44 file://CVE-2019-3835-0003.patch \
45 file://CVE-2019-3835-0004.patch \
46 file://CVE-2019-3838-0001.patch \
47 file://CVE-2019-3838-0002.patch \
35 " 48 "
36 49
37SRC_URI_class-native = "${SRC_URI_BASE} \ 50SRC_URI_class-native = "${SRC_URI_BASE} \