diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2019-05-23 14:59:28 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2019-05-23 14:59:28 +0200 |
| commit | e55778d67e8fb4ac0756420b3e52abb1ac02b9f8 (patch) | |
| tree | 60c58069580d94d691fadd2e49edc1619e469190 /sys/lib | |
| parent | 197ff3ac2f4fe9be7eefc9c8409cee04e267b04a (diff) | |
gs: apply fixes for CVE-2018-16509 (thanks jsmoody)
Diffstat (limited to 'sys/lib')
| -rw-r--r-- | sys/lib/ghostscript/gs_init.ps | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/lib/ghostscript/gs_init.ps b/sys/lib/ghostscript/gs_init.ps index 17a5f69b3..31e7ec84b 100644 --- a/sys/lib/ghostscript/gs_init.ps +++ b/sys/lib/ghostscript/gs_init.ps @@ -1992,6 +1992,17 @@ readonly def % If we are running in SAFER mode, lock things down SAFER { .setsafe } if +/UndefinePostScriptOperators { + [ + /condition /currentcontext /detach /.fork /join /.localfork /lock /monitor /notify + /wait /yield /.currentscreenphase /.setscreenphase /.image2 /eoviewclip /initviewclip + /viewclip /viewclippath /defineusername + /currentalpha /setalpha /.alphaimage /composite /compositerect /dissolve /sizeimagebox /.sizeimageparams + ] + {systemdict exch .forceundef} forall + //systemdict /UndefinePostScriptOperators .forceundef +} bind def + % If we delayed binding, make it possible to do it later. /.bindnow { currentuserparams /IdiomRecognition .knownget { @@ -2005,6 +2016,7 @@ SAFER { .setsafe } if //systemdict /.delaybind {} .forceput % reclaim the space //systemdict /.bindnow .forceundef % ditto put + //systemdict /UndefinePostScriptOperators get exec //systemdict /.forcedef .forceundef % remove temptation //systemdict /.forceput .forceundef % ditto //systemdict /.forceundef .forceundef % ditto |