main/ghostscript: fix CVE-2019-10216

Fixes #10726
author: Rasmus Thomsen <oss@cogitri.dev> 2019-08-13 11:26:02 +0200
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2019-08-13 12:47:37 +0000
commit: 572bfae1715027763d93986dca4f15179a78f8d6 (patch)
tree: 6e92e464d4ce94bd3dd129c9b660350e5d83d1b2 /main/ghostscript
parent: 0b7e719034b2e852916cc28f145f2b144de37c0e (diff)
download: aports-572bfae1715027763d93986dca4f15179a78f8d6.tar.bz2
aports-572bfae1715027763d93986dca4f15179a78f8d6.tar.xz
2 files changed, 57 insertions, 5 deletions
diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD
index 34ec8dc1f1..bc9202fa6f 100644
--- a/main/ghostscript/APKBUILD
+++ b/main/ghostscript/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Cameron Banta <cbanta@gmail.com>
 pkgname=ghostscript
 pkgver=9.27
-pkgrel=1
+pkgrel=2
 pkgdesc="An interpreter for the PostScript language and for PDF"
 url="https://ghostscript.com/"
 arch="all"
@@ -16,10 +16,12 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/
 	https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz
 	ghostscript-system-zlib.patch
 	fix-sprintf.patch
+	CVE-2019-10216.patch
 	"
-builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   9.27-r2:
+#     - CVE-2019-10216
 #   9.26-r2:
 #     - CVE-2019-3835
 #     - CVE-2019-3838
@@ -69,7 +71,7 @@ prepare() {
 	libtoolize --force && aclocal && autoconf && automake --add-missing
 }
 
-build(){
+build() {
 	# build ijs
 	cd "$builddir"/ijs
 	./configure \
@@ -114,7 +116,7 @@ package() {
 	cd ..
 
 	# create empty dir for future fonts
-	mkdir -p "${pkgdir}"/usr/share/fonts/Type1
+	mkdir -p "$pkgdir"/usr/share/fonts/Type1
 }
 
 gtk() {
@@ -127,4 +129,5 @@ gtk() {
 sha512sums="9ad7bd24b6d9b7d258e943783817be036a2e0234517baffa1016804ef9b6f3062fb5da20a890a0bfc9e58203ddcf25dc4465f5b3bf5e4a61db87bef0606a0884  ghostscript-9.27.tar.gz
 289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e  0001-Bug700317-Address-.force-operators-exposure.tgz
 70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482  ghostscript-system-zlib.patch
-beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4  fix-sprintf.patch"
+beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4  fix-sprintf.patch
+f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f  CVE-2019-10216.patch"
diff --git a/main/ghostscript/CVE-2019-10216.patch b/main/ghostscript/CVE-2019-10216.patch
new file mode 100644
index 0000000000..e8dfa05a94
--- /dev/null
+++ b/main/ghostscript/CVE-2019-10216.patch
@@ -0,0 +1,49 @@
+From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735b..a039cce 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+                          ( to be the same as glyph: ) print 1 index //== exec } if
+                    3 index exch 3 index .forceput
+                                                                  % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+-                 }
++                 }executeonly
+                  {pop} ifelse
+-               } forall
++               } executeonly forall
+                pop pop
+-             }
++             } executeonly
+              {
+                pop pop pop
+              } ifelse
+-           }
++           } executeonly
+            {
+                                                                % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+              pop pop
+            } ifelse
+-         } forall
++         } executeonly forall
+          3 1 roll pop pop
+-     } if
++     } executeonly if
+      pop
+      dup /.AGLprocessed~GS //true .forceput
+-   } if
++   } executeonly if
+ 
+    %% We need to excute the C .buildfont1 in a stopped context so that, if there
+    %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+-- 
+2.9.1
+
author	Rasmus Thomsen <oss@cogitri.dev>	2019-08-13 11:26:02 +0200
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2019-08-13 12:47:37 +0000
commit	572bfae1715027763d93986dca4f15179a78f8d6 (patch)
tree	6e92e464d4ce94bd3dd129c9b660350e5d83d1b2 /main/ghostscript
parent	0b7e719034b2e852916cc28f145f2b144de37c0e (diff)
download	aports-572bfae1715027763d93986dca4f15179a78f8d6.tar.bz2 aports-572bfae1715027763d93986dca4f15179a78f8d6.tar.xz