summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2020-05-18 16:20:24 +0800
committerAnuj Mittal <anuj.mittal@intel.com>2020-05-19 15:06:08 +0800
commit4620180a073b721dbc91d14ab64285187bec4cb7 (patch)
treeca87880d66d6cc9f991569e04ec6414b8616b368
parent5ada35d14598505448c16a52e8fe129e72f1ed0b (diff)
downloadopenembedded-core-contrib-4620180a073b721dbc91d14ab64285187bec4cb7.tar.gz
openembedded-core-contrib-4620180a073b721dbc91d14ab64285187bec4cb7.tar.bz2
openembedded-core-contrib-4620180a073b721dbc91d14ab64285187bec4cb7.zip
ghostscript : fix CVE-2019-10216
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch53
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.27.bb1
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch
new file mode 100644
index 0000000000..9bec7343f5
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-10216.patch
@@ -0,0 +1,53 @@
+From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
+
+Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19]
+CVE: CVE-2019-10216
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735bc0..a039ccee3 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+ ( to be the same as glyph: ) print 1 index //== exec } if
+ 3 index exch 3 index .forceput
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+- }
++ }executeonly
+ {pop} ifelse
+- } forall
++ } executeonly forall
+ pop pop
+- }
++ } executeonly
+ {
+ pop pop pop
+ } ifelse
+- }
++ } executeonly
+ {
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+ pop pop
+ } ifelse
+- } forall
++ } executeonly forall
+ 3 1 roll pop pop
+- } if
++ } executeonly if
+ pop
+ dup /.AGLprocessed~GS //true .forceput
+- } if
++ } executeonly if
+
+ %% We need to excute the C .buildfont1 in a stopped context so that, if there
+ %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+--
+2.17.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
index 32f938f254..bbd17104e1 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
@@ -29,6 +29,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://CVE-2019-14817-0001.patch \
file://CVE-2019-14817-0002.patch \
file://CVE-2019-14869-0001.patch \
+ file://CVE-2019-10216.patch \
"
SRC_URI = "${SRC_URI_BASE} \