ghostscript : fix CVE-2019-10216

(From OE-Core rev: 4620180a073b721dbc91d14ab64285187bec4cb7) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-06-02 01:19:52 +00:00 · 2020-05-18 16:20:24 +08:00
parent 7ed7e1e332
commit 1cd36a832e
2 changed files with 54 additions and 0 deletions
@@ -0,0 +1,53 @@
+From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
+
+Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19] 
+CVE: CVE-2019-10216
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735bc0..a039ccee3 100644
+--- a/Resource/Init/gs_type1.ps
+++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+                          ( to be the same as glyph: ) print 1 index //== exec } if
+                    3 index exch 3 index .forceput
+                                                                  % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+-                 }
+                 }executeonly
+                  {pop} ifelse
+-               } forall
+               } executeonly forall
+                pop pop
+-             }
+             } executeonly
+              {
+                pop pop pop
+              } ifelse
+-           }
+           } executeonly
+            {
+                                                                % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+              pop pop
+            } ifelse
+-         } forall
+         } executeonly forall
+          3 1 roll pop pop
+-     } if
+     } executeonly if
+      pop
+      dup /.AGLprocessed~GS //true .forceput
+-   } if
+   } executeonly if
+ 
+    %% We need to excute the C .buildfont1 in a stopped context so that, if there
+    %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+-- 
+2.17.1
+
@@ -29,6 +29,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                file://CVE-2019-14817-0001.patch \
                file://CVE-2019-14817-0002.patch \
                file://CVE-2019-14869-0001.patch \
+                file://CVE-2019-10216.patch \
 "

 SRC_URI = "${SRC_URI_BASE} \