ghostscript: patch CVE-2019-6116

* [Project Zero](https://bugs.chromium.org/p/project-zero/issues/detail?id=1729)
* [Ghostscript bug tracker](https://bugs.ghostscript.com/show_bug.cgi?id=700317) (currently restricted)

Closes #36411.

Signed-off-by: Chongyu Zhu <i@lembacon.com>
This commit is contained in:
Tommy Yang 2019-01-26 06:41:00 -08:00 committed by Chongyu Zhu
parent 03d0e842a7
commit d5d4e7c0b3
No known key found for this signature in database
GPG key ID: 1A43E3C9100B38F5

View file

@ -1,9 +1,20 @@
class Ghostscript < Formula class Ghostscript < Formula
desc "Interpreter for PostScript and PDF" desc "Interpreter for PostScript and PDF"
homepage "https://www.ghostscript.com/" homepage "https://www.ghostscript.com/"
revision 1
stable do
url "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostpdl-9.26.tar.xz" url "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/ghostpdl-9.26.tar.xz"
sha256 "9c586554c653bb92ef5d271b12ad76ac6fabc05193173cb9e2b799bb069317fe" sha256 "9c586554c653bb92ef5d271b12ad76ac6fabc05193173cb9e2b799bb069317fe"
# CVE-2019-6116 https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
patch do
url "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz"
sha256 "54ab7d8f8007259c27fd4f11fd12f5ef0dbf6fe570da30b9335edec7deb3fa25"
apply "0001-Bug700317-Address-.force-operators-exposure.patch"
end
end
bottle do bottle do
rebuild 1 rebuild 1
sha256 "eb150bdd252ba213f1c2d21d142687629fda59ad09e6f0f55cfa5c720ac70916" => :mojave sha256 "eb150bdd252ba213f1c2d21d142687629fda59ad09e6f0f55cfa5c720ac70916" => :mojave