From 47e96eb4a65356706c4e6344e74859d045d38237 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 29 Aug 2019 23:21:40 +0200 Subject: main/ghostscript: add security patches CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 --- main/ghostscript/APKBUILD | 10 ++++- main/ghostscript/forceput-inaccessible.patch | 63 ++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 main/ghostscript/forceput-inaccessible.patch (limited to 'main/ghostscript') diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD index 02999ebc1d..26b4e9fc19 100644 --- a/main/ghostscript/APKBUILD +++ b/main/ghostscript/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Cameron Banta pkgname=ghostscript pkgver=9.27 -pkgrel=2 +pkgrel=3 pkgdesc="An interpreter for the PostScript language and for PDF" url="https://ghostscript.com/" arch="all" @@ -17,9 +17,14 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/ ghostscript-system-zlib.patch fix-sprintf.patch CVE-2019-10216.patch + forceput-inaccessible.patch " # secfixes: +# 9.27-r3: +# - CVE-2019-14811 +# - CVE-2019-14812 +# - CVE-2019-14813 # 9.27-r2: # - CVE-2019-10216 # 9.26-r2: @@ -130,4 +135,5 @@ sha512sums="9ad7bd24b6d9b7d258e943783817be036a2e0234517baffa1016804ef9b6f3062fb5 289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e 0001-Bug700317-Address-.force-operators-exposure.tgz 70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482 ghostscript-system-zlib.patch beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch -f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f CVE-2019-10216.patch" +f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f CVE-2019-10216.patch +d7045aa5a02a3fc882552da0b9a60ea565a36d5d038cdf576dc7188158dc05a470ce9fa40bdf1e1003a48995f6707431980910372da549918caf789eb3a2f81f forceput-inaccessible.patch" diff --git a/main/ghostscript/forceput-inaccessible.patch b/main/ghostscript/forceput-inaccessible.patch new file mode 100644 index 0000000000..d2bfe9f43f --- /dev/null +++ b/main/ghostscript/forceput-inaccessible.patch @@ -0,0 +1,63 @@ +From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Tue, 20 Aug 2019 10:10:28 +0100 +Subject: [PATCH] make .forceput inaccessible + +Bug #701343, #701344, #701345 + +More defensive programming. We don't want people to access .forecput +even though it is no longer sufficient to bypass SAFER. The exploit +in #701343 didn't work anyway because of earlier work to stop the error +handler being used, but nevertheless, prevent access to .forceput from +.setuserparams2. +--- + Resource/Init/gs_lev2.ps | 6 +++--- + Resource/Init/gs_pdfwr.ps | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps +index 4cc7f82..0fd4164 100644 +--- a/Resource/Init/gs_lev2.ps ++++ b/Resource/Init/gs_lev2.ps +@@ -158,7 +158,7 @@ end + { + pop pop + } ifelse +- } forall ++ } executeonly forall + % A context switch might have occurred during the above loop, + % causing the interpreter-level parameters to be reset. + % Set them again to the new values. From here on, we are safe, +@@ -229,9 +229,9 @@ end + { pop pop + } + ifelse +- } ++ } executeonly + forall pop +-} .bind odef ++} .bind executeonly odef + + % Initialize the passwords. + % NOTE: the names StartJobPassword and SystemParamsPassword are known to +diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps +index c158a8f..422e66e 100644 +--- a/Resource/Init/gs_pdfwr.ps ++++ b/Resource/Init/gs_pdfwr.ps +@@ -658,11 +658,11 @@ currentdict /.pdfmarkparams .undef + systemdict /.pdf_hooked_DSC_Creator //true .forceput + } executeonly if + pop +- } if ++ } executeonly if + } { + pop + } ifelse +- } ++ } executeonly + { + pop + } ifelse +-- +2.9.1 + -- cgit v1.2.3