Accepting request 800666 from Printing
Ghostscript version upgrade to 9.52 which is primarily a general security upgrade that fixes in particular CVE-2020-12268 (bsc#1170603) OBS-URL: https://build.opensuse.org/request/show/800666 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=45
This commit is contained in:
commit
7cdda786d1
@ -1,44 +0,0 @@
|
|||||||
From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Liddell <chris.liddell@artifex.com>
|
|
||||||
Date: Fri, 2 Aug 2019 15:18:26 +0100
|
|
||||||
Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
|
|
||||||
|
|
||||||
---
|
|
||||||
Resource/Init/gs_type1.ps | 14 +++++++-------
|
|
||||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
--- Resource/Init/gs_type1.ps
|
|
||||||
+++ Resource/Init/gs_type1.ps 2019-09-16 13:09:12.277074046 +0000
|
|
||||||
@@ -118,25 +118,25 @@
|
|
||||||
( to be the same as glyph: ) print 1 index //== exec } if
|
|
||||||
3 index exch 3 index .forceput
|
|
||||||
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
|
|
||||||
- }
|
|
||||||
+ }executeonly
|
|
||||||
{pop} ifelse
|
|
||||||
- } forall
|
|
||||||
+ } executeonly forall
|
|
||||||
pop pop
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
pop pop pop
|
|
||||||
} ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
% scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
|
|
||||||
pop pop
|
|
||||||
} ifelse
|
|
||||||
- } forall
|
|
||||||
+ } executeonly forall
|
|
||||||
3 1 roll pop pop
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
pop
|
|
||||||
dup /.AGLprocessed~GS //true .forceput
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
|
|
||||||
%% We need to excute the C .buildfont1 in a stopped context so that, if there
|
|
||||||
%% are errors we can put the stack back sanely and exit. Otherwise callers won't
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285
|
|
||||||
size 42277543
|
|
3
ghostscript-9.52.tar.gz
Normal file
3
ghostscript-9.52.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:c2501d8e8e0814c4a5aa7e443e230e73d7af7f70287546f7b697e5ef49e32176
|
||||||
|
size 49722607
|
@ -1,3 +1,134 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de
|
||||||
|
|
||||||
|
- The version upgrade to 9.52 fixes in particular
|
||||||
|
CVE-2020-12268: jbic2dec: heap-based buffer overflow
|
||||||
|
in jbig2_image_compose (bsc#1170603)
|
||||||
|
- Version upgrade to 9.52
|
||||||
|
Highlights in this release include:
|
||||||
|
* The 9.52 release replaces the 9.51 release after a problem
|
||||||
|
was reported with 9.51 which warranted the quick turnaround.
|
||||||
|
Thus, like 9.51, 9.52 is primarily a maintenance release,
|
||||||
|
consolidating the changes we introduced in 9.50.
|
||||||
|
* IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt
|
||||||
|
(the "mt" indicating "multi-thread").
|
||||||
|
LCMS2 is not thread-safe, and cannot be made thread-safe
|
||||||
|
without breaking the ABI. Our fork will be thread-safe and
|
||||||
|
include performance enhancements (these changes have all
|
||||||
|
been offered and rejected upstream). We will maintain
|
||||||
|
compatibility between Ghostscript and LCMS2 for a time,
|
||||||
|
but not in perpetuity. If there is sufficient interest,
|
||||||
|
our fork will be available as its own package separately
|
||||||
|
from Ghostscript (and MuPDF).
|
||||||
|
* The usual round of bug fixes, compatibility changes,
|
||||||
|
and incremental improvements.
|
||||||
|
Incompatible changes:
|
||||||
|
* New option -dALLOWPSTRANSPARENCY: The transparency compositor
|
||||||
|
(and related features), whilst we are improving it, remains
|
||||||
|
sensitive to being driven correctly, and incorrect use
|
||||||
|
can have unexpected/undefined results. Hence, as part of
|
||||||
|
improving security, we limited access to these operators,
|
||||||
|
originally using the -dSAFER feature. As we made "SAFER"
|
||||||
|
the default mode, that became unacceptable, hence the
|
||||||
|
new option -dALLOWPSTRANSPARENCY which enables access
|
||||||
|
to the operators, cf.
|
||||||
|
https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY
|
||||||
|
For a release summary see:
|
||||||
|
https://www.ghostscript.com/doc/9.52/News.htm
|
||||||
|
For details see the News.htm and History9.htm files.
|
||||||
|
- Version upgrade to 9.51
|
||||||
|
Highlights in this release include:
|
||||||
|
* 9.51 is primarily a maintainance release, consolidating
|
||||||
|
the changes we introduced in 9.50.
|
||||||
|
* We have continued our work on code hygiene for this release,
|
||||||
|
with a focus on the static analysis tool Coverity
|
||||||
|
(from Synopsys, Inc) and we are now maintaining a policy of
|
||||||
|
zero Coverity issues in the Ghostscript/GhostPDL source base.
|
||||||
|
* IMPORTANT: In consultation with a representative of
|
||||||
|
OpenPrinting (http://www.openprinting.org/) it is our
|
||||||
|
intention to deprecate and, in the not distant future,
|
||||||
|
remove the OpenPrinting Vector/Raster Printer Drivers
|
||||||
|
(that is, the opvp and oprp devices).
|
||||||
|
If you rely on either of these devices, please get in touch
|
||||||
|
with us (i.e. Ghostscript upstream), so we can discuss your
|
||||||
|
use case, and revise our plans accordingly.
|
||||||
|
* We (i.e. Ghostscript upstream) are in the process of forking
|
||||||
|
LittleCMS, cf. the other release notes entries below.
|
||||||
|
* The usual round of bug fixes, compatibility changes,
|
||||||
|
and incremental improvements.
|
||||||
|
For a release summary see:
|
||||||
|
https://www.ghostscript.com/doc/9.51/News.htm
|
||||||
|
For details see the News.htm and History9.htm files.
|
||||||
|
- Version upgrade to 9.50
|
||||||
|
Highlights in this release include:
|
||||||
|
* The change to version 9.50 follows recognition
|
||||||
|
of the extent and importance of the file access control
|
||||||
|
redesign/reimplementation outlined below.
|
||||||
|
* The file access control capability (enable with -dSAFER)
|
||||||
|
has been completely rewritten, with a ground-up rethink
|
||||||
|
of the design. For more details, see: "SAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#Safer
|
||||||
|
* It is important to note that -dSAFER now only enables the
|
||||||
|
file access controls, and no longer applies restrictions
|
||||||
|
to standard Postscript functionality (specifically,
|
||||||
|
restrictions on setpagedevice). If your application relies
|
||||||
|
on these Postscript restrictions, see "OLDSAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer
|
||||||
|
and please get in touch, as we do plan to remove those
|
||||||
|
Postscript restrictions unless we have reason not to.
|
||||||
|
IMPORTANT: File access controls are now enabled by default.
|
||||||
|
In order to run Ghostscript without these controls,
|
||||||
|
see "NOSAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer
|
||||||
|
* We (i.e. Ghostscript upstream) are in the process of forking
|
||||||
|
LittleCMS, cf. the other release notes entries below.
|
||||||
|
* The usual round of bug fixes, compatibility changes,
|
||||||
|
and incremental improvements.
|
||||||
|
Incompatible changes:
|
||||||
|
* There are a couple of subtle incompatibilities between the old
|
||||||
|
and new SAFER implementations. Firstly, as mentioned above,
|
||||||
|
SAFER now leaves standard Postcript functionality unchanged
|
||||||
|
(except for the file access limitations). Secondly, the
|
||||||
|
interaction with save/restore operations, see "SAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#Safer
|
||||||
|
* The following is not strictly speaking new to 9.50,
|
||||||
|
as not much has changed since 9.27 in this area,
|
||||||
|
but for those who don't upgrade with every release:
|
||||||
|
The process of "tidying" the Postscript name space should have
|
||||||
|
removed only non-standard and undocumented operators.
|
||||||
|
Nevertheless, it is possible that any integrations or utilities
|
||||||
|
that rely on those non-standard and undocumented operators
|
||||||
|
may stop working, or may change behaviour.
|
||||||
|
If you encounter such a case, please contact us
|
||||||
|
(i.e. Ghostscript upstream, either the #ghostscript IRC channel
|
||||||
|
or the gs-devel mailing list would be best), and we'll work
|
||||||
|
with you to either find an alternative solution or return the
|
||||||
|
previous functionality, if there is genuinely no other option.
|
||||||
|
One case we know this has occurred is GSView 5 (and earlier).
|
||||||
|
GSView 5 support for PDF files relied upon internal use only
|
||||||
|
features which are no longer available. GSView 5 will still
|
||||||
|
work as previously for Postscript files. For PDF files,
|
||||||
|
users are encouraged to look at MuPDF https://www.mupdf.com/
|
||||||
|
For a release summary see:
|
||||||
|
https://www.ghostscript.com/doc/9.50/News.htm
|
||||||
|
For details see the News.htm and History9.htm files.
|
||||||
|
- CVE-2019-10216.patch
|
||||||
|
gs-CVE-2019-14811-885444fc.patch
|
||||||
|
gs-CVE-2019-14817-cd1b1cac.patch
|
||||||
|
openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
||||||
|
are fixed in the version 9.52 upstream sources.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||||||
|
|
||||||
|
- Use system openjpeg2 on Tumbleweed/Factory.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 23 08:24:49 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
|
||||||
|
|
||||||
|
- Made ghostscript profile enforcing and limit it to the ghostscript
|
||||||
|
binaries (bsc#1150338)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
||||||
|
|
||||||
@ -32,6 +163,11 @@ Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink <werner@suse.de>
|
|||||||
https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621
|
https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621
|
||||||
https://bugs.ghostscript.com/show_bug.cgi?id=701394
|
https://bugs.ghostscript.com/show_bug.cgi?id=701394
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com
|
||||||
|
|
||||||
|
- Set AA profile to complain and added fixes for ps2epsi (boo#1134327)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de
|
Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de
|
||||||
|
|
||||||
@ -981,6 +1117,11 @@ Tue Sep 9 16:06:31 CEST 2014 - jsmeix@suse.de
|
|||||||
it is fixed in the upstream sources.
|
it is fixed in the upstream sources.
|
||||||
- Removed trailing whitespaces in spec file and changes file.
|
- Removed trailing whitespaces in spec file and changes file.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 18 15:12:28 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- gs does not seem to require libopenssl-devel for building.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 27 12:21:55 CET 2014 - jsmeix@suse.de
|
Thu Mar 27 12:21:55 CET 2014 - jsmeix@suse.de
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ URL: https://www.ghostscript.com/
|
|||||||
# so that we keep additionally the previous version number to upgrade from the previous version:
|
# so that we keep additionally the previous version number to upgrade from the previous version:
|
||||||
# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
|
# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
|
||||||
#Version: 9.25pre26rc1
|
#Version: 9.25pre26rc1
|
||||||
Version: 9.27
|
Version: 9.52
|
||||||
Release: 0
|
Release: 0
|
||||||
# Normal version for Ghostscript releases is the upstream version:
|
# Normal version for Ghostscript releases is the upstream version:
|
||||||
# tarball_version is used below to specify the directory via "setup -n":
|
# tarball_version is used below to specify the directory via "setup -n":
|
||||||
@ -59,7 +59,7 @@ Release: 0
|
|||||||
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
|
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
|
||||||
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
|
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
|
||||||
#define built_version %{version}
|
#define built_version %{version}
|
||||||
%define built_version 9.27
|
%define built_version 9.52
|
||||||
# Source0...Source9 is for sources from upstream:
|
# Source0...Source9 is for sources from upstream:
|
||||||
# Special URLs for Ghostscript release candidates:
|
# Special URLs for Ghostscript release candidates:
|
||||||
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
||||||
@ -71,21 +71,13 @@ Release: 0
|
|||||||
#Source0: ghostscript-%{tarball_version}.tar.gz
|
#Source0: ghostscript-%{tarball_version}.tar.gz
|
||||||
# Normal URLs for Ghostscript releases:
|
# Normal URLs for Ghostscript releases:
|
||||||
# URL for Source0:
|
# URL for Source0:
|
||||||
# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz
|
# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz
|
||||||
# URL for MD5 checksums:
|
# URL for MD5 checksums:
|
||||||
# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS
|
# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
|
||||||
# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz
|
# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz
|
||||||
Source0: ghostscript-%{version}.tar.gz
|
Source0: ghostscript-%{version}.tar.gz
|
||||||
Source1: apparmor_ghostscript
|
Source1: apparmor_ghostscript
|
||||||
# Patch0...Patch9 is for patches from upstream:
|
# Patch0...Patch9 is for patches from upstream:
|
||||||
# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616
|
|
||||||
Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
|
||||||
# Patch1 Add commit from of upstream to fix CVE-2019-10216
|
|
||||||
Patch1: CVE-2019-10216.patch
|
|
||||||
# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
|
|
||||||
Patch2: gs-CVE-2019-14811-885444fc.patch
|
|
||||||
# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817
|
|
||||||
Patch3: gs-CVE-2019-14817-cd1b1cac.patch
|
|
||||||
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
||||||
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
|
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
|
||||||
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
|
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
|
||||||
@ -93,6 +85,8 @@ Patch3: gs-CVE-2019-14817-cd1b1cac.patch
|
|||||||
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
||||||
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
|
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
|
||||||
Patch100: remove-zlib-h-dependency.patch
|
Patch100: remove-zlib-h-dependency.patch
|
||||||
|
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
|
||||||
|
# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
|
||||||
Patch101: ijs_exec_server_dont_use_sh.patch
|
Patch101: ijs_exec_server_dont_use_sh.patch
|
||||||
# RPM dependencies:
|
# RPM dependencies:
|
||||||
Conflicts: ghostscript
|
Conflicts: ghostscript
|
||||||
@ -152,21 +146,14 @@ This package contains the development files for Minimal Ghostscript.
|
|||||||
# Be quiet when unpacking and
|
# Be quiet when unpacking and
|
||||||
# use a directory name matching Source0 to make it work also for ghostscript-mini:
|
# use a directory name matching Source0 to make it work also for ghostscript-mini:
|
||||||
%setup -q -n ghostscript-%{tarball_version}
|
%setup -q -n ghostscript-%{tarball_version}
|
||||||
# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616
|
|
||||||
# openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
|
||||||
%patch0
|
|
||||||
# Patch1 Add commit from of upstream to fix CVE-2019-10216
|
|
||||||
%patch1 -p0
|
|
||||||
# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
|
|
||||||
%patch2 -p1
|
|
||||||
# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817
|
|
||||||
%patch3 -p1
|
|
||||||
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
||||||
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
|
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
|
||||||
# Again use the zlib sources from Ghostscript upstream
|
# Again use the zlib sources from Ghostscript upstream
|
||||||
# and disable remove-zlib-h-dependency.patch because
|
# and disable remove-zlib-h-dependency.patch because
|
||||||
# Ghostscript 9.21 does no longer build this way:
|
# Ghostscript 9.21 does no longer build this way:
|
||||||
#patch100 -p1 -b remove-zlib-h-dependency.orig
|
#patch100 -p1 -b remove-zlib-h-dependency.orig
|
||||||
|
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
|
||||||
|
# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
# Remove patch backup files to avoid packaging
|
# Remove patch backup files to avoid packaging
|
||||||
# cf. https://build.opensuse.org/request/show/581052
|
# cf. https://build.opensuse.org/request/show/581052
|
||||||
|
@ -1,3 +1,123 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de
|
||||||
|
|
||||||
|
- The version upgrade to 9.52 fixes in particular
|
||||||
|
CVE-2020-12268: jbic2dec: heap-based buffer overflow
|
||||||
|
in jbig2_image_compose (bsc#1170603)
|
||||||
|
- Version upgrade to 9.52
|
||||||
|
Highlights in this release include:
|
||||||
|
* The 9.52 release replaces the 9.51 release after a problem
|
||||||
|
was reported with 9.51 which warranted the quick turnaround.
|
||||||
|
Thus, like 9.51, 9.52 is primarily a maintenance release,
|
||||||
|
consolidating the changes we introduced in 9.50.
|
||||||
|
* IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt
|
||||||
|
(the "mt" indicating "multi-thread").
|
||||||
|
LCMS2 is not thread-safe, and cannot be made thread-safe
|
||||||
|
without breaking the ABI. Our fork will be thread-safe and
|
||||||
|
include performance enhancements (these changes have all
|
||||||
|
been offered and rejected upstream). We will maintain
|
||||||
|
compatibility between Ghostscript and LCMS2 for a time,
|
||||||
|
but not in perpetuity. If there is sufficient interest,
|
||||||
|
our fork will be available as its own package separately
|
||||||
|
from Ghostscript (and MuPDF).
|
||||||
|
* The usual round of bug fixes, compatibility changes,
|
||||||
|
and incremental improvements.
|
||||||
|
Incompatible changes:
|
||||||
|
* New option -dALLOWPSTRANSPARENCY: The transparency compositor
|
||||||
|
(and related features), whilst we are improving it, remains
|
||||||
|
sensitive to being driven correctly, and incorrect use
|
||||||
|
can have unexpected/undefined results. Hence, as part of
|
||||||
|
improving security, we limited access to these operators,
|
||||||
|
originally using the -dSAFER feature. As we made "SAFER"
|
||||||
|
the default mode, that became unacceptable, hence the
|
||||||
|
new option -dALLOWPSTRANSPARENCY which enables access
|
||||||
|
to the operators, cf.
|
||||||
|
https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY
|
||||||
|
For a release summary see:
|
||||||
|
https://www.ghostscript.com/doc/9.52/News.htm
|
||||||
|
For details see the News.htm and History9.htm files.
|
||||||
|
- Version upgrade to 9.51
|
||||||
|
Highlights in this release include:
|
||||||
|
* 9.51 is primarily a maintainance release, consolidating
|
||||||
|
the changes we introduced in 9.50.
|
||||||
|
* We have continued our work on code hygiene for this release,
|
||||||
|
with a focus on the static analysis tool Coverity
|
||||||
|
(from Synopsys, Inc) and we are now maintaining a policy of
|
||||||
|
zero Coverity issues in the Ghostscript/GhostPDL source base.
|
||||||
|
* IMPORTANT: In consultation with a representative of
|
||||||
|
OpenPrinting (http://www.openprinting.org/) it is our
|
||||||
|
intention to deprecate and, in the not distant future,
|
||||||
|
remove the OpenPrinting Vector/Raster Printer Drivers
|
||||||
|
(that is, the opvp and oprp devices).
|
||||||
|
If you rely on either of these devices, please get in touch
|
||||||
|
with us (i.e. Ghostscript upstream), so we can discuss your
|
||||||
|
use case, and revise our plans accordingly.
|
||||||
|
* We (i.e. Ghostscript upstream) are in the process of forking
|
||||||
|
LittleCMS, cf. the other release notes entries below.
|
||||||
|
* The usual round of bug fixes, compatibility changes,
|
||||||
|
and incremental improvements.
|
||||||
|
For a release summary see:
|
||||||
|
https://www.ghostscript.com/doc/9.51/News.htm
|
||||||
|
For details see the News.htm and History9.htm files.
|
||||||
|
- Version upgrade to 9.50
|
||||||
|
Highlights in this release include:
|
||||||
|
* The change to version 9.50 follows recognition
|
||||||
|
of the extent and importance of the file access control
|
||||||
|
redesign/reimplementation outlined below.
|
||||||
|
* The file access control capability (enable with -dSAFER)
|
||||||
|
has been completely rewritten, with a ground-up rethink
|
||||||
|
of the design. For more details, see: "SAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#Safer
|
||||||
|
* It is important to note that -dSAFER now only enables the
|
||||||
|
file access controls, and no longer applies restrictions
|
||||||
|
to standard Postscript functionality (specifically,
|
||||||
|
restrictions on setpagedevice). If your application relies
|
||||||
|
on these Postscript restrictions, see "OLDSAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer
|
||||||
|
and please get in touch, as we do plan to remove those
|
||||||
|
Postscript restrictions unless we have reason not to.
|
||||||
|
IMPORTANT: File access controls are now enabled by default.
|
||||||
|
In order to run Ghostscript without these controls,
|
||||||
|
see "NOSAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer
|
||||||
|
* We (i.e. Ghostscript upstream) are in the process of forking
|
||||||
|
LittleCMS, cf. the other release notes entries below.
|
||||||
|
* The usual round of bug fixes, compatibility changes,
|
||||||
|
and incremental improvements.
|
||||||
|
Incompatible changes:
|
||||||
|
* There are a couple of subtle incompatibilities between the old
|
||||||
|
and new SAFER implementations. Firstly, as mentioned above,
|
||||||
|
SAFER now leaves standard Postcript functionality unchanged
|
||||||
|
(except for the file access limitations). Secondly, the
|
||||||
|
interaction with save/restore operations, see "SAFER" at
|
||||||
|
https://www.ghostscript.com/doc/9.50/Use.htm#Safer
|
||||||
|
* The following is not strictly speaking new to 9.50,
|
||||||
|
as not much has changed since 9.27 in this area,
|
||||||
|
but for those who don't upgrade with every release:
|
||||||
|
The process of "tidying" the Postscript name space should have
|
||||||
|
removed only non-standard and undocumented operators.
|
||||||
|
Nevertheless, it is possible that any integrations or utilities
|
||||||
|
that rely on those non-standard and undocumented operators
|
||||||
|
may stop working, or may change behaviour.
|
||||||
|
If you encounter such a case, please contact us
|
||||||
|
(i.e. Ghostscript upstream, either the #ghostscript IRC channel
|
||||||
|
or the gs-devel mailing list would be best), and we'll work
|
||||||
|
with you to either find an alternative solution or return the
|
||||||
|
previous functionality, if there is genuinely no other option.
|
||||||
|
One case we know this has occurred is GSView 5 (and earlier).
|
||||||
|
GSView 5 support for PDF files relied upon internal use only
|
||||||
|
features which are no longer available. GSView 5 will still
|
||||||
|
work as previously for Postscript files. For PDF files,
|
||||||
|
users are encouraged to look at MuPDF https://www.mupdf.com/
|
||||||
|
For a release summary see:
|
||||||
|
https://www.ghostscript.com/doc/9.50/News.htm
|
||||||
|
For details see the News.htm and History9.htm files.
|
||||||
|
- CVE-2019-10216.patch
|
||||||
|
gs-CVE-2019-14811-885444fc.patch
|
||||||
|
gs-CVE-2019-14817-cd1b1cac.patch
|
||||||
|
openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
||||||
|
are fixed in the version 9.52 upstream sources.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||||||
|
|
||||||
|
@ -71,7 +71,7 @@ URL: https://www.ghostscript.com/
|
|||||||
# so that we keep additionally the previous version number to upgrade from the previous version:
|
# so that we keep additionally the previous version number to upgrade from the previous version:
|
||||||
# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
|
# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1.
|
||||||
#Version: 9.25pre26rc1
|
#Version: 9.25pre26rc1
|
||||||
Version: 9.27
|
Version: 9.52
|
||||||
Release: 0
|
Release: 0
|
||||||
# Normal version for Ghostscript releases is the upstream version:
|
# Normal version for Ghostscript releases is the upstream version:
|
||||||
# tarball_version is used below to specify the directory via "setup -n":
|
# tarball_version is used below to specify the directory via "setup -n":
|
||||||
@ -83,7 +83,7 @@ Release: 0
|
|||||||
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
|
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
|
||||||
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
|
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
|
||||||
#define built_version %{version}
|
#define built_version %{version}
|
||||||
%define built_version 9.27
|
%define built_version 9.52
|
||||||
# Source0...Source9 is for sources from upstream:
|
# Source0...Source9 is for sources from upstream:
|
||||||
# Special URLs for Ghostscript release candidates:
|
# Special URLs for Ghostscript release candidates:
|
||||||
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
||||||
@ -95,21 +95,13 @@ Release: 0
|
|||||||
#Source0: ghostscript-%{tarball_version}.tar.gz
|
#Source0: ghostscript-%{tarball_version}.tar.gz
|
||||||
# Normal URLs for Ghostscript releases:
|
# Normal URLs for Ghostscript releases:
|
||||||
# URL for Source0:
|
# URL for Source0:
|
||||||
# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz
|
# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz
|
||||||
# URL for MD5 checksums:
|
# URL for MD5 checksums:
|
||||||
# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS
|
# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS
|
||||||
# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz
|
# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz
|
||||||
Source0: ghostscript-%{version}.tar.gz
|
Source0: ghostscript-%{version}.tar.gz
|
||||||
Source1: apparmor_ghostscript
|
Source1: apparmor_ghostscript
|
||||||
# Patch0...Patch9 is for patches from upstream:
|
# Patch0...Patch9 is for patches from upstream:
|
||||||
# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616
|
|
||||||
Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
|
||||||
# Patch1 Add commit from of upstream to fix CVE-2019-10216
|
|
||||||
Patch1: CVE-2019-10216.patch
|
|
||||||
# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
|
|
||||||
Patch2: gs-CVE-2019-14811-885444fc.patch
|
|
||||||
# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817
|
|
||||||
Patch3: gs-CVE-2019-14817-cd1b1cac.patch
|
|
||||||
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
||||||
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
|
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
|
||||||
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
|
# Source100...Source999 is for sources from SUSE which are not intended for upstream:
|
||||||
@ -117,6 +109,8 @@ Patch3: gs-CVE-2019-14817-cd1b1cac.patch
|
|||||||
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
||||||
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
|
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
|
||||||
Patch100: remove-zlib-h-dependency.patch
|
Patch100: remove-zlib-h-dependency.patch
|
||||||
|
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
|
||||||
|
# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
|
||||||
Patch101: ijs_exec_server_dont_use_sh.patch
|
Patch101: ijs_exec_server_dont_use_sh.patch
|
||||||
# RPM dependencies:
|
# RPM dependencies:
|
||||||
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
|
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
|
||||||
@ -289,21 +283,14 @@ This package contains the development files for Ghostscript.
|
|||||||
# Be quiet when unpacking and
|
# Be quiet when unpacking and
|
||||||
# use a directory name matching Source0 to make it work also for ghostscript-mini:
|
# use a directory name matching Source0 to make it work also for ghostscript-mini:
|
||||||
%setup -q -n ghostscript-%{tarball_version}
|
%setup -q -n ghostscript-%{tarball_version}
|
||||||
# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616
|
|
||||||
# openjpeg4gs-CVE-2018-6616-8ee33522.patch
|
|
||||||
%patch0
|
|
||||||
# Patch1 Add commit from of upstream to fix CVE-2019-10216
|
|
||||||
%patch1 -p0
|
|
||||||
# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813
|
|
||||||
%patch2 -p1
|
|
||||||
# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817
|
|
||||||
%patch3 -p1
|
|
||||||
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
|
||||||
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
|
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
|
||||||
# Again use the zlib sources from Ghostscript upstream
|
# Again use the zlib sources from Ghostscript upstream
|
||||||
# and disable remove-zlib-h-dependency.patch because
|
# and disable remove-zlib-h-dependency.patch because
|
||||||
# Ghostscript 9.21 does no longer build this way:
|
# Ghostscript 9.21 does no longer build this way:
|
||||||
#patch100 -p1 -b remove-zlib-h-dependency.orig
|
#patch100 -p1 -b remove-zlib-h-dependency.orig
|
||||||
|
# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem
|
||||||
|
# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467):
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
# Remove patch backup files to avoid packaging
|
# Remove patch backup files to avoid packaging
|
||||||
# cf. https://build.opensuse.org/request/show/581052
|
# cf. https://build.opensuse.org/request/show/581052
|
||||||
|
@ -1,59 +0,0 @@
|
|||||||
Based on 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Tue, 20 Aug 2019 10:10:28 +0100
|
|
||||||
Subject: [PATCH] make .forceput inaccessible
|
|
||||||
|
|
||||||
Bug #701343, #701344, #701345
|
|
||||||
|
|
||||||
More defensive programming. We don't want people to access .forecput
|
|
||||||
even though it is no longer sufficient to bypass SAFER. The exploit
|
|
||||||
in #701343 didn't work anyway because of earlier work to stop the error
|
|
||||||
handler being used, but nevertheless, prevent access to .forceput from
|
|
||||||
.setuserparams2.
|
|
||||||
|
|
||||||
---
|
|
||||||
Resource/Init/gs_lev2.ps | 6 +++---
|
|
||||||
Resource/Init/gs_pdfwr.ps | 4 ++--
|
|
||||||
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
|
|
||||||
--- a/Resource/Init/gs_lev2.ps
|
|
||||||
+++ b/Resource/Init/gs_lev2.ps
|
|
||||||
@@ -158,7 +158,7 @@ end
|
|
||||||
{
|
|
||||||
pop pop
|
|
||||||
} ifelse
|
|
||||||
- } forall
|
|
||||||
+ } executeonly forall
|
|
||||||
% A context switch might have occurred during the above loop,
|
|
||||||
% causing the interpreter-level parameters to be reset.
|
|
||||||
% Set them again to the new values. From here on, we are safe,
|
|
||||||
@@ -229,9 +229,9 @@ end
|
|
||||||
{ pop pop
|
|
||||||
}
|
|
||||||
ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
forall pop
|
|
||||||
-} .bind odef
|
|
||||||
+} .bind executeonly odef
|
|
||||||
|
|
||||||
% Initialize the passwords.
|
|
||||||
% NOTE: the names StartJobPassword and SystemParamsPassword are known to
|
|
||||||
diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
|
|
||||||
--- a/Resource/Init/gs_pdfwr.ps
|
|
||||||
+++ b/Resource/Init/gs_pdfwr.ps
|
|
||||||
@@ -652,11 +652,11 @@ currentdict /.pdfmarkparams .undef
|
|
||||||
systemdict /.pdf_hooked_DSC_Creator //true .forceput
|
|
||||||
} executeonly if
|
|
||||||
pop
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
} {
|
|
||||||
pop
|
|
||||||
} ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
pop
|
|
||||||
} ifelse
|
|
@ -1,200 +0,0 @@
|
|||||||
Based on cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ken Sharp <ken.sharp@artifex.com>
|
|
||||||
Date: Wed, 21 Aug 2019 10:10:51 +0100
|
|
||||||
Subject: [PATCH] PDF interpreter - review .forceput security
|
|
||||||
|
|
||||||
Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken"
|
|
||||||
|
|
||||||
By abusing the error handler it was possible to get the PDFDEBUG portion
|
|
||||||
of .pdfexectoken, which uses .forceput left readable.
|
|
||||||
|
|
||||||
Add an executeonly appropriately to make sure that clause isn't readable
|
|
||||||
no mstter what.
|
|
||||||
|
|
||||||
Review all the uses of .forceput searching for similar cases, add
|
|
||||||
executeonly as required to secure those. All cases in the PostScript
|
|
||||||
support files seem to be covered already.
|
|
||||||
|
|
||||||
---
|
|
||||||
Resource/Init/pdf_base.ps | 2 +-
|
|
||||||
Resource/Init/pdf_draw.ps | 14 +++++++-------
|
|
||||||
Resource/Init/pdf_font.ps | 21 +++++++++++----------
|
|
||||||
Resource/Init/pdf_main.ps | 6 +++---
|
|
||||||
Resource/Init/pdf_ops.ps | 11 ++++++-----
|
|
||||||
5 files changed, 28 insertions(+), 26 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
|
|
||||||
--- a/Resource/Init/pdf_base.ps
|
|
||||||
+++ b/Resource/Init/pdf_base.ps
|
|
||||||
@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef
|
|
||||||
{
|
|
||||||
dup ==only () = flush
|
|
||||||
} ifelse % PDFSTEP
|
|
||||||
- } if % PDFDEBUG
|
|
||||||
+ } executeonly if % PDFDEBUG
|
|
||||||
2 copy .knownget {
|
|
||||||
exch pop exch pop exch pop exec
|
|
||||||
} {
|
|
||||||
diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
|
|
||||||
--- a/Resource/Init/pdf_draw.ps
|
|
||||||
+++ b/Resource/Init/pdf_draw.ps
|
|
||||||
@@ -501,8 +501,8 @@ end
|
|
||||||
( Output may be incorrect.\n) pdfformaterror
|
|
||||||
//pdfdict /.gs_warning_issued //true .forceput
|
|
||||||
PDFSTOPONERROR { /gs /undefined signalerror } if
|
|
||||||
- } if
|
|
||||||
- }
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly
|
|
||||||
ifelse
|
|
||||||
} bind executeonly def
|
|
||||||
|
|
||||||
@@ -1142,7 +1142,7 @@ currentdict end readonly def
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
@@ -1150,8 +1150,8 @@ currentdict end readonly def
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
end
|
|
||||||
- } ifelse
|
|
||||||
- } loop
|
|
||||||
+ } executeonly ifelse
|
|
||||||
+ } executeonly loop
|
|
||||||
{
|
|
||||||
(\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
|
|
||||||
//pdfdict /.Qqwarning_issued .knownget
|
|
||||||
@@ -1165,14 +1165,14 @@ currentdict end readonly def
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
pop
|
|
||||||
|
|
||||||
% restore pdfemptycount
|
|
||||||
diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
|
|
||||||
--- a/Resource/Init/pdf_font.ps
|
|
||||||
+++ b/Resource/Init/pdf_font.ps
|
|
||||||
@@ -701,9 +701,9 @@ currentdict end readonly def
|
|
||||||
} if
|
|
||||||
PDFDEBUG {
|
|
||||||
(.processToUnicode end) =
|
|
||||||
- } if
|
|
||||||
- } if
|
|
||||||
- } stopped
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly stopped
|
|
||||||
{
|
|
||||||
.dstackdepth 1 countdictstack 1 sub
|
|
||||||
{pop end} for
|
|
||||||
@@ -1233,19 +1233,20 @@ currentdict /eexec_pdf_param_dict .undef
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
} executeonly if
|
|
||||||
Q
|
|
||||||
- } repeat
|
|
||||||
+ } executeonly repeat
|
|
||||||
Q
|
|
||||||
- } PDFfile fileposition 2 .execn % Keep pdfcount valid.
|
|
||||||
+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid.
|
|
||||||
PDFfile exch setfileposition
|
|
||||||
- } ifelse
|
|
||||||
- } {
|
|
||||||
+ } executeonly ifelse
|
|
||||||
+ } executeonly
|
|
||||||
+ {
|
|
||||||
% PDF Type 3 fonts don't use .notdef
|
|
||||||
% d1 implementation adjusts the width as needed
|
|
||||||
0 0 0 0 0 0
|
|
||||||
pdfopdict /d1 get exec
|
|
||||||
} ifelse
|
|
||||||
end end
|
|
||||||
- } bdef
|
|
||||||
+ } executeonly bdef
|
|
||||||
dup currentdict Encoding .processToUnicode
|
|
||||||
currentdict end .completefont exch pop
|
|
||||||
} bind executeonly odef
|
|
||||||
@@ -2045,9 +2046,9 @@ currentdict /CMap_read_dict undef
|
|
||||||
(Will continue, but content may be missing.) = flush
|
|
||||||
} ifelse
|
|
||||||
} if
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
/findresource cvx /undefined signalerror
|
|
||||||
- } loop
|
|
||||||
+ } executeonly loop
|
|
||||||
} bind executeonly odef
|
|
||||||
|
|
||||||
/buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font>
|
|
||||||
diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
|
|
||||||
--- a/Resource/Init/pdf_main.ps
|
|
||||||
+++ b/Resource/Init/pdf_main.ps
|
|
||||||
@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- } if
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
+ } executeonly if
|
|
||||||
pop
|
|
||||||
count PDFexecstackcount sub { pop } repeat
|
|
||||||
(after exec) VMDEBUG
|
|
||||||
diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
|
|
||||||
--- a/Resource/Init/pdf_ops.ps
|
|
||||||
+++ b/Resource/Init/pdf_ops.ps
|
|
||||||
@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- }
|
|
||||||
+ } executeonly
|
|
||||||
{
|
|
||||||
currentglobal //pdfdict gcheck .setglobal
|
|
||||||
//pdfdict /.Qqwarning_issued //true .forceput
|
|
||||||
.setglobal
|
|
||||||
pdfformaterror
|
|
||||||
} executeonly ifelse
|
|
||||||
- } if
|
|
||||||
+ } executeonly if
|
|
||||||
} bind executeonly odef
|
|
||||||
|
|
||||||
% Save PDF gstate
|
|
||||||
@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef
|
|
||||||
dup type /booleantype eq {
|
|
||||||
.currentSMask type /dicttype eq {
|
|
||||||
.currentSMask /Processed 2 index .forceput
|
|
||||||
+ } executeonly
|
|
||||||
+ {
|
|
||||||
+ .setSMask
|
|
||||||
+ }ifelse
|
|
||||||
} executeonly
|
|
||||||
{
|
|
||||||
- .setSMask
|
|
||||||
- }ifelse
|
|
||||||
- }{
|
|
||||||
.setSMask
|
|
||||||
}ifelse
|
|
||||||
|
|
@ -1,67 +0,0 @@
|
|||||||
From 8ee335227bbcaf1614124046aa25e53d67b11ec3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Hugo Lefeuvre <hle@debian.org>
|
|
||||||
Date: Fri, 14 Dec 2018 04:58:40 +0100
|
|
||||||
Subject: [PATCH] convertbmp: detect invalid file dimensions early
|
|
||||||
|
|
||||||
width/length dimensions read from bmp headers are not necessarily
|
|
||||||
valid. For instance they may have been maliciously set to very large
|
|
||||||
values with the intention to cause DoS (large memory allocation, stack
|
|
||||||
overflow). In these cases we want to detect the invalid size as early
|
|
||||||
as possible.
|
|
||||||
|
|
||||||
This commit introduces a counter which verifies that the number of
|
|
||||||
written bytes corresponds to the advertized width/length.
|
|
||||||
|
|
||||||
Fixes #1059 (CVE-2018-6616).
|
|
||||||
---
|
|
||||||
openjpeg/src/bin/jp2/convertbmp.c | 12 ++++++++++--
|
|
||||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
--- openjpeg/src/bin/jp2/convertbmp.c
|
|
||||||
+++ openjpeg/src/bin/jp2/convertbmp.c 2019-09-12 08:22:52.272682353 +0000
|
|
||||||
@@ -519,14 +519,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE*
|
|
||||||
static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
|
|
||||||
OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
|
|
||||||
{
|
|
||||||
- OPJ_UINT32 x, y;
|
|
||||||
+ OPJ_UINT32 x, y, written;
|
|
||||||
OPJ_UINT8 *pix;
|
|
||||||
const OPJ_UINT8 *beyond;
|
|
||||||
|
|
||||||
beyond = pData + stride * height;
|
|
||||||
pix = pData;
|
|
||||||
|
|
||||||
- x = y = 0U;
|
|
||||||
+ x = y = written = 0U;
|
|
||||||
while (y < height) {
|
|
||||||
int c = getc(IN);
|
|
||||||
if (c == EOF) {
|
|
||||||
@@ -546,6 +546,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
|
|
||||||
for (j = 0; (j < c) && (x < width) &&
|
|
||||||
((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
|
|
||||||
*pix = c1;
|
|
||||||
+ written++;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
c = getc(IN);
|
|
||||||
@@ -583,6 +584,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
|
|
||||||
}
|
|
||||||
c1 = (OPJ_UINT8)c1_int;
|
|
||||||
*pix = c1;
|
|
||||||
+ written++;
|
|
||||||
}
|
|
||||||
if ((OPJ_UINT32)c & 1U) { /* skip padding byte */
|
|
||||||
c = getc(IN);
|
|
||||||
@@ -593,6 +595,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}/* while() */
|
|
||||||
+
|
|
||||||
+ if (written != width * height) {
|
|
||||||
+ fprintf(stderr, "warning, image's actual size does not match advertized one\n");
|
|
||||||
+ return OPJ_FALSE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return OPJ_TRUE;
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user