[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
08/10: gnu: ghostscript: Fix CVE-2019-14869.
From: |
guix-commits |
Subject: |
08/10: gnu: ghostscript: Fix CVE-2019-14869. |
Date: |
Tue, 21 Jan 2020 17:19:10 -0500 (EST) |
mbakke pushed a commit to branch core-updates
in repository guix.
commit 99406d9b684ec60384dc29d850905dd517fb9790
Author: Marius Bakke <address@hidden>
AuthorDate: Mon Jan 20 18:11:38 2020 +0100
gnu: ghostscript: Fix CVE-2019-14869.
* gnu/packages/patches/ghostscript-CVE-2019-14869.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
---
gnu/local.mk | 1 +
gnu/packages/ghostscript.scm | 3 +-
.../patches/ghostscript-CVE-2019-14869.patch | 48 ++++++++++++++++++++++
3 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index b6a7178..6958cc6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -910,6 +910,7 @@ dist_patch_DATA =
\
%D%/packages/patches/ghc-monad-par-fix-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-html-tests.patch \
%D%/packages/patches/ghc-pandoc-fix-latex-test.patch \
+ %D%/packages/patches/ghostscript-CVE-2019-14869.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index c63fc2f..84c6985 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -170,7 +170,8 @@ printing, and psresize, for adjusting page sizes.")
(sha256
(base32
"1m770dwc82afdgzgq2kar3120r1lbybm3mssdm79f8kggf0v16yv"))
- (patches (search-patches "ghostscript-no-header-creationdate.patch"
+ (patches (search-patches "ghostscript-CVE-2019-14869.patch"
+ "ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
(modules '((guix build utils)))
diff --git a/gnu/packages/patches/ghostscript-CVE-2019-14869.patch
b/gnu/packages/patches/ghostscript-CVE-2019-14869.patch
new file mode 100644
index 0000000..d80fba0
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2019-14869.patch
@@ -0,0 +1,48 @@
+Fix CVE-2019-14869:
+
+https://nvd.nist.gov/vuln/detail/CVE-2019-14869
+
+Patch taken from upstream:
+
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef
+
+diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
+index 74043d1..6be8fe9 100644
+--- a/Resource/Init/gs_ttf.ps
++++ b/Resource/Init/gs_ttf.ps
+@@ -1304,7 +1304,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+ TTFDEBUG { (\n1 setting alias: ) print dup ==only
+ ( to be the same as ) print 2 index //== exec } if
+
+- 7 index 2 index 3 -1 roll exch .forceput
++ 7 index 2 index 3 -1 roll exch put
+ } forall
+ pop pop pop
+ }
+@@ -1322,7 +1322,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+ exch pop
+ TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
+ ( to use glyph index: ) print dup //== exec } if
+- 5 index 3 1 roll .forceput
++ 5 index 3 1 roll put
+ //false
+ }
+ {
+@@ -1339,7 +1339,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+ { % CharStrings(dict) isunicode(boolean)
cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
+ TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
+ ( to be index: ) print dup //== exec } if
+- exch pop 5 index 3 1 roll .forceput
++ exch pop 5 index 3 1 roll put
+ }
+ {
+ pop pop
+@@ -1369,7 +1369,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
+ } ifelse
+ ]
+ TTFDEBUG { (Encoding: ) print dup === flush } if
+-} .bind executeonly odef % hides .forceput
++} .bind odef
+
+ % ---------------- CIDFontType 2 font loading ---------------- %
+
- branch core-updates updated (8ed9be3 -> c2d837b), guix-commits, 2020/01/21
- 01/10: gnu: Remove texinfo@6.6, guix-commits, 2020/01/21
- 02/10: gnu: libcap: Update to 2.31., guix-commits, 2020/01/21
- 03/10: gnu: libcap: Enable tests., guix-commits, 2020/01/21
- 06/10: gnu: tzdata-for-tests: Update to 2019c., guix-commits, 2020/01/21
- 07/10: gnu: xorg-server-for-tests: Update to 1.20.7., guix-commits, 2020/01/21
- 10/10: gnu: orbit2: Disable parallel tests., guix-commits, 2020/01/21
- 09/10: gnu: make: Update to 4.3., guix-commits, 2020/01/21
- 04/10: gnu: gmp: Update to 6.2.0., guix-commits, 2020/01/21
- 05/10: gnu: guile@3.0: Do not inherit all patches from guile@2.2., guix-commits, 2020/01/21
- 08/10: gnu: ghostscript: Fix CVE-2019-14869.,
guix-commits <=