diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-05-18 16:20:24 +0800 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2020-05-19 15:06:08 +0800 |
commit | 4620180a073b721dbc91d14ab64285187bec4cb7 (patch) | |
tree | ca87880d66d6cc9f991569e04ec6414b8616b368 /meta/recipes-extended | |
parent | 5ada35d14598505448c16a52e8fe129e72f1ed0b (diff) | |
download | openembedded-core-4620180a073b721dbc91d14ab64285187bec4cb7.tar.gz |
ghostscript : fix CVE-2019-10216
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch | 53 | ||||
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.27.bb | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch new file mode 100644 index 0000000000..9bec7343f5 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch @@ -0,0 +1,53 @@ +From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 2 Aug 2019 15:18:26 +0100 +Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly + +Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19] +CVE: CVE-2019-10216 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +--- + Resource/Init/gs_type1.ps | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index 6c7735bc0..a039ccee3 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -118,25 +118,25 @@ + ( to be the same as glyph: ) print 1 index //== exec } if + 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname +- } ++ }executeonly + {pop} ifelse +- } forall ++ } executeonly forall + pop pop +- } ++ } executeonly + { + pop pop pop + } ifelse +- } ++ } executeonly + { + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + pop pop + } ifelse +- } forall ++ } executeonly forall + 3 1 roll pop pop +- } if ++ } executeonly if + pop + dup /.AGLprocessed~GS //true .forceput +- } if ++ } executeonly if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there + %% are errors we can put the stack back sanely and exit. Otherwise callers won't +-- +2.17.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb index 32f938f254..bbd17104e1 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb @@ -29,6 +29,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2019-14817-0001.patch \ file://CVE-2019-14817-0002.patch \ file://CVE-2019-14869-0001.patch \ + file://CVE-2019-10216.patch \ " SRC_URI = "${SRC_URI_BASE} \ |