summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch70
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.27.bb1
2 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch
new file mode 100644
index 0000000000..715ec1c450
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch
@@ -0,0 +1,70 @@
1From 485904772c5f0aa1140032746e5a0abfc40f4cef Mon Sep 17 00:00:00 2001
2From: Chris Liddell <chris.liddell@artifex.com>
3Date: Tue, 5 Nov 2019 09:45:27 +0000
4Subject: [PATCH] Bug 701841: remove .forceput from /.charkeys
5
6When loading Type 1 or Truetype fonts from disk, we attempt to extend the glyph
7name table to include all identifiable glyph names from the Adobe Glyph List.
8
9In the case of Type 1 fonts, the font itself (almost always) marks the
10CharStrings dictionary as read-only, hence we have to use .forceput for that
11case.
12
13But for Truetype fonts, the CharStrings dictionary is created internally and is
14not read-only until *after* we have fully populated it (including the extended
15glyph names from the AGL), hence there is no need for .forceput, and no need to
16carry the security risk of using it.
17
18Replace with regular put.
19
20CVE: CVE-2019-14869
21Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
22
23Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
24---
25 Resource/Init/gs_ttf.ps | 8 ++++----
26 1 file changed, 4 insertions(+), 4 deletions(-)
27
28diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
29index e34967d..5354ff0 100644
30--- a/Resource/Init/gs_ttf.ps
31+++ b/Resource/Init/gs_ttf.ps
32@@ -1301,7 +1301,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
33 TTFDEBUG { (\n1 setting alias: ) print dup ==only
34 ( to be the same as ) print 2 index //== exec } if
35
36- 7 index 2 index 3 -1 roll exch .forceput
37+ 7 index 2 index 3 -1 roll exch put
38 } forall
39 pop pop pop
40 }
41@@ -1319,7 +1319,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
42 exch pop
43 TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
44 ( to use glyph index: ) print dup //== exec } if
45- 5 index 3 1 roll .forceput
46+ 5 index 3 1 roll put
47 //false
48 }
49 {
50@@ -1336,7 +1336,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
51 { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
52 TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
53 ( to be index: ) print dup //== exec } if
54- exch pop 5 index 3 1 roll .forceput
55+ exch pop 5 index 3 1 roll put
56 }
57 {
58 pop pop
59@@ -1366,7 +1366,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
60 } ifelse
61 ]
62 TTFDEBUG { (Encoding: ) print dup === flush } if
63-} .bind executeonly odef % hides .forceput
64+} .bind odef
65
66 % ---------------- CIDFontType 2 font loading ---------------- %
67
68--
692.20.1
70
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
index 9e1f3e2f49..32f938f254 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
@@ -28,6 +28,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
28 file://CVE-2019-14811-0001.patch \ 28 file://CVE-2019-14811-0001.patch \
29 file://CVE-2019-14817-0001.patch \ 29 file://CVE-2019-14817-0001.patch \
30 file://CVE-2019-14817-0002.patch \ 30 file://CVE-2019-14817-0002.patch \
31 file://CVE-2019-14869-0001.patch \
31" 32"
32 33
33SRC_URI = "${SRC_URI_BASE} \ 34SRC_URI = "${SRC_URI_BASE} \