diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch | 53 | ||||
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.27.bb | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch new file mode 100644 index 0000000000..9bec7343f5 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chris Liddell <chris.liddell@artifex.com> | ||
3 | Date: Fri, 2 Aug 2019 15:18:26 +0100 | ||
4 | Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly | ||
5 | |||
6 | Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19] | ||
7 | CVE: CVE-2019-10216 | ||
8 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
9 | |||
10 | --- | ||
11 | Resource/Init/gs_type1.ps | 14 +++++++------- | ||
12 | 1 file changed, 7 insertions(+), 7 deletions(-) | ||
13 | |||
14 | diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps | ||
15 | index 6c7735bc0..a039ccee3 100644 | ||
16 | --- a/Resource/Init/gs_type1.ps | ||
17 | +++ b/Resource/Init/gs_type1.ps | ||
18 | @@ -118,25 +118,25 @@ | ||
19 | ( to be the same as glyph: ) print 1 index //== exec } if | ||
20 | 3 index exch 3 index .forceput | ||
21 | % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname | ||
22 | - } | ||
23 | + }executeonly | ||
24 | {pop} ifelse | ||
25 | - } forall | ||
26 | + } executeonly forall | ||
27 | pop pop | ||
28 | - } | ||
29 | + } executeonly | ||
30 | { | ||
31 | pop pop pop | ||
32 | } ifelse | ||
33 | - } | ||
34 | + } executeonly | ||
35 | { | ||
36 | % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname | ||
37 | pop pop | ||
38 | } ifelse | ||
39 | - } forall | ||
40 | + } executeonly forall | ||
41 | 3 1 roll pop pop | ||
42 | - } if | ||
43 | + } executeonly if | ||
44 | pop | ||
45 | dup /.AGLprocessed~GS //true .forceput | ||
46 | - } if | ||
47 | + } executeonly if | ||
48 | |||
49 | %% We need to excute the C .buildfont1 in a stopped context so that, if there | ||
50 | %% are errors we can put the stack back sanely and exit. Otherwise callers won't | ||
51 | -- | ||
52 | 2.17.1 | ||
53 | |||
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb index 32f938f254..bbd17104e1 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb | |||
@@ -29,6 +29,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d | |||
29 | file://CVE-2019-14817-0001.patch \ | 29 | file://CVE-2019-14817-0001.patch \ |
30 | file://CVE-2019-14817-0002.patch \ | 30 | file://CVE-2019-14817-0002.patch \ |
31 | file://CVE-2019-14869-0001.patch \ | 31 | file://CVE-2019-14869-0001.patch \ |
32 | file://CVE-2019-10216.patch \ | ||
32 | " | 33 | " |
33 | 34 | ||
34 | SRC_URI = "${SRC_URI_BASE} \ | 35 | SRC_URI = "${SRC_URI_BASE} \ |