From 572bfae1715027763d93986dca4f15179a78f8d6 Mon Sep 17 00:00:00 2001 From: Rasmus Thomsen Date: Tue, 13 Aug 2019 11:26:02 +0200 Subject: main/ghostscript: fix CVE-2019-10216 Fixes #10726 --- main/ghostscript/APKBUILD | 13 ++++++---- main/ghostscript/CVE-2019-10216.patch | 49 +++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 main/ghostscript/CVE-2019-10216.patch (limited to 'main/ghostscript') diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD index 34ec8dc1f1..bc9202fa6f 100644 --- a/main/ghostscript/APKBUILD +++ b/main/ghostscript/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Cameron Banta pkgname=ghostscript pkgver=9.27 -pkgrel=1 +pkgrel=2 pkgdesc="An interpreter for the PostScript language and for PDF" url="https://ghostscript.com/" arch="all" @@ -16,10 +16,12 @@ source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/ https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz ghostscript-system-zlib.patch fix-sprintf.patch + CVE-2019-10216.patch " -builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 9.27-r2: +# - CVE-2019-10216 # 9.26-r2: # - CVE-2019-3835 # - CVE-2019-3838 @@ -69,7 +71,7 @@ prepare() { libtoolize --force && aclocal && autoconf && automake --add-missing } -build(){ +build() { # build ijs cd "$builddir"/ijs ./configure \ @@ -114,7 +116,7 @@ package() { cd .. # create empty dir for future fonts - mkdir -p "${pkgdir}"/usr/share/fonts/Type1 + mkdir -p "$pkgdir"/usr/share/fonts/Type1 } gtk() { @@ -127,4 +129,5 @@ gtk() { sha512sums="9ad7bd24b6d9b7d258e943783817be036a2e0234517baffa1016804ef9b6f3062fb5da20a890a0bfc9e58203ddcf25dc4465f5b3bf5e4a61db87bef0606a0884 ghostscript-9.27.tar.gz 289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e 0001-Bug700317-Address-.force-operators-exposure.tgz 70721e3a335afa5e21d4e6cf919119010bd4544a03ab8f53f5325c173902221ad9b88c118b4bfeee80b3e1956bcdbaf4c53f64ae7fb81f5ba57dbc956750c482 ghostscript-system-zlib.patch -beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch" +beefcf395f7f828e1b81c088022c08a506e218f27535b9de01e0f0edf7979b435316c318fa676771630f6ad16ff1ab059cd68aa128ed97e5a9f2f3fa840200c4 fix-sprintf.patch +f89744b17922b7d9c04c6de69ce35fa621732e4373eccc158b7ff6a9e56d2cf0bbea30c28119f4808864ca584e94342e5125d7bcc6195252455b5f223f379e3f CVE-2019-10216.patch" diff --git a/main/ghostscript/CVE-2019-10216.patch b/main/ghostscript/CVE-2019-10216.patch new file mode 100644 index 0000000000..e8dfa05a94 --- /dev/null +++ b/main/ghostscript/CVE-2019-10216.patch @@ -0,0 +1,49 @@ +From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Fri, 2 Aug 2019 15:18:26 +0100 +Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly + +--- + Resource/Init/gs_type1.ps | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index 6c7735b..a039cce 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -118,25 +118,25 @@ + ( to be the same as glyph: ) print 1 index //== exec } if + 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname +- } ++ }executeonly + {pop} ifelse +- } forall ++ } executeonly forall + pop pop +- } ++ } executeonly + { + pop pop pop + } ifelse +- } ++ } executeonly + { + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + pop pop + } ifelse +- } forall ++ } executeonly forall + 3 1 roll pop pop +- } if ++ } executeonly if + pop + dup /.AGLprocessed~GS //true .forceput +- } if ++ } executeonly if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there + %% are errors we can put the stack back sanely and exit. Otherwise callers won't +-- +2.9.1 + -- cgit v1.2.3