ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-13 14:40:21 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: ghostscript: Fix CVE-2019-14869.

Browse source 
* gnu/packages/patches/ghostscript-CVE-2019-14869.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
This commit is contained in:
Marius Bakke 2020-01-20 18:11:38 +01:00
parent 84fd5d6feb
commit 99406d9b68
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 51 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -910,6 +910,7 @@ dist_patch_DATA = \
%D%/packages/patches/ghc-monad-par-fix-tests.patch \ %D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \ %D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \ %D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
%D%/packages/patches/ghostscript-CVE-2019-14869.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \

3
gnu/packages/ghostscript.scm
View file

@ -170,7 +170,8 @@ (define-public ghostscript
(sha256 (sha256
(base32 (base32
"1m770dwc82afdgzgq2kar3120r1lbybm3mssdm79f8kggf0v16yv")) "1m770dwc82afdgzgq2kar3120r1lbybm3mssdm79f8kggf0v16yv"))
(patches (search-patches "ghostscript-no-header-creationdate.patch" (patches (search-patches "ghostscript-CVE-2019-14869.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch" "ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch")) "ghostscript-no-header-uuid.patch"))
(modules '((guix build utils))) (modules '((guix build utils)))

48
gnu/packages/patches/ghostscript-CVE-2019-14869.patch Normal file
View file

@ -0,0 +1,48 @@
Fix CVE-2019-14869:
https://nvd.nist.gov/vuln/detail/CVE-2019-14869
Patch taken from upstream:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
index 74043d1..6be8fe9 100644
--- a/Resource/Init/gs_ttf.ps
+++ b/Resource/Init/gs_ttf.ps
@@ -1304,7 +1304,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
TTFDEBUG { (\n1 setting alias: ) print dup ==only
( to be the same as ) print 2 index //== exec } if
- 7 index 2 index 3 -1 roll exch .forceput
+ 7 index 2 index 3 -1 roll exch put
} forall
pop pop pop
}
@@ -1322,7 +1322,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
exch pop
TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
( to use glyph index: ) print dup //== exec } if
- 5 index 3 1 roll .forceput
+ 5 index 3 1 roll put
//false
}
{
@@ -1339,7 +1339,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
{ % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
( to be index: ) print dup //== exec } if
- exch pop 5 index 3 1 roll .forceput
+ exch pop 5 index 3 1 roll put
}
{
pop pop
@@ -1369,7 +1369,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
} ifelse
]
TTFDEBUG { (Encoding: ) print dup === flush } if
-} .bind executeonly odef % hides .forceput
+} .bind odef
% ---------------- CIDFontType 2 font loading ---------------- %