diff options
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch | 236 |
1 files changed, 0 insertions, 236 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch deleted file mode 100644 index 6348fff2d1..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch +++ /dev/null @@ -1,236 +0,0 @@ -From cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001 -From: Ken Sharp <ken.sharp@artifex.com> -Date: Wed, 21 Aug 2019 10:10:51 +0100 -Subject: [PATCH 2/2] PDF interpreter - review .forceput security - -Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken" - -By abusing the error handler it was possible to get the PDFDEBUG portion -of .pdfexectoken, which uses .forceput left readable. - -Add an executeonly appropriately to make sure that clause isn't readable -no mstter what. - -Review all the uses of .forceput searching for similar cases, add -executeonly as required to secure those. All cases in the PostScript -support files seem to be covered already. - -CVE: CVE-2019-14817 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - Resource/Init/pdf_base.ps | 2 +- - Resource/Init/pdf_draw.ps | 14 +++++++------- - Resource/Init/pdf_font.ps | 29 ++++++++++++++++------------- - Resource/Init/pdf_main.ps | 6 +++--- - Resource/Init/pdf_ops.ps | 11 ++++++----- - 5 files changed, 33 insertions(+), 29 deletions(-) - -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps -index 1a218f4..cffde5c 100644 ---- a/Resource/Init/pdf_base.ps -+++ b/Resource/Init/pdf_base.ps -@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef - { - dup ==only () = flush - } ifelse % PDFSTEP -- } if % PDFDEBUG -+ } executeonly if % PDFDEBUG - 2 copy .knownget { - exch pop exch pop exch pop exec - } { -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps -index e18a7c2..0a3924c 100644 ---- a/Resource/Init/pdf_draw.ps -+++ b/Resource/Init/pdf_draw.ps -@@ -501,8 +501,8 @@ end - ( Output may be incorrect.\n) pdfformaterror - //pdfdict /.gs_warning_issued //true .forceput - PDFSTOPONERROR { /gs /undefined signalerror } if -- } if -- } -+ } executeonly if -+ } executeonly - ifelse - } bind executeonly def - -@@ -1142,7 +1142,7 @@ currentdict end readonly def - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput -@@ -1150,8 +1150,8 @@ currentdict end readonly def - pdfformaterror - } executeonly ifelse - end -- } ifelse -- } loop -+ } executeonly ifelse -+ } executeonly loop - { - (\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) - //pdfdict /.Qqwarning_issued .knownget -@@ -1165,14 +1165,14 @@ currentdict end readonly def - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -+ } executeonly if - pop - - % restore pdfemptycount -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps -index 2df3303..6a6a5fe 100644 ---- a/Resource/Init/pdf_font.ps -+++ b/Resource/Init/pdf_font.ps -@@ -638,7 +638,7 @@ currentdict end readonly def - currentglobal 2 index dup gcheck setglobal - /FontInfo 5 dict dup 5 1 roll .forceput - setglobal -- } if -+ } executeonly if - dup /GlyphNames2Unicode .knownget not { - //true % No existing G2U, make one - } { -@@ -668,10 +668,12 @@ currentdict end readonly def - pop % font-res font-dict encoding|null font-info - pop % font-res font-dict encoding|null - //false % We built a GlyphNames2Unicode table, don't need to process further -- }{ -+ } executeonly -+ { - //true % name is not Identity-V or H, fail by falling through - }ifelse -- } { -+ } executeonly -+ { - //true - } ifelse % not a name, try as a dictionary (as specified) - -@@ -759,9 +761,9 @@ currentdict end readonly def - PDFDEBUG { - (.processToUnicode end) = - } if -- } if -- } if -- } stopped -+ } executeonly if -+ } executeonly if -+ } executeonly stopped - { - .dstackdepth 1 countdictstack 1 sub - {pop end} for -@@ -1291,19 +1293,20 @@ currentdict /eexec_pdf_param_dict .undef - //pdfdict /.Qqwarning_issued //true .forceput - } executeonly if - Q -- } repeat -+ } executeonly repeat - Q -- } PDFfile fileposition 2 .execn % Keep pdfcount valid. -+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid. - PDFfile exch setfileposition -- } ifelse -- } { -+ } executeonly ifelse -+ } executeonly -+ { - % PDF Type 3 fonts don't use .notdef - % d1 implementation adjusts the width as needed - 0 0 0 0 0 0 - pdfopdict /d1 get exec - } ifelse - end end -- } bdef -+ } executeonly bdef - dup currentdict Encoding .processToUnicode - currentdict end .completefont exch pop - } bind executeonly odef -@@ -2103,9 +2106,9 @@ currentdict /CMap_read_dict undef - (Will continue, but content may be missing.) = flush - } ifelse - } if -- } if -+ } executeonly if - /findresource cvx /undefined signalerror -- } loop -+ } executeonly loop - } bind executeonly odef - - /buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font> -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps -index 5305ea6..a59e63c 100644 ---- a/Resource/Init/pdf_main.ps -+++ b/Resource/Init/pdf_main.ps -@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -- } if -+ } executeonly if -+ } executeonly if - pop - count PDFexecstackcount sub { pop } repeat - (after exec) VMDEBUG -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps -index 285e582..6c1f100 100644 ---- a/Resource/Init/pdf_ops.ps -+++ b/Resource/Init/pdf_ops.ps -@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -+ } executeonly if - } bind executeonly odef - - % Save PDF gstate -@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef - dup type /booleantype eq { - .currentSMask type /dicttype eq { - .currentSMask /Processed 2 index .forceput -+ } executeonly -+ { -+ .setSMask -+ }ifelse - } executeonly - { -- .setSMask -- }ifelse -- }{ - .setSMask - }ifelse - --- -2.20.1 - |