diff options
author | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
---|---|---|
committer | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch')
-rw-r--r-- | external/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch | 250 |
1 files changed, 250 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch b/external/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch new file mode 100644 index 00000000..db70bba2 --- /dev/null +++ b/external/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch @@ -0,0 +1,250 @@ +From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001 +From: Nancy Durgin <nancy.durgin@artifex.com> +Date: Tue, 27 Nov 2018 12:36:14 -0800 +Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps + +CVE: CVE-2019-6116 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + Resource/Init/gs_res.ps | 72 +++++++++++++++++++++++++-------------- + Resource/Init/gs_resmp.ps | 4 +-- + 2 files changed, 49 insertions(+), 27 deletions(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index d9b3459..18d5452 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -197,7 +197,7 @@ setglobal + /.findresource { % <key> <category> findresource <instance> + 2 copy dup /Category eq + { pop //Category 0 get begin } { .findcategory } ifelse +- /FindResource .resourceexec exch pop exch pop ++ /FindResource //.resourceexec exec exch pop exch pop + } bind + end % .Instances of Category + def +@@ -223,7 +223,7 @@ def + not { /defineresource cvx /typecheck signaloperror } if + } if + } if +- /DefineResource .resourceexec ++ /DefineResource //.resourceexec exec + 4 1 roll pop pop pop + } .errorexec + } bind executeonly odef +@@ -252,7 +252,7 @@ def + % without the check. + /resourcestatus cvx /typecheck signalerror + } if +- 2 copy .findcategory /ResourceStatus .resourceexec ++ 2 copy .findcategory /ResourceStatus //.resourceexec exec + { 4 2 roll pop pop //true } { pop pop //false } ifelse + } stopped { + % Although resourcestatus is an operator, Adobe uses executable name +@@ -266,7 +266,7 @@ def + } if + 1 .argindex 1 index % catch stackunderflow + +- { .findcategory /UndefineResource .resourceexec pop pop ++ { .findcategory /UndefineResource //.resourceexec exec pop pop + } stopped { + % Although undefineresource is an operator, Adobe uses executable name + % here but uses operator for the errors above. CET 23-33 +@@ -315,10 +315,10 @@ currentdict /pssystemparams known not { + /pssystemparams 10 dict readonly def + } if + pssystemparams begin +- .default_resource_dir +- /FontResourceDir (Font) .resource_dir_name ++ //.default_resource_dir exec ++ /FontResourceDir (Font) //.resource_dir_name exec + readonly .forcedef % pssys'params is r-o +- /GenericResourceDir () .resource_dir_name ++ /GenericResourceDir () //.resource_dir_name exec + readonly .forcedef % pssys'params is r-o + pop % .default_resource_dir + /GenericResourcePathSep +@@ -387,13 +387,13 @@ status { + } bind def + /.localresourceforall { % <key> <value> <args> .localr'forall - + exch pop +- 2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse ++ 2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse + } bind def + /.globalresourceforall { % <key> <value> <args> .globalr'forall - + exch pop + 2 copy 0 get .stringmatch { + dup 3 get begin .LocalInstances end 2 index known not { +- .enumerateresource ++ //.enumerateresource exec + } { + pop pop + } ifelse +@@ -408,7 +408,7 @@ status { + 3 index known { + pop pop pop + } { +- 2 index known { pop pop } { .enumerateresource } ifelse ++ 2 index known { pop pop } { //.enumerateresource exec } ifelse + } ifelse + } bind def + +@@ -468,19 +468,19 @@ status { + % .knownget doesn't fail on null + /findresource cvx /typecheck signaloperror + } if +- dup .getvminstance { ++ dup //.getvminstance exec { + exch pop 0 get + } { + dup ResourceStatus { + pop 1 gt { +- .DoLoadResource .getvminstance not { +- /findresource cvx .undefinedresource ++ .DoLoadResource //.getvminstance exec not { ++ /findresource cvx //.undefinedresource exec + } if 0 get + } { + .GetInstance pop 0 get + } ifelse + } { +- /findresource cvx .undefinedresource ++ /findresource cvx //.undefinedresource exec + } ifelse + } ifelse + } bind executeonly +@@ -621,7 +621,7 @@ status { + .currentglobal not .setglobal + vmstatus pop exch pop add + } repeat +-} bind def ++} bind executeonly odef + /.DoLoadResource { + % .LoadResource may push entries on the operand stack. + % It is an undocumented feature of Adobe implementations, +@@ -633,8 +633,8 @@ status { + {.LoadResource} 4 1 roll 4 .execn + % Stack: ... count key memused + .vmused exch sub +- 1 index .getvminstance not { +- pop dup .undefinedresource % didn't load ++ 1 index //.getvminstance exec not { ++ pop dup //.undefinedresource exec % didn't load + } if + dup 1 1 put + 2 3 -1 roll put +@@ -648,7 +648,7 @@ status { + { //true setglobal { .runresource } stopped //false setglobal { stop } if } + ifelse + } +- { dup .undefinedresource ++ { dup //.undefinedresource exec + } + ifelse + } bind +@@ -758,7 +758,7 @@ counttomark 2 idiv + /FindResource + { .Instances 1 index .knownget + { exch pop } +- { /findresource cvx .undefinedresource } ++ { /findresource cvx //.undefinedresource exec } + ifelse + } bind executeonly + /ResourceStatus +@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put + 2 copy /Generic /Category findresource /DefineResource get exec + exch pop + exch //.defaultcsnames exch .knownget { +- 1 index .definedefaultcs ++ 1 index //.definedefaultcs exec + currentglobal not { .userdict /.localcsdefaults //true put } if + } if + } bind executeonly +@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put + //.defaultcsnames 1 index .knownget { + % Stack: resname index + currentglobal { +- .undefinedefaultcs pop ++ //.undefinedefaultcs exec pop + } { + % We removed the local definition, but there might be a global one. + exch .GetInstance { +- 0 get .definedefaultcs ++ 0 get //.definedefaultcs exec + } { +- .undefinedefaultcs ++ //.undefinedefaultcs exec + } ifelse + % Recompute .localcsdefaults by scanning. This is rarely needed. + .userdict /.localcsdefaults //false //.defaultcsnames { +@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef + /Generic /Category findresource /UndefineResource get exec + } bind executeonly + /FindResource { +- dup .getvminstance { ++ dup //.getvminstance exec { + exch pop 0 get + } { + dup ResourceStatus { +@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef + % stack: name font vmused + % findfont has the prerogative of not calling definefont + % in certain obscure cases of font substitution. +- 2 index .getvminstance { ++ 2 index //.getvminstance exec { + dup 1 1 put + 2 3 -1 roll put + } { +@@ -1159,3 +1159,25 @@ end % level2dict + + %% Replace 1 (gs_resmp.ps) + (gs_resmp.ps) dup runlibfile VMDEBUG ++ ++[ ++ /.default_resource_dir ++ /.resource_dir_name ++] ++{systemdict exch .forceundef} forall ++ ++[ ++ /.definedefaultcs ++ /.undefinedefaultcs ++ /.defaultcsnames ++ /.enumerateresource ++ /.externalresourceforall ++ /.getvminstance ++ /.globalresourceforall ++ /.localresourceforall ++ /resourceforall1 ++ /.resourceexec ++ /.undefinedresource ++ /.vmused ++] ++{level2dict exch .forceundef} forall +diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps +index 9bb4263..cb948d1 100644 +--- a/Resource/Init/gs_resmp.ps ++++ b/Resource/Init/gs_resmp.ps +@@ -230,7 +230,7 @@ currentpacking //false setpacking + } { + dup dup .map exch .knownget { % /Name /Name <<record>> + dup dup /RecordVirtualMethods get /IsActive get exec { +- 1 index .getvminstance { % /Name /Name <<record>> holder ++ 1 index //.getvminstance exec { % /Name /Name <<record>> holder + 1 get 1 eq + } { + //true +@@ -242,7 +242,7 @@ currentpacking //false setpacking + DefineResource exec % size bStatusIs1 /Name Instance + % Make ResourceStatus to return correct values for this instance : + % Hack: we replace status values in the instance holder : +- exch .getvminstance pop % size bStatusIs1 Instance holder ++ exch //.getvminstance exec pop % size bStatusIs1 Instance holder + dup 5 -1 roll 2 exch put % bStatusIs1 Instance holder + 3 2 roll { % Instance holder + 1 1 put % Instance +-- +2.18.1 + |