[OE-core] [PATCH] ghostscript: upgrade 9.27 -> 9.50
Alexander Kanavin
alex.kanavin at gmail.com
Fri Dec 6 20:26:47 UTC 2019
If the fix for 2019-14869 is included in 9.50, why the patch for it is not
removed?
Alex
On Fri, 6 Dec 2019 at 21:09, Trevor Gamblin <Trevor.Gamblin at windriver.com>
wrote:
> From: Trevor Gamblin <trevor.gamblin at windriver.com>
>
> Version 9.50 incorporates a fix for CVE-2019-14869 as well as
> previously-backported fixes for CVE-2019-14811 and CVE-2019-14817.
>
> CVE: CVE-2019-14869
> CVE: CVE-2019-14811
> CVE: CVE-2019-14817
>
> Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
> ---
> .../ghostscript/CVE-2019-14811-0001.patch | 69 -----
> .../ghostscript/CVE-2019-14817-0001.patch | 270 ------------------
> .../ghostscript/CVE-2019-14817-0002.patch | 236 ---------------
> ...hostscript_9.27.bb => ghostscript_9.50.bb} | 9 +-
> 4 files changed, 3 insertions(+), 581 deletions(-)
> delete mode 100644
> meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
> delete mode 100644
> meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch
> delete mode 100644
> meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch
> rename meta/recipes-extended/ghostscript/{ghostscript_9.27.bb =>
> ghostscript_9.50.bb} (92%)
>
> diff --git
> a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
> b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
> deleted file mode 100644
> index d4ef0996ec..0000000000
> ---
> a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
> +++ /dev/null
> @@ -1,69 +0,0 @@
> -From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001
> -From: Ken Sharp <ken.sharp at artifex.com>
> -Date: Tue, 20 Aug 2019 10:10:28 +0100
> -Subject: [PATCH] make .forceput inaccessible
> -
> -Bug #701343, #701344, #701345
> -
> -More defensive programming. We don't want people to access .forecput
> -even though it is no longer sufficient to bypass SAFER. The exploit
> -in #701343 didn't work anyway because of earlier work to stop the error
> -handler being used, but nevertheless, prevent access to .forceput from
> -.setuserparams2.
> -
> -CVE: CVE-2019-14811
> -CVE: CVE-2019-14813
> -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
> -
> -Signed-off-by: Stefan Ghinea <stefan.ghinea at windriver.com>
> ----
> - Resource/Init/gs_lev2.ps | 6 +++---
> - Resource/Init/gs_pdfwr.ps | 4 ++--
> - 2 files changed, 5 insertions(+), 5 deletions(-)
> -
> -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
> -index 98d55fe..f1b771f 100644
> ---- a/Resource/Init/gs_lev2.ps
> -+++ b/Resource/Init/gs_lev2.ps
> -@@ -158,7 +158,7 @@ end
> - {
> - pop pop
> - } ifelse
> -- } forall
> -+ } executeonly forall
> - % A context switch might have occurred during the above loop,
> - % causing the interpreter-level parameters to be reset.
> - % Set them again to the new values. From here on, we are safe,
> -@@ -229,9 +229,9 @@ end
> - { pop pop
> - }
> - ifelse
> -- }
> -+ } executeonly
> - forall pop
> --} .bind odef
> -+} .bind executeonly odef
> -
> - % Initialize the passwords.
> - % NOTE: the names StartJobPassword and SystemParamsPassword are known to
> -diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
> -index 00c19fa..dfe504d 100644
> ---- a/Resource/Init/gs_pdfwr.ps
> -+++ b/Resource/Init/gs_pdfwr.ps
> -@@ -652,11 +652,11 @@ currentdict /.pdfmarkparams .undef
> - systemdict /.pdf_hooked_DSC_Creator //true .forceput
> - } executeonly if
> - pop
> -- } if
> -+ } executeonly if
> - } {
> - pop
> - } ifelse
> -- }
> -+ } executeonly
> - {
> - pop
> - } ifelse
> ---
> -2.20.1
> -
> diff --git
> a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch
> b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch
> deleted file mode 100644
> index c76e21caa6..0000000000
> ---
> a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0001.patch
> +++ /dev/null
> @@ -1,270 +0,0 @@
> -From 0bafbd9c1273fab0dc79fd20db0ffc4443683f96 Mon Sep 17 00:00:00 2001
> -From: Ken Sharp <ken.sharp at artifex.com>
> -Date: Mon, 29 Apr 2019 11:14:06 +0100
> -Subject: [PATCH 1/2] PDF interpreter - Decode ToUnicode entries of the
> form
> - /Identity-H/V
> -
> -Bug #701003 "Text searchability broken due to omission of /ToUnicode
> /Identity-H"
> -
> -The PDF references from 1.2 too 2.0 all state that the value associated
> -with a ToUnicode key in a FontDescriptor must be a stream object. However
> -this file (and one case seen previously, bug 687351) have FontDescriptor
> -dictionaries where the value associated with a /ToUnicode key is a
> -name object, in both cases /Identity-H.
> -
> -Although this is clearly not legal, Acrobat not only tolerates it, it
> -actually uses it for search/copy/paste (see bug 701003 for details).
> -Without the key Acrobat is unable to successfully search the output file.
> -
> -We can't simply preserve the name object as a ToUnicode value; when
> -handling ToUnicode we actually decode the CMap and build a
> -GlyphNames2Unicode map (an internal representation of the G2U data
> -produced by the Microsoft PostScript printer driver). When writing the
> -output file we use that information to get a Unicode value for each
> -character we write, and build a new ToUnicode CMap using that.
> -
> -This commit tackles the problem by pre-scanning for a name object and
> -then checking to see if its Identity-H or Identity-V (although we have
> -not seen an Identity-V, there seems no reason why it wouldn't be
> -equally valid). If we find either of these then we construct a
> -GlyphNames2Unicode table for all possible values (0 - 65535) and store
> -that with the font as normal. When we write the output file we only
> -write the required entries for the subset font, so we write a now
> -completely legal ToUnicode CMap, and Acrobat is equally happy with that
> -as the original name.
> -
> -If the ToUnicode value isn't a name object, or isn't one of the
> -identities then we proceed as before. This means we will print a
> -warning for non conforming ToUnicode entries and ignore them.
> -
> -CVE: CVE-2019-14817
> -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
> -
> -Signed-off-by: Stefan Ghinea <stefan.ghinea at windriver.com>
> ----
> - Resource/Init/pdf_font.ps | 200 ++++++++++++++++++++++++--------------
> - 1 file changed, 129 insertions(+), 71 deletions(-)
> -
> -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
> -index 9fb85f6..2df3303 100644
> ---- a/Resource/Init/pdf_font.ps
> -+++ b/Resource/Init/pdf_font.ps
> -@@ -621,86 +621,144 @@ currentdict end readonly def
> - PDFDEBUG {
> - (.processToUnicode beg) =
> - } if
> -- 2 index /ToUnicode knownoget {
> -- dup type /dicttype eq { dup /File known not } { //true }
> ifelse {
> -- % We undefine wrong /Length and define /File in stream
> dictionaries.
> -- % Bug687351.pdf defines /ToUnicode /Identity-H, what is
> incorrect.
> -- ( **** Warning: Ignoring bad ToUnicode CMap.\n)
> pdfformatwarning
> -- pop
> -+
> -+ 2 index /ToUnicode knownoget
> -+ {
> -+ dup type /nametype eq {
> -+ % This is contrary to the specification but it seems that
> Acrobat at least will accept
> -+ % a ToUnicode with a value of Identity-H *and* will use
> that for search, copy/paste.
> -+ % We can't pass through a name, so the best we can do is
> build a GlyphNames2Unicode
> -+ % map matching that which would have been generated by a
> full 16-bit Identity CMap
> -+ %
> -+ % See bug numbers 701003 and 687351
> -+ %
> -+ dup /Identity-H eq 1 index /Identity-V eq or{
> -+ pop
> -+ 1 index /FontInfo .knownget not {
> -+ currentglobal 2 index dup gcheck setglobal
> -+ /FontInfo 5 dict dup 5 1 roll .forceput
> -+ setglobal
> -+ } if
> -+ dup /GlyphNames2Unicode .knownget not {
> -+ //true % No existing G2U, make
> one
> -+ } {
> -+ dup wcheck {
> -+ //false % Existing, writeable
> G2U, don't make new one
> -+ } {
> -+ pop //true % Existing read
> only G2U, make new one
> -+ } ifelse
> -+ } ifelse
> -+ {
> -+ currentglobal exch dup gcheck setglobal
> -+ dup /GlyphNames2Unicode 100 dict dup 4 1 roll .forceput
> -+ 3 2 roll setglobal
> -+ } if % font-res
> font-dict encoding|null font-info g2u
> -+
> -+ 0 1 65535{
> -+ % g2u index
> -+ dup dup 256 mod exch 256 idiv % g2u index
> lo-byte hi-byte
> -+ 2 string dup 0 4 -1 roll % g2u index
> lo-byte () () 0 hi-byte
> -+ put % g2u index
> lo-byte (x)
> -+ dup 1 % g2u index
> lo-byte (x) (x) 1
> -+ 4 -1 roll put % g2u index (x)
> (x) 1 lo-byte -> dict index (xx)
> -+ 2 index % g2u index (xx)
> dict
> -+ 3 1 roll % g2u g2u index
> (xx)
> -+ put % g2u
> -+ } for
> -+ pop % font-res
> font-dict encoding|null font-info
> -+ pop % font-res
> font-dict encoding|null
> -+ //false % We built a
> GlyphNames2Unicode table, don't need to process further
> -+ }{
> -+ //true % name is not
> Identity-V or H, fail by falling through
> -+ }ifelse
> - } {
> -- /PDFScanRules .getuserparam dup //null eq {
> -- pop //PDFScanRules_null
> -- } {
> -- 1 dict dup /PDFScanRules 4 -1 roll put
> -- } ifelse
> -- //PDFScanRules_true setuserparams
> -- PDFfile fileposition
> -- 3 -1 roll
> -- count 1 sub
> -- countdictstack
> -- { //false resolvestream
> -- % Following Acrobat we ignore everything outside
> -- % begincodespacerange .. endcmap.
> -- dup 0 (begincodespacerange) /SubFileDecode filter flushfile
> -- /CIDInit /ProcSet findresource begin
> -- //ToUnicodeCMapReader begin
> -- 12 dict begin
> -- /CMapType 2 def
> -- mark exch % emulate 'begincodespacerange'
> -- 0 (endcmap) /SubFileDecode filter cvx /begincmap cvx exch
> 2 .execn
> -- endcmap
> -- userdict /.lastToUnicode currentdict put
> -- end end end
> -- }
> -+ //true
> -+ } ifelse % not a name,
> try as a dictionary (as specified)
> -
> -- PDFSTOPONERROR {
> -- { exec } 0 get
> -- //false
> -- 5 -2 roll
> -- 5
> -+ % If the ToUnicode isn't a name, or the name isn't Identity-V
> or -H then follow the specification
> -+ % If its not a dictionary type throw an error, otherwise
> decode it and build a GlyphNames2Unicode
> -+ %
> -+ {
> -+ dup type /dicttype eq { dup /File known not } { //true }
> ifelse {
> -+ % We undefine wrong /Length and define /File in stream
> dictionaries.
> -+ % Bug687351.pdf defines /ToUnicode /Identity-H, what is
> incorrect.
> -+ ( **** Warning: Ignoring bad ToUnicode CMap.\n)
> pdfformatwarning
> -+ pop
> - } {
> -- { stopped } 0 get
> -- 4 2 roll
> -- 4
> -- } ifelse
> -- array astore cvx exec
> -+ /PDFScanRules .getuserparam dup //null eq {
> -+ pop //PDFScanRules_null
> -+ } {
> -+ 1 dict dup /PDFScanRules 4 -1 roll put
> -+ } ifelse
> -+ //PDFScanRules_true setuserparams
> -+ PDFfile fileposition
> -+ 3 -1 roll
> -+ count 1 sub
> -+ countdictstack
> -+ { //false resolvestream
> -+ % Following Acrobat we ignore everything outside
> -+ % begincodespacerange .. endcmap.
> -+ dup 0 (begincodespacerange) /SubFileDecode filter
> flushfile
> -+ /CIDInit /ProcSet findresource begin
> -+ //ToUnicodeCMapReader begin
> -+ 12 dict begin
> -+ /CMapType 2 def
> -+ mark exch % emulate 'begincodespacerange'
> -+ 0 (endcmap) /SubFileDecode filter cvx /begincmap cvx
> exch 2 .execn
> -+ endcmap
> -+ userdict /.lastToUnicode currentdict put
> -+ end end end
> -+ }
> -
> -- countdictstack exch sub 0 .max { end } repeat
> -- count exch sub 2 sub 0 .max { exch pop } repeat
> -- 3 1 roll % Stach the stop flag.
> -- PDFfile exch setfileposition
> -- setuserparams
> -- {
> -- ( **** Warning: Failed to read ToUnicode CMap.\n)
> pdfformatwarning
> -- } {
> -- 1 index /FontInfo .knownget not {
> -- currentglobal 2 index dup gcheck setglobal
> -- /FontInfo 5 dict dup 5 1 roll .forceput
> -- setglobal
> -- } if
> -- dup /GlyphNames2Unicode .knownget not {
> -- //true % No existing G2U, make one
> -+ PDFSTOPONERROR {
> -+ { exec } 0 get
> -+ //false
> -+ 5 -2 roll
> -+ 5
> -+ } {
> -+ { stopped } 0 get
> -+ 4 2 roll
> -+ 4
> -+ } ifelse
> -+ array astore cvx exec
> -+
> -+ countdictstack exch sub 0 .max { end } repeat
> -+ count exch sub 2 sub 0 .max { exch pop } repeat
> -+ 3 1 roll % Stach the stop flag.
> -+ PDFfile exch setfileposition
> -+ setuserparams
> -+ {
> -+ ( **** Warning: Failed to read ToUnicode CMap.\n)
> pdfformatwarning
> - } {
> -- dup wcheck {
> -- //false % Existing, writeable G2U,
> don't make new one
> -+ 1 index /FontInfo .knownget not {
> -+ currentglobal 2 index dup gcheck setglobal
> -+ /FontInfo 5 dict dup 5 1 roll .forceput
> -+ setglobal
> -+ } if
> -+ dup /GlyphNames2Unicode .knownget not {
> -+ //true % No existing G2U, make
> one
> - } {
> -- pop //true % Existing read
> only G2U, make new one
> -+ dup wcheck {
> -+ //false % Existing, writeable
> G2U, don't make new one
> -+ } {
> -+ pop //true % Existing read
> only G2U, make new one
> -+ } ifelse
> - } ifelse
> -+ {
> -+ currentglobal exch dup gcheck setglobal
> -+ dup /GlyphNames2Unicode 100 dict dup 4 1 roll .forceput
> -+ 3 2 roll setglobal
> -+ } if % font-res
> font-dict encoding|null font-info g2u
> -+ exch pop exch % font-res
> font-dict g2u encoding|null
> -+ userdict /.lastToUnicode get % font-res
> font-dict g2u Encoding|null CMap
> -+ .convert_ToUnicode-into-g2u % font-res font-dict
> -+ //null % font-res
> font-dict //null
> - } ifelse
> -- {
> -- currentglobal exch dup gcheck setglobal
> -- dup /GlyphNames2Unicode 100 dict dup 4 1 roll .forceput
> -- 3 2 roll setglobal
> -- } if % font-res font-dict
> encoding|null font-info g2u
> -- exch pop exch % font-res font-dict
> g2u encoding|null
> -- userdict /.lastToUnicode get % font-res font-dict
> g2u Encoding|null CMap
> -- .convert_ToUnicode-into-g2u % font-res font-dict
> -- //null % font-res font-dict
> //null
> - } ifelse
> -- } ifelse
> -- } if
> -- PDFDEBUG {
> -- (.processToUnicode end) =
> -+ } if
> -+ PDFDEBUG {
> -+ (.processToUnicode end) =
> -+ } if
> - } if
> - } if
> - } stopped
> ---
> -2.20.1
> -
> diff --git
> a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch
> b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch
> deleted file mode 100644
> index 6348fff2d1..0000000000
> ---
> a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14817-0002.patch
> +++ /dev/null
> @@ -1,236 +0,0 @@
> -From cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001
> -From: Ken Sharp <ken.sharp at artifex.com>
> -Date: Wed, 21 Aug 2019 10:10:51 +0100
> -Subject: [PATCH 2/2] PDF interpreter - review .forceput security
> -
> -Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken"
> -
> -By abusing the error handler it was possible to get the PDFDEBUG portion
> -of .pdfexectoken, which uses .forceput left readable.
> -
> -Add an executeonly appropriately to make sure that clause isn't readable
> -no mstter what.
> -
> -Review all the uses of .forceput searching for similar cases, add
> -executeonly as required to secure those. All cases in the PostScript
> -support files seem to be covered already.
> -
> -CVE: CVE-2019-14817
> -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
> -
> -Signed-off-by: Stefan Ghinea <stefan.ghinea at windriver.com>
> ----
> - Resource/Init/pdf_base.ps | 2 +-
> - Resource/Init/pdf_draw.ps | 14 +++++++-------
> - Resource/Init/pdf_font.ps | 29 ++++++++++++++++-------------
> - Resource/Init/pdf_main.ps | 6 +++---
> - Resource/Init/pdf_ops.ps | 11 ++++++-----
> - 5 files changed, 33 insertions(+), 29 deletions(-)
> -
> -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
> -index 1a218f4..cffde5c 100644
> ---- a/Resource/Init/pdf_base.ps
> -+++ b/Resource/Init/pdf_base.ps
> -@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef
> - {
> - dup ==only () = flush
> - } ifelse % PDFSTEP
> -- } if % PDFDEBUG
> -+ } executeonly if % PDFDEBUG
> - 2 copy .knownget {
> - exch pop exch pop exch pop exec
> - } {
> -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
> -index e18a7c2..0a3924c 100644
> ---- a/Resource/Init/pdf_draw.ps
> -+++ b/Resource/Init/pdf_draw.ps
> -@@ -501,8 +501,8 @@ end
> - ( Output may be incorrect.\n) pdfformaterror
> - //pdfdict /.gs_warning_issued //true .forceput
> - PDFSTOPONERROR { /gs /undefined signalerror } if
> -- } if
> -- }
> -+ } executeonly if
> -+ } executeonly
> - ifelse
> - } bind executeonly def
> -
> -@@ -1142,7 +1142,7 @@ currentdict end readonly def
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- }
> -+ } executeonly
> - {
> - currentglobal //pdfdict gcheck .setglobal
> - //pdfdict /.Qqwarning_issued //true .forceput
> -@@ -1150,8 +1150,8 @@ currentdict end readonly def
> - pdfformaterror
> - } executeonly ifelse
> - end
> -- } ifelse
> -- } loop
> -+ } executeonly ifelse
> -+ } executeonly loop
> - {
> - (\n **** Error: File has unbalanced q/Q operators \(too many
> q's\)\n Output may be incorrect.\n)
> - //pdfdict /.Qqwarning_issued .knownget
> -@@ -1165,14 +1165,14 @@ currentdict end readonly def
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- }
> -+ } executeonly
> - {
> - currentglobal //pdfdict gcheck .setglobal
> - //pdfdict /.Qqwarning_issued //true .forceput
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- } if
> -+ } executeonly if
> - pop
> -
> - % restore pdfemptycount
> -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
> -index 2df3303..6a6a5fe 100644
> ---- a/Resource/Init/pdf_font.ps
> -+++ b/Resource/Init/pdf_font.ps
> -@@ -638,7 +638,7 @@ currentdict end readonly def
> - currentglobal 2 index dup gcheck setglobal
> - /FontInfo 5 dict dup 5 1 roll .forceput
> - setglobal
> -- } if
> -+ } executeonly if
> - dup /GlyphNames2Unicode .knownget not {
> - //true % No existing G2U, make
> one
> - } {
> -@@ -668,10 +668,12 @@ currentdict end readonly def
> - pop % font-res
> font-dict encoding|null font-info
> - pop % font-res
> font-dict encoding|null
> - //false % We built a
> GlyphNames2Unicode table, don't need to process further
> -- }{
> -+ } executeonly
> -+ {
> - //true % name is not
> Identity-V or H, fail by falling through
> - }ifelse
> -- } {
> -+ } executeonly
> -+ {
> - //true
> - } ifelse % not a name,
> try as a dictionary (as specified)
> -
> -@@ -759,9 +761,9 @@ currentdict end readonly def
> - PDFDEBUG {
> - (.processToUnicode end) =
> - } if
> -- } if
> -- } if
> -- } stopped
> -+ } executeonly if
> -+ } executeonly if
> -+ } executeonly stopped
> - {
> - .dstackdepth 1 countdictstack 1 sub
> - {pop end} for
> -@@ -1291,19 +1293,20 @@ currentdict /eexec_pdf_param_dict .undef
> - //pdfdict /.Qqwarning_issued //true .forceput
> - } executeonly if
> - Q
> -- } repeat
> -+ } executeonly repeat
> - Q
> -- } PDFfile fileposition 2 .execn % Keep pdfcount valid.
> -+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount
> valid.
> - PDFfile exch setfileposition
> -- } ifelse
> -- } {
> -+ } executeonly ifelse
> -+ } executeonly
> -+ {
> - % PDF Type 3 fonts don't use .notdef
> - % d1 implementation adjusts the width as needed
> - 0 0 0 0 0 0
> - pdfopdict /d1 get exec
> - } ifelse
> - end end
> -- } bdef
> -+ } executeonly bdef
> - dup currentdict Encoding .processToUnicode
> - currentdict end .completefont exch pop
> - } bind executeonly odef
> -@@ -2103,9 +2106,9 @@ currentdict /CMap_read_dict undef
> - (Will continue, but content may be missing.) = flush
> - } ifelse
> - } if
> -- } if
> -+ } executeonly if
> - /findresource cvx /undefined signalerror
> -- } loop
> -+ } executeonly loop
> - } bind executeonly odef
> -
> - /buildCIDType0 { % <CIDFontType0-font-resource> buildCIDType0 <font>
> -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
> -index 5305ea6..a59e63c 100644
> ---- a/Resource/Init/pdf_main.ps
> -+++ b/Resource/Init/pdf_main.ps
> -@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- }
> -+ } executeonly
> - {
> - currentglobal //pdfdict gcheck .setglobal
> - //pdfdict /.Qqwarning_issued //true .forceput
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- } if
> -- } if
> -+ } executeonly if
> -+ } executeonly if
> - pop
> - count PDFexecstackcount sub { pop } repeat
> - (after exec) VMDEBUG
> -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
> -index 285e582..6c1f100 100644
> ---- a/Resource/Init/pdf_ops.ps
> -+++ b/Resource/Init/pdf_ops.ps
> -@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- }
> -+ } executeonly
> - {
> - currentglobal //pdfdict gcheck .setglobal
> - //pdfdict /.Qqwarning_issued //true .forceput
> - .setglobal
> - pdfformaterror
> - } executeonly ifelse
> -- } if
> -+ } executeonly if
> - } bind executeonly odef
> -
> - % Save PDF gstate
> -@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef
> - dup type /booleantype eq {
> - .currentSMask type /dicttype eq {
> - .currentSMask /Processed 2 index .forceput
> -+ } executeonly
> -+ {
> -+ .setSMask
> -+ }ifelse
> - } executeonly
> - {
> -- .setSMask
> -- }ifelse
> -- }{
> - .setSMask
> - }ifelse
> -
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
> b/meta/recipes-extended/ghostscript/ghostscript_9.50.bb
> similarity index 92%
> rename from meta/recipes-extended/ghostscript/ghostscript_9.27.bb
> rename to meta/recipes-extended/ghostscript/ghostscript_9.50.bb
> index 32f938f254..39c32644db 100644
> --- a/meta/recipes-extended/ghostscript/ghostscript_9.27.bb
> +++ b/meta/recipes-extended/ghostscript/ghostscript_9.50.bb
> @@ -19,15 +19,12 @@ DEPENDS_class-native = "libpng-native"
> UPSTREAM_CHECK_URI = "
> https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
> UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
>
> -SRC_URI_BASE = "
> https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/${BPN}-${PV}.tar.gz
> \
> +SRC_URI_BASE = "
> https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs950/${BPN}-${PV}.tar.gz
> \
> file://ghostscript-9.15-parallel-make.patch \
> file://ghostscript-9.16-Werror-return-type.patch \
> file://do-not-check-local-libpng-source.patch \
> file://avoid-host-contamination.patch \
> file://mkdir-p.patch \
> - file://CVE-2019-14811-0001.patch \
> - file://CVE-2019-14817-0001.patch \
> - file://CVE-2019-14817-0002.patch \
> file://CVE-2019-14869-0001.patch \
> "
>
> @@ -43,8 +40,8 @@ SRC_URI_class-native = "${SRC_URI_BASE} \
>
> file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \
> "
>
> -SRC_URI[md5sum] = "c3990a504a3a23b9babe9de00ed6597d"
> -SRC_URI[sha256sum] =
> "9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285"
> +SRC_URI[md5sum] = "00970cf622bd5b46f68eec9383753870"
> +SRC_URI[sha256sum] =
> "0f53e89fd647815828fc5171613e860e8535b68f7afbc91bf89aee886769ce89"
>
> # Put something like
> #
> --
> 2.24.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20191206/d1607998/attachment-0001.html>
More information about the Openembedded-core
mailing list