mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-30 21:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca8d3f149478852d1decd03e324ea6975fd4b8f4
poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch
Hongxu Jia 9e2e38d349 ghostscript: fix CVE-2018-18073 
Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.

(From OE-Core rev: 6098c19e1f179896af7013c4b5db3081549c97bc)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-07 23:08:54 +00:00

43 lines
2.1 KiB
Diff
Raw Blame History

From 37d7c9117b70e75ebed21c6c8192251f127c0fb0 Mon Sep 17 00:00:00 2001
From: Nancy Durgin <nancy.durgin@artifex.com>
Date: Mon, 5 Nov 2018 15:36:27 +0800
Subject: [PATCH 1/2] Undefine some additional internal operators.
.type, .writecvs, .setSMask, .currentSMask
These don't seem to be referenced anywhere outside of the initialization code,
which binds their usages. Passes cluster if they are removed.
CVE: CVE-2018-18073
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
Resource/Init/gs_init.ps | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index f952f32..7c71d18 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -2230,6 +2230,7 @@ SAFER { .setsafeglobal } if
/.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile
/.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
/.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath
+ /.type /.writecvs /.setSMask /.currentSMask
% Used by a free user in the Library of Congress. Apparently this is used to
% draw a partial page, which is then filled in by the results of a barcode
@@ -2248,7 +2249,7 @@ SAFER { .setsafeglobal } if
% test files/utilities, or engineers expressed a desire to keep them visible.
%
%/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11
- %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors
+ %/.buildfont32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors
%/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget
%/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9
%/.tempfile /.numicc_components /.set_outputintent /.max /.min /.vmreclaim /.getpath /.setglobal
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink