forked from NixOS/nixpkgs
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ghostscript: add patch for CVE-2019-14869
again, context-adjusted patch cribbed from debian's 9.26a~dfsg-0+deb9u6
- Loading branch information
Showing
2 changed files
with
59 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
From: Chris Liddell <chris.liddell@artifex.com> | ||
Date: Tue, 5 Nov 2019 09:45:27 +0000 | ||
Subject: Bug 701841: remove .forceput from /.charkeys | ||
Origin: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=485904772c5f0aa1140032746e5a0abfc40f4cef | ||
Bug: https://bugs.ghostscript.com/show_bug.cgi?id=701841 | ||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-14869 | ||
|
||
When loading Type 1 or Truetype fonts from disk, we attempt to extend the glyph | ||
name table to include all identifiable glyph names from the Adobe Glyph List. | ||
|
||
In the case of Type 1 fonts, the font itself (almost always) marks the | ||
CharStrings dictionary as read-only, hence we have to use .forceput for that | ||
case. | ||
|
||
But for Truetype fonts, the CharStrings dictionary is created internally and is | ||
not read-only until *after* we have fully populated it (including the extended | ||
glyph names from the AGL), hence there is no need for .forceput, and no need to | ||
carry the security risk of using it. | ||
|
||
Replace with regular put. | ||
[Salvatore Bonaccorso: Backport to 9.26a: Drop last hunck removing | ||
'executeonly' (hiding .forceput) as this was never added back in 9.26a. Thanks | ||
to Marc Deslauriers for pointing this out] | ||
--- | ||
Resource/Init/gs_ttf.ps | 8 ++++---- | ||
1 file changed, 4 insertions(+), 4 deletions(-) | ||
|
||
diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps | ||
index 74043d16b0cf..6be8fe9955cd 100644 | ||
--- a/Resource/Init/gs_ttf.ps | ||
+++ b/Resource/Init/gs_ttf.ps | ||
@@ -1304,7 +1304,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef | ||
TTFDEBUG { (\n1 setting alias: ) print dup ==only | ||
( to be the same as ) print 2 index //== exec } if | ||
|
||
- 7 index 2 index 3 -1 roll exch .forceput | ||
+ 7 index 2 index 3 -1 roll exch put | ||
} forall | ||
pop pop pop | ||
} | ||
@@ -1322,7 +1322,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef | ||
exch pop | ||
TTFDEBUG { (\n2 setting alias: ) print 1 index ==only | ||
( to use glyph index: ) print dup //== exec } if | ||
- 5 index 3 1 roll .forceput | ||
+ 5 index 3 1 roll put | ||
//false | ||
} | ||
{ | ||
@@ -1339,7 +1339,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef | ||
{ % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer) | ||
TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only | ||
( to be index: ) print dup //== exec } if | ||
- exch pop 5 index 3 1 roll .forceput | ||
+ exch pop 5 index 3 1 roll put | ||
} | ||
{ | ||
pop pop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters