summaryrefslogtreecommitdiff
path: root/source/ap/ghostscript/ghostscript-cve-2019-3838.patch
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2019-04-02 20:30:22 +0000
committerEric Hameleers <alien@slackware.com>2019-04-03 08:59:45 +0200
commitcaa5f28b83340fe23012ab27244a288449b26b26 (patch)
tree70102860b8f3df20347f25125b7ea065340cd1d5 /source/ap/ghostscript/ghostscript-cve-2019-3838.patch
parentdf86158dc598141c63689a86c2f247053e616719 (diff)
downloadcurrent-caa5f28b83340fe23012ab27244a288449b26b26.tar.gz
Tue Apr 2 20:30:22 UTC 201920190402203022
a/hwdata-0.322-noarch-1.txz: Upgraded. a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded. a/shadow-4.6-x86_64-2.txz: Rebuilt. adduser: reprompt on invalid user input. Thanks to ttk. ap/ghostscript-9.26-x86_64-2.txz: Rebuilt. Fixes security issues: A specially crafted PostScript file could have access to the file system outside of the constrains imposed by -dSAFER. Transient procedures can allow access to system operators, leading to remote code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116 (* Security fix *) d/vala-0.44.2-x86_64-1.txz: Upgraded. l/glib-networking-2.60.1-x86_64-1.txz: Upgraded. l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded. l/python-pillow-6.0.0-x86_64-1.txz: Upgraded. n/wget-1.20.2-x86_64-1.txz: Upgraded. Fixed an unspecified buffer overflow vulnerability. (* Security fix *)
Diffstat (limited to 'source/ap/ghostscript/ghostscript-cve-2019-3838.patch')
-rw-r--r--source/ap/ghostscript/ghostscript-cve-2019-3838.patch56
1 files changed, 56 insertions, 0 deletions
diff --git a/source/ap/ghostscript/ghostscript-cve-2019-3838.patch b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch
new file mode 100644
index 00000000..0ba1e876
--- /dev/null
+++ b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch
@@ -0,0 +1,56 @@
+From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 20 Feb 2019 09:54:28 +0000
+Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in
+ DefineResource).
+
+This prevents access to .forceput
+
+Solution originally suggested by cbuissar@redhat.com.
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index d9b3459..b646329 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -425,7 +425,7 @@ status {
+ % so we have to use .forcedef here.
+ /.Instances 1 index .forcedef % Category dict is read-only
+ } executeonly if
+- }
++ } executeonly
+ { .LocalInstances dup //.emptydict eq
+ { pop 3 dict localinstancedict Category 2 index put
+ }
+--
+2.20.1
+
+
+From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 22 Feb 2019 12:28:23 +0000
+Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs
+ executeonly'ed.
+
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index b646329..8c1f29f 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -437,7 +437,7 @@ status {
+ % Now make the resource value read-only.
+ 0 2 copy get { readonly } .internalstopped pop
+ dup 4 1 roll put exch pop exch pop
+- }
++ } executeonly
+ { /defineresource cvx /typecheck signaloperror
+ }
+ ifelse
+--
+2.20.1
+