!62 fix CVE-2023-46751

From: @li_ning_jie Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-01-02 02:57:40 +00:00 · 2024-01-02 02:57:40 +00:00 · 082825053c
commit 082825053c
parent d306a39fbd 4415becac5
2 changed files with 52 additions and 1 deletions
--- a/backport-CVE-2023-46751.patch
+++ b/backport-CVE-2023-46751.patch
@ -0,0 +1,43 @@
+From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 16 Oct 2023 16:49:40 +0100
+Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output
+ files
+
+In the device initialization redesign, tiffsep and tiffsep1 lost the requirement
+for the output files to be seekable.
+
+Fixing that highlighted a problem with the error handling in
+gdev_prn_open_printer_seekable() where closing the erroring file would leave a
+dangling pointer, and lead to a crash.
+---
+ base/gdevprn.c     | 1 +
+ devices/gdevtsep.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/base/gdevprn.c b/base/gdevprn.c
+index 0491a3c6c..033632387 100644
+--- a/base/gdevprn.c
+++ b/base/gdevprn.c
+@@ -1271,6 +1271,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
+               && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
+ 
+                 code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
+                ppdev->file = NULL;
+                 if (code < 0)
+                     return code;
+             }
+diff --git a/devices/gdevtsep.c b/devices/gdevtsep.c
+index 7fd3c5518..f7a1b174b 100644
+--- a/devices/gdevtsep.c
+++ b/devices/gdevtsep.c
+@@ -737,6 +737,7 @@ tiffsep_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs(dev);
+ 
+    set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, open_device, tiffsep_prn_open);
+     set_dev_proc(dev, close_device, tiffsep_prn_close);
+     set_dev_proc(dev, map_color_rgb, tiffsep_decode_color);
+-- 
+2.34.1
--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -9,7 +9,7 @@

 Name:             ghostscript
 Version:          9.56.1
-Release:          1
+Release:          3
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@ -39,6 +39,7 @@ Patch102:  CVE-2023-36664.patch
 # as the already fixed CVE-2020-16305 in devices/gdevpcx.c
 # see https://bugs.ghostscript.com/show_bug.cgi?id=701819
 Patch103:  CVE-2023-38559.patch
+Patch104:  backport-CVE-2023-46751.patch

 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -110,6 +111,7 @@ PDF files using Ghostscript and dvips
 %patch101 -p0
 %patch102 -p0
 %patch103 -p0
+%patch104 -p1

 # Libraries that we already have packaged(see Build Requirements):
 rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib
@ -203,6 +205,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf

 %changelog
+* Mon Dec 25 2023 liningjie <liningjie@xfusion.com> - 9.56.1-3
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2023-46751
+
 * Wed Aug  2 2023 dillon chen <dillon.chen@gmail.com> - 9.56.1-2
 - Type:CVE
 - ID:NA