summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch
diff options
context:
space:
mode:
authorHongxu Jia <hongxu.jia@windriver.com>2018-11-05 16:03:35 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-11-06 11:54:30 +0000
commit6c32ea184941d292cd8f0eb898e6cc90120ada40 (patch)
tree65cb0c1bdfba62ecbbab1a93d1d8509a90278c50 /meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch
parentbd8d2c25f595e30a3fdcad8a2409913bb8af7c5c (diff)
downloadopenembedded-core-contrib-6c32ea184941d292cd8f0eb898e6cc90120ada40.tar.gz
ghostscript: fix CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch')
-rw-r--r--meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch b/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch
new file mode 100644
index 0000000000..4924b3cac6
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch
@@ -0,0 +1,31 @@
+From f0a61679d28bc1561640403d92492e199bc1c0f3 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 10 Oct 2018 23:25:51 +0100
+Subject: [PATCH 5/5] Bug 699938: .loadfontloop must be an operator
+
+In the fix for Bug 699816, I omitted to make .loadfontloop into an operator, to
+better hide .forceundef and .putgstringcopy.
+
+CVE: CVE-2018-17961
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ Resource/Init/gs_fonts.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 89c3ab7..72feff2 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -1148,7 +1148,7 @@ $error /SubstituteFont { } put
+
+ } loop % end of loop
+
+- } bind executeonly def % must be bound and hidden for .putgstringcopy
++ } bind executeonly odef % must be bound and hidden for .putgstringcopy
+
+ currentdict /.putgstringcopy .undef
+
+--
+2.7.4
+