From b643169012fae9013d509ef7fc19602450113b77 Mon Sep 17 00:00:00 2001
From: Miroslav Šulc <fordfrog@gentoo.org>
Date: Wed, 5 Aug 2020 19:57:09 +0200
Subject: media-sound/lilypond: fixed cve-2020-17353
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: https://bugs.gentoo.org/736074
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
---
 .../files/lilypond-fix-cve-2020-17353.patch        | 101 +++++++++++++++++++++
 1 file changed, 101 insertions(+)
 create mode 100644 media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch

(limited to 'media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch')

diff --git a/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch b/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch
new file mode 100644
index 000000000000..e91947eae056
--- /dev/null
+++ b/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch
@@ -0,0 +1,101 @@
+From b84ea4740f3279516905c5db05f4074e777c16ff Mon Sep 17 00:00:00 2001
+From: Han-Wen Nienhuys <hanwenn@gmail.com>
+Date: Tue, 21 Jul 2020 14:45:08 +0200
+Subject: [PATCH] scm: disable embedded-ps and embedded-svg in -dsafe mode
+
+This prevents executing privileged PostScript and exploiting
+Ghostscript vulnerablilities
+
+Tested:
+ $ lilypond -dsafe input/regression/les-nereides.ly
+ (works, kinda)
+
+ $ cat f.ly
+ { c4_ \markup \postscript #" (x) show " }
+
+ $ lilypond -dsafe f
+ Preprocessing graphical objects.../home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: In procedure ly_make_stencil in expression (ly:make-stencil (list # #) (quote #) ...):
+  /home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: Wrong type argument in position 1 (expecting registered stencil expression): (embedded-ps "
+---
+ scm/define-stencil-commands.scm | 65 ++++++++++++++++++++++-------------------
+ 1 file changed, 35 insertions(+), 30 deletions(-)
+
+diff --git a/scm/define-stencil-commands.scm b/scm/define-stencil-commands.scm
+index 09a2299..e388788 100644
+--- a/scm/define-stencil-commands.scm
++++ b/scm/define-stencil-commands.scm
+@@ -21,36 +21,41 @@
+ (define-public (ly:all-stencil-commands)
+   "Return the list of stencil commands that can be
+ defined in the output modules (@file{output-*.scm})."
+-  '(blank
+-    char
+-    circle
+-    dashed-line
+-    draw-line
+-    ellipse
+-    embedded-ps
+-    embedded-svg
+-    end-group-node
+-    glyph-string
+-    grob-cause
+-    named-glyph
+-    no-origin
+-    page-link
+-    path
+-    partial-ellipse
+-    placebox
+-    polygon
+-    resetcolor
+-    resetrotation
+-    resetscale
+-    round-filled-box
+-    setcolor
+-    setrotation
+-    setscale
+-    start-group-node
+-    text
+-    unknown
+-    url-link
+-    utf-8-string
++  (let*
++      ((commands '(blank
++                   char
++                   circle
++                   dashed-line
++                   draw-line
++                   ellipse
++                   end-group-node
++                   glyph-string
++                   grob-cause
++                   named-glyph
++                   no-origin
++                   page-link
++                   path
++                   partial-ellipse
++                   placebox
++                   polygon
++                   resetcolor
++                   resetrotation
++                   resetscale
++                   round-filled-box
++                   setcolor
++                   setrotation
++                   setscale
++                   start-group-node
++                   text
++                   unknown
++                   url-link
++                   utf-8-string
++                   )))
++
++    (if (ly:get-option 'safe)
++        commands
++        (append '(embedded-ps embedded-svg)
++                commands))
+     ))
+ 
+ ;; TODO:
+-- 
+1.9.1
+
-- 
cgit v1.2.3-65-gdbad