Fix for CVE-2019-10216 added
This commit is contained in:
Martin Osvald
parent
7a887c99cd
commit
31934cab83
43
ghostscript-cve-2019-10216.patch
Normal file
43
ghostscript-cve-2019-10216.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris Liddell <chris.liddell@artifex.com>
|
||||||
|
Date: Fri, 2 Aug 2019 15:18:26 +0100
|
||||||
|
Subject: Bug 701394: protect use of .forceput with executeonly
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
|
||||||
|
index 6c7735bc0c..a039ccee35 100644
|
||||||
|
--- a/Resource/Init/gs_type1.ps
|
||||||
|
+++ b/Resource/Init/gs_type1.ps
|
||||||
|
@@ -118,25 +118,25 @@
|
||||||
|
( to be the same as glyph: ) print 1 index //== exec } if
|
||||||
|
3 index exch 3 index .forceput
|
||||||
|
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
|
||||||
|
- }
|
||||||
|
+ }executeonly
|
||||||
|
{pop} ifelse
|
||||||
|
- } forall
|
||||||
|
+ } executeonly forall
|
||||||
|
pop pop
|
||||||
|
- }
|
||||||
|
+ } executeonly
|
||||||
|
{
|
||||||
|
pop pop pop
|
||||||
|
} ifelse
|
||||||
|
- }
|
||||||
|
+ } executeonly
|
||||||
|
{
|
||||||
|
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
|
||||||
|
pop pop
|
||||||
|
} ifelse
|
||||||
|
- } forall
|
||||||
|
+ } executeonly forall
|
||||||
|
3 1 roll pop pop
|
||||||
|
- } if
|
||||||
|
+ } executeonly if
|
||||||
|
pop
|
||||||
|
dup /.AGLprocessed~GS //true .forceput
|
||||||
|
- } if
|
||||||
|
+ } executeonly if
|
||||||
|
|
||||||
|
%% We need to excute the C .buildfont1 in a stopped context so that, if there
|
||||||
|
%% are errors we can put the stack back sanely and exit. Otherwise callers won't
|
||||||
@ -43,7 +43,7 @@
|
|||||||
Name: ghostscript
|
Name: ghostscript
|
||||||
Summary: Interpreter for PostScript language & PDF
|
Summary: Interpreter for PostScript language & PDF
|
||||||
Version: 9.26
|
Version: 9.26
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
|
|
||||||
License: AGPLv3+
|
License: AGPLv3+
|
||||||
|
|
||||||
@ -97,6 +97,7 @@ Patch000: ghostscript-cve-2019-6116.patch
|
|||||||
Patch001: ghostscript-subclassing-devices-fix-put_image-method.patch
|
Patch001: ghostscript-subclassing-devices-fix-put_image-method.patch
|
||||||
Patch002: ghostscript-cve-2019-3835.patch
|
Patch002: ghostscript-cve-2019-3835.patch
|
||||||
Patch003: ghostscript-cve-2019-3838.patch
|
Patch003: ghostscript-cve-2019-3838.patch
|
||||||
|
Patch004: ghostscript-cve-2019-10216.patch
|
||||||
|
|
||||||
|
|
||||||
# Downstream patches -- these should be always included when doing rebase:
|
# Downstream patches -- these should be always included when doing rebase:
|
||||||
@ -465,6 +466,9 @@ done
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 12 2019 Martin Osvald <mosvald@redhat.com> - 9.26-6
|
||||||
|
- Fix for CVE-2019-10216 added
|
||||||
|
|
||||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 9.26-5
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 9.26-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user