diff options
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript')
30 files changed, 1446 insertions, 641 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch b/poky/meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch new file mode 100644 index 000000000..f175da0ca --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch @@ -0,0 +1,59 @@ +From 274b2cc08b0d10a4cac3fe8b50022889f22580cb Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 20 Sep 2018 16:35:28 +0100 +Subject: [PATCH 1/5] Bug 699795: add operand checking to + .setnativefontmapbuilt + +.setnativefontmapbuilt .forceputs a value into systemdict - it is intended +to be a boolean, but in this case was being called with a compound object +(a dictionary). Such an object, in local VM, being forced into systemdict +would then confuse the garbager, since it could be restored away with the +reference remaining. + +This adds operand checking, so .setnativefontmapbuilt will simply ignore +anything other than a boolean value, and also removes the definition of +.setnativefontmapbuilt after use, since it is only used in two, closely +related places. + +CVE: CVE-2018-17961 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_fonts.ps | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 38f0f6c..45b6613 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -372,9 +372,13 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + % of strings: what the system thinks is the ps name, + % and the access path. + /.setnativefontmapbuilt { % set whether we've been run +- systemdict exch /.nativefontmapbuilt exch .forceput ++ dup type /booleantype eq { ++ systemdict exch /.nativefontmapbuilt exch .forceput ++ } ++ {pop} ++ ifelse + } .bind executeonly def +-systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt ++systemdict /NONATIVEFONTMAP known //.setnativefontmapbuilt exec + /.buildnativefontmap { % - .buildnativefontmap <bool> + systemdict /.nativefontmapbuilt .knownget not + { //false} if +@@ -415,9 +419,10 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt + } forall + } if + % record that we've been run +- //true .setnativefontmapbuilt ++ //true //.setnativefontmapbuilt exec + } ifelse + } bind def ++currentdict /.setnativefontmapbuilt .forceundef + + % Create the dictionary that registers the .buildfont procedure + % (called by definefont) for each FontType. +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch b/poky/meta/recipes-extended/ghostscript/files/0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch new file mode 100644 index 000000000..000f9c9ef --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch @@ -0,0 +1,434 @@ +From 0661bf23a5be32973682e17afed4a2f23a8214ba Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Sat, 29 Sep 2018 15:34:55 +0100 +Subject: [PATCH 2/5] Bug 699816: Improve hiding of security critical custom + operators + +Make procedures that use .forceput/.forcedef/.forceundef into operators. + +The result of this is that errors get reported against the "top" operator, +rather than the "called" operator within the procedure. + +For example: +/myproc +{ + myop +} bind def + +If 'myop' throws an error, the error handler will be passed the 'myop' +operator. Promoting 'myproc' to a operator means the error handler will be +passed 'myproc'. + +CVE: CVE-2018-17961 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_diskn.ps | 2 +- + Resource/Init/gs_dps.ps | 2 +- + Resource/Init/gs_fntem.ps | 2 +- + Resource/Init/gs_fonts.ps | 10 +++++----- + Resource/Init/gs_lev2.ps | 13 +++++++++---- + Resource/Init/gs_pdfwr.ps | 2 +- + Resource/Init/gs_setpd.ps | 25 +++++++++++++++++-------- + Resource/Init/gs_typ32.ps | 14 +++++++++----- + Resource/Init/gs_type1.ps | 2 +- + Resource/Init/pdf_base.ps | 2 +- + Resource/Init/pdf_draw.ps | 10 +++++----- + Resource/Init/pdf_font.ps | 8 ++++---- + Resource/Init/pdf_main.ps | 4 ++-- + Resource/Init/pdf_ops.ps | 8 ++++---- + 14 files changed, 61 insertions(+), 43 deletions(-) + +diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps +index 5540715..26ec0b5 100644 +--- a/Resource/Init/gs_diskn.ps ++++ b/Resource/Init/gs_diskn.ps +@@ -53,7 +53,7 @@ systemdict begin + exch .setglobal + } + if +-} .bind executeonly def % must be bound and hidden for .forceput ++} .bind executeonly odef % must be bound and hidden for .forceput + + % Modify .putdevparams to force regeneration of .searchabledevs list + /.putdevparams { +diff --git a/Resource/Init/gs_dps.ps b/Resource/Init/gs_dps.ps +index cad7056..daf7b0f 100644 +--- a/Resource/Init/gs_dps.ps ++++ b/Resource/Init/gs_dps.ps +@@ -70,7 +70,7 @@ + % Save a copy of the initial gstate. + //systemdict /savedinitialgstate gstate readonly .forceput + .setglobal +-} .bind executeonly def % must be bound and hidden for .forceput ++} .bind executeonly odef % must be bound and hidden for .forceput + + % Initialize local dictionaries and gstate when creating a new context. + % Note that until this completes, we are in the anomalous situation of +diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps +index 3ceee18..c1f7651 100644 +--- a/Resource/Init/gs_fntem.ps ++++ b/Resource/Init/gs_fntem.ps +@@ -408,7 +408,7 @@ currentdict end def + exit + } loop + exch setglobal +-} .bind executeonly def % must be bound and hidden for .forceput ++} .bind executeonly odef % must be bound and hidden for .forceput + + currentdict end /ProcSet defineresource pop + +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 45b6613..89c3ab7 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -377,8 +377,8 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + } + {pop} + ifelse +-} .bind executeonly def +-systemdict /NONATIVEFONTMAP known //.setnativefontmapbuilt exec ++} .bind executeonly odef ++systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt + /.buildnativefontmap { % - .buildnativefontmap <bool> + systemdict /.nativefontmapbuilt .knownget not + { //false} if +@@ -419,7 +419,7 @@ systemdict /NONATIVEFONTMAP known //.setnativefontmapbuilt exec + } forall + } if + % record that we've been run +- //true //.setnativefontmapbuilt exec ++ //true .setnativefontmapbuilt + } ifelse + } bind def + currentdict /.setnativefontmapbuilt .forceundef +@@ -1103,7 +1103,7 @@ $error /SubstituteFont { } put + + % Check to make sure the font was actually loaded. + dup 3 index .fontknownget +- { dup /PathLoad 4 index //.putgstringcopy exec ++ { dup /PathLoad 4 index .putgstringcopy + 4 1 roll pop pop pop //true exit + } if + +@@ -1115,7 +1115,7 @@ $error /SubstituteFont { } put + { % Stack: origfontname fontdirectory path filefontname + 2 index 1 index .fontknownget + { % Yes. Stack: origfontname fontdirectory path filefontname fontdict +- dup 4 -1 roll /PathLoad exch //.putgstringcopy exec ++ dup 4 -1 roll /PathLoad exch .putgstringcopy + % Stack: origfontname fontdirectory filefontname fontdict + 3 -1 roll pop + % Stack: origfontname filefontname fontdict +diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps +index eee0b9f..a8ed892 100644 +--- a/Resource/Init/gs_lev2.ps ++++ b/Resource/Init/gs_lev2.ps +@@ -163,10 +163,11 @@ end + % Set them again to the new values. From here on, we are safe, + % since a context switch will consult userparams. + .setuserparams +-} .bind executeonly def % must be bound and hidden for .forceput ++} .bind executeonly odef % must be bound and hidden for .forceput + + /setuserparams { % <dict> setuserparams - +- .setuserparams2 ++ {.setuserparams2} stopped ++ {/setuserparams load $error /errorname get signalerror} if + } .bind odef + % Initialize user parameters managed here. + /JobName () .definepsuserparam +@@ -415,7 +416,9 @@ psuserparams /ProcessDSCComment {.checkprocesscomment} put + + % VMReclaim and VMThreshold are user parameters. + /setvmthreshold { % <int> setvmthreshold - +- mark /VMThreshold 2 .argindex .dicttomark .setuserparams2 pop ++ mark /VMThreshold 2 .argindex .dicttomark {.setuserparams2} stopped ++ {pop /setvmthreshold load $error /errorname get signalerror} ++ {pop} ifelse + } odef + /vmreclaim { % <int> vmreclaim - + dup 0 gt { +@@ -427,7 +430,9 @@ psuserparams /ProcessDSCComment {.checkprocesscomment} put + ifelse + } { + % VMReclaim userparam controls enable/disable GC +- mark /VMReclaim 2 index .dicttomark .setuserparams2 pop ++ mark /VMReclaim 2 index .dicttomark {.setuserparams2} stopped ++ {pop /vmreclaim load $error /errorname get signalerror} ++ {pop} ifelse + } ifelse + } odef + -1 setvmthreshold +diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps +index fb1c419..58e75d3 100644 +--- a/Resource/Init/gs_pdfwr.ps ++++ b/Resource/Init/gs_pdfwr.ps +@@ -660,7 +660,7 @@ currentdict /.pdfmarkparams .undef + { + pop + } ifelse +-} .bind executeonly def % must be bound and hidden for .forceput ++} .bind executeonly odef % must be bound and hidden for .forceput + + % Use the DSC processing hook to pass DSC comments to the driver. + % We use a pseudo-parameter named DSC whose value is an array: +diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps +index 8fa7c51..afb4ffa 100644 +--- a/Resource/Init/gs_setpd.ps ++++ b/Resource/Init/gs_setpd.ps +@@ -608,6 +608,20 @@ NOMEDIAATTRS { + % in the <failed> dictionary with the policy value, + % and we replace the key in the <merged> dictionary with its prior value + % (or remove it if it had no prior value). ++ ++% Making this an operator means we can properly hide ++% the contents - specifically .forceput ++/1Policy ++{ ++ % Roll back the failed request to its previous status. ++ SETPDDEBUG { (Rolling back.) = pstack flush } if ++ 3 index 2 index 3 -1 roll .forceput ++ 4 index 1 index .knownget ++ { 4 index 3 1 roll .forceput } ++ { 3 index exch .undef } ++ ifelse ++} bind executeonly odef ++ + /.policyprocs mark + % These procedures are called with the following on the stack: + % <orig> <merged> <failed> <Policies> <key> <policy> +@@ -631,14 +645,7 @@ NOMEDIAATTRS { + /setpagedevice .systemvar /configurationerror signalerror + } ifelse + } bind +- 1 { % Roll back the failed request to its previous status. +-SETPDDEBUG { (Rolling back.) = pstack flush } if +- 3 index 2 index 3 -1 roll .forceput +- 4 index 1 index .knownget +- { 4 index 3 1 roll .forceput } +- { 3 index exch .undef } +- ifelse +- } .bind executeonly % must be bound and hidden for .forceput ++ 1 /1Policy load + 7 { % For PageSize only, just impose the request. + 1 index /PageSize eq + { pop pop 1 index /PageSize 7 put } +@@ -646,6 +653,8 @@ SETPDDEBUG { (Rolling back.) = pstack flush } if + ifelse + } bind + .dicttomark readonly def ++currentdict /1Policy undef ++ + /.applypolicies % <orig> <merged> <failed> .applypolicies + % <orig> <merged'> <failed'> + { 1 index /Policies get 1 index +diff --git a/Resource/Init/gs_typ32.ps b/Resource/Init/gs_typ32.ps +index b6600b0..9150f71 100644 +--- a/Resource/Init/gs_typ32.ps ++++ b/Resource/Init/gs_typ32.ps +@@ -79,15 +79,19 @@ systemdict /.removeglyphs .undef + .dicttomark /ProcSet defineresource pop + + /.cidfonttypes where { pop } { /.cidfonttypes 6 dict def } ifelse +-.cidfonttypes begin +- +-4 % CIDFontType 4 = FontType 32 +-{ dup /FontType 32 .forceput ++/CIDFontType4 ++{ ++ dup /FontType 32 .forceput + dup /CharStrings 20 dict .forceput + 1 index exch .buildfont32 exch pop +-} .bind executeonly def % must be bound and hidden for .forceput ++} .bind executeonly odef ++.cidfonttypes begin ++ ++ ++4 /CIDFontType4 load def % CIDFontType 4 = FontType 32 + + end % .cidfonttypes ++currentdict /CIDFontType4 .forceundef + + % Define the BuildGlyph procedure. + % Since Type 32 fonts are indexed by CID, there is no BuildChar procedure. +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index efdae48..2935d9c 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -283,7 +283,7 @@ currentdict /closesourcedict .undef + } if + 2 copy /WeightVector exch .forceput + .setweightvector +-} .bind executeonly def ++} .bind executeonly odef + end + + % Register the font types for definefont. +diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps +index a82a2a3..7ccd4cd 100644 +--- a/Resource/Init/pdf_base.ps ++++ b/Resource/Init/pdf_base.ps +@@ -218,7 +218,7 @@ currentdict /num-chars-dict .undef + } ifelse + } ifelse + } ifelse +-} bind executeonly def ++} bind executeonly odef + /PDFScanRules_true << /PDFScanRules //true >> def + /PDFScanRules_null << /PDFScanRules //null >> def + /.pdfrun { % <file> <opdict> .pdfrun - +diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps +index d1b6ac9..c239daf 100644 +--- a/Resource/Init/pdf_draw.ps ++++ b/Resource/Init/pdf_draw.ps +@@ -1158,7 +1158,7 @@ currentdict end readonly def + Q + PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse { (%End PaintProc) print dup === flush } if } if + PDFfile exch setfileposition +-} bind executeonly def ++} bind executeonly odef + + /.pdfpaintproc { + %% Get the /m from pdfopdict (must be present) +@@ -1189,7 +1189,7 @@ currentdict end readonly def + { + switch_to_text_marking_ops + } if +-}bind executeonly def ++}bind executeonly odef + + /resolvepattern { % <patternstreamdict> resolvepattern <patterndict> + % Don't do the resolvestream now: just capture the data +@@ -2353,7 +2353,7 @@ currentdict /last-ditch-bpc-csp undef + }{ + pdfdict /AppearanceNumber 0 .forceput + } ifelse +-}bind executeonly def ++}bind executeonly odef + + /MakeAppearanceName { + pdfdict /AppearanceNumber get +@@ -2382,7 +2382,7 @@ currentdict /last-ditch-bpc-csp undef + DoForm + pdfdict /.PreservePDFForm 3 -1 roll .forceput + grestore +-} bind executeonly def ++} bind executeonly odef + + /DoForm { + %% save the current value, if its true we will set it to false later, in order +@@ -2541,7 +2541,7 @@ currentdict /last-ditch-bpc-csp undef + end + } if + pdfdict /.PreservePDFForm 3 -1 roll .forceput +-} bind executeonly def ++} bind executeonly odef + + /_dops_save 1 array def + +diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps +index feaf0d0..535b14a 100644 +--- a/Resource/Init/pdf_font.ps ++++ b/Resource/Init/pdf_font.ps +@@ -718,7 +718,7 @@ currentdict end readonly def + {pop pop pop} + ifelse + +-} bind executeonly def ++} bind executeonly odef + + currentdict /.DoToUnicode? .forceundef + +@@ -1241,7 +1241,7 @@ currentdict /eexec_pdf_param_dict .undef + } bdef + dup currentdict Encoding .processToUnicode + currentdict end .completefont exch pop +-} bind executeonly def ++} bind executeonly odef + /.adjustcharwidth { % <wx> <wy> .adjustcharwidth <wx'> <wy'> + % Enforce the metrics, in glyph space, to the values found in the PDF Font object + % - force wy == 0 (assumed, and not stored in the PDF font) +@@ -2026,7 +2026,7 @@ currentdict /CMap_read_dict undef + } if + /findresource cvx /undefined signalerror + } loop +-} bind executeonly def ++} bind executeonly odef + + /buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font> + dup /BaseFont get findCIDFont exch pop +@@ -2211,7 +2211,7 @@ currentdict /CMap_read_dict undef + /Type0 //buildType0 + /Type1 //buildType1 + /MMType1 //buildType1 +- /Type3 //buildType3 ++ /Type3 /buildType3 load + /TrueType //buildTrueType + /CIDFontType0 //buildCIDType0 + /CIDFontType2 //buildCIDType2 +diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps +index 09f8735..c823e69 100644 +--- a/Resource/Init/pdf_main.ps ++++ b/Resource/Init/pdf_main.ps +@@ -660,7 +660,7 @@ currentdict /runpdfstring .undef + } forall + pop + } ifelse +-} bind executeonly def ++} bind executeonly odef + + currentdict /pdf_collection_files .undef + +@@ -2715,7 +2715,7 @@ currentdict /PDF2PS_matrix_key undef + .setglobal + /RepairedAnError exch def + /Repaired exch def +-} bind executeonly def ++} bind executeonly odef + + % Display the contents of a page (including annotations). + /showpagecontents { % <pagedict> showpagecontents - +diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps +index c45fc51..8672d61 100644 +--- a/Resource/Init/pdf_ops.ps ++++ b/Resource/Init/pdf_ops.ps +@@ -193,7 +193,7 @@ currentdict /gput_always_allow .undef + pdfformaterror + } ifelse + } if +-} bind executeonly def ++} bind executeonly odef + + % Save PDF gstate + /qstate { % - qstate <qstate> +@@ -451,7 +451,7 @@ currentdict /gput_always_allow .undef + %% a gsave, so we haven't copied it to /self, if we don't do that here + %% then transparent annotations cause an invalid access error. + currentdict //nodict eq {/self dup load end 5 dict begin def} if +-} bind executeonly def ++} bind executeonly odef + /AIS { .setalphaisshape } bind executeonly def + /BM { + /.setblendmode where { +@@ -1077,7 +1077,7 @@ end readonly def + pdfopdict /v {inside_text_v} bind .forceput + pdfopdict /y {inside_text_y} bind .forceput + pdfopdict /re {inside_text_re} bind .forceput +-} bind executeonly def ++} bind executeonly odef + + /switch_to_normal_marking_ops { + pdfopdict /m {normal_m} bind .forceput +@@ -1086,7 +1086,7 @@ end readonly def + pdfopdict /v {normal_v} bind .forceput + pdfopdict /y {normal_y} bind .forceput + pdfopdict /re {normal_re} bind .forceput +-} bind executeonly def ++} bind executeonly odef + + /BT { + currentdict /TextSaveMatrix known { +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0003-Bug-699832-add-control-over-hiding-error-handlers.patch b/poky/meta/recipes-extended/ghostscript/files/0003-Bug-699832-add-control-over-hiding-error-handlers.patch new file mode 100644 index 000000000..cd7865958 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0003-Bug-699832-add-control-over-hiding-error-handlers.patch @@ -0,0 +1,172 @@ +From 1f9a91c86bd56acf57826b9b0e020ebe1953e2ae Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 4 Oct 2018 10:42:13 +0100 +Subject: [PATCH 3/5] Bug 699832: add control over hiding error handlers. + +With a previous commit changing error handling in SAFER so the handler gets +passed a name object (rather than executable object), it is less critical to +hide the error handlers. + +This introduces a -dSAFERERRORS option to force only use of the default error +handlers. + +It also adds a .setsafererrors Postscript call, meaning a caller, without +-dSAFERERRORS, can create their own default error handlers (in errordict, as +normal), and then call .setsafererrors meaning their own handlers are always +called. + +With -dSAFERERRORS or after a call to .setsafererrors, .setsafererrors is +removed. + +CVE: CVE-2018-17961 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_init.ps | 42 +++++++++++++++++++++++++++++------------ + psi/interp.c | 49 ++++++++++++++++++++++++++++-------------------- + 2 files changed, 59 insertions(+), 32 deletions(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index bec307d..f952f32 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -188,6 +188,16 @@ currentdict /DELAYSAFER known { /DELAYSAFER //true def /NOSAFER //true def } if + currentdict /PARANOIDSAFER known or % PARANOIDSAFER is equivalent + } + ifelse def ++ ++/SAFERERRORS ++currentdict /NOSAFERERRORS known ++{ ++ //false ++} ++{ ++ currentdict /SAFERERRORS known ++} ifelse def ++ + currentdict /SHORTERRORS known /SHORTERRORS exch def + currentdict /TTYPAUSE known /TTYPAUSE exch def + currentdict /WRITESYSTEMDICT known /WRITESYSTEMDICT exch def +@@ -1123,12 +1133,23 @@ errordict begin + } bind def + end % errordict + +-% Put all the default handlers in gserrordict +-gserrordict +-errordict {2 index 3 1 roll put} forall +-noaccess pop +-% remove the non-standard errors from errordict ++gserrordict /unknownerror errordict /unknownerror get put + errordict /unknownerror .undef ++ ++/.SAFERERRORLIST ErrorNames def ++/.setsafererrors ++{ ++% Put all the requested handlers in gserrordict ++ gserrordict ++ //.SAFERERRORLIST ++ {dup errordict exch get 2 index 3 1 roll put} forall ++ noaccess pop ++ systemdict /.setsafeerrors .forceundef ++ systemdict /.SAFERERRORLIST .forceundef ++} bind executeonly odef ++ ++SAFERERRORS {.setsafererrors} if ++ + % Define a stable private copy of handleerror that we will always use under + % JOBSERVER mode. + /.GShandleerror errordict /handleerror get def +@@ -1760,18 +1781,15 @@ currentdict /.runlibfile .undef + + % Bind all the operators defined as procedures. + /.bindoperators % binds operators in currentdict +- { % Temporarily disable the typecheck error. +- errordict /typecheck 2 copy get +- errordict /typecheck { pop } put % pop the command ++ { + currentdict + { dup type /operatortype eq +- { % This might be a real operator, so bind might cause a typecheck, +- % but we've made the error a no-op temporarily. +- .bind ++ { ++ % This might be a real operator, so bind might cause a typecheck ++ {.bind} .internalstopped pop + } + if pop pop + } forall +- put + } def + DELAYBIND not { .bindoperators } if + +diff --git a/psi/interp.c b/psi/interp.c +index 3dd5f7a..cd894f9 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -662,27 +662,18 @@ again: + if (gs_errorname(i_ctx_p, code, &error_name) < 0) + return code; /* out-of-range error code! */ + +- /* If LockFilePermissions is true, we only refer to gserrordict, which +- * is not accessible to Postcript jobs ++ /* We refer to gserrordict first, which is not accessible to Postcript jobs ++ * If we're running with SAFERERRORS all the handlers are copied to gserrordict ++ * so we'll always find the default one. If not SAFERERRORS, only gs specific ++ * errors are in gserrordict. + */ +- if (i_ctx_p->LockFilePermissions) { +- if (((dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 || +- dict_find(perrordict, &error_name, &epref) <= 0)) +- ) +- return code; /* error name not in errordict??? */ +- } +- else { +- /* +- * For greater Adobe compatibility, only the standard PostScript errors +- * are defined in errordict; the rest are in gserrordict. +- */ +- if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 || +- (dict_find(perrordict, &error_name, &epref) <= 0 && +- (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 || +- dict_find(perrordict, &error_name, &epref) <= 0)) +- ) +- return code; /* error name not in errordict??? */ +- } ++ if (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 || ++ (dict_find(perrordict, &error_name, &epref) <= 0 && ++ (dict_find_string(systemdict, "errordict", &perrordict) <= 0 || ++ dict_find(perrordict, &error_name, &epref) <= 0)) ++ ) ++ return code; /* error name not in errordict??? */ ++ + doref = *epref; + epref = &doref; + /* Push the error object on the operand stack if appropriate. */ +@@ -695,6 +686,24 @@ again: + } + *osp = *perror_object; + errorexec_find(i_ctx_p, osp); ++ /* If using SAFER, hand a name object to the error handler, rather than the executable ++ * object/operator itself. ++ */ ++ if (i_ctx_p->LockFilePermissions) { ++ code = obj_cvs(imemory, osp, buf + 2, 256, &rlen, (const byte **)&bufptr); ++ if (code < 0) { ++ const char *unknownstr = "--unknown--"; ++ rlen = strlen(unknownstr); ++ memcpy(buf, unknownstr, rlen); ++ } ++ else { ++ buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; ++ rlen += 4; ++ } ++ code = name_ref(imemory, buf, rlen, osp, 1); ++ if (code < 0) ++ make_null(osp); ++ } + } + goto again; + } +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0004-For-hidden-operators-pass-a-name-object-to-error-han.patch b/poky/meta/recipes-extended/ghostscript/files/0004-For-hidden-operators-pass-a-name-object-to-error-han.patch new file mode 100644 index 000000000..6c715ad43 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0004-For-hidden-operators-pass-a-name-object-to-error-han.patch @@ -0,0 +1,105 @@ +From 34a8c5aa987d4db5234172a62218b168371606b1 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Tue, 2 Oct 2018 16:02:58 +0100 +Subject: [PATCH 4/5] For hidden operators, pass a name object to error + handler. + +In normal operation, Postscript error handlers are passed the object which +triggered the error: this is invariably an operator object. + +The issue arises when an error is triggered by an operator which is for internal +use only, and that operator is then passed to the error handler, meaning it +becomes visible to the error handler code. + +By converting to a name object, the error message is still valid, but we no +longer expose internal use only operators. + +The change in gs_dps1.ps is related to the above: previously an error in +scheck would throw an error against .gcheck, but as .gcheck is now a hidden +operator, it resulted in a name object being passed to the error handler. As +scheck is a 'real' operator, it's better to use the real operator, rather than +the name of an internal, hidden one. + +CVE: CVE-2018-17961 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_dps1.ps | 2 +- + psi/interp.c | 33 ++++++++++++++++++++++++--------- + 2 files changed, 25 insertions(+), 10 deletions(-) + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index 1182f53..ec5db61 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -21,7 +21,7 @@ level2dict begin + % ------ Virtual memory ------ % + + /currentshared /.currentglobal load def +-/scheck /.gcheck load def ++/scheck {.gcheck} bind odef + %****** FOLLOWING IS WRONG ****** + /shareddict currentdict /globaldict .knownget not { 20 dict } if def + +diff --git a/psi/interp.c b/psi/interp.c +index cd894f9..b70769d 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -678,6 +678,8 @@ again: + epref = &doref; + /* Push the error object on the operand stack if appropriate. */ + if (!GS_ERROR_IS_INTERRUPT(code)) { ++ byte buf[260], *bufptr; ++ uint rlen; + /* Replace the error object if within an oparray or .errorexec. */ + osp++; + if (osp >= ostop) { +@@ -686,23 +688,36 @@ again: + } + *osp = *perror_object; + errorexec_find(i_ctx_p, osp); +- /* If using SAFER, hand a name object to the error handler, rather than the executable +- * object/operator itself. +- */ +- if (i_ctx_p->LockFilePermissions) { ++ ++ if (!r_has_type(osp, t_string) && !r_has_type(osp, t_name)) { + code = obj_cvs(imemory, osp, buf + 2, 256, &rlen, (const byte **)&bufptr); + if (code < 0) { + const char *unknownstr = "--unknown--"; + rlen = strlen(unknownstr); + memcpy(buf, unknownstr, rlen); ++ bufptr = buf; + } + else { +- buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; +- rlen += 4; ++ ref *tobj; ++ bufptr[rlen] = '\0'; ++ /* Only pass a name object if the operator doesn't exist in systemdict ++ * i.e. it's an internal operator we have hidden ++ */ ++ code = dict_find_string(systemdict, (const char *)bufptr, &tobj); ++ if (code < 0) { ++ buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; ++ rlen += 4; ++ bufptr = buf; ++ } ++ else { ++ bufptr = NULL; ++ } ++ } ++ if (bufptr) { ++ code = name_ref(imemory, buf, rlen, osp, 1); ++ if (code < 0) ++ make_null(osp); + } +- code = name_ref(imemory, buf, rlen, osp, 1); +- if (code < 0) +- make_null(osp); + } + } + goto again; +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch b/poky/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch new file mode 100644 index 000000000..4924b3cac --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch @@ -0,0 +1,31 @@ +From f0a61679d28bc1561640403d92492e199bc1c0f3 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 10 Oct 2018 23:25:51 +0100 +Subject: [PATCH 5/5] Bug 699938: .loadfontloop must be an operator + +In the fix for Bug 699816, I omitted to make .loadfontloop into an operator, to +better hide .forceundef and .putgstringcopy. + +CVE: CVE-2018-17961 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_fonts.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 89c3ab7..72feff2 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -1148,7 +1148,7 @@ $error /SubstituteFont { } put + + } loop % end of loop + +- } bind executeonly def % must be bound and hidden for .putgstringcopy ++ } bind executeonly odef % must be bound and hidden for .putgstringcopy + + currentdict /.putgstringcopy .undef + +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch b/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch new file mode 100644 index 000000000..19cf7cc8c --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch @@ -0,0 +1,42 @@ +From 37d7c9117b70e75ebed21c6c8192251f127c0fb0 Mon Sep 17 00:00:00 2001 +From: Nancy Durgin <nancy.durgin@artifex.com> +Date: Mon, 5 Nov 2018 15:36:27 +0800 +Subject: [PATCH 1/2] Undefine some additional internal operators. + +.type, .writecvs, .setSMask, .currentSMask + +These don't seem to be referenced anywhere outside of the initialization code, +which binds their usages. Passes cluster if they are removed. + +CVE: CVE-2018-18073 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_init.ps | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index f952f32..7c71d18 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2230,6 +2230,7 @@ SAFER { .setsafeglobal } if + /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile + /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams + /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath ++ /.type /.writecvs /.setSMask /.currentSMask + + % Used by a free user in the Library of Congress. Apparently this is used to + % draw a partial page, which is then filled in by the results of a barcode +@@ -2248,7 +2249,7 @@ SAFER { .setsafeglobal } if + % test files/utilities, or engineers expressed a desire to keep them visible. + % + %/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11 +- %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors ++ %/.buildfont32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors + %/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget + %/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 + %/.tempfile /.numicc_components /.set_outputintent /.max /.min /.vmreclaim /.getpath /.setglobal +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch b/poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch new file mode 100644 index 000000000..ad66fc3d6 --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch @@ -0,0 +1,197 @@ +From 430f39144244ba4fd7b720cf87031e415e0fabce Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Mon, 5 Nov 2018 15:42:52 +0800 +Subject: [PATCH 2/2] Bug 699927: don't include operator arrays in execstack + output + +When we transfer the contents of the execution stack into the array, take the +extra step of replacing any operator arrays on the stack with the operator +that reference them. + +This prevents the contents of Postscript defined, internal only operators (those +created with .makeoperator) being exposed via execstack (and thus, via error +handling). + +This necessitates a change in the resource remapping 'resource', which contains +a procedure which relies on the contents of the operators arrays being present. +As we already had internal-only variants of countexecstack and execstack +(.countexecstack and .execstack) - using those, and leaving thier operation +including the operator arrays means the procedure continues to work correctly. + +Both .countexecstack and .execstack are undefined after initialization. + +Also, when we store the execstack (or part thereof) for an execstackoverflow +error, make the same oparray/operator substitution as above for execstack. + +CVE: CVE-2018-18073 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_init.ps | 4 ++-- + Resource/Init/gs_resmp.ps | 2 +- + psi/int.mak | 2 +- + psi/interp.c | 14 +++++++++++--- + psi/interp.h | 2 ++ + psi/zcontrol.c | 13 ++++++++++--- + 6 files changed, 27 insertions(+), 10 deletions(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index 7c71d18..f4c1053 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2191,7 +2191,7 @@ SAFER { .setsafeglobal } if + %% but can be easily restored (just delete the name from the list in the array). In future + %% we may remove the operator and the code implementation entirely. + [ +- /.bitadd /.charboxpath /.cond /.countexecstack /.execstack /.runandhide /.popdevicefilter ++ /.bitadd /.charboxpath /.cond /.runandhide /.popdevicefilter + /.execfile /.filenamesplit /.file_name_parent + /.setdefaultmatrix /.isprocfilter /.unread /.psstringencode + /.buildsampledfunction /.isencapfunction /.currentaccuratecurves /.currentcurvejoin /.currentdashadapt /.currentdotlength +@@ -2230,7 +2230,7 @@ SAFER { .setsafeglobal } if + /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile + /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams + /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath +- /.type /.writecvs /.setSMask /.currentSMask ++ /.type /.writecvs /.setSMask /.currentSMask /.countexecstack /.execstack + + % Used by a free user in the Library of Congress. Apparently this is used to + % draw a partial page, which is then filled in by the results of a barcode +diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps +index 7cacaf8..9bb4263 100644 +--- a/Resource/Init/gs_resmp.ps ++++ b/Resource/Init/gs_resmp.ps +@@ -183,7 +183,7 @@ setpacking + % We don't check them. + + currentglobal //false setglobal % <object> bGlobal +- countexecstack array execstack % <object> bGlobal [execstack] ++ //false .countexecstack array //false .execstack % <object> bGlobal [execstack] + dup //null exch % <object> bGlobal [execstack] null [execstack] + length 3 sub -1 0 { % <object> bGlobal [execstack] null i + 2 index exch get % <object> bGlobal [execstack] null proc +diff --git a/psi/int.mak b/psi/int.mak +index 5d9b3d5..6ab5bf0 100644 +--- a/psi/int.mak ++++ b/psi/int.mak +@@ -323,7 +323,7 @@ $(PSOBJ)zarray.$(OBJ) : $(PSSRC)zarray.c $(OP) $(memory__h)\ + + $(PSOBJ)zcontrol.$(OBJ) : $(PSSRC)zcontrol.c $(OP) $(string__h)\ + $(estack_h) $(files_h) $(ipacked_h) $(iutil_h) $(store_h) $(stream_h)\ +- $(INT_MAK) $(MAKEDIRS) ++ $(interp_h) $(INT_MAK) $(MAKEDIRS) + $(PSCC) $(PSO_)zcontrol.$(OBJ) $(C_) $(PSSRC)zcontrol.c + + $(PSOBJ)zdict.$(OBJ) : $(PSSRC)zdict.c $(OP)\ +diff --git a/psi/interp.c b/psi/interp.c +index b70769d..6dc0dda 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -142,7 +142,6 @@ static int oparray_pop(i_ctx_t *); + static int oparray_cleanup(i_ctx_t *); + static int zerrorexec(i_ctx_t *); + static int zfinderrorobject(i_ctx_t *); +-static int errorexec_find(i_ctx_t *, ref *); + static int errorexec_pop(i_ctx_t *); + static int errorexec_cleanup(i_ctx_t *); + static int zsetstackprotect(i_ctx_t *); +@@ -761,7 +760,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) + { + uint size = ref_stack_count(pstack) - skip; + uint save_space = ialloc_space(idmemory); +- int code; ++ int code, i; + + if (size > 65535) + size = 65535; +@@ -770,6 +769,15 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) + if (code >= 0) + code = ref_stack_store(pstack, arr, size, 0, 1, true, idmemory, + "copy_stack"); ++ /* If we are copying the exec stack, try to replace any oparrays with ++ * with the operator than references them ++ */ ++ if (pstack == &e_stack) { ++ for (i = 0; i < size; i++) { ++ if (errorexec_find(i_ctx_p, &arr->value.refs[i]) < 0) ++ make_null(&arr->value.refs[i]); ++ } ++ } + ialloc_set_space(idmemory, save_space); + return code; + } +@@ -1934,7 +1942,7 @@ zfinderrorobject(i_ctx_t *i_ctx_p) + * .errorexec with errobj != null, store it in *perror_object and return 1, + * otherwise return 0; + */ +-static int ++int + errorexec_find(i_ctx_t *i_ctx_p, ref *perror_object) + { + long i; +diff --git a/psi/interp.h b/psi/interp.h +index e9275b9..4f551d1 100644 +--- a/psi/interp.h ++++ b/psi/interp.h +@@ -91,5 +91,7 @@ void gs_interp_reset(i_ctx_t *i_ctx_p); + /* Define the top-level interface to the interpreter. */ + int gs_interpret(i_ctx_t **pi_ctx_p, ref * pref, int user_errors, + int *pexit_code, ref * perror_object); ++int ++errorexec_find(i_ctx_t *i_ctx_p, ref *perror_object); + + #endif /* interp_INCLUDED */ +diff --git a/psi/zcontrol.c b/psi/zcontrol.c +index 36da22c..0362cf4 100644 +--- a/psi/zcontrol.c ++++ b/psi/zcontrol.c +@@ -24,6 +24,7 @@ + #include "ipacked.h" + #include "iutil.h" + #include "store.h" ++#include "interp.h" + + /* Forward references */ + static int check_for_exec(const_os_ptr); +@@ -787,7 +788,7 @@ zexecstack2(i_ctx_t *i_ctx_p) + /* Continuation operator to do the actual transfer. */ + /* r_size(op1) was set just above. */ + static int +-do_execstack(i_ctx_t *i_ctx_p, bool include_marks, os_ptr op1) ++do_execstack(i_ctx_t *i_ctx_p, bool include_marks, bool include_oparrays, os_ptr op1) + { + os_ptr op = osp; + ref *arefs = op1->value.refs; +@@ -829,6 +830,12 @@ do_execstack(i_ctx_t *i_ctx_p, bool include_marks, os_ptr op1) + strlen(tname), (const byte *)tname); + break; + } ++ case t_array: ++ case t_shortarray: ++ case t_mixedarray: ++ if (!include_oparrays && errorexec_find(i_ctx_p, rq) < 0) ++ make_null(rq); ++ break; + default: + ; + } +@@ -841,14 +848,14 @@ execstack_continue(i_ctx_t *i_ctx_p) + { + os_ptr op = osp; + +- return do_execstack(i_ctx_p, false, op); ++ return do_execstack(i_ctx_p, false, false, op); + } + static int + execstack2_continue(i_ctx_t *i_ctx_p) + { + os_ptr op = osp; + +- return do_execstack(i_ctx_p, op->value.boolval, op - 1); ++ return do_execstack(i_ctx_p, op->value.boolval, true, op - 1); + } + + /* - .needinput - */ +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/0008-Make-.forceput-unavailable-from-.policyprocs-helper-.patch b/poky/meta/recipes-extended/ghostscript/files/0008-Make-.forceput-unavailable-from-.policyprocs-helper-.patch new file mode 100644 index 000000000..7cc51629e --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0008-Make-.forceput-unavailable-from-.policyprocs-helper-.patch @@ -0,0 +1,245 @@ +From 9096beaa4451c12dd2a2caf000658fbac4a5bcdf Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Mon, 5 Nov 2018 15:51:32 +0800 +Subject: [PATCH] Make .forceput unavailable from '.policyprocs' helper + dictionary + +Bug #69963 "1Policy is a dangerous operator, any callers should be odef" + +Leaving the .policyprocs dictionary with a procedure which is a simple +wrapper for .forceput effectively leaves .forceput available. + +It seems that the only reason to have .policyprocs is to minimise the +code in .applypolicies, so we can remove the dictionary and put the +code straight into .applypolicies, which we can then bind and make +executeonly, which hides the .forceput. Also, since we don't need +.applypolicies after startup, we can undefine that from systemdict too. + +While we're here, review all the uses of .force* to make certain that +there are no other similar cases. This showed a few places where we +hadn't made a function executeonly, so do that too. Its probably not +required, since I'm reasonably sure its impossible to load those +functions as packed arrays (they are all defined as operators), but lets +have a belt and braces approach, the additional time cost is negligible. + +CVE: CVE-2018-18284 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_diskn.ps | 2 +- + Resource/Init/gs_dps.ps | 2 +- + Resource/Init/gs_epsf.ps | 2 +- + Resource/Init/gs_fonts.ps | 4 +- + Resource/Init/gs_init.ps | 2 +- + Resource/Init/gs_setpd.ps | 100 ++++++++++++++++++++++++---------------------- + 6 files changed, 58 insertions(+), 54 deletions(-) + +diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps +index 26ec0b5..fd694bc 100644 +--- a/Resource/Init/gs_diskn.ps ++++ b/Resource/Init/gs_diskn.ps +@@ -61,7 +61,7 @@ systemdict begin + % doesn't get run enough to justify the complication + //.putdevparams + //systemdict /.searchabledevs .forceundef +-} .bind odef % must be bound and hidden for .forceundef ++} .bind executeonly odef % must be bound and hidden for .forceundef + + % ------ extend filenameforall to handle wildcards in %dev% part of pattern -------% + /filenameforall { +diff --git a/Resource/Init/gs_dps.ps b/Resource/Init/gs_dps.ps +index daf7b0f..00c14d5 100644 +--- a/Resource/Init/gs_dps.ps ++++ b/Resource/Init/gs_dps.ps +@@ -124,7 +124,7 @@ + /savedinitialgstate .systemvar setgstate gsave + % Wrap up. + end .setglobal +-} odef ++} bind executeonly odef + + % Check whether an object is a procedure. + /.proccheck { % <obj> .proccheck <bool> +diff --git a/Resource/Init/gs_epsf.ps b/Resource/Init/gs_epsf.ps +index e4037d9..2d0f677 100644 +--- a/Resource/Init/gs_epsf.ps ++++ b/Resource/Init/gs_epsf.ps +@@ -31,7 +31,7 @@ + /EPSBoundingBoxState 5 def + /EPSBoundingBoxSetState { + //systemdict /EPSBoundingBoxState 3 -1 roll .forceput +-} .bind odef % .forceput must be bound and hidden ++} .bind executeonly odef % .forceput must be bound and hidden + + % Parse 4 numbers for a bounding box + /EPSBoundingBoxParse { % (llx lly urx ury) -- llx lly urx ury true OR false +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 72feff2..803faca 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -583,7 +583,7 @@ buildfontdict 3 /.buildfont3 cvx put + } bind def + /.setloadingfont { + //systemdict /.loadingfont 3 -1 roll .forceput +-} .bind odef % .forceput must be bound and hidden ++} .bind executeonly odef % .forceput must be bound and hidden + /.loadfont + { % Some buggy fonts leave extra junk on the stack, + % so we have to make a closure that records the stack depth +@@ -1012,7 +1012,7 @@ $error /SubstituteFont { } put + dup length string copy + .forceput setglobal + } ifelse +-} .bind odef % must be bound and hidden for .forceput ++} .bind executeonly odef % must be bound and hidden for .forceput + + % Attempt to load a font from a file. + /.tryloadfont { % <fontname> .tryloadfont <font> true +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index f4c1053..07ee968 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2230,7 +2230,7 @@ SAFER { .setsafeglobal } if + /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile + /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams + /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath +- /.type /.writecvs /.setSMask /.currentSMask /.countexecstack /.execstack ++ /.type /.writecvs /.setSMask /.currentSMask /.countexecstack /.execstack /.applypolicies + + % Used by a free user in the Library of Congress. Apparently this is used to + % draw a partial page, which is then filled in by the results of a barcode +diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps +index afb4ffa..7c076ad 100644 +--- a/Resource/Init/gs_setpd.ps ++++ b/Resource/Init/gs_setpd.ps +@@ -609,6 +609,23 @@ NOMEDIAATTRS { + % and we replace the key in the <merged> dictionary with its prior value + % (or remove it if it had no prior value). + ++% These procedures are called with the following on the stack: ++% <orig> <merged> <failed> <Policies> <key> <policy> ++% They are expected to consume the top 2 operands. ++% NOTE: we currently treat all values other than 0, 1, or 7 (for PageSize) ++% the same as 0, i.e., we signal an error. ++/0Policy { % Set errorinfo and signal a configurationerror. ++ NOMEDIAATTRS { ++ % NOMEDIAATTRS means that the default policy is 7... ++ pop 2 index exch 7 put ++ } { ++ pop dup 4 index exch get 2 array astore ++ $error /errorinfo 3 -1 roll put ++ cleartomark ++ /setpagedevice .systemvar /configurationerror signalerror ++ } ifelse ++} bind executeonly odef ++ + % Making this an operator means we can properly hide + % the contents - specifically .forceput + /1Policy +@@ -617,59 +634,46 @@ NOMEDIAATTRS { + SETPDDEBUG { (Rolling back.) = pstack flush } if + 3 index 2 index 3 -1 roll .forceput + 4 index 1 index .knownget +- { 4 index 3 1 roll .forceput } +- { 3 index exch .undef } ++ { 4 index 3 1 roll .forceput } ++ { 3 index exch .undef } + ifelse + } bind executeonly odef + +-/.policyprocs mark +-% These procedures are called with the following on the stack: +-% <orig> <merged> <failed> <Policies> <key> <policy> +-% They are expected to consume the top 2 operands. +-% NOTE: we currently treat all values other than 0, 1, or 7 (for PageSize) +-% the same as 0, i.e., we signal an error. +-% +-% M. Sweet, Easy Software Products: +-% +-% Define NOMEDIAATTRS to turn off the default (but unimplementable) media +-% selection policies for setpagedevice. This is used by CUPS to support +-% the standard Adobe media attributes. +- 0 { % Set errorinfo and signal a configurationerror. +- NOMEDIAATTRS { +- % NOMEDIAATTRS means that the default policy is 7... +- pop 2 index exch 7 put +- } { +- pop dup 4 index exch get 2 array astore +- $error /errorinfo 3 -1 roll put +- cleartomark +- /setpagedevice .systemvar /configurationerror signalerror +- } ifelse +- } bind +- 1 /1Policy load +- 7 { % For PageSize only, just impose the request. +- 1 index /PageSize eq +- { pop pop 1 index /PageSize 7 put } +- { .policyprocs 0 get exec } +- ifelse +- } bind +-.dicttomark readonly def +-currentdict /1Policy undef ++/7Policy { % For PageSize only, just impose the request. ++ 1 index /PageSize eq ++ { pop pop 1 index /PageSize 7 put } ++ { .policyprocs 0 get exec } ++ ifelse ++} bind executeonly odef + + /.applypolicies % <orig> <merged> <failed> .applypolicies + % <orig> <merged'> <failed'> +- { 1 index /Policies get 1 index +- { type /integertype eq +- { pop % already processed +- } +- { 2 copy .knownget not { 1 index /PolicyNotFound get } if +- % Stack: <orig> <merged> <failed> <Policies> <key> +- % <policy> +- .policyprocs 1 index .knownget not { .policyprocs 0 get } if exec +- } +- ifelse +- } +- forall pop +- } bind def ++{ ++ 1 index /Policies get 1 index ++ { type /integertype eq ++ { ++ pop % already processed ++ }{ ++ 2 copy .knownget not { 1 index /PolicyNotFound get } if ++ % Stack: <orig> <merged> <failed> <Policies> <key> ++ % <policy> ++ dup 1 eq { ++ 1Policy ++ }{ ++ dup 7 eq { ++ 7Policy ++ }{ ++ 0Policy ++ } ifelse ++ } ifelse ++ } ifelse ++ } ++ forall pop ++} bind executeonly odef ++ ++currentdict /0Policy undef ++currentdict /1Policy undef ++currentdict /7Policy undef + + % Prepare to present parameters to the device, by spreading them onto the + % operand stack and removing any that shouldn't be presented. +@@ -1006,7 +1010,7 @@ SETPDDEBUG { (Installing.) = pstack flush } if + .postinstall + } ifelse + setglobal % return to original VM allocation mode +-} odef ++} bind executeonly odef + + % We break out the code after calling the Install procedure into a + % separate procedure, since it is executed even if Install causes an error. +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch b/poky/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch index c3e44fe86..5834ffaf9 100644 --- a/poky/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch +++ b/poky/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch @@ -1,7 +1,7 @@ -From 5ef8b85bc98f3bd9a15d5f47e24d3e23ae27c265 Mon Sep 17 00:00:00 2001 +From a954bf29a5f906b3151dffbecb5856e02e1565da Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Mon, 18 Jan 2016 01:00:30 -0500 -Subject: [PATCH] configure.ac: do not check local png source +Subject: [PATCH 03/10] configure.ac: do not check local png source In oe-core, it did not need to compile local libpng source in ghostscript, so do not check local png @@ -16,10 +16,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac -index bf6d3f5..01df03f 100644 +index 9341930..80a60b1 100644 --- a/configure.ac +++ b/configure.ac -@@ -930,11 +930,11 @@ AC_SUBST(ZLIBDIR) +@@ -1114,11 +1114,11 @@ AC_SUBST(ZLIBDIR) AC_SUBST(FT_SYS_ZLIB) dnl png for the png output device; it also requires zlib @@ -34,5 +34,5 @@ index bf6d3f5..01df03f 100644 SHARE_LIBPNG=0 LIBPNGDIR=$srcdir/libpng -- -2.8.1 +1.8.3.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-11714.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-11714.patch deleted file mode 100644 index 84983c5ae..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-11714.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 671fd59eb657743aa86fbc1895cb15872a317caa Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 6 Jul 2017 14:54:02 +0100 -Subject: [PATCH] Bug 698158: prevent trying to reloc a freed object - -In the token reader, we pass the scanner state structure around as a -t_struct ref on the Postscript operand stack. - -But we explicitly free the scanner state when we're done, which leaves a -dangling reference on the operand stack and, unless that reference gets -overwritten before the next garbager run, we can end up with the garbager -trying to deal with an already freed object - that can cause a crash, or -memory corruption. ---- - psi/ztoken.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - ---- end of original header - -CVE: CVE-2017-11714 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - -diff --git a/psi/ztoken.c b/psi/ztoken.c -index 4dba7c5..af1ceeb 100644 ---- a/psi/ztoken.c -+++ b/psi/ztoken.c -@@ -107,6 +107,12 @@ token_continue(i_ctx_t *i_ctx_p, scanner_state * pstate, bool save) - int code; - ref token; - -+ /* Since we might free pstate below, and we're dealing with -+ * gc memory referenced by the stack, we need to explicitly -+ * remove the reference to pstate from the stack, otherwise -+ * the garbager will fall over -+ */ -+ make_null(osp); - /* Note that gs_scan_token may change osp! */ - pop(1); /* remove the file or scanner state */ - again: -@@ -183,8 +189,14 @@ ztokenexec_continue(i_ctx_t *i_ctx_p) - static int - tokenexec_continue(i_ctx_t *i_ctx_p, scanner_state * pstate, bool save) - { -- os_ptr op; -+ os_ptr op = osp; - int code; -+ /* Since we might free pstate below, and we're dealing with -+ * gc memory referenced by the stack, we need to explicitly -+ * remove the reference to pstate from the stack, otherwise -+ * the garbager will fall over -+ */ -+ make_null(osp); - /* Note that gs_scan_token may change osp! */ - pop(1); - again: --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-5951.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-5951.patch deleted file mode 100644 index 62cc1342a..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-5951.patch +++ /dev/null @@ -1,44 +0,0 @@ -From bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 6 Apr 2017 16:44:54 +0100 -Subject: [PATCH] Bug 697548: use the correct param list enumerator - -When we encountered dictionary in a ref_param_list, we were using the enumerator -for the "parent" param_list, rather than the enumerator for the param_list -we just created for the dictionary. That parent was usually the stack -list enumerator, and caused a segfault. - -Using the correct enumerator works better. - -Upstream-Status: Backport -CVE: CVE-2017-5951 - -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - psi/iparam.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/psi/iparam.c b/psi/iparam.c -index 4e63b6d..b2fa85f 100644 ---- a/psi/iparam.c -+++ b/psi/iparam.c -@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * plist, gs_param_name pkey, - gs_param_enumerator_t enumr; - gs_param_key_t key; - ref_type keytype; -+ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list; - - param_init_enumerator(&enumr); -- if (!(*((iparam_list *) plist)->enumerate) -- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype) -+ if (!(*(dlist->enumerate)) -+ ((iparam_list *) dlist, &enumr, &key, &keytype) - && keytype == t_integer) { -- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1; -+ dlist->int_keys = 1; - pvalue->type = gs_param_type_dict_int_keys; - } - } --- -2.10.2 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch deleted file mode 100644 index a05dc02c6..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0e88bee1304993668fede72498d656a2dd33a35e Mon Sep 17 00:00:00 2001 -From: Ken Sharp <ken.sharp@artifex.com> -Date: Mon, 20 Mar 2017 09:34:11 +0000 -Subject: [PATCH] Ensure a device has raster memory, before trying to read it. - -Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()" - -This is only possible by abusing/mis-using Ghostscript-specific -language extensions, so cannot happen in a general PostScript program. - -Nevertheless, Ghostscript should not crash. So this commit checks the -memory device to see if raster memory has been allocated, before trying -to read from it. - -Upstream-Status: Backport -CVE: CVE-2017-7207 - -Author: Ken Sharp <ken.sharp@artifex.com> -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - base/gdevmem.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/base/gdevmem.c b/base/gdevmem.c -index 41108ba..183f96d 100644 ---- a/base/gdevmem.c -+++ b/base/gdevmem.c -@@ -605,6 +605,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect, - GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE; - return_error(gs_error_rangecheck); - } -+ if (mdev->line_ptrs == 0x00) -+ return_error(gs_error_rangecheck); - if ((w <= 0) | (h <= 0)) { - if ((w | h) < 0) - return_error(gs_error_rangecheck); --- -2.10.2 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7975.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7975.patch deleted file mode 100644 index e406086e8..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7975.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b39be1019b4acc1aa50c6026463c543332e95a31 Mon Sep 17 00:00:00 2001 -From: Catalin Enache <catalin.enache@windriver.com> -Date: Mon, 8 May 2017 16:18:14 +0300 - -Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow. - -While building a Huffman table, the start and end points were susceptible -to integer overflow. - -Thank you to Jiaqi for finding this issue and suggesting a patch. - -Upstream-Status: Backport -CVE: CVE-2017-7975 - -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> - -Contents of this patch were extracted from a larger patch which addressed -two CVE's. The context (location of {) was also modified to apply to -ghostscript 9.21. - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - - ---- a/jbig2dec/jbig2_huffman.c -+++ b/jbig2dec/jbig2_huffman.c -@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, - - if (PREFLEN == CURLEN) { - int RANGELEN = lines[CURTEMP].RANGELEN; -- int start_j = CURCODE << shift; -- int end_j = (CURCODE + 1) << shift; -+ uint32_t start_j = CURCODE << shift; -+ uint32_t end_j = (CURCODE + 1) << shift; - byte eflags = 0; - - if (end_j > max_j) { - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch deleted file mode 100644 index 1caeb3ef5..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001 -From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> -Date: Wed, 24 May 2017 19:29:57 +0100 -Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored. - -The return code from jbig2_decode_text_region was being ignored so the -code continued to try and parse the invalid file using incomplete/empty -structures. - -Upstream-Status: Backport -CVE: CVE-2017-9216 - -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - jbig2dec/jbig2_symbol_dict.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c -index 3cc1731..672425d 100644 ---- a/jbig2dec/jbig2_symbol_dict.c -+++ b/jbig2dec/jbig2_symbol_dict.c -@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - } - - /* multiple symbols are handled as a text region */ -- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts, -+ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts, - n_refagg_dicts, image, data, size, GR_stats, as, ws); -+ if (code < 0) -+ goto cleanup4; - - SDNEWSYMS->glyphs[NSYMSDECODED] = image; - refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]); --- -2.10.2 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch deleted file mode 100644 index 58ef04d1f..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c7c55972758a93350882c32147801a3485b010fe Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Mon, 12 Jun 2017 13:08:40 +0100 -Subject: [PATCH] Bug 698024: bounds check zone pointer in Ins_MIRP() - ---- - base/ttinterp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- end of original header - -CVE: CVE-2017-9611 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - -diff --git a/base/ttinterp.c b/base/ttinterp.c -index e56aec6..f6a6d95 100644 ---- a/base/ttinterp.c -+++ b/base/ttinterp.c -@@ -3858,7 +3858,8 @@ static int nInstrCount=0; - /* XXX: UNDOCUMENTED! cvt[-1] = 0 always */ - - if ( BOUNDS( args[0], CUR.zp1.n_points ) || -- BOUNDS( args[1]+1, CUR.cvtSize+1 ) ) -+ BOUNDS( args[1]+1, CUR.cvtSize+1 ) || -+ BOUNDS(CUR.GS.rp0, CUR.zp0.n_points) ) - { - CUR.error = TT_Err_Invalid_Reference; - return; --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch deleted file mode 100644 index b737cc56b..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 98f6da60b9d463c617e631fc254cf6d66f2e8e3c Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Mon, 12 Jun 2017 13:15:17 +0100 -Subject: [PATCH] Bug 698026: bounds check zone pointers in Ins_IP() - ---- - base/ttinterp.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - ---- end of original header - -CVE: CVE-2017-9612 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - -diff --git a/base/ttinterp.c b/base/ttinterp.c -index f6a6d95..e7c9d68 100644 ---- a/base/ttinterp.c -+++ b/base/ttinterp.c -@@ -4129,7 +4129,9 @@ static int nInstrCount=0; - Int point; - (void)args; - -- if ( CUR.top < CUR.GS.loop ) -+ if ( CUR.top < CUR.GS.loop || -+ BOUNDS(CUR.GS.rp1, CUR.zp0.n_points) || -+ BOUNDS(CUR.GS.rp2, CUR.zp1.n_points)) - { - CUR.error = TT_Err_Invalid_Reference; - return; --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch deleted file mode 100644 index 3e6c65699..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7755e67116e8973ee0e3b22d653df026a84fa01b Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 15 Jun 2017 08:58:31 +0100 -Subject: [PATCH] Bug 698055: bounds check zone pointer in Ins_MDRP - ---- - base/ttinterp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- end of original header - -CVE: CVE-2017-9726 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> -diff --git a/base/ttinterp.c b/base/ttinterp.c -index e7c9d68..af457e8 100644 ---- a/base/ttinterp.c -+++ b/base/ttinterp.c -@@ -3770,7 +3770,8 @@ static int nInstrCount=0; - - point = (Int)args[0]; - -- if ( BOUNDS( args[0], CUR.zp1.n_points ) ) -+ if ( BOUNDS( args[0], CUR.zp1.n_points ) || -+ BOUNDS( CUR.GS.rp0, CUR.zp0.n_points) ) - { - /* Current version of FreeType silently ignores this out of bounds error - * and drops the instruction, see bug #691121 --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch deleted file mode 100644 index a2f7bfa50..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 937ccd17ac65935633b2ebc06cb7089b91e17e6b Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 15 Jun 2017 09:05:20 +0100 -Subject: [PATCH] Bug 698056: make bounds check in gx_ttfReader__Read more - robust - ---- - base/gxttfb.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- end of original header - -CVE: CVE-2017-9727 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - -diff --git a/base/gxttfb.c b/base/gxttfb.c -index 0e9a444..e1561af 100644 ---- a/base/gxttfb.c -+++ b/base/gxttfb.c -@@ -79,7 +79,8 @@ static void gx_ttfReader__Read(ttfReader *self, void *p, int n) - if (!r->error) { - if (r->extra_glyph_index != -1) { - q = r->glyph_data.bits.data + r->pos; -- r->error = (r->glyph_data.bits.size - r->pos < n ? -+ r->error = ((r->pos >= r->glyph_data.bits.size || -+ r->glyph_data.bits.size - r->pos < n) ? - gs_note_error(gs_error_invalidfont) : 0); - if (r->error == 0) - memcpy(p, q, n); --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9739.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9739.patch deleted file mode 100644 index 69a94df7b..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9739.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Fri, 16 Jun 2017 08:29:25 +0100 -Subject: [PATCH] Bug 698063: Bounds check Ins_JMPR - ---- - base/ttinterp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- end of original header - -CVE: CVE-2017-9739 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - -diff --git a/base/ttinterp.c b/base/ttinterp.c -index af457e8..adf3f0c 100644 ---- a/base/ttinterp.c -+++ b/base/ttinterp.c -@@ -1794,6 +1794,12 @@ static int nInstrCount=0; - - static void Ins_JMPR( INS_ARG ) - { -+ if ( BOUNDS(CUR.IP + args[0], CUR.codeSize ) ) -+ { -+ CUR.error = TT_Err_Invalid_Reference; -+ return; -+ } -+ - CUR.IP += (Int)(args[0]); - CUR.step_ins = FALSE; - --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9835.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9835.patch deleted file mode 100644 index 7c65690c6..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9835.patch +++ /dev/null @@ -1,125 +0,0 @@ -From cfde94be1d4286bc47633c6e6eaf4e659bd78066 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 7 Jun 2017 14:55:12 +0100 -Subject: [PATCH] Bug 697985: bounds check the array allocations methods - -The clump allocator has four allocation functions that use 'number of elements' -and 'size of elements' parameters (rather than a simple 'number of bytes'). - -Those need specific bounds checking. ---- - base/gsalloc.c | 42 ++++++++++++++++++++++++++++-------------- - 1 file changed, 28 insertions(+), 14 deletions(-) - ---- end of original header - -CVE: CVE-2017-9835 - -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - -diff --git a/base/gsalloc.c b/base/gsalloc.c -index 741ba00..10c04dd 100644 ---- a/base/gsalloc.c -+++ b/base/gsalloc.c -@@ -1248,19 +1248,32 @@ i_alloc_struct_immovable(gs_memory_t * mem, gs_memory_type_ptr_t pstype, - alloc_trace("|+<.", imem, cname, pstype, size, obj); - return obj; - } -+ -+static inline bool -+alloc_array_check_size(ulong num_elements, ulong elt_size, ulong *lsize) -+{ -+ int64_t s = (int64_t)num_elements * elt_size; -+ if (s > max_uint) { -+ return false; -+ } -+ *lsize = (ulong)s; -+ return true; -+} -+ - static byte * - i_alloc_byte_array(gs_memory_t * mem, uint num_elements, uint elt_size, - client_name_t cname) - { - gs_ref_memory_t * const imem = (gs_ref_memory_t *)mem; - obj_header_t *obj; -- -+ ulong lsize; - #ifdef MEMENTO - if (Memento_failThisEvent()) - return NULL; - #endif -- -- obj = alloc_obj(imem, (ulong) num_elements * elt_size, -+ if (alloc_array_check_size(num_elements, elt_size, &lsize) == false) -+ return NULL; -+ obj = alloc_obj(imem, lsize, - &st_bytes, ALLOC_DIRECT, cname); - - if_debug6m('A', mem, "[a%d:+b.]%s -bytes-*(%lu=%u*%u) = 0x%lx\n", -@@ -1275,13 +1288,14 @@ i_alloc_byte_array_immovable(gs_memory_t * mem, uint num_elements, - { - gs_ref_memory_t * const imem = (gs_ref_memory_t *)mem; - obj_header_t *obj; -- -+ ulong lsize; - #ifdef MEMENTO - if (Memento_failThisEvent()) - return NULL; - #endif -- -- obj = alloc_obj(imem, (ulong) num_elements * elt_size, -+ if (alloc_array_check_size(num_elements, elt_size, &lsize) == false) -+ return NULL; -+ obj = alloc_obj(imem, lsize, - &st_bytes, ALLOC_IMMOVABLE | ALLOC_DIRECT, - cname); - -@@ -1297,7 +1311,7 @@ i_alloc_struct_array(gs_memory_t * mem, uint num_elements, - { - gs_ref_memory_t * const imem = (gs_ref_memory_t *)mem; - obj_header_t *obj; -- -+ ulong lsize; - #ifdef MEMENTO - if (Memento_failThisEvent()) - return NULL; -@@ -1311,9 +1325,9 @@ i_alloc_struct_array(gs_memory_t * mem, uint num_elements, - return NULL; /* fail */ - } - #endif -- obj = alloc_obj(imem, -- (ulong) num_elements * pstype->ssize, -- pstype, ALLOC_DIRECT, cname); -+ if (alloc_array_check_size(num_elements, pstype->ssize, &lsize) == false) -+ return NULL; -+ obj = alloc_obj(imem, lsize, pstype, ALLOC_DIRECT, cname); - if_debug7m('A', mem, "[a%d:+<.]%s %s*(%lu=%u*%u) = 0x%lx\n", - alloc_trace_space(imem), client_name_string(cname), - struct_type_name_string(pstype), -@@ -1327,16 +1341,16 @@ i_alloc_struct_array_immovable(gs_memory_t * mem, uint num_elements, - { - gs_ref_memory_t * const imem = (gs_ref_memory_t *)mem; - obj_header_t *obj; -- -+ ulong lsize; - #ifdef MEMENTO - if (Memento_failThisEvent()) - return NULL; - #endif - - ALLOC_CHECK_SIZE(mem,pstype); -- obj = alloc_obj(imem, -- (ulong) num_elements * pstype->ssize, -- pstype, ALLOC_IMMOVABLE | ALLOC_DIRECT, cname); -+ if (alloc_array_check_size(num_elements, pstype->ssize, &lsize) == false) -+ return NULL; -+ obj = alloc_obj(imem, lsize, pstype, ALLOC_IMMOVABLE | ALLOC_DIRECT, cname); - if_debug7m('A', mem, "[a%d|+<.]%s %s*(%lu=%u*%u) = 0x%lx\n", - alloc_trace_space(imem), client_name_string(cname), - struct_type_name_string(pstype), --- -1.7.9.5 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch index c4794e7d8..e8cb16c36 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch @@ -1,14 +1,25 @@ +From 0ccbaa134093bf6afc79f2d20d061bca5a8754ed Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Thu, 29 Mar 2018 16:02:05 +0800 +Subject: [PATCH 04/10] avoid host contamination + Remove hardcode path refer to host to avoid host contamination. Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Rebase to 9.23 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- + devices/devs.mak | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + diff --git a/devices/devs.mak b/devices/devs.mak -index 3070d2e..df663f0 100644 +index 846aa50..9570182 100644 --- a/devices/devs.mak +++ b/devices/devs.mak -@@ -546,7 +546,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\ +@@ -393,7 +393,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\ ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS) @@ -17,3 +28,6 @@ index 3070d2e..df663f0 100644 ###### --------------- Memory-buffered printer devices --------------- ###### +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch index d97d4ecd7..7d80066a8 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch @@ -1,4 +1,8 @@ -base/genht.c: add a preprocessor define to allow fopen calling +From 9ca6f795409b988d38dd98bc2a6ecb68a9392312 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Thu, 29 Mar 2018 16:37:40 +0800 +Subject: [PATCH 10/10] base/genht.c: add a preprocessor define to allow fopen + calling The commit in upstream: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=773c69e46e70bdd5482676437dafd2ca83397643 @@ -7,17 +11,19 @@ Replace all fopen calls with gp_fopen and add a preprocessor define so that any unintential calls directly to fopen will cause an error. Only exceptions are those in the platform specific code, and mkromfs.c. -This patch add a preprocessor define to allow fopen calling in base/genht.c. +This patch add a preprocessor define to allow fopen calling in +base/genht.c. Upstream-Status: Pending +Rebase to 9.23 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- base/genht.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/base/genht.c b/base/genht.c -index 4b04085..cc82fff 100644 +index e597e72..e96bfb5 100644 --- a/base/genht.c +++ b/base/genht.c @@ -16,6 +16,10 @@ @@ -32,5 +38,5 @@ index 4b04085..cc82fff 100644 #include "string_.h" #include "gscdefs.h" -- -1.8.1.2 +1.8.3.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/cups-no-gcrypt.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/cups-no-gcrypt.patch index a1c9368cc..4c9bb22fa 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/cups-no-gcrypt.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/cups-no-gcrypt.patch @@ -1,6 +1,12 @@ -Subject: [PATCH] Don't build-depend on libgcrypt, as nothing is used from it +From 9129eb7fa9dc160d64a7d9df9279a3b1dae4d793 Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Thu, 29 Mar 2018 16:16:18 +0800 +Subject: [PATCH 08/10] cups no gcrypt -Backported from http://www.cups.org/strfiles.php/3308/cups-no-gcrypt.patch +Don't build-depend on libgcrypt, as nothing is used from it + +Backported from +http://www.cups.org/strfiles.php/3308/cups-no-gcrypt.patch This addresses the cryto dependency seen during build. @@ -8,7 +14,7 @@ Upstream-Status: Backport Signed-off-by: Jackie Huang <jackie.huang@windriver.com> -Rebase the patch to ghostscript-9.15 +Rebase to 9.23 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- cups/libs/cups/http-private.h | 1 - @@ -27,5 +33,5 @@ index 99a85c3..a674852 100644 # include <CoreFoundation/CoreFoundation.h> # include <Security/Security.h> -- -1.9.1 +1.8.3.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch index b4c14ea23..fc144f625 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch @@ -1,22 +1,28 @@ -Import patch from windriver linux for cross compilation, and split patches -into oe way under different directories such as i586, powerpc etc according -to Richard's opinion. +From 94850954b88440df6c41d2dd133c422ffc84d9aa Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Thu, 29 Mar 2018 16:12:48 +0800 +Subject: [PATCH 07/10] not generate objarch.h at compile time + +Import patch from windriver linux for cross compilation, and split +patches into oe way under different directories such as i586, powerpc etc +according to Richard's opinion. Upstream-Status: Pending Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -# Author: Chi Xu <chi.xu@windriver.com> -# Date: Feb 26 2010 -# Summary: Generate arch.h for ppc32 -# +Rebase to 9.23 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + base/lib.mak | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) -Index: ghostscript-9.21/base/lib.mak -=================================================================== ---- ghostscript-9.21.orig/base/lib.mak -+++ ghostscript-9.21/base/lib.mak -@@ -73,8 +73,8 @@ arch_h=$(GLGEN)arch.h +diff --git a/base/lib.mak b/base/lib.mak +index 0036d1e..302877e 100644 +--- a/base/lib.mak ++++ b/base/lib.mak +@@ -87,8 +87,8 @@ arch_h=$(GLGEN)arch.h stdpre_h=$(GLSRC)stdpre.h stdint__h=$(GLSRC)stdint_.h $(std_h) @@ -27,3 +33,6 @@ Index: ghostscript-9.21/base/lib.mak # Platform interfaces +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.15-parallel-make.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.15-parallel-make.patch index 3ec395640..ffa269e3b 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.15-parallel-make.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.15-parallel-make.patch @@ -1,25 +1,23 @@ -From 14937d9247330065359ca0fb648c28dfa5c3b224 Mon Sep 17 00:00:00 2001 -From: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> -Date: Tue, 13 Dec 2016 18:16:41 +0900 -Subject: [PATCH] ghostscript-9.15-parallel-make +From 84bb692d6b047c09266de154f404af9817fa04aa Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Thu, 29 Mar 2018 15:59:05 +0800 +Subject: [PATCH 01/10] contrib.mak: fix for parallel build -From 767bdf8a412b0cce2b734998e9b7e55abeaf932c Mon Sep 17 00:00:00 2001 -From: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> -Date: Tue, 13 Dec 2016 17:55:54 +0900 -Subject: [PATCH] Robert Yang <liezhi.yang@windriver.com> Date: Fri, 30 Jan -2015 00:40:22 -0800 Subject: [PATCH] contrib.mak: fix for parallel build - -Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Upstream-Status: Pending + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> + +Rebase to 9.23 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- contrib/contrib.mak | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/contrib.mak b/contrib/contrib.mak -index 55415b3..0b6b5ae 100644 +index f5a2fa4..4999752 100644 --- a/contrib/contrib.mak +++ b/contrib/contrib.mak -@@ -1099,6 +1099,7 @@ $(DEVOBJ)dviprlib.$(OBJ) : $(JAPSRC)dviprlib.c $(JAPSRC)dviprlib.h \ +@@ -1067,6 +1067,7 @@ $(DEVOBJ)dviprlib.$(OBJ) : $(JAPSRC)dviprlib.c $(JAPSRC)dviprlib.h \ $(DEVCC) $(O_)$@ $(C_) $(JAPSRC)dviprlib.c extra-dmprt-install: install-libdata @@ -27,7 +25,7 @@ index 55415b3..0b6b5ae 100644 $(INSTALL_DATA) $(JAPSRC)dmp_init.ps $(DESTDIR)$(gsdatadir)$(D)lib || exit 1 $(INSTALL_DATA) $(JAPSRC)dmp_site.ps $(DESTDIR)$(gsdatadir)$(D)lib || exit 1 $(INSTALL_DATA) $(JAPSRC)escp_24.src $(DESTDIR)$(gsdatadir)$(D)lib || exit 1 -@@ -1267,6 +1268,7 @@ $(DEVOBJ)gdevalps.$(OBJ) : $(JAPSRC)gdevalps.c $(PDEVH) \ +@@ -1235,6 +1236,7 @@ $(DEVOBJ)gdevalps.$(OBJ) : $(JAPSRC)gdevalps.c $(PDEVH) \ ### ----------------- Additional .upp files ---------------- ### extra-upp-install: install-libdata @@ -36,5 +34,5 @@ index 55415b3..0b6b5ae 100644 $(INSTALL_DATA) $$f $(DESTDIR)$(gsdatadir)$(D)lib || exit 1; \ done -- -2.7.4 +1.8.3.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.16-Werror-return-type.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.16-Werror-return-type.patch index d78648200..8c4a5d44e 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.16-Werror-return-type.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.16-Werror-return-type.patch @@ -1,7 +1,7 @@ -From 5d5c83c89be0cff29dde2267fa168e6f7146be8c Mon Sep 17 00:00:00 2001 +From c481b055cd464734a3c2d80719ead4c1c92a40c9 Mon Sep 17 00:00:00 2001 From: Robert Yang <liezhi.yang@windriver.com> Date: Mon, 4 May 2015 22:31:48 -0700 -Subject: [PATCH] base/gendev.c: fix for -Werror=return-type +Subject: [PATCH 02/10] base/gendev.c: fix for -Werror=return-type Fixed: base/gendev.c:80:1: error: return type defaults to 'int' [-Werror=return-type] @@ -10,11 +10,11 @@ Upstream-Status: Pending Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- - base/gendev.c | 1 + + base/gendev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/base/gendev.c b/base/gendev.c -index 68a745f..8058b5a 100644 +index 59d5999..7766b08 100644 --- a/base/gendev.c +++ b/base/gendev.c @@ -77,6 +77,7 @@ static const char *indent_item = ""; @@ -26,5 +26,5 @@ index 68a745f..8058b5a 100644 { config conf; -- -1.7.9.5 +1.8.3.1 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-native-fix-disable-system-libtiff.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-native-fix-disable-system-libtiff.patch index bff3e6176..a382c7f89 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-native-fix-disable-system-libtiff.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-native-fix-disable-system-libtiff.patch @@ -1,31 +1,38 @@ -ghostscript-native:fix disable-system-libtiff +From 0124b1c29b9cfe46d73ae82ce023dd7c5b055744 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Thu, 29 Mar 2018 16:36:12 +0800 +Subject: [PATCH 09/10] ghostscript-native:fix disable-system-libtiff Modify configure to add the check to make sure ghostscrip could work while system-libtiff is disabled. -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> - -Updated to apply to ghostscript 9.21. - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - Upstream-Status: Pending +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Rebase to ghostscript 9.25. +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + configure.ac | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 80a60b1..f3e9efb 100644 --- a/configure.ac +++ b/configure.ac -@@ -1259,6 +1259,7 @@ case "x$with_system_libtiff" in - esac +@@ -1319,6 +1319,7 @@ AC_TRY_COMPILE([], [return 0;], + CFLAGS=$CGLAGS_STORE if test x"$SHARE_LIBTIFF" = x"0" ; then + if test -e $LIBTIFFDIR/configure; then echo "Running libtiff configure script..." olddir=`pwd` if ! test -d "$LIBTIFFCONFDIR" ; then -@@ -1272,6 +1273,10 @@ if test x"$SHARE_LIBTIFF" = x"0" ; then - cd "$olddir" +@@ -1337,6 +1338,10 @@ if test x"$SHARE_LIBTIFF" = x"0" ; then + echo echo "Continuing with Ghostscript configuration..." + else @@ -35,3 +42,6 @@ Upstream-Status: Pending fi AC_SUBST(SHARE_LIBTIFF) +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-prevent_recompiling.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-prevent_recompiling.patch index f2c6d04e0..c76915fb8 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-prevent_recompiling.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-prevent_recompiling.patch @@ -1,32 +1,41 @@ -Just use commands provided by ghostscript-native, preventing recompile them when -compile ghostscript. -Way to enable cross compile. +From 239d681306a8d97ed10954788d32ba2f4b55f77c Mon Sep 17 00:00:00 2001 +From: Kang Kai <kai.kang@windriver.com> +Date: Thu, 29 Mar 2018 16:10:16 +0800 +Subject: [PATCH 06/10] prevent recompiling + +Just use commands provided by ghostscript-native, preventing recompile +them when compile ghostscript. Way to enable cross compile. Upstream-Status: Pending Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -Rebase to 9.19 +Rebase to 9.25 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + base/unix-aux.mak | 44 -------------------------------------------- + 1 file changed, 44 deletions(-) -Rebase to 9.21 -Signed-off-by: Joe Slater <joe.slater@windriver.com> - +diff --git a/base/unix-aux.mak b/base/unix-aux.mak +index 5bf72e9..9cb39d7 100644 --- a/base/unix-aux.mak +++ b/base/unix-aux.mak -@@ -66,45 +66,45 @@ $(GLOBJ)gp_sysv.$(OBJ): $(GLSRC)gp_sysv. - - # -------------------------- Auxiliary programs --------------------------- # +@@ -54,50 +54,6 @@ $(AUX)gp_stdia.$(OBJ): $(GLSRC)gp_stdia. + $(stdio__h) $(time__h) $(unistd__h) $(gx_h) $(gp_h) $(UNIX_AUX_MAK) $(MAKEDIRS) + $(GLCCAUX) $(AUXO_)gp_stdia.$(OBJ) $(C_) $(GLSRC)gp_stdia.c +-# -------------------------- Auxiliary programs --------------------------- # +- -$(ECHOGS_XE): $(GLSRC)echogs.c $(AK) $(stdpre_h) $(UNIX_AUX_MAK) $(MAKEDIRS) - $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(ECHOGS_XE) $(GLSRC)echogs.c $(AUXEXTRALIBS) - -+#$(ECHOGS_XE): $(GLSRC)echogs.c $(AK) $(stdpre_h) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(ECHOGS_XE) $(GLSRC)echogs.c $(AUXEXTRALIBS) -+# - # On the RS/6000 (at least), compiling genarch.c with gcc with -O - # produces a buggy executable. +-$(PACKPS_XE): $(GLSRC)pack_ps.c $(stdpre_h) $(UNIX_AUX_MAK) $(MAKEDIRS) +- $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(PACKPS_XE) $(GLSRC)pack_ps.c $(AUXEXTRALIBS) +- +-# On the RS/6000 (at least), compiling genarch.c with gcc with -O +-# produces a buggy executable. -$(GENARCH_XE): $(GLSRC)genarch.c $(AK) $(GENARCH_DEPS) $(UNIX_AUX_MAK) $(MAKEDIRS) - $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(GENARCH_XE) $(GLSRC)genarch.c $(AUXEXTRALIBS) - @@ -39,21 +48,9 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com> -$(GENHT_XE): $(GLSRC)genht.c $(AK) $(GENHT_DEPS) $(UNIX_AUX_MAK) $(MAKEDIRS) - $(CCAUX_) $(GENHT_CFLAGS) $(O_)$(GENHT_XE) $(GLSRC)genht.c $(AUXEXTRALIBS) - -+#$(GENARCH_XE): $(GLSRC)genarch.c $(AK) $(GENARCH_DEPS) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(GENARCH_XE) $(GLSRC)genarch.c $(AUXEXTRALIBS) -+# -+#$(GENCONF_XE): $(GLSRC)genconf.c $(AK) $(GENCONF_DEPS) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(GENCONF_XE) $(GLSRC)genconf.c $(AUXEXTRALIBS) -+# -+#$(GENDEV_XE): $(GLSRC)gendev.c $(AK) $(GENDEV_DEPS) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(I_)$(GLSRCDIR)$(_I) $(O_)$(GENDEV_XE) $(GLSRC)gendev.c $(AUXEXTRALIBS) -+# -+#$(GENHT_XE): $(GLSRC)genht.c $(AK) $(GENHT_DEPS) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(GENHT_CFLAGS) $(O_)$(GENHT_XE) $(GLSRC)genht.c $(AUXEXTRALIBS) -+# - # To get GS to use the system zlib, you remove/hide the gs/zlib directory - # which means that the mkromfs build can't find the zlib source it needs. - # So it's split into two targets, one using the zlib source directly..... +-# To get GS to use the system zlib, you remove/hide the gs/zlib directory +-# which means that the mkromfs build can't find the zlib source it needs. +-# So it's split into two targets, one using the zlib source directly..... -MKROMFS_OBJS_0=$(MKROMFS_ZLIB_OBJS) $(AUX)gpmisc.$(OBJ) $(AUX)gp_getnv.$(OBJ) \ - $(AUX)gscdefs.$(OBJ) $(AUX)gp_unix.$(OBJ) $(AUX)gp_unifs.$(OBJ) $(AUX)gp_unifn.$(OBJ) \ - $(AUX)gp_stdia.$(OBJ) $(AUX)gsutil.$(OBJ) $(AUX)memento.$(OBJ) @@ -61,14 +58,7 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com> -$(MKROMFS_XE)_0: $(GLSRC)mkromfs.c $(MKROMFS_COMMON_DEPS) $(MKROMFS_OBJS_0) $(UNIX_AUX_MAK) $(MAKEDIRS) - $(CCAUX_) $(GENOPTAUX) $(I_)$(GLSRCDIR)$(_I) $(I_)$(GLOBJ)$(_I) $(I_)$(ZSRCDIR)$(_I) $(GLSRC)mkromfs.c $(O_)$(MKROMFS_XE)_0 $(MKROMFS_OBJS_0) $(AUXEXTRALIBS) - -+#MKROMFS_OBJS_0=$(MKROMFS_ZLIB_OBJS) $(AUX)gpmisc.$(OBJ) $(AUX)gp_getnv.$(OBJ) \ -+# $(AUX)gscdefs.$(OBJ) $(AUX)gp_unix.$(OBJ) $(AUX)gp_unifs.$(OBJ) $(AUX)gp_unifn.$(OBJ) \ -+# $(AUX)gp_stdia.$(OBJ) $(AUX)gsutil.$(OBJ) $(AUX)memento.$(OBJ) -+# -+#$(MKROMFS_XE)_0: $(GLSRC)mkromfs.c $(MKROMFS_COMMON_DEPS) $(MKROMFS_OBJS_0) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(GENOPTAUX) $(I_)$(GLSRCDIR)$(_I) $(I_)$(GLOBJ)$(_I) $(I_)$(ZSRCDIR)$(_I) $(GLSRC)mkromfs.c $(O_)$(MKROMFS_XE)_0 $(MKROMFS_OBJS_0) $(AUXEXTRALIBS) -+# - # .... and one using the zlib library linked via the command line +-# .... and one using the zlib library linked via the command line -MKROMFS_OBJS_1=$(AUX)gscdefs.$(OBJ) \ - $(AUX)gpmisc.$(OBJ) $(AUX)gp_getnv.$(OBJ) \ - $(AUX)gp_unix.$(OBJ) $(AUX)gp_unifs.$(OBJ) $(AUX)gp_unifn.$(OBJ) \ @@ -80,17 +70,9 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com> -$(MKROMFS_XE): $(MKROMFS_XE)_$(SHARE_ZLIB) $(UNIX_AUX_MAK) $(MAKEDIRS) - $(CP_) $(MKROMFS_XE)_$(SHARE_ZLIB) $(MKROMFS_XE) - -+#MKROMFS_OBJS_1=$(AUX)gscdefs.$(OBJ) \ -+# $(AUX)gpmisc.$(OBJ) $(AUX)gp_getnv.$(OBJ) \ -+# $(AUX)gp_unix.$(OBJ) $(AUX)gp_unifs.$(OBJ) $(AUX)gp_unifn.$(OBJ) \ -+# $(AUX)gp_stdia.$(OBJ) $(AUX)gsutil.$(OBJ) -+# -+#$(MKROMFS_XE)_1: $(GLSRC)mkromfs.c $(MKROMFS_COMMON_DEPS) $(MKROMFS_OBJS_1) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CCAUX_) $(GENOPTAUX) $(I_)$(GLSRCDIR)$(_I) $(I_)$(GLOBJ)$(_I) $(I_)$(ZSRCDIR)$(_I) $(GLSRC)mkromfs.c $(O_)$(MKROMFS_XE)_1 $(MKROMFS_OBJS_1) $(AUXEXTRALIBS) -+# -+#$(MKROMFS_XE): $(MKROMFS_XE)_$(SHARE_ZLIB) $(UNIX_AUX_MAK) $(MAKEDIRS) -+# $(CP_) $(MKROMFS_XE)_$(SHARE_ZLIB) $(MKROMFS_XE) -+# # Query the environment to construct gconfig_.h. # These are all defined conditionally (except the JasPER one), so that # they can be overridden by settings from the configure script. +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/mkdir-p.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/mkdir-p.patch index 5a7eab1c2..3e6d3e3c4 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/mkdir-p.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/mkdir-p.patch @@ -1,4 +1,8 @@ -ghostscript: allow directories to be created more than once +From 2b23026f8e2a352417fb1c4da94bf69b19bef267 Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Thu, 29 Mar 2018 16:04:32 +0800 +Subject: [PATCH 05/10] ghostscript: allow directories to be created more than + once When doing parallel builds, we might try to create directories more than once. This should not cause an error. @@ -7,7 +11,14 @@ Upstream-Status: Pending Signed-off-by: Joe Slater <joe.slater@windriver.com> +Rebase to 9.23 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + base/unix-end.mak | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) +diff --git a/base/unix-end.mak b/base/unix-end.mak +index 9ce599a..feff5a6 100644 --- a/base/unix-end.mak +++ b/base/unix-end.mak @@ -17,15 +17,14 @@ @@ -34,3 +45,6 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com> gs: .gssubtarget $(UNIX_END_MAK) +-- +1.8.3.1 + diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.21.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.25.bb index 50ec7e20c..fdca8a2ac 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.21.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.25.bb @@ -19,12 +19,20 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/${BPN}-${PV}.tar.gz \ +SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/${BPN}-${PV}.tar.gz \ file://ghostscript-9.15-parallel-make.patch \ file://ghostscript-9.16-Werror-return-type.patch \ file://do-not-check-local-libpng-source.patch \ file://avoid-host-contamination.patch \ file://mkdir-p.patch \ + file://0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch \ + file://0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch \ + file://0003-Bug-699832-add-control-over-hiding-error-handlers.patch \ + file://0004-For-hidden-operators-pass-a-name-object-to-error-han.patch \ + file://0005-Bug-699938-.loadfontloop-must-be-an-operator.patch \ + file://0006-Undefine-some-additional-internal-operators.patch \ + file://0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch \ + file://0008-Make-.forceput-unavailable-from-.policyprocs-helper-.patch \ " SRC_URI = "${SRC_URI_BASE} \ @@ -32,17 +40,6 @@ SRC_URI = "${SRC_URI_BASE} \ file://ghostscript-9.02-genarch.patch \ file://objarch.h \ file://cups-no-gcrypt.patch \ - file://CVE-2017-7207.patch \ - file://CVE-2017-5951.patch \ - file://CVE-2017-7975.patch \ - file://CVE-2017-9216.patch \ - file://CVE-2017-9611.patch \ - file://CVE-2017-9612.patch \ - file://CVE-2017-9739.patch \ - file://CVE-2017-9726.patch \ - file://CVE-2017-9727.patch \ - file://CVE-2017-9835.patch \ - file://CVE-2017-11714.patch \ " SRC_URI_class-native = "${SRC_URI_BASE} \ @@ -50,8 +47,8 @@ SRC_URI_class-native = "${SRC_URI_BASE} \ file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \ " -SRC_URI[md5sum] = "5f213281761d2750fcf27476c404d17f" -SRC_URI[sha256sum] = "02bceadbc4dddeb6f2eec9c8b1623d945d355ca11b8b4df035332b217d58ce85" +SRC_URI[md5sum] = "eebd0fadbfa8e800094422ce65e94d5d" +SRC_URI[sha256sum] = "baafa64740b090bff50b220a6df3be95c46069b7e30f4b4effed28316e5b2389" # Put something like # @@ -104,7 +101,7 @@ do_configure_append () { # copy tools from the native ghostscript build if [ "${PN}" != "ghostscript-native" ]; then mkdir -p obj/aux soobj - for i in genarch genconf mkromfs echogs gendev genht; do + for i in genarch genconf mkromfs echogs gendev genht packps; do cp ${STAGING_BINDIR_NATIVE}/ghostscript-${PV}/$i obj/aux/$i done fi @@ -118,14 +115,14 @@ do_install_append () { do_compile_class-native () { mkdir -p obj - for i in genarch genconf mkromfs echogs gendev genht; do + for i in genarch genconf mkromfs echogs gendev genht packps; do oe_runmake obj/aux/$i done } do_install_class-native () { install -d ${D}${bindir}/ghostscript-${PV} - for i in genarch genconf mkromfs echogs gendev genht; do + for i in genarch genconf mkromfs echogs gendev genht packps; do install -m 755 obj/aux/$i ${D}${bindir}/ghostscript-${PV}/$i done } |
