rpms/ghostscript
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import ghostscript-9.25-5.el8_1.1

Browse Source
This commit is contained in:
CentOS Sources 2019-11-14 14:10:07 -05:00 committed by Andrew Lukoshko
parent 8ef68b1e7e
commit 43d4a0de8b
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
SOURCES/ghostscript-cve-2019-14869.patch Normal file
View File

@ -0,0 +1,40 @@
diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
index 064b6c8..600907e 100644
--- a/Resource/Init/gs_ttf.ps
+++ b/Resource/Init/gs_ttf.ps
@@ -1421,7 +1421,7 @@ mark
TTFDEBUG { (\n1 setting alias: ) print dup ==only
( to be the same as ) print 2 index //== exec } if
- 7 index 2 index 3 -1 roll exch .forceput
+ 7 index 2 index 3 -1 roll exch put
} forall
pop pop pop
}
@@ -1439,7 +1439,7 @@ mark
exch pop
TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
( to use glyph index: ) print dup //== exec } if
- 5 index 3 1 roll .forceput
+ 5 index 3 1 roll put
//false
}
{
@@ -1456,7 +1456,7 @@ mark
{ % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
( to be index: ) print dup //== exec } if
- exch pop 5 index 3 1 roll .forceput
+ exch pop 5 index 3 1 roll put
}
{
pop pop
@@ -1486,7 +1486,7 @@ mark
} ifelse
]
TTFDEBUG { (Encoding: ) print dup === flush } if
-} .bind executeonly odef % hides .forceput
+} .bind odef
% to be removed 9.09......
currentdict /postalias undef

6
SPECS/ghostscript.spec
View File

@ -37,7 +37,7 @@
Name: ghostscript Name: ghostscript
Summary: Interpreter for PostScript language & PDF Summary: Interpreter for PostScript language & PDF
Version: 9.25 Version: 9.25
Release: 5%{?dist} Release: 5%{?dist}.1
License: AGPLv3+ License: AGPLv3+
@ -105,6 +105,7 @@ Patch014: ghostscript-pdf2dsc-regression.patch
Patch015: ghostscript-cve-2019-10216.patch Patch015: ghostscript-cve-2019-10216.patch
Patch016: ghostscript-cve-2019-14811-14812-14813.patch Patch016: ghostscript-cve-2019-14811-14812-14813.patch
Patch017: ghostscript-cve-2019-14817.patch Patch017: ghostscript-cve-2019-14817.patch
Patch018: ghostscript-cve-2019-14869.patch
# Downstream patches -- these should be always included when doing rebase: # Downstream patches -- these should be always included when doing rebase:
# ------------------ # ------------------
@ -444,6 +445,9 @@ done
# ============================================================================= # =============================================================================
%changelog %changelog
* Fri Nov 08 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-5.1
- 1769342 - CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys
* Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-5 * Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-5
- Resolves: #1744011 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445) - Resolves: #1744011 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
- Resolves: #1744015 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444) - Resolves: #1744015 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)