diff options
author | Stefan Ghinea <stefan.ghinea@windriver.com> | 2019-09-10 09:34:12 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-09-16 23:02:44 +0100 |
commit | 7f87451e6ea28cb028598e5358387d2c06e291a9 (patch) | |
tree | 143eb226c481418dcc1bbb4f4724a8e7249d3712 /meta/recipes-extended | |
parent | 7920994ba885f6ffbf4f152ff6369a714775b9e0 (diff) | |
download | poky-7f87451e6ea28cb028598e5358387d2c06e291a9.tar.gz |
ghostscript: CVE-2019-14811, CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdf_hook_DSC_Creator procedure where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdfexectoken and other procedures where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-14811
https://nvd.nist.gov/vuln/detail/CVE-2019-14817
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
(From OE-Core rev: 1533b92848ea73d6fe6ba22d87d7b6749b47842c)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
4 files changed, 577 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch new file mode 100644 index 0000000000..3f28555e8a --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch | |||
@@ -0,0 +1,68 @@ | |||
1 | From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <ken.sharp@artifex.com> | ||
3 | Date: Tue, 20 Aug 2019 10:10:28 +0100 | ||
4 | Subject: [PATCH] make .forceput inaccessible | ||
5 | |||
6 | Bug #701343, #701344, #701345 | ||
7 | |||
8 | More defensive programming. We don't want people to access .forecput | ||
9 | even though it is no longer sufficient to bypass SAFER. The exploit | ||
10 | in #701343 didn't work anyway because of earlier work to stop the error | ||
11 | handler being used, but nevertheless, prevent access to .forceput from | ||
12 | .setuserparams2. | ||
13 | |||
14 | CVE: CVE-2019-14811 | ||
15 | Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] | ||
16 | |||
17 | Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> | ||
18 | --- | ||
19 | Resource/Init/gs_lev2.ps | 6 +++--- | ||
20 | Resource/Init/gs_pdfwr.ps | 4 ++-- | ||
21 | 2 files changed, 5 insertions(+), 5 deletions(-) | ||
22 | |||
23 | diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps | ||
24 | index 98d55fe..f1b771f 100644 | ||
25 | --- a/Resource/Init/gs_lev2.ps | ||
26 | +++ b/Resource/Init/gs_lev2.ps | ||
27 | @@ -158,7 +158,7 @@ end | ||
28 | { | ||
29 | pop pop | ||
30 | } ifelse | ||
31 | - } forall | ||
32 | + } executeonly forall | ||
33 | % A context switch might have occurred during the above loop, | ||
34 | % causing the interpreter-level parameters to be reset. | ||
35 | % Set them again to the new values. From here on, we are safe, | ||
36 | @@ -229,9 +229,9 @@ end | ||
37 | { pop pop | ||
38 | } | ||
39 | ifelse | ||
40 | - } | ||
41 | + } executeonly | ||
42 | forall pop | ||
43 | -} .bind odef | ||
44 | +} .bind executeonly odef | ||
45 | |||
46 | % Initialize the passwords. | ||
47 | % NOTE: the names StartJobPassword and SystemParamsPassword are known to | ||
48 | diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps | ||
49 | index 00c19fa..dfe504d 100644 | ||
50 | --- a/Resource/Init/gs_pdfwr.ps | ||
51 | +++ b/Resource/Init/gs_pdfwr.ps | ||
52 | @@ -652,11 +652,11 @@ currentdict /.pdfmarkparams .undef | ||
53 | systemdict /.pdf_hooked_DSC_Creator //true .forceput | ||
54 | } executeonly if | ||
55 | pop | ||
56 | - } if | ||
57 | + } executeonly if | ||
58 | } { | ||
59 | pop | ||
60 | } ifelse | ||
61 | - } | ||
62 | + } executeonly | ||
63 | { | ||
64 | pop | ||
65 | } ifelse | ||
66 | -- | ||
67 | 2.20.1 | ||
68 | |||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch new file mode 100644 index 0000000000..c76e21caa6 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch | |||
@@ -0,0 +1,270 @@ | |||
1 | From 0bafbd9c1273fab0dc79fd20db0ffc4443683f96 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <ken.sharp@artifex.com> | ||
3 | Date: Mon, 29 Apr 2019 11:14:06 +0100 | ||
4 | Subject: [PATCH 1/2] PDF interpreter - Decode ToUnicode entries of the form | ||
5 | /Identity-H/V | ||
6 | |||
7 | Bug #701003 "Text searchability broken due to omission of /ToUnicode /Identity-H" | ||
8 | |||
9 | The PDF references from 1.2 too 2.0 all state that the value associated | ||
10 | with a ToUnicode key in a FontDescriptor must be a stream object. However | ||
11 | this file (and one case seen previously, bug 687351) have FontDescriptor | ||
12 | dictionaries where the value associated with a /ToUnicode key is a | ||
13 | name object, in both cases /Identity-H. | ||
14 | |||
15 | Although this is clearly not legal, Acrobat not only tolerates it, it | ||
16 | actually uses it for search/copy/paste (see bug 701003 for details). | ||
17 | Without the key Acrobat is unable to successfully search the output file. | ||
18 | |||
19 | We can't simply preserve the name object as a ToUnicode value; when | ||
20 | handling ToUnicode we actually decode the CMap and build a | ||
21 | GlyphNames2Unicode map (an internal representation of the G2U data | ||
22 | produced by the Microsoft PostScript printer driver). When writing the | ||
23 | output file we use that information to get a Unicode value for each | ||
24 | character we write, and build a new ToUnicode CMap using that. | ||
25 | |||
26 | This commit tackles the problem by pre-scanning for a name object and | ||
27 | then checking to see if its Identity-H or Identity-V (although we have | ||
28 | not seen an Identity-V, there seems no reason why it wouldn't be | ||
29 | equally valid). If we find either of these then we construct a | ||
30 | GlyphNames2Unicode table for all possible values (0 - 65535) and store | ||
31 | that with the font as normal. When we write the output file we only | ||
32 | write the required entries for the subset font, so we write a now | ||
33 | completely legal ToUnicode CMap, and Acrobat is equally happy with that | ||
34 | as the original name. | ||
35 | |||
36 | If the ToUnicode value isn't a name object, or isn't one of the | ||
37 | identities then we proceed as before. This means we will print a | ||
38 | warning for non conforming ToUnicode entries and ignore them. | ||
39 | |||
40 | CVE: CVE-2019-14817 | ||
41 | Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] | ||
42 | |||
43 | Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> | ||
44 | --- | ||
45 | Resource/Init/pdf_font.ps | 200 ++++++++++++++++++++++++-------------- | ||
46 | 1 file changed, 129 insertions(+), 71 deletions(-) | ||
47 | |||
48 | diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps | ||
49 | index 9fb85f6..2df3303 100644 | ||
50 | --- a/Resource/Init/pdf_font.ps | ||
51 | +++ b/Resource/Init/pdf_font.ps | ||
52 | @@ -621,86 +621,144 @@ currentdict end readonly def | ||
53 | PDFDEBUG { | ||
54 | (.processToUnicode beg) = | ||
55 | } if | ||
56 | - 2 index /ToUnicode knownoget { | ||
57 | - dup type /dicttype eq { dup /File known not } { //true } ifelse { | ||
58 | - % We undefine wrong /Length and define /File in stream dictionaries. | ||
59 | - % Bug687351.pdf defines /ToUnicode /Identity-H, what is incorrect. | ||
60 | - ( **** Warning: Ignoring bad ToUnicode CMap.\n) pdfformatwarning | ||
61 | - pop | ||
62 | + | ||
63 | + 2 index /ToUnicode knownoget | ||
64 | + { | ||
65 | + dup type /nametype eq { | ||
66 | + % This is contrary to the specification but it seems that Acrobat at least will accept | ||
67 | + % a ToUnicode with a value of Identity-H *and* will use that for search, copy/paste. | ||
68 | + % We can't pass through a name, so the best we can do is build a GlyphNames2Unicode | ||
69 | + % map matching that which would have been generated by a full 16-bit Identity CMap | ||
70 | + % | ||
71 | + % See bug numbers 701003 and 687351 | ||
72 | + % | ||
73 | + dup /Identity-H eq 1 index /Identity-V eq or{ | ||
74 | + pop | ||
75 | + 1 index /FontInfo .knownget not { | ||
76 | + currentglobal 2 index dup gcheck setglobal | ||
77 | + /FontInfo 5 dict dup 5 1 roll .forceput | ||
78 | + setglobal | ||
79 | + } if | ||
80 | + dup /GlyphNames2Unicode .knownget not { | ||
81 | + //true % No existing G2U, make one | ||
82 | + } { | ||
83 | + dup wcheck { | ||
84 | + //false % Existing, writeable G2U, don't make new one | ||
85 | + } { | ||
86 | + pop //true % Existing read only G2U, make new one | ||
87 | + } ifelse | ||
88 | + } ifelse | ||
89 | + { | ||
90 | + currentglobal exch dup gcheck setglobal | ||
91 | + dup /GlyphNames2Unicode 100 dict dup 4 1 roll .forceput | ||
92 | + 3 2 roll setglobal | ||
93 | + } if % font-res font-dict encoding|null font-info g2u | ||
94 | + | ||
95 | + 0 1 65535{ | ||
96 | + % g2u index | ||
97 | + dup dup 256 mod exch 256 idiv % g2u index lo-byte hi-byte | ||
98 | + 2 string dup 0 4 -1 roll % g2u index lo-byte () () 0 hi-byte | ||
99 | + put % g2u index lo-byte (x) | ||
100 | + dup 1 % g2u index lo-byte (x) (x) 1 | ||
101 | + 4 -1 roll put % g2u index (x) (x) 1 lo-byte -> dict index (xx) | ||
102 | + 2 index % g2u index (xx) dict | ||
103 | + 3 1 roll % g2u g2u index (xx) | ||
104 | + put % g2u | ||
105 | + } for | ||
106 | + pop % font-res font-dict encoding|null font-info | ||
107 | + pop % font-res font-dict encoding|null | ||
108 | + //false % We built a GlyphNames2Unicode table, don't need to process further | ||
109 | + }{ | ||
110 | + //true % name is not Identity-V or H, fail by falling through | ||
111 | + }ifelse | ||
112 | } { | ||
113 | - /PDFScanRules .getuserparam dup //null eq { | ||
114 | - pop //PDFScanRules_null | ||
115 | - } { | ||
116 | - 1 dict dup /PDFScanRules 4 -1 roll put | ||
117 | - } ifelse | ||
118 | - //PDFScanRules_true setuserparams | ||
119 | - PDFfile fileposition | ||
120 | - 3 -1 roll | ||
121 | - count 1 sub | ||
122 | - countdictstack | ||
123 | - { //false resolvestream | ||
124 | - % Following Acrobat we ignore everything outside | ||
125 | - % begincodespacerange .. endcmap. | ||
126 | - dup 0 (begincodespacerange) /SubFileDecode filter flushfile | ||
127 | - /CIDInit /ProcSet findresource begin | ||
128 | - //ToUnicodeCMapReader begin | ||
129 | - 12 dict begin | ||
130 | - /CMapType 2 def | ||
131 | - mark exch % emulate 'begincodespacerange' | ||
132 | - 0 (endcmap) /SubFileDecode filter cvx /begincmap cvx exch 2 .execn | ||
133 | - endcmap | ||
134 | - userdict /.lastToUnicode currentdict put | ||
135 | - end end end | ||
136 | - } | ||
137 | + //true | ||
138 | + } ifelse % not a name, try as a dictionary (as specified) | ||
139 | |||
140 | - PDFSTOPONERROR { | ||
141 | - { exec } 0 get | ||
142 | - //false | ||
143 | - 5 -2 roll | ||
144 | - 5 | ||
145 | + % If the ToUnicode isn't a name, or the name isn't Identity-V or -H then follow the specification | ||
146 | + % If its not a dictionary type throw an error, otherwise decode it and build a GlyphNames2Unicode | ||
147 | + % | ||
148 | + { | ||
149 | + dup type /dicttype eq { dup /File known not } { //true } ifelse { | ||
150 | + % We undefine wrong /Length and define /File in stream dictionaries. | ||
151 | + % Bug687351.pdf defines /ToUnicode /Identity-H, what is incorrect. | ||
152 | + ( **** Warning: Ignoring bad ToUnicode CMap.\n) pdfformatwarning | ||
153 | + pop | ||
154 | } { | ||
155 | - { stopped } 0 get | ||
156 | - 4 2 roll | ||
157 | - 4 | ||
158 | - } ifelse | ||
159 | - array astore cvx exec | ||
160 | + /PDFScanRules .getuserparam dup //null eq { | ||
161 | + pop //PDFScanRules_null | ||
162 | + } { | ||
163 | + 1 dict dup /PDFScanRules 4 -1 roll put | ||
164 | + } ifelse | ||
165 | + //PDFScanRules_true setuserparams | ||
166 | + PDFfile fileposition | ||
167 | + 3 -1 roll | ||
168 | + count 1 sub | ||
169 | + countdictstack | ||
170 | + { //false resolvestream | ||
171 | + % Following Acrobat we ignore everything outside | ||
172 | + % begincodespacerange .. endcmap. | ||
173 | + dup 0 (begincodespacerange) /SubFileDecode filter flushfile | ||
174 | + /CIDInit /ProcSet findresource begin | ||
175 | + //ToUnicodeCMapReader begin | ||
176 | + 12 dict begin | ||
177 | + /CMapType 2 def | ||
178 | + mark exch % emulate 'begincodespacerange' | ||
179 | + 0 (endcmap) /SubFileDecode filter cvx /begincmap cvx exch 2 .execn | ||
180 | + endcmap | ||
181 | + userdict /.lastToUnicode currentdict put | ||
182 | + end end end | ||
183 | + } | ||
184 | |||
185 | - countdictstack exch sub 0 .max { end } repeat | ||
186 | - count exch sub 2 sub 0 .max { exch pop } repeat | ||
187 | - 3 1 roll % Stach the stop flag. | ||
188 | - PDFfile exch setfileposition | ||
189 | - setuserparams | ||
190 | - { | ||
191 | - ( **** Warning: Failed to read ToUnicode CMap.\n) pdfformatwarning | ||
192 | - } { | ||
193 | - 1 index /FontInfo .knownget not { | ||
194 | - currentglobal 2 index dup gcheck setglobal | ||
195 | - /FontInfo 5 dict dup 5 1 roll .forceput | ||
196 | - setglobal | ||
197 | - } if | ||
198 | - dup /GlyphNames2Unicode .knownget not { | ||
199 | - //true % No existing G2U, make one | ||
200 | + PDFSTOPONERROR { | ||
201 | + { exec } 0 get | ||
202 | + //false | ||
203 | + 5 -2 roll | ||
204 | + 5 | ||
205 | + } { | ||
206 | + { stopped } 0 get | ||
207 | + 4 2 roll | ||
208 | + 4 | ||
209 | + } ifelse | ||
210 | + array astore cvx exec | ||
211 | + | ||
212 | + countdictstack exch sub 0 .max { end } repeat | ||
213 | + count exch sub 2 sub 0 .max { exch pop } repeat | ||
214 | + 3 1 roll % Stach the stop flag. | ||
215 | + PDFfile exch setfileposition | ||
216 | + setuserparams | ||
217 | + { | ||
218 | + ( **** Warning: Failed to read ToUnicode CMap.\n) pdfformatwarning | ||
219 | } { | ||
220 | - dup wcheck { | ||
221 | - //false % Existing, writeable G2U, don't make new one | ||
222 | + 1 index /FontInfo .knownget not { | ||
223 | + currentglobal 2 index dup gcheck setglobal | ||
224 | + /FontInfo 5 dict dup 5 1 roll .forceput | ||
225 | + setglobal | ||
226 | + } if | ||
227 | + dup /GlyphNames2Unicode .knownget not { | ||
228 | + //true % No existing G2U, make one | ||
229 | } { | ||
230 | - pop //true % Existing read only G2U, make new one | ||
231 | + dup wcheck { | ||
232 | + //false % Existing, writeable G2U, don't make new one | ||
233 | + } { | ||
234 | + pop //true % Existing read only G2U, make new one | ||
235 | + } ifelse | ||
236 | } ifelse | ||
237 | + { | ||
238 | + currentglobal exch dup gcheck setglobal | ||
239 | + dup /GlyphNames2Unicode 100 dict dup 4 1 roll .forceput | ||
240 | + 3 2 roll setglobal | ||
241 | + } if % font-res font-dict encoding|null font-info g2u | ||
242 | + exch pop exch % font-res font-dict g2u encoding|null | ||
243 | + userdict /.lastToUnicode get % font-res font-dict g2u Encoding|null CMap | ||
244 | + .convert_ToUnicode-into-g2u % font-res font-dict | ||
245 | + //null % font-res font-dict //null | ||
246 | } ifelse | ||
247 | - { | ||
248 | - currentglobal exch dup gcheck setglobal | ||
249 | - dup /GlyphNames2Unicode 100 dict dup 4 1 roll .forceput | ||
250 | - 3 2 roll setglobal | ||
251 | - } if % font-res font-dict encoding|null font-info g2u | ||
252 | - exch pop exch % font-res font-dict g2u encoding|null | ||
253 | - userdict /.lastToUnicode get % font-res font-dict g2u Encoding|null CMap | ||
254 | - .convert_ToUnicode-into-g2u % font-res font-dict | ||
255 | - //null % font-res font-dict //null | ||
256 | } ifelse | ||
257 | - } ifelse | ||
258 | - } if | ||
259 | - PDFDEBUG { | ||
260 | - (.processToUnicode end) = | ||
261 | + } if | ||
262 | + PDFDEBUG { | ||
263 | + (.processToUnicode end) = | ||
264 | + } if | ||
265 | } if | ||
266 | } if | ||
267 | } stopped | ||
268 | -- | ||
269 | 2.20.1 | ||
270 | |||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch new file mode 100644 index 0000000000..6348fff2d1 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch | |||
@@ -0,0 +1,236 @@ | |||
1 | From cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <ken.sharp@artifex.com> | ||
3 | Date: Wed, 21 Aug 2019 10:10:51 +0100 | ||
4 | Subject: [PATCH 2/2] PDF interpreter - review .forceput security | ||
5 | |||
6 | Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken" | ||
7 | |||
8 | By abusing the error handler it was possible to get the PDFDEBUG portion | ||
9 | of .pdfexectoken, which uses .forceput left readable. | ||
10 | |||
11 | Add an executeonly appropriately to make sure that clause isn't readable | ||
12 | no mstter what. | ||
13 | |||
14 | Review all the uses of .forceput searching for similar cases, add | ||
15 | executeonly as required to secure those. All cases in the PostScript | ||
16 | support files seem to be covered already. | ||
17 | |||
18 | CVE: CVE-2019-14817 | ||
19 | Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] | ||
20 | |||
21 | Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> | ||
22 | --- | ||
23 | Resource/Init/pdf_base.ps | 2 +- | ||
24 | Resource/Init/pdf_draw.ps | 14 +++++++------- | ||
25 | Resource/Init/pdf_font.ps | 29 ++++++++++++++++------------- | ||
26 | Resource/Init/pdf_main.ps | 6 +++--- | ||
27 | Resource/Init/pdf_ops.ps | 11 ++++++----- | ||
28 | 5 files changed, 33 insertions(+), 29 deletions(-) | ||
29 | |||
30 | diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps | ||
31 | index 1a218f4..cffde5c 100644 | ||
32 | --- a/Resource/Init/pdf_base.ps | ||
33 | +++ b/Resource/Init/pdf_base.ps | ||
34 | @@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef | ||
35 | { | ||
36 | dup ==only () = flush | ||
37 | } ifelse % PDFSTEP | ||
38 | - } if % PDFDEBUG | ||
39 | + } executeonly if % PDFDEBUG | ||
40 | 2 copy .knownget { | ||
41 | exch pop exch pop exch pop exec | ||
42 | } { | ||
43 | diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps | ||
44 | index e18a7c2..0a3924c 100644 | ||
45 | --- a/Resource/Init/pdf_draw.ps | ||
46 | +++ b/Resource/Init/pdf_draw.ps | ||
47 | @@ -501,8 +501,8 @@ end | ||
48 | ( Output may be incorrect.\n) pdfformaterror | ||
49 | //pdfdict /.gs_warning_issued //true .forceput | ||
50 | PDFSTOPONERROR { /gs /undefined signalerror } if | ||
51 | - } if | ||
52 | - } | ||
53 | + } executeonly if | ||
54 | + } executeonly | ||
55 | ifelse | ||
56 | } bind executeonly def | ||
57 | |||
58 | @@ -1142,7 +1142,7 @@ currentdict end readonly def | ||
59 | .setglobal | ||
60 | pdfformaterror | ||
61 | } executeonly ifelse | ||
62 | - } | ||
63 | + } executeonly | ||
64 | { | ||
65 | currentglobal //pdfdict gcheck .setglobal | ||
66 | //pdfdict /.Qqwarning_issued //true .forceput | ||
67 | @@ -1150,8 +1150,8 @@ currentdict end readonly def | ||
68 | pdfformaterror | ||
69 | } executeonly ifelse | ||
70 | end | ||
71 | - } ifelse | ||
72 | - } loop | ||
73 | + } executeonly ifelse | ||
74 | + } executeonly loop | ||
75 | { | ||
76 | (\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) | ||
77 | //pdfdict /.Qqwarning_issued .knownget | ||
78 | @@ -1165,14 +1165,14 @@ currentdict end readonly def | ||
79 | .setglobal | ||
80 | pdfformaterror | ||
81 | } executeonly ifelse | ||
82 | - } | ||
83 | + } executeonly | ||
84 | { | ||
85 | currentglobal //pdfdict gcheck .setglobal | ||
86 | //pdfdict /.Qqwarning_issued //true .forceput | ||
87 | .setglobal | ||
88 | pdfformaterror | ||
89 | } executeonly ifelse | ||
90 | - } if | ||
91 | + } executeonly if | ||
92 | pop | ||
93 | |||
94 | % restore pdfemptycount | ||
95 | diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps | ||
96 | index 2df3303..6a6a5fe 100644 | ||
97 | --- a/Resource/Init/pdf_font.ps | ||
98 | +++ b/Resource/Init/pdf_font.ps | ||
99 | @@ -638,7 +638,7 @@ currentdict end readonly def | ||
100 | currentglobal 2 index dup gcheck setglobal | ||
101 | /FontInfo 5 dict dup 5 1 roll .forceput | ||
102 | setglobal | ||
103 | - } if | ||
104 | + } executeonly if | ||
105 | dup /GlyphNames2Unicode .knownget not { | ||
106 | //true % No existing G2U, make one | ||
107 | } { | ||
108 | @@ -668,10 +668,12 @@ currentdict end readonly def | ||
109 | pop % font-res font-dict encoding|null font-info | ||
110 | pop % font-res font-dict encoding|null | ||
111 | //false % We built a GlyphNames2Unicode table, don't need to process further | ||
112 | - }{ | ||
113 | + } executeonly | ||
114 | + { | ||
115 | //true % name is not Identity-V or H, fail by falling through | ||
116 | }ifelse | ||
117 | - } { | ||
118 | + } executeonly | ||
119 | + { | ||
120 | //true | ||
121 | } ifelse % not a name, try as a dictionary (as specified) | ||
122 | |||
123 | @@ -759,9 +761,9 @@ currentdict end readonly def | ||
124 | PDFDEBUG { | ||
125 | (.processToUnicode end) = | ||
126 | } if | ||
127 | - } if | ||
128 | - } if | ||
129 | - } stopped | ||
130 | + } executeonly if | ||
131 | + } executeonly if | ||
132 | + } executeonly stopped | ||
133 | { | ||
134 | .dstackdepth 1 countdictstack 1 sub | ||
135 | {pop end} for | ||
136 | @@ -1291,19 +1293,20 @@ currentdict /eexec_pdf_param_dict .undef | ||
137 | //pdfdict /.Qqwarning_issued //true .forceput | ||
138 | } executeonly if | ||
139 | Q | ||
140 | - } repeat | ||
141 | + } executeonly repeat | ||
142 | Q | ||
143 | - } PDFfile fileposition 2 .execn % Keep pdfcount valid. | ||
144 | + } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid. | ||
145 | PDFfile exch setfileposition | ||
146 | - } ifelse | ||
147 | - } { | ||
148 | + } executeonly ifelse | ||
149 | + } executeonly | ||
150 | + { | ||
151 | % PDF Type 3 fonts don't use .notdef | ||
152 | % d1 implementation adjusts the width as needed | ||
153 | 0 0 0 0 0 0 | ||
154 | pdfopdict /d1 get exec | ||
155 | } ifelse | ||
156 | end end | ||
157 | - } bdef | ||
158 | + } executeonly bdef | ||
159 | dup currentdict Encoding .processToUnicode | ||
160 | currentdict end .completefont exch pop | ||
161 | } bind executeonly odef | ||
162 | @@ -2103,9 +2106,9 @@ currentdict /CMap_read_dict undef | ||
163 | (Will continue, but content may be missing.) = flush | ||
164 | } ifelse | ||
165 | } if | ||
166 | - } if | ||
167 | + } executeonly if | ||
168 | /findresource cvx /undefined signalerror | ||
169 | - } loop | ||
170 | + } executeonly loop | ||
171 | } bind executeonly odef | ||
172 | |||
173 | /buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font> | ||
174 | diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps | ||
175 | index 5305ea6..a59e63c 100644 | ||
176 | --- a/Resource/Init/pdf_main.ps | ||
177 | +++ b/Resource/Init/pdf_main.ps | ||
178 | @@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef | ||
179 | .setglobal | ||
180 | pdfformaterror | ||
181 | } executeonly ifelse | ||
182 | - } | ||
183 | + } executeonly | ||
184 | { | ||
185 | currentglobal //pdfdict gcheck .setglobal | ||
186 | //pdfdict /.Qqwarning_issued //true .forceput | ||
187 | .setglobal | ||
188 | pdfformaterror | ||
189 | } executeonly ifelse | ||
190 | - } if | ||
191 | - } if | ||
192 | + } executeonly if | ||
193 | + } executeonly if | ||
194 | pop | ||
195 | count PDFexecstackcount sub { pop } repeat | ||
196 | (after exec) VMDEBUG | ||
197 | diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps | ||
198 | index 285e582..6c1f100 100644 | ||
199 | --- a/Resource/Init/pdf_ops.ps | ||
200 | +++ b/Resource/Init/pdf_ops.ps | ||
201 | @@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef | ||
202 | .setglobal | ||
203 | pdfformaterror | ||
204 | } executeonly ifelse | ||
205 | - } | ||
206 | + } executeonly | ||
207 | { | ||
208 | currentglobal //pdfdict gcheck .setglobal | ||
209 | //pdfdict /.Qqwarning_issued //true .forceput | ||
210 | .setglobal | ||
211 | pdfformaterror | ||
212 | } executeonly ifelse | ||
213 | - } if | ||
214 | + } executeonly if | ||
215 | } bind executeonly odef | ||
216 | |||
217 | % Save PDF gstate | ||
218 | @@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef | ||
219 | dup type /booleantype eq { | ||
220 | .currentSMask type /dicttype eq { | ||
221 | .currentSMask /Processed 2 index .forceput | ||
222 | + } executeonly | ||
223 | + { | ||
224 | + .setSMask | ||
225 | + }ifelse | ||
226 | } executeonly | ||
227 | { | ||
228 | - .setSMask | ||
229 | - }ifelse | ||
230 | - }{ | ||
231 | .setSMask | ||
232 | }ifelse | ||
233 | |||
234 | -- | ||
235 | 2.20.1 | ||
236 | |||
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb index fcc9e0099e..349c0c2e8b 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb | |||
@@ -25,6 +25,9 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d | |||
25 | file://do-not-check-local-libpng-source.patch \ | 25 | file://do-not-check-local-libpng-source.patch \ |
26 | file://avoid-host-contamination.patch \ | 26 | file://avoid-host-contamination.patch \ |
27 | file://mkdir-p.patch \ | 27 | file://mkdir-p.patch \ |
28 | file://CVE-2019-14811-0001.patch \ | ||
29 | file://CVE-2019-14817-0001.patch \ | ||
30 | file://CVE-2019-14817-0002.patch \ | ||
28 | " | 31 | " |
29 | 32 | ||
30 | SRC_URI = "${SRC_URI_BASE} \ | 33 | SRC_URI = "${SRC_URI_BASE} \ |