[arch-commits] Commit in ghostscript/trunk (CVE-2019-10216.diff PKGBUILD)
Andreas Radke
andyrtr at archlinux.org
Tue Oct 15 17:29:14 UTC 2019
Date: Tuesday, October 15, 2019 @ 17:29:14
Author: andyrtr
Revision: 365055
upgpkg: ghostscript 9.50-1
upstream update 9.50
Modified:
ghostscript/trunk/PKGBUILD
Deleted:
ghostscript/trunk/CVE-2019-10216.diff
---------------------+
CVE-2019-10216.diff | 50 --------------------------------------------------
PKGBUILD | 12 ++++--------
2 files changed, 4 insertions(+), 58 deletions(-)
Deleted: CVE-2019-10216.diff
===================================================================
--- CVE-2019-10216.diff 2019-10-15 17:21:24 UTC (rev 365054)
+++ CVE-2019-10216.diff 2019-10-15 17:29:14 UTC (rev 365055)
@@ -1,50 +0,0 @@
-From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell at artifex.com>
-Date: Fri, 2 Aug 2019 15:18:26 +0100
-Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
-
----
- Resource/Init/gs_type1.ps | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
-index 6c7735b..a039cce 100644
---- a/Resource/Init/gs_type1.ps
-+++ b/Resource/Init/gs_type1.ps
-@@ -118,25 +118,25 @@
- ( to be the same as glyph: ) print 1 index //== exec } if
- 3 index exch 3 index .forceput
- % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
-- }
-+ }executeonly
- {pop} ifelse
-- } forall
-+ } executeonly forall
- pop pop
-- }
-+ } executeonly
- {
- pop pop pop
- } ifelse
-- }
-+ } executeonly
- {
- % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
- pop pop
- } ifelse
-- } forall
-+ } executeonly forall
- 3 1 roll pop pop
-- } if
-+ } executeonly if
- pop
- dup /.AGLprocessed~GS //true .forceput
-- } if
-+ } executeonly if
-
- %% We need to excute the C .buildfont1 in a stopped context so that, if there
- %% are errors we can put the stack back sanely and exit. Otherwise callers won't
---
-2.9.1
-
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-10-15 17:21:24 UTC (rev 365054)
+++ PKGBUILD 2019-10-15 17:29:14 UTC (rev 365055)
@@ -2,8 +2,8 @@
pkgbase=ghostscript
pkgname=(ghostscript ghostxps ghostpcl)
-pkgver=9.27
-pkgrel=2
+pkgver=9.50
+pkgrel=1
pkgdesc="An interpreter for the PostScript language"
url="https://www.ghostscript.com/"
arch=('x86_64')
@@ -12,16 +12,12 @@
'libtiff' 'lcms2' 'dbus' 'libpaper' 'ijs' 'openjpeg2' 'libidn')
makedepends=('gtk3' 'gnutls' 'glu' 'freeglut')
# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
-source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.xz
- CVE-2019-10216.diff)
-sha512sums=('bbdecbde3bebb0e22eb8976fe1e91d94b8d585aa72f9a2475ee58598de223ae31bc467eb518690dd05a4a4e1382cde7a682b854c324e98585ffff2250fde29c6'
- '71e8aa1573cecde1e7432ce43ffec719615ee86da0d30cbc27be1ff39a738570768037c8af10b968e07b1aa1af82ed6fa61045d5f9cf207e201177eb77560ca4')
+source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.xz)
+sha512sums=('d6add852f2cb3b2fc7b5d40c42c5d5450f16a057a585f2011b675906b6e3cbf519278e80075459a51c1b78f737146b8a8fe78791a09ca521559f80b41d9ad3eb')
prepare() {
cd ghostpdl-${pkgver}
- patch -Np1 -i ../CVE-2019-10216.diff
-
# force it to use system-libs
rm -r cups/libs expat ijs jbig2dec jpeg lcms2mt libpng openjpeg tiff zlib
# using tree freetype because of https://bugs.archlinux.org/task/56849
More information about the arch-commits
mailing list