Bug#934638: ghostscript: diff for NMU version 9.27~dfsg-3.1
Control: tags 934638 + patch
Control: tags 934638 + pending
Dear Jonas,
I've prepared an NMU for ghostscript (versioned as 9.27~dfsg-3.1) and
uploaded it to according to your ack.
Merge request is as well in
https://salsa.debian.org/printing-team/ghostscript/merge_requests/7
(as the others for the respective versions in buster- and
stretch-security).
Regards,
Salvatore
diff -Nru ghostscript-9.27~dfsg/debian/changelog ghostscript-9.27~dfsg/debian/changelog
--- ghostscript-9.27~dfsg/debian/changelog 2019-07-24 17:45:28.000000000 +0200
+++ ghostscript-9.27~dfsg/debian/changelog 2019-08-13 09:49:11.000000000 +0200
@@ -1,3 +1,11 @@
+ghostscript (9.27~dfsg-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload (with maintainers approval).
+ * protect use of .forceput with executeonly (CVE-2019-10216)
+ (Closes: #934638)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 13 Aug 2019 09:49:11 +0200
+
ghostscript (9.27~dfsg-3) unstable; urgency=medium
* Declare compliance with Debian Policy 4.4.0.
diff -Nru ghostscript-9.27~dfsg/debian/patches/020190802~5b85ddd.patch ghostscript-9.27~dfsg/debian/patches/020190802~5b85ddd.patch
--- ghostscript-9.27~dfsg/debian/patches/020190802~5b85ddd.patch 1970-01-01 01:00:00.000000000 +0100
+++ ghostscript-9.27~dfsg/debian/patches/020190802~5b85ddd.patch 2019-08-13 09:49:11.000000000 +0200
@@ -0,0 +1,52 @@
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: Bug 701394: protect use of .forceput with executeonly
+Origin: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19a8420a1bd2d5529325be35d78e94234
+Bug-Debian: https://bugs.debian.org/934638
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-10216
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=701394
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735bc0cc3..a039ccee3590 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+ ( to be the same as glyph: ) print 1 index //== exec } if
+ 3 index exch 3 index .forceput
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+- }
++ }executeonly
+ {pop} ifelse
+- } forall
++ } executeonly forall
+ pop pop
+- }
++ } executeonly
+ {
+ pop pop pop
+ } ifelse
+- }
++ } executeonly
+ {
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+ pop pop
+ } ifelse
+- } forall
++ } executeonly forall
+ 3 1 roll pop pop
+- } if
++ } executeonly if
+ pop
+ dup /.AGLprocessed~GS //true .forceput
+- } if
++ } executeonly if
+
+ %% We need to excute the C .buildfont1 in a stopped context so that, if there
+ %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+--
+2.20.1
+
diff -Nru ghostscript-9.27~dfsg/debian/patches/series ghostscript-9.27~dfsg/debian/patches/series
--- ghostscript-9.27~dfsg/debian/patches/series 2019-04-20 10:09:53.000000000 +0200
+++ ghostscript-9.27~dfsg/debian/patches/series 2019-08-13 09:49:11.000000000 +0200
@@ -1,4 +1,5 @@
020190410~06c9207.patch
+020190802~5b85ddd.patch
2001_docdir_fix_for_debian.patch
2002_gs_man_fix_debian.patch
2003_support_multiarch.patch
Reply to: