08/10: gnu: ghostscript: Fix CVE-2019-14869.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

08/10: gnu: ghostscript: Fix CVE-2019-14869.

From:	guix-commits
Subject:	08/10: gnu: ghostscript: Fix CVE-2019-14869.
Date:	Tue, 21 Jan 2020 17:19:10 -0500 (EST)

mbakke pushed a commit to branch core-updates
in repository guix.

commit 99406d9b684ec60384dc29d850905dd517fb9790
Author: Marius Bakke <address@hidden>
AuthorDate: Mon Jan 20 18:11:38 2020 +0100

    gnu: ghostscript: Fix CVE-2019-14869.
    
    * gnu/packages/patches/ghostscript-CVE-2019-14869.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
    * gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/ghostscript.scm                       |  3 +-
 .../patches/ghostscript-CVE-2019-14869.patch       | 48 ++++++++++++++++++++++
 3 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index b6a7178..6958cc6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -910,6 +910,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/ghc-monad-par-fix-tests.patch           \
   %D%/packages/patches/ghc-pandoc-fix-html-tests.patch         \
   %D%/packages/patches/ghc-pandoc-fix-latex-test.patch         \
+  %D%/packages/patches/ghostscript-CVE-2019-14869.patch                \
   %D%/packages/patches/ghostscript-no-header-id.patch          \
   %D%/packages/patches/ghostscript-no-header-uuid.patch                \
   %D%/packages/patches/ghostscript-no-header-creationdate.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index c63fc2f..84c6985 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -170,7 +170,8 @@ printing, and psresize, for adjusting page sizes.")
         (sha256
          (base32
           "1m770dwc82afdgzgq2kar3120r1lbybm3mssdm79f8kggf0v16yv"))
-        (patches (search-patches "ghostscript-no-header-creationdate.patch"
+        (patches (search-patches "ghostscript-CVE-2019-14869.patch"
+                                 "ghostscript-no-header-creationdate.patch"
                                  "ghostscript-no-header-id.patch"
                                  "ghostscript-no-header-uuid.patch"))
         (modules '((guix build utils)))
diff --git a/gnu/packages/patches/ghostscript-CVE-2019-14869.patch 
b/gnu/packages/patches/ghostscript-CVE-2019-14869.patch
new file mode 100644
index 0000000..d80fba0
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2019-14869.patch
@@ -0,0 +1,48 @@
+Fix CVE-2019-14869:
+
+https://nvd.nist.gov/vuln/detail/CVE-2019-14869
+
+Patch taken from upstream:
+
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
+
+diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
+index 74043d1..6be8fe9 100644
+--- a/Resource/Init/gs_ttf.ps
++++ b/Resource/Init/gs_ttf.ps
+@@ -1304,7 +1304,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+           TTFDEBUG { (\n1 setting alias: ) print dup ==only
+                 ( to be the same as  ) print 2 index //== exec } if
+ 
+-          7 index 2 index 3 -1 roll exch .forceput
++          7 index 2 index 3 -1 roll exch put
+         } forall
+         pop pop pop
+       }
+@@ -1322,7 +1322,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+           exch pop
+           TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
+                      ( to use glyph index: ) print dup //== exec } if
+-          5 index 3 1 roll .forceput
++          5 index 3 1 roll put
+           //false
+         }
+         {
+@@ -1339,7 +1339,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+         {                            %  CharStrings(dict) isunicode(boolean) 
cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
+           TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
+                 ( to be index: ) print dup //== exec } if
+-          exch pop 5 index 3 1 roll .forceput
++          exch pop 5 index 3 1 roll put
+         }
+         {
+           pop pop
+@@ -1369,7 +1369,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+       } ifelse
+     ]
+   TTFDEBUG { (Encoding: ) print dup === flush } if
+-} .bind executeonly odef              % hides .forceput
++} .bind odef
+ 
+ % ---------------- CIDFontType 2 font loading ---------------- %
+

[Prev in Thread]

Current Thread

[Next in Thread]

branch core-updates updated (8ed9be3 -> c2d837b), guix-commits, 2020/01/21
- 01/10: gnu: Remove texinfo@6.6, guix-commits, 2020/01/21
- 02/10: gnu: libcap: Update to 2.31., guix-commits, 2020/01/21
- 03/10: gnu: libcap: Enable tests., guix-commits, 2020/01/21
- 06/10: gnu: tzdata-for-tests: Update to 2019c., guix-commits, 2020/01/21
- 07/10: gnu: xorg-server-for-tests: Update to 1.20.7., guix-commits, 2020/01/21
- 10/10: gnu: orbit2: Disable parallel tests., guix-commits, 2020/01/21
- 09/10: gnu: make: Update to 4.3., guix-commits, 2020/01/21
- 04/10: gnu: gmp: Update to 6.2.0., guix-commits, 2020/01/21
- 05/10: gnu: guile@3.0: Do not inherit all patches from guile@2.2., guix-commits, 2020/01/21
- 08/10: gnu: ghostscript: Fix CVE-2019-14869., guix-commits <=

Prev by Date: 05/10: gnu: guile@3.0: Do not inherit all patches from guile@2.2.
Next by Date: branch master updated (0dd1e27 -> 6c89e06)
Previous by thread: 05/10: gnu: guile@3.0: Do not inherit all patches from guile@2.2.
Next by thread: branch master updated (0dd1e27 -> 6c89e06)
Index(es):
- Date
- Thread