diff --git a/SOURCES/ghostscript-cve-2019-10216.patch b/SOURCES/ghostscript-cve-2019-10216.patch new file mode 100644 index 0000000..83fc1f9 --- /dev/null +++ b/SOURCES/ghostscript-cve-2019-10216.patch @@ -0,0 +1,43 @@ +From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Fri, 2 Aug 2019 15:18:26 +0100 +Subject: Bug 701394: protect use of .forceput with executeonly + + +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index 6c7735bc0c..a039ccee35 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -118,25 +118,25 @@ + ( to be the same as glyph: ) print 1 index //== exec } if + 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname +- } ++ }executeonly + {pop} ifelse +- } forall ++ } executeonly forall + pop pop +- } ++ } executeonly + { + pop pop pop + } ifelse +- } ++ } executeonly + { + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + pop pop + } ifelse +- } forall ++ } executeonly forall + 3 1 roll pop pop +- } if ++ } executeonly if + pop + dup /.AGLprocessed~GS //true .forceput +- } if ++ } executeonly if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there + %% are errors we can put the stack back sanely and exit. Otherwise callers won't diff --git a/SPECS/ghostscript.spec b/SPECS/ghostscript.spec index b1550e0..8afcf31 100644 --- a/SPECS/ghostscript.spec +++ b/SPECS/ghostscript.spec @@ -34,7 +34,7 @@ Name: ghostscript Summary: Interpreter for PostScript language & PDF Version: 9.25 -Release: 2%{?dist} +Release: 2%{?dist}.1 License: AGPLv3+ @@ -103,6 +103,7 @@ Patch011: ghostscript-cve-2019-3835.patch Patch012: ghostscript-cve-2019-3838.patch Patch013: ghostscript-fix-DSC-comment-parsing.patch Patch014: ghostscript-pdf2dsc-regression.patch +Patch015: ghostscript-cve-2019-10216.patch # Downstream patches -- these should be always included when doing rebase: # ------------------ @@ -426,6 +427,9 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/%{name}/ # ============================================================================= %changelog +* Mon Aug 05 2019 Martin Osvald - 9.25-2.1 +- Resolves: #1737338 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394) + * Tue Apr 02 2019 Martin Osvald - 9.25-2 - obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel