Date: Monday, August 12, 2019 @ 20:32:02 Author: andyrtr Revision: 359776
archrelease: copy trunk to extra-x86_64 Added: ghostscript/repos/extra-x86_64/CVE-2019-10216.diff (from rev 359775, ghostscript/trunk/CVE-2019-10216.diff) ghostscript/repos/extra-x86_64/PKGBUILD (from rev 359775, ghostscript/trunk/PKGBUILD) Deleted: ghostscript/repos/extra-x86_64/PKGBUILD ---------------------+ CVE-2019-10216.diff | 50 ++++++++++++ PKGBUILD | 204 +++++++++++++++++++++++++------------------------- 2 files changed, 154 insertions(+), 100 deletions(-) Copied: ghostscript/repos/extra-x86_64/CVE-2019-10216.diff (from rev 359775, ghostscript/trunk/CVE-2019-10216.diff) =================================================================== --- CVE-2019-10216.diff (rev 0) +++ CVE-2019-10216.diff 2019-08-12 20:32:02 UTC (rev 359776) @@ -0,0 +1,50 @@ +From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.lidd...@artifex.com> +Date: Fri, 2 Aug 2019 15:18:26 +0100 +Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly + +--- + Resource/Init/gs_type1.ps | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index 6c7735b..a039cce 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -118,25 +118,25 @@ + ( to be the same as glyph: ) print 1 index //== exec } if + 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname +- } ++ }executeonly + {pop} ifelse +- } forall ++ } executeonly forall + pop pop +- } ++ } executeonly + { + pop pop pop + } ifelse +- } ++ } executeonly + { + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + pop pop + } ifelse +- } forall ++ } executeonly forall + 3 1 roll pop pop +- } if ++ } executeonly if + pop + dup /.AGLprocessed~GS //true .forceput +- } if ++ } executeonly if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there + %% are errors we can put the stack back sanely and exit. Otherwise callers won't +-- +2.9.1 + + Deleted: PKGBUILD =================================================================== --- PKGBUILD 2019-08-12 20:31:48 UTC (rev 359775) +++ PKGBUILD 2019-08-12 20:32:02 UTC (rev 359776) @@ -1,100 +0,0 @@ -# Maintainer: AndyRTR <andy...@archlinux.org> - -pkgbase=ghostscript -pkgname=(ghostscript ghostxps ghostpcl) -pkgver=9.27 -pkgrel=1 -pkgdesc="An interpreter for the PostScript language" -url="https://www.ghostscript.com/" -arch=('x86_64') -license=('AGPL3' 'custom') -depends=('libxt' 'libcups' 'fontconfig' 'zlib' 'libpng' 'libjpeg' 'jbig2dec' - 'libtiff' 'lcms2' 'dbus' 'libpaper' 'ijs' 'openjpeg2' 'libidn') -makedepends=('gtk3' 'gnutls' 'glu' 'freeglut') -# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases -source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.xz) -sha512sums=('bbdecbde3bebb0e22eb8976fe1e91d94b8d585aa72f9a2475ee58598de223ae31bc467eb518690dd05a4a4e1382cde7a682b854c324e98585ffff2250fde29c6') - -prepare() { - cd ghostpdl-${pkgver} - - # force it to use system-libs - rm -r cups/libs expat ijs jbig2dec jpeg lcms2mt libpng openjpeg tiff zlib - # using tree freetype because of https://bugs.archlinux.org/task/56849 - # lcms2mt is the new lcms2 fork aimed to replace lcms2 in a thread safe way - - # http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=40dc5b409c6262b18b4bf5386b5482ead4c511e3 - # libs link unwanted to libgpdl that isn't installed - rm -rf gpdl -} - -build() { - cd ghostpdl-${pkgver} - ./configure --prefix=/usr \ - --enable-dynamic \ - --with-ijs \ - --with-jbig2dec \ - --with-x \ - --with-drivers=ALL \ - --with-fontpath=/usr/share/fonts/gsfonts \ - --enable-fontconfig \ - --enable-freetype \ - --enable-openjpeg \ - --without-luratech \ - --with-system-libtiff \ - --with-libpaper \ - --disable-compile-inits #--help # needed for linking with system-zlib - - make so-only -} - -package_ghostscript() { - optdepends=('texlive-core: needed for dvipdf' - 'gtk3: needed for gsx') - - cd ghostpdl-${pkgver} - - make DESTDIR="${pkgdir}" \ - CUPSSERVERROOT="${pkgdir}$(cups-config --serverroot)" \ - CUPSSERVERBIN="${pkgdir}$(cups-config --serverbin)" \ - soinstall - ln -s gsc "${pkgdir}"/usr/bin/gs - - # remove useless broken doc/ symlink - FS#59507 - rm -f "${pkgdir}"/usr/share/ghostscript/${pkgver}/doc - - # remove unwanted localized manpages - rm -r "${pkgdir}"/usr/share/man/de - - install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE -} - -package_ghostxps() { - pkgdesc="${pkgdesc/PostScript/XPS document}" - depends=("ghostscript=${pkgver}-${pkgrel}") - - cd ghostpdl-${pkgver} - - install -Dt "${pkgdir}"/usr/bin sobin/gxpsc - ln -s gxpsc "${pkgdir}"/usr/bin/gxps - - install -Dt "${pkgdir}"/usr/lib sobin/libgxps.so.${pkgver%.*} - ln -s libgxps.so.${pkgver%.*} "${pkgdir}"/usr/lib/libgxps.so.${pkgver%rc*} - - install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE -} - -package_ghostpcl() { - pkgdesc="${pkgdesc/PostScript/PCL 6}" - depends=("ghostscript=${pkgver}-${pkgrel}") - - cd ghostpdl-${pkgver} - - install -Dt "${pkgdir}"/usr/bin sobin/gpcl6c - ln -sf gpcl6c "${pkgdir}"/usr/bin/gpcl6 - - install -Dt "${pkgdir}"/usr/lib sobin/libgpcl6.so.${pkgver%.*} - ln -s libgpcl6.so.${pkgver%.*} "${pkgdir}"/usr/lib/libgpcl6.so.${pkgver%rc*} - - install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE -} Copied: ghostscript/repos/extra-x86_64/PKGBUILD (from rev 359775, ghostscript/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2019-08-12 20:32:02 UTC (rev 359776) @@ -0,0 +1,104 @@ +# Maintainer: AndyRTR <andy...@archlinux.org> + +pkgbase=ghostscript +pkgname=(ghostscript ghostxps ghostpcl) +pkgver=9.27 +pkgrel=2 +pkgdesc="An interpreter for the PostScript language" +url="https://www.ghostscript.com/" +arch=('x86_64') +license=('AGPL3' 'custom') +depends=('libxt' 'libcups' 'fontconfig' 'zlib' 'libpng' 'libjpeg' 'jbig2dec' + 'libtiff' 'lcms2' 'dbus' 'libpaper' 'ijs' 'openjpeg2' 'libidn') +makedepends=('gtk3' 'gnutls' 'glu' 'freeglut') +# https://github.com/ArtifexSoftware/ghostpdl-downloads/releases +source=(https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostpdl-${pkgver}.tar.xz + CVE-2019-10216.diff) +sha512sums=('bbdecbde3bebb0e22eb8976fe1e91d94b8d585aa72f9a2475ee58598de223ae31bc467eb518690dd05a4a4e1382cde7a682b854c324e98585ffff2250fde29c6' + '71e8aa1573cecde1e7432ce43ffec719615ee86da0d30cbc27be1ff39a738570768037c8af10b968e07b1aa1af82ed6fa61045d5f9cf207e201177eb77560ca4') + +prepare() { + cd ghostpdl-${pkgver} + + patch -Np1 -i ../CVE-2019-10216.diff + + # force it to use system-libs + rm -r cups/libs expat ijs jbig2dec jpeg lcms2mt libpng openjpeg tiff zlib + # using tree freetype because of https://bugs.archlinux.org/task/56849 + # lcms2mt is the new lcms2 fork aimed to replace lcms2 in a thread safe way + + # http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=40dc5b409c6262b18b4bf5386b5482ead4c511e3 + # libs link unwanted to libgpdl that isn't installed + rm -rf gpdl +} + +build() { + cd ghostpdl-${pkgver} + ./configure --prefix=/usr \ + --enable-dynamic \ + --with-ijs \ + --with-jbig2dec \ + --with-x \ + --with-drivers=ALL \ + --with-fontpath=/usr/share/fonts/gsfonts \ + --enable-fontconfig \ + --enable-freetype \ + --enable-openjpeg \ + --without-luratech \ + --with-system-libtiff \ + --with-libpaper \ + --disable-compile-inits #--help # needed for linking with system-zlib + + make so-only +} + +package_ghostscript() { + optdepends=('texlive-core: needed for dvipdf' + 'gtk3: needed for gsx') + + cd ghostpdl-${pkgver} + + make DESTDIR="${pkgdir}" \ + CUPSSERVERROOT="${pkgdir}$(cups-config --serverroot)" \ + CUPSSERVERBIN="${pkgdir}$(cups-config --serverbin)" \ + soinstall + ln -s gsc "${pkgdir}"/usr/bin/gs + + # remove useless broken doc/ symlink - FS#59507 + rm -f "${pkgdir}"/usr/share/ghostscript/${pkgver}/doc + + # remove unwanted localized manpages + rm -r "${pkgdir}"/usr/share/man/de + + install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE +} + +package_ghostxps() { + pkgdesc="${pkgdesc/PostScript/XPS document}" + depends=("ghostscript=${pkgver}-${pkgrel}") + + cd ghostpdl-${pkgver} + + install -Dt "${pkgdir}"/usr/bin sobin/gxpsc + ln -s gxpsc "${pkgdir}"/usr/bin/gxps + + install -Dt "${pkgdir}"/usr/lib sobin/libgxps.so.${pkgver%.*} + ln -s libgxps.so.${pkgver%.*} "${pkgdir}"/usr/lib/libgxps.so.${pkgver%rc*} + + install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE +} + +package_ghostpcl() { + pkgdesc="${pkgdesc/PostScript/PCL 6}" + depends=("ghostscript=${pkgver}-${pkgrel}") + + cd ghostpdl-${pkgver} + + install -Dt "${pkgdir}"/usr/bin sobin/gpcl6c + ln -sf gpcl6c "${pkgdir}"/usr/bin/gpcl6 + + install -Dt "${pkgdir}"/usr/lib sobin/libgpcl6.so.${pkgver%.*} + ln -s libgpcl6.so.${pkgver%.*} "${pkgdir}"/usr/lib/libgpcl6.so.${pkgver%rc*} + + install -Dt "${pkgdir}"/usr/share/licenses/${pkgname} -m644 LICENSE +}