diff options
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch')
| -rw-r--r-- | poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch b/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch new file mode 100644 index 000000000..19cf7cc8c --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch @@ -0,0 +1,42 @@ +From 37d7c9117b70e75ebed21c6c8192251f127c0fb0 Mon Sep 17 00:00:00 2001 +From: Nancy Durgin <nancy.durgin@artifex.com> +Date: Mon, 5 Nov 2018 15:36:27 +0800 +Subject: [PATCH 1/2] Undefine some additional internal operators. + +.type, .writecvs, .setSMask, .currentSMask + +These don't seem to be referenced anywhere outside of the initialization code, +which binds their usages. Passes cluster if they are removed. + +CVE: CVE-2018-18073 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_init.ps | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index f952f32..7c71d18 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2230,6 +2230,7 @@ SAFER { .setsafeglobal } if + /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile + /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams + /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath ++ /.type /.writecvs /.setSMask /.currentSMask + + % Used by a free user in the Library of Congress. Apparently this is used to + % draw a partial page, which is then filled in by the results of a barcode +@@ -2248,7 +2249,7 @@ SAFER { .setsafeglobal } if + % test files/utilities, or engineers expressed a desire to keep them visible. + % + %/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11 +- %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors ++ %/.buildfont32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors + %/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget + %/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 + %/.tempfile /.numicc_components /.set_outputintent /.max /.min /.vmreclaim /.getpath /.setglobal +-- +2.7.4 + |
