9.50
This commit is contained in:
parent
5a6c75f6fb
commit
5e7ab74206
1
.gitignore
vendored
1
.gitignore
vendored
@ -54,3 +54,4 @@ ghostscript-8.71.tar.xz
|
|||||||
/ghostscript-9.25.tar.xz
|
/ghostscript-9.25.tar.xz
|
||||||
/ghostscript-9.26.tar.xz
|
/ghostscript-9.26.tar.xz
|
||||||
/ghostscript-9.27.tar.xz
|
/ghostscript-9.27.tar.xz
|
||||||
|
/ghostscript-9.50.tar.xz
|
||||||
|
@ -0,0 +1,58 @@
|
|||||||
|
From 53ab3ecee8a60d412c2bf1406340bf9cb228e106 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris Liddell <chris.liddell@artifex.com>
|
||||||
|
Date: Wed, 4 Dec 2019 12:23:02 +0000
|
||||||
|
Subject: [PATCH] Bug 701969: Fix fontconfig path permissions handling
|
||||||
|
|
||||||
|
The paths from fontconfig to be added to the permit file reading list was not
|
||||||
|
having the trailing directory separator added to indicate we want to allow
|
||||||
|
the directory to be read.
|
||||||
|
|
||||||
|
Also, tweak the path/filename splitting (for the permit file read list) when
|
||||||
|
parsing the cidfmap so it matches the improved version in gs_fonts.ps
|
||||||
|
---
|
||||||
|
Resource/Init/gs_cidfm.ps | 4 ++--
|
||||||
|
base/gp_unix.c | 6 +++++-
|
||||||
|
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Resource/Init/gs_cidfm.ps b/Resource/Init/gs_cidfm.ps
|
||||||
|
index cd9ed883f..e123bfc1c 100644
|
||||||
|
--- a/Resource/Init/gs_cidfm.ps
|
||||||
|
+++ b/Resource/Init/gs_cidfm.ps
|
||||||
|
@@ -141,7 +141,7 @@ currentdict end def
|
||||||
|
% <dir.../base.extn> .basename <dir>
|
||||||
|
/.splitdirname {
|
||||||
|
(/) rsearch { //true } { (\\) rsearch } ifelse
|
||||||
|
- {3 -2 roll pop pop //true}{//false} ifelse
|
||||||
|
+ {exch concatstrings exch pop //true}{//false} ifelse
|
||||||
|
} bind def
|
||||||
|
|
||||||
|
% <file> .addcidfmappath -
|
||||||
|
@@ -214,7 +214,7 @@ currentdict end def
|
||||||
|
} loop
|
||||||
|
} forall
|
||||||
|
currentdict end
|
||||||
|
- {exch pop (/) concatstrings /PermitFileReading exch .addcontrolpath} forall
|
||||||
|
+ {exch pop /PermitFileReading exch .addcontrolpath} forall
|
||||||
|
|
||||||
|
% Checks for vicious substitution cycles.
|
||||||
|
dup length dict copy % <<map>>
|
||||||
|
diff --git a/base/gp_unix.c b/base/gp_unix.c
|
||||||
|
index 6d2b8b163..ecf0e8a63 100644
|
||||||
|
--- a/base/gp_unix.c
|
||||||
|
+++ b/base/gp_unix.c
|
||||||
|
@@ -356,7 +356,11 @@ void *gp_enumerate_fonts_init(gs_memory_t *mem)
|
||||||
|
*/
|
||||||
|
code = 0;
|
||||||
|
while ((dirstr = FcStrListNext(fdirlist)) != NULL && code >= 0) {
|
||||||
|
- code = gs_add_control_path(mem, gs_permit_file_reading, (char *)dirstr);
|
||||||
|
+ char dirstr2[gp_file_name_sizeof];
|
||||||
|
+ dirstr2[0] = '\0';
|
||||||
|
+ strncat(dirstr2, (char *)dirstr, gp_file_name_sizeof - 1);
|
||||||
|
+ strncat(dirstr2, "/", gp_file_name_sizeof);
|
||||||
|
+ code = gs_add_control_path(mem, gs_permit_file_reading, (char *)dirstr2);
|
||||||
|
}
|
||||||
|
FcStrListDone(fdirlist);
|
||||||
|
if (code < 0) {
|
||||||
|
--
|
||||||
|
2.24.1
|
||||||
|
|
@ -1,22 +1,10 @@
|
|||||||
From 91c9c6d17d445781ee572c281b8b9d75d96f9df8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "David Kaspar [Dee'Kej]" <dkaspar@redhat.com>
|
|
||||||
Date: Fri, 7 Oct 2016 13:57:01 +0200
|
|
||||||
Subject: [PATCH] Make sure 'dvipdf' is being run securely
|
|
||||||
|
|
||||||
---
|
|
||||||
lib/dvipdf | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/dvipdf b/lib/dvipdf
|
diff --git a/lib/dvipdf b/lib/dvipdf
|
||||||
index 802aeab..c92dfb0 100755
|
index f643087..078292b 100755
|
||||||
--- a/lib/dvipdf
|
--- a/lib/dvipdf
|
||||||
+++ b/lib/dvipdf
|
+++ b/lib/dvipdf
|
||||||
@@ -43,4 +43,4 @@ fi
|
@@ -43,4 +43,4 @@ fi
|
||||||
|
|
||||||
# We have to include the options twice because -I only takes effect if it
|
# We have to include the options twice because -I only takes effect if it
|
||||||
# appears before other options.
|
# appears before other options.
|
||||||
-exec dvips -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -c .setpdfwrite -
|
-exec dvips -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS
|
||||||
+exec dvips -R -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -c .setpdfwrite -
|
+exec dvips -R -Ppdf $DVIPSOPTIONS -q -f "$infile" | $GS_EXECUTABLE $OPTIONS -q -P- -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile="$outfile" $OPTIONS -
|
||||||
--
|
|
||||||
2.14.3
|
|
||||||
|
|
||||||
|
94
ghostscript-9.50-enumerate-all-fonts.patch
Normal file
94
ghostscript-9.50-enumerate-all-fonts.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
diff --git a/base/gp_unix.c b/base/gp_unix.c
|
||||||
|
index c576566..4165654 100644
|
||||||
|
--- a/base/gp_unix.c
|
||||||
|
+++ b/base/gp_unix.c
|
||||||
|
@@ -402,42 +402,50 @@ int gp_enumerate_fonts_next(void *enum_state, char **fontname, char **path)
|
||||||
|
return 0; /* gp_enumerate_fonts_init failed for some reason */
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (state->index == state->font_list->nfont) {
|
||||||
|
- return 0; /* we've run out of fonts */
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* Bits of the following were borrowed from Red Hat's
|
||||||
|
- * fontconfig patch for Ghostscript 7 */
|
||||||
|
- font = state->font_list->fonts[state->index];
|
||||||
|
+ /* We use the loop so we can skip over fonts that return errors */
|
||||||
|
+ while(1) {
|
||||||
|
+ if (state->index == state->font_list->nfont) {
|
||||||
|
+ return 0; /* we've run out of fonts */
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- result = FcPatternGetString (font, FC_FAMILY, 0, &family_fc);
|
||||||
|
- if (result != FcResultMatch || family_fc == NULL) {
|
||||||
|
- dmlprintf(state->mem, "DEBUG: FC_FAMILY mismatch\n");
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ /* Bits of the following were borrowed from Red Hat's
|
||||||
|
+ * fontconfig patch for Ghostscript 7 */
|
||||||
|
+ font = state->font_list->fonts[state->index];
|
||||||
|
+ state->index++;
|
||||||
|
+
|
||||||
|
+ /* We do the FC_FILE first because this *should* never fail
|
||||||
|
+ * and it gives us a string to use in later debug prints
|
||||||
|
+ */
|
||||||
|
+ result = FcPatternGetString (font, FC_FILE, 0, &file_fc);
|
||||||
|
+ if (result != FcResultMatch || file_fc == NULL) {
|
||||||
|
+ dmlprintf(state->mem, "DEBUG: FC_FILE mismatch\n");
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- result = FcPatternGetString (font, FC_FILE, 0, &file_fc);
|
||||||
|
- if (result != FcResultMatch || file_fc == NULL) {
|
||||||
|
- dmlprintf(state->mem, "DEBUG: FC_FILE mismatch\n");
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ result = FcPatternGetString (font, FC_FAMILY, 0, &family_fc);
|
||||||
|
+ if (result != FcResultMatch || family_fc == NULL) {
|
||||||
|
+ dmlprintf1(state->mem, "DEBUG: FC_FAMILY mismatch in %s\n", (char *)file_fc);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- result = FcPatternGetBool (font, FC_OUTLINE, 0, &outline_fc);
|
||||||
|
- if (result != FcResultMatch) {
|
||||||
|
- dmlprintf1(state->mem, "DEBUG: FC_OUTLINE failed to match on %s\n", (char*)family_fc);
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ result = FcPatternGetBool (font, FC_OUTLINE, 0, &outline_fc);
|
||||||
|
+ if (result != FcResultMatch) {
|
||||||
|
+ dmlprintf2(state->mem, "DEBUG: FC_OUTLINE failed to match on %s in %s\n", (char*)family_fc, (char *)file_fc);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- result = FcPatternGetInteger (font, FC_SLANT, 0, &slant_fc);
|
||||||
|
- if (result != FcResultMatch) {
|
||||||
|
- dmlprintf(state->mem, "DEBUG: FC_SLANT didn't match\n");
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ result = FcPatternGetInteger (font, FC_SLANT, 0, &slant_fc);
|
||||||
|
+ if (result != FcResultMatch) {
|
||||||
|
+ dmlprintf1(state->mem, "DEBUG: FC_SLANT didn't match in %s\n", (char *)file_fc);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- result = FcPatternGetInteger (font, FC_WEIGHT, 0, &weight_fc);
|
||||||
|
- if (result != FcResultMatch) {
|
||||||
|
- dmlprintf(state->mem, "DEBUG: FC_WEIGHT didn't match\n");
|
||||||
|
- return 0;
|
||||||
|
+ result = FcPatternGetInteger (font, FC_WEIGHT, 0, &weight_fc);
|
||||||
|
+ if (result != FcResultMatch) {
|
||||||
|
+ dmlprintf1(state->mem, "DEBUG: FC_WEIGHT didn't match in %s\n", (char *)file_fc);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Gross hack to work around Fontconfig's inability to tell
|
||||||
|
@@ -450,7 +458,6 @@ int gp_enumerate_fonts_next(void *enum_state, char **fontname, char **path)
|
||||||
|
/* return the font path straight out of fontconfig */
|
||||||
|
*path = (char*)file_fc;
|
||||||
|
|
||||||
|
- state->index ++;
|
||||||
|
return 1;
|
||||||
|
#else
|
||||||
|
return 0;
|
@ -1,43 +0,0 @@
|
|||||||
From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Fri, 2 Aug 2019 15:18:26 +0100
|
|
||||||
Subject: Bug 701394: protect use of .forceput with executeonly
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
|
|
||||||
index 6c7735bc0c..a039ccee35 100644
|
|
||||||
--- a/Resource/Init/gs_type1.ps
|
|
||||||
+++ b/Resource/Init/gs_type1.ps
|
|
||||||
@@ -118,25 +118,25 @@
|
|
||||||
( to be the same as glyph: ) print 1 index //== exec } if
|
|
||||||
3 index exch 3 index .forceput
|
|
||||||
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
|
|
||||||
- }
|
|
||||||
+ }executeonly
|
|
||||||
{pop} ifelse
|
|
||||||
- } forall
|
|
||||||
+ } executeonly forall
|
|
||||||
pop pop
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
pop pop pop
|
|
||||||
} ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
|
|
||||||
pop pop
|
|
||||||
} ifelse
|
|
||||||
- } forall
|
|
||||||
+ } executeonly forall
|
|
||||||
3 1 roll pop pop
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
pop
|
|
||||||
dup /.AGLprocessed~GS //true .forceput
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
|
|
||||||
%% We need to excute the C .buildfont1 in a stopped context so that, if there
|
|
||||||
%% are errors we can put the stack back sanely and exit. Otherwise callers won't
|
|
@ -1,56 +0,0 @@
|
|||||||
From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Tue, 20 Aug 2019 10:10:28 +0100
|
|
||||||
Subject: make .forceput inaccessible
|
|
||||||
|
|
||||||
Bug #701343, #701344, #701345
|
|
||||||
|
|
||||||
More defensive programming. We don't want people to access .forecput
|
|
||||||
even though it is no longer sufficient to bypass SAFER. The exploit
|
|
||||||
in #701343 didn't work anyway because of earlier work to stop the error
|
|
||||||
handler being used, but nevertheless, prevent access to .forceput from
|
|
||||||
.setuserparams2.
|
|
||||||
|
|
||||||
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
|
|
||||||
index 4cc7f820f..0fd416465 100644
|
|
||||||
--- a/Resource/Init/gs_lev2.ps
|
|
||||||
+++ b/Resource/Init/gs_lev2.ps
|
|
||||||
@@ -158,7 +158,7 @@ end
|
|
||||||
{
|
|
||||||
pop pop
|
|
||||||
} ifelse
|
|
||||||
- } forall
|
|
||||||
+ } executeonly forall
|
|
||||||
% A context switch might have occurred during the above loop,
|
|
||||||
% causing the interpreter-level parameters to be reset.
|
|
||||||
% Set them again to the new values. From here on, we are safe,
|
|
||||||
@@ -229,9 +229,9 @@ end
|
|
||||||
{ pop pop
|
|
||||||
}
|
|
||||||
ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
forall pop
|
|
||||||
-} .bind odef
|
|
||||||
+} .bind executeonly odef
|
|
||||||
|
|
||||||
% Initialize the passwords.
|
|
||||||
% NOTE: the names StartJobPassword and SystemParamsPassword are known to
|
|
||||||
diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
|
|
||||||
index c158a8faf..422e66e1a 100644
|
|
||||||
--- a/Resource/Init/gs_pdfwr.ps
|
|
||||||
+++ b/Resource/Init/gs_pdfwr.ps
|
|
||||||
@@ -658,11 +658,11 @@ currentdict /.pdfmarkparams .undef
|
|
||||||
systemdict /.pdf_hooked_DSC_Creator //true .forceput
|
|
||||||
} executeonly if
|
|
||||||
pop
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
} {
|
|
||||||
pop
|
|
||||||
} ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
pop
|
|
||||||
} ifelse
|
|
@ -1,216 +0,0 @@
|
|||||||
From 3b65a4569a7b8da4678890b842e368daf85d6887 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Wed, 21 Aug 2019 10:10:51 +0100
|
|
||||||
Subject: [PATCH] PDF interpreter - review .forceput security
|
|
||||||
|
|
||||||
Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken"
|
|
||||||
|
|
||||||
By abusing the error handler it was possible to get the PDFDEBUG portion
|
|
||||||
of .pdfexectoken, which uses .forceput left readable.
|
|
||||||
|
|
||||||
Add an executeonly appropriately to make sure that clause isn't readable
|
|
||||||
no mstter what.
|
|
||||||
|
|
||||||
Review all the uses of .forceput searching for similar cases, add
|
|
||||||
executeonly as required to secure those. All cases in the PostScript
|
|
||||||
support files seem to be covered already.
|
|
||||||
---
|
|
||||||
Resource/Init/pdf_base.ps | 2 +-
|
|
||||||
Resource/Init/pdf_draw.ps | 14 +++++++-------
|
|
||||||
Resource/Init/pdf_font.ps | 23 ++++++++++++-----------
|
|
||||||
Resource/Init/pdf_main.ps | 6 +++---
|
|
||||||
Resource/Init/pdf_ops.ps | 11 ++++++-----
|
|
||||||
5 files changed, 29 insertions(+), 27 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
|
|
||||||
index 1a218f4..cffde5c 100644
|
|
||||||
--- a/Resource/Init/pdf_base.ps
|
|
||||||
+++ b/Resource/Init/pdf_base.ps
|
|
||||||
@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef
|
|
||||||
{
|
|
||||||
dup ==only () = flush
|
|
||||||
} ifelse % PDFSTEP
|
|
||||||
- } if % PDFDEBUG
|
|
||||||
+ } executeonly if % PDFDEBUG
|
|
||||||
2 copy .knownget {
|
|
||||||
exch pop exch pop exch pop exec
|
|
||||||
} {
|
|
||||||
diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
|
|
||||||
index e18a7c2..0a3924c 100644
|
|
||||||
--- a/Resource/Init/pdf_draw.ps
|
|
||||||
+++ b/Resource/Init/pdf_draw.ps
|
|
||||||
@@ -501,8 +501,8 @@ end
|
|
||||||
( Output may be incorrect.\n) pdfformaterror
|
|
||||||
//pdfdict /.gs_warning_issued //true .forceput
|
|
||||||
PDFSTOPONERROR { /gs /undefined signalerror } if
|
|
||||||
- } if
|
|
||||||
- }
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly
|
|
||||||
ifelse
|
|
||||||
} bind executeonly def
|
|
||||||
|
|
||||||
@@ -1142,7 +1142,7 @@ currentdict end readonly def
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
@@ -1150,8 +1150,8 @@ currentdict end readonly def
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
end
|
|
||||||
- } ifelse
|
|
||||||
- } loop
|
|
||||||
+ } executeonly ifelse
|
|
||||||
+ } executeonly loop
|
|
||||||
{
|
|
||||||
(\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
|
|
||||||
//pdfdict /.Qqwarning_issued .knownget
|
|
||||||
@@ -1165,14 +1165,14 @@ currentdict end readonly def
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
pop
|
|
||||||
|
|
||||||
% restore pdfemptycount
|
|
||||||
diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
|
|
||||||
index 9fb85f6..357ba30 100644
|
|
||||||
--- a/Resource/Init/pdf_font.ps
|
|
||||||
+++ b/Resource/Init/pdf_font.ps
|
|
||||||
@@ -677,7 +677,7 @@ currentdict end readonly def
|
|
||||||
currentglobal 2 index dup gcheck setglobal
|
|
||||||
/FontInfo 5 dict dup 5 1 roll .forceput
|
|
||||||
setglobal
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
dup /GlyphNames2Unicode .knownget not {
|
|
||||||
//true % No existing G2U, make one
|
|
||||||
} {
|
|
||||||
@@ -701,9 +701,9 @@ currentdict end readonly def
|
|
||||||
} if
|
|
||||||
PDFDEBUG {
|
|
||||||
(.processToUnicode end) =
|
|
||||||
- } if
|
|
||||||
- } if
|
|
||||||
- } stopped
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly stopped
|
|
||||||
{
|
|
||||||
.dstackdepth 1 countdictstack 1 sub
|
|
||||||
{pop end} for
|
|
||||||
@@ -1233,19 +1233,20 @@ currentdict /eexec_pdf_param_dict .undef
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
} executeonly if
|
|
||||||
Q
|
|
||||||
- } repeat
|
|
||||||
+ } executeonly repeat
|
|
||||||
Q
|
|
||||||
- } PDFfile fileposition 2 .execn % Keep pdfcount valid.
|
|
||||||
+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid.
|
|
||||||
PDFfile exch setfileposition
|
|
||||||
- } ifelse
|
|
||||||
- } {
|
|
||||||
+ } executeonly ifelse
|
|
||||||
+ } executeonly
|
|
||||||
+ {
|
|
||||||
% PDF Type 3 fonts don't use .notdef
|
|
||||||
% d1 implementation adjusts the width as needed
|
|
||||||
0 0 0 0 0 0
|
|
||||||
pdfopdict /d1 get exec
|
|
||||||
} ifelse
|
|
||||||
end end
|
|
||||||
- } bdef
|
|
||||||
+ } executeonly bdef
|
|
||||||
dup currentdict Encoding .processToUnicode
|
|
||||||
currentdict end .completefont exch pop
|
|
||||||
} bind executeonly odef
|
|
||||||
@@ -2045,9 +2046,9 @@ currentdict /CMap_read_dict undef
|
|
||||||
(Will continue, but content may be missing.) = flush
|
|
||||||
} ifelse
|
|
||||||
} if
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
/findresource cvx /undefined signalerror
|
|
||||||
- } loop
|
|
||||||
+ } executeonly loop
|
|
||||||
} bind executeonly odef
|
|
||||||
|
|
||||||
/buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font>
|
|
||||||
diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
|
|
||||||
index 5305ea6..a59e63c 100644
|
|
||||||
--- a/Resource/Init/pdf_main.ps
|
|
||||||
+++ b/Resource/Init/pdf_main.ps
|
|
||||||
@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- } if
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly if
|
|
||||||
pop
|
|
||||||
count PDFexecstackcount sub { pop } repeat
|
|
||||||
(after exec) VMDEBUG
|
|
||||||
diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
|
|
||||||
index 285e582..6c1f100 100644
|
|
||||||
--- a/Resource/Init/pdf_ops.ps
|
|
||||||
+++ b/Resource/Init/pdf_ops.ps
|
|
||||||
@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
} bind executeonly odef
|
|
||||||
|
|
||||||
% Save PDF gstate
|
|
||||||
@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef
|
|
||||||
dup type /booleantype eq {
|
|
||||||
.currentSMask type /dicttype eq {
|
|
||||||
.currentSMask /Processed 2 index .forceput
|
|
||||||
+ } executeonly
|
|
||||||
+ {
|
|
||||||
+ .setSMask
|
|
||||||
+ }ifelse
|
|
||||||
} executeonly
|
|
||||||
{
|
|
||||||
- .setSMask
|
|
||||||
- }ifelse
|
|
||||||
- }{
|
|
||||||
.setSMask
|
|
||||||
}ifelse
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
|
|
||||||
index e34967d..5354ff0 100644
|
|
||||||
--- a/Resource/Init/gs_ttf.ps
|
|
||||||
+++ b/Resource/Init/gs_ttf.ps
|
|
||||||
@@ -1301,7 +1301,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
|
|
||||||
TTFDEBUG { (\n1 setting alias: ) print dup ==only
|
|
||||||
( to be the same as ) print 2 index //== exec } if
|
|
||||||
|
|
||||||
- 7 index 2 index 3 -1 roll exch .forceput
|
|
||||||
+ 7 index 2 index 3 -1 roll exch put
|
|
||||||
} forall
|
|
||||||
pop pop pop
|
|
||||||
}
|
|
||||||
@@ -1319,7 +1319,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
|
|
||||||
exch pop
|
|
||||||
TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
|
|
||||||
( to use glyph index: ) print dup //== exec } if
|
|
||||||
- 5 index 3 1 roll .forceput
|
|
||||||
+ 5 index 3 1 roll put
|
|
||||||
//false
|
|
||||||
}
|
|
||||||
{
|
|
||||||
@@ -1336,7 +1336,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
|
|
||||||
{ % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
|
|
||||||
TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
|
|
||||||
( to be index: ) print dup //== exec } if
|
|
||||||
- exch pop 5 index 3 1 roll .forceput
|
|
||||||
+ exch pop 5 index 3 1 roll put
|
|
||||||
}
|
|
||||||
{
|
|
||||||
pop pop
|
|
||||||
@@ -1366,7 +1366,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
|
|
||||||
} ifelse
|
|
||||||
]
|
|
||||||
TTFDEBUG { (Encoding: ) print dup === flush } if
|
|
||||||
-} .bind executeonly odef % hides .forceput
|
|
||||||
+} .bind odef
|
|
||||||
|
|
||||||
% ---------------- CIDFontType 2 font loading ---------------- %
|
|
||||||
|
|
@ -42,8 +42,8 @@
|
|||||||
|
|
||||||
Name: ghostscript
|
Name: ghostscript
|
||||||
Summary: Interpreter for PostScript language & PDF
|
Summary: Interpreter for PostScript language & PDF
|
||||||
Version: 9.27
|
Version: 9.50
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
|
|
||||||
License: AGPLv3+
|
License: AGPLv3+
|
||||||
|
|
||||||
@ -93,10 +93,8 @@ BuildRequires: libXt-devel
|
|||||||
# Upstream patches -- official upstream patches released by upstream since the
|
# Upstream patches -- official upstream patches released by upstream since the
|
||||||
# ---------------- last rebase that are necessary for any reason:
|
# ---------------- last rebase that are necessary for any reason:
|
||||||
#Patch000: example000.patch
|
#Patch000: example000.patch
|
||||||
Patch000: ghostscript-cve-2019-10216.patch
|
Patch000: 0001-Bug-701969-Fix-fontconfig-path-permissions-handling.patch
|
||||||
Patch001: ghostscript-cve-2019-14811-14812-14813.patch
|
Patch001: ghostscript-9.50-enumerate-all-fonts.patch
|
||||||
Patch002: ghostscript-cve-2019-14817.patch
|
|
||||||
Patch003: ghostscript-cve-2019-14869.patch
|
|
||||||
|
|
||||||
|
|
||||||
# Downstream patches -- these should be always included when doing rebase:
|
# Downstream patches -- these should be always included when doing rebase:
|
||||||
@ -462,6 +460,9 @@ done
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 11 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.50-1
|
||||||
|
- 9.50
|
||||||
|
|
||||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.27-3
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.27-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (ghostscript-9.27.tar.xz) = 5e67ad45a80f01c6ef0eabb1c76dfa8fb6e7f0fde8d82fd5daaf12f370c288a672f8fa69c74d9e30255582267e9a906e4e8b13655f8d993fefdfc8dbdb5d5401
|
SHA512 (ghostscript-9.50.tar.xz) = 3c1e5db519a427f4b6bfb8d93f3c3dfb67d5ec9ccd19c7afa7670deb768515f3fc617c5588e54934bbfbedfdf8609ce2ffa36dd7da3cb618937fe034f64f43ee
|
||||||
|
Loading…
Reference in New Issue
Block a user