diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2019-04-02 20:05:15 +0200 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-04-04 07:19:30 +0000 |
| commit | 2e62b7ed22984e045c0f6bc445dd7417cc9c8a60 (patch) | |
| tree | 244facca9945cc266b2ed9113428356c496032b0 /main/ghostscript/CVE-2019-3838.patch | |
| parent | 442ccc174a119c491694394b8050532b256cd0ed (diff) | |
| download | aports-2e62b7ed22984e045c0f6bc445dd7417cc9c8a60.tar.bz2 aports-2e62b7ed22984e045c0f6bc445dd7417cc9c8a60.tar.xz | |
Diffstat (limited to 'main/ghostscript/CVE-2019-3838.patch')
| -rw-r--r-- | main/ghostscript/CVE-2019-3838.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/main/ghostscript/CVE-2019-3838.patch b/main/ghostscript/CVE-2019-3838.patch new file mode 100644 index 0000000000..0ba1e876b6 --- /dev/null +++ b/main/ghostscript/CVE-2019-3838.patch @@ -0,0 +1,56 @@ +From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 20 Feb 2019 09:54:28 +0000 +Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in + DefineResource). + +This prevents access to .forceput + +Solution originally suggested by cbuissar@redhat.com. +--- + Resource/Init/gs_res.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index d9b3459..b646329 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -425,7 +425,7 @@ status { + % so we have to use .forcedef here. + /.Instances 1 index .forcedef % Category dict is read-only + } executeonly if +- } ++ } executeonly + { .LocalInstances dup //.emptydict eq + { pop 3 dict localinstancedict Category 2 index put + } +-- +2.20.1 + + +From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 22 Feb 2019 12:28:23 +0000 +Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs + executeonly'ed. + +--- + Resource/Init/gs_res.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index b646329..8c1f29f 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -437,7 +437,7 @@ status { + % Now make the resource value read-only. + 0 2 copy get { readonly } .internalstopped pop + dup 4 1 roll put exch pop exch pop +- } ++ } executeonly + { /defineresource cvx /typecheck signaloperror + } + ifelse +-- +2.20.1 + |