main/ghostscript: fix CVE-2019-10216

Ref #10726
author: Rasmus Thomsen <oss@cogitri.dev> 2019-08-13 11:39:58 +0200
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2019-08-13 12:44:14 +0000
commit: 356973950eee8c184c404d8ef97eec75452d8d90 (patch)
tree: 1f0140d774daf6f5608c30e76bc7b7d3e254b50c /main
parent: ea5be313d97682dce48ab78c70818867579099d8 (diff)
download: aports-356973950eee8c184c404d8ef97eec75452d8d90.tar.bz2
aports-356973950eee8c184c404d8ef97eec75452d8d90.tar.xz
2 files changed, 55 insertions, 2 deletions
diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD
index ac139d32cb..3abe52709b 100644
--- a/main/ghostscript/APKBUILD
+++ b/main/ghostscript/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Cameron Banta <cbanta@gmail.com>
 pkgname=ghostscript
 pkgver=9.26
-pkgrel=2
+pkgrel=3
 pkgdesc="An interpreter for the PostScript language and for PDF"
 url="https://ghostscript.com/"
 arch="all"
@@ -16,12 +16,15 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/
 	CVE-2019-6116.patch
 	CVE-2019-3835.patch
 	CVE-2019-3838.patch
+	CVE-2019-10216.patch
 	ghostscript-system-zlib.patch
 	fix-sprintf.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   9.26-r3:
+#     - CVE-2019-10216
 #   9.26-r2:
 #     - CVE-2019-3835
 #     - CVE-2019-3838
@@ -135,8 +138,9 @@ gtk() {
 
 sha512sums="670159c23618ffafa85c671642bf182a107a82c053a1fd8c3f45f73f203524077be1b212d2ddbabae7892c7713922877e03b020f78bd2aab1ae582c4fc7d820a  ghostscript-9.26.tar.gz
 289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e  0001-Bug700317-Address-.force-operators-exposure.tgz
+78564c1dd878cb6a924663cb5d61901a413a867dedc8753e537e08a4da9cc0aaeb817bab266fd66e5d0e871d9ed6078af6e6f455b5426e0917875682d76638f5  CVE-2019-6116.patch
 31769852e75be4e1cd0e7c3f43cc7b3457bf9ba505fc2a5acda53779cc5626854bf15fef3e225f3d922f4038dd18c598dbac30abb863159202e4d0fe02c02d3b  CVE-2019-3835.patch
 dc3bd1de86e4a968ed35a35a125f682cffeed51fe4dbf9b3939dd78b07ef0748fe6b34816e689bcfffb4f819e51bcb5022f3151a5610aa24fd2468cdcbc665ea  CVE-2019-3838.patch
-78564c1dd878cb6a924663cb5d61901a413a867dedc8753e537e08a4da9cc0aaeb817bab266fd66e5d0e871d9ed6078af6e6f455b5426e0917875682d76638f5  CVE-2019-6116.patch
+f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f  CVE-2019-10216.patch
 70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482  ghostscript-system-zlib.patch
 beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4  fix-sprintf.patch"
diff --git a/main/ghostscript/CVE-2019-10216.patch b/main/ghostscript/CVE-2019-10216.patch
new file mode 100644
index 0000000000..e8dfa05a94
--- /dev/null
+++ b/main/ghostscript/CVE-2019-10216.patch
@@ -0,0 +1,49 @@
+From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735b..a039cce 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+                          ( to be the same as glyph: ) print 1 index //== exec } if
+                    3 index exch 3 index .forceput
+                                                                  % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+-                 }
++                 }executeonly
+                  {pop} ifelse
+-               } forall
++               } executeonly forall
+                pop pop
+-             }
++             } executeonly
+              {
+                pop pop pop
+              } ifelse
+-           }
++           } executeonly
+            {
+                                                                % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+              pop pop
+            } ifelse
+-         } forall
++         } executeonly forall
+          3 1 roll pop pop
+-     } if
++     } executeonly if
+      pop
+      dup /.AGLprocessed~GS //true .forceput
+-   } if
++   } executeonly if
+ 
+    %% We need to excute the C .buildfont1 in a stopped context so that, if there
+    %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+-- 
+2.9.1
+
author	Rasmus Thomsen <oss@cogitri.dev>	2019-08-13 11:39:58 +0200
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2019-08-13 12:44:14 +0000
commit	356973950eee8c184c404d8ef97eec75452d8d90 (patch)
tree	1f0140d774daf6f5608c30e76bc7b7d3e254b50c /main
parent	ea5be313d97682dce48ab78c70818867579099d8 (diff)
download	aports-356973950eee8c184c404d8ef97eec75452d8d90.tar.bz2 aports-356973950eee8c184c404d8ef97eec75452d8d90.tar.xz