[arch-commits] Commit in ghostscript/trunk (CVE-2019-10216.diff PKGBUILD)

Andreas Radke andyrtr at archlinux.org
Mon Aug 12 20:31:48 UTC 2019


    Date: Monday, August 12, 2019 @ 20:31:48
  Author: andyrtr
Revision: 359775

upgpkg: ghostscript 9.27-2

apply fix for CVE-2019-10216

Added:
  ghostscript/trunk/CVE-2019-10216.diff
Modified:
  ghostscript/trunk/PKGBUILD

---------------------+
 CVE-2019-10216.diff |   50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD            |   10 +++++++---
 2 files changed, 57 insertions(+), 3 deletions(-)

Added: CVE-2019-10216.diff
===================================================================
--- CVE-2019-10216.diff	                        (rev 0)
+++ CVE-2019-10216.diff	2019-08-12 20:31:48 UTC (rev 359775)
@@ -0,0 +1,50 @@
+From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell at artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735b..a039cce 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+                          ( to be the same as glyph: ) print 1 index //== exec } if
+                    3 index exch 3 index .forceput
+                                                                  % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+-                 }
++                 }executeonly
+                  {pop} ifelse
+-               } forall
++               } executeonly forall
+                pop pop
+-             }
++             } executeonly
+              {
+                pop pop pop
+              } ifelse
+-           }
++           } executeonly
+            {
+                                                                % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+              pop pop
+            } ifelse
+-         } forall
++         } executeonly forall
+          3 1 roll pop pop
+-     } if
++     } executeonly if
+      pop
+      dup /.AGLprocessed~GS //true .forceput
+-   } if
++   } executeonly if
+ 
+    %% We need to excute the C .buildfont1 in a stopped context so that, if there
+    %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+-- 
+2.9.1
+
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-08-12 19:22:25 UTC (rev 359774)
+++ PKGBUILD	2019-08-12 20:31:48 UTC (rev 359775)
@@ -3,7 +3,7 @@
 pkgbase=ghostscript
 pkgname=(ghostscript ghostxps ghostpcl)
 pkgver=9.27
-pkgrel=1
+pkgrel=2
 pkgdesc="An interpreter for the PostScript language"
 url="https://www.ghostscript.com/"
 arch=('x86_64')
@@ -12,12 +12,16 @@
          'libtiff' 'lcms2' 'dbus' 'libpaper' 'ijs' 'openjpeg2' 'libidn')
 makedepends=('gtk3' 'gnutls' 'glu' 'freeglut')
 # https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
-source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.xz)
-sha512sums=('bbdecbde3bebb0e22eb8976fe1e91d94b8d585aa72f9a2475ee58598de223ae31bc467eb518690dd05a4a4e1382cde7a682b854c324e98585ffff2250fde29c6')
+source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.xz
+        CVE-2019-10216.diff)
+sha512sums=('bbdecbde3bebb0e22eb8976fe1e91d94b8d585aa72f9a2475ee58598de223ae31bc467eb518690dd05a4a4e1382cde7a682b854c324e98585ffff2250fde29c6'
+            '71e8aa1573cecde1e7432ce43ffec719615ee86da0d30cbc27be1ff39a738570768037c8af10b968e07b1aa1af82ed6fa61045d5f9cf207e201177eb77560ca4')
 
 prepare() {
   cd ghostpdl-${pkgver}
 
+  patch -Np1 -i ../CVE-2019-10216.diff
+
   # force it to use system-libs
   rm -r cups/libs expat ijs jbig2dec jpeg lcms2mt libpng openjpeg tiff zlib
   # using tree freetype because of https://bugs.archlinux.org/task/56849



More information about the arch-commits mailing list