diff options
Diffstat (limited to 'meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch')
-rw-r--r-- | meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch b/meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch deleted file mode 100644 index f175da0caf..0000000000 --- a/meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | From 274b2cc08b0d10a4cac3fe8b50022889f22580cb Mon Sep 17 00:00:00 2001 | ||
2 | From: Chris Liddell <chris.liddell@artifex.com> | ||
3 | Date: Thu, 20 Sep 2018 16:35:28 +0100 | ||
4 | Subject: [PATCH 1/5] Bug 699795: add operand checking to | ||
5 | .setnativefontmapbuilt | ||
6 | |||
7 | .setnativefontmapbuilt .forceputs a value into systemdict - it is intended | ||
8 | to be a boolean, but in this case was being called with a compound object | ||
9 | (a dictionary). Such an object, in local VM, being forced into systemdict | ||
10 | would then confuse the garbager, since it could be restored away with the | ||
11 | reference remaining. | ||
12 | |||
13 | This adds operand checking, so .setnativefontmapbuilt will simply ignore | ||
14 | anything other than a boolean value, and also removes the definition of | ||
15 | .setnativefontmapbuilt after use, since it is only used in two, closely | ||
16 | related places. | ||
17 | |||
18 | CVE: CVE-2018-17961 | ||
19 | Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] | ||
20 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
21 | --- | ||
22 | Resource/Init/gs_fonts.ps | 11 ++++++++--- | ||
23 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
24 | |||
25 | diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps | ||
26 | index 38f0f6c..45b6613 100644 | ||
27 | --- a/Resource/Init/gs_fonts.ps | ||
28 | +++ b/Resource/Init/gs_fonts.ps | ||
29 | @@ -372,9 +372,13 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if | ||
30 | % of strings: what the system thinks is the ps name, | ||
31 | % and the access path. | ||
32 | /.setnativefontmapbuilt { % set whether we've been run | ||
33 | - systemdict exch /.nativefontmapbuilt exch .forceput | ||
34 | + dup type /booleantype eq { | ||
35 | + systemdict exch /.nativefontmapbuilt exch .forceput | ||
36 | + } | ||
37 | + {pop} | ||
38 | + ifelse | ||
39 | } .bind executeonly def | ||
40 | -systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt | ||
41 | +systemdict /NONATIVEFONTMAP known //.setnativefontmapbuilt exec | ||
42 | /.buildnativefontmap { % - .buildnativefontmap <bool> | ||
43 | systemdict /.nativefontmapbuilt .knownget not | ||
44 | { //false} if | ||
45 | @@ -415,9 +419,10 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt | ||
46 | } forall | ||
47 | } if | ||
48 | % record that we've been run | ||
49 | - //true .setnativefontmapbuilt | ||
50 | + //true //.setnativefontmapbuilt exec | ||
51 | } ifelse | ||
52 | } bind def | ||
53 | +currentdict /.setnativefontmapbuilt .forceundef | ||
54 | |||
55 | % Create the dictionary that registers the .buildfont procedure | ||
56 | % (called by definefont) for each FontType. | ||
57 | -- | ||
58 | 2.7.4 | ||
59 | |||