packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-46751

Browse Source
This commit is contained in:
liningjie 2023-12-25 14:06:46 +08:00
parent d306a39fbd
commit 4415becac5
2 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
backport-CVE-2023-46751.patch Normal file
View File

@ -0,0 +1,43 @@
From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Mon, 16 Oct 2023 16:49:40 +0100
Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output
files
In the device initialization redesign, tiffsep and tiffsep1 lost the requirement
for the output files to be seekable.
Fixing that highlighted a problem with the error handling in
gdev_prn_open_printer_seekable() where closing the erroring file would leave a
dangling pointer, and lead to a crash.
---
base/gdevprn.c | 1 +
devices/gdevtsep.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/base/gdevprn.c b/base/gdevprn.c
index 0491a3c6c..033632387 100644
--- a/base/gdevprn.c
+++ b/base/gdevprn.c
@@ -1271,6 +1271,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
&& !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
+ ppdev->file = NULL;
if (code < 0)
return code;
}
diff --git a/devices/gdevtsep.c b/devices/gdevtsep.c
index 7fd3c5518..f7a1b174b 100644
--- a/devices/gdevtsep.c
+++ b/devices/gdevtsep.c
@@ -737,6 +737,7 @@ tiffsep_initialize_device_procs(gx_device *dev)
{
gdev_prn_initialize_device_procs(dev);
+ set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
set_dev_proc(dev, open_device, tiffsep_prn_open);
set_dev_proc(dev, close_device, tiffsep_prn_close);
set_dev_proc(dev, map_color_rgb, tiffsep_decode_color);
--
2.34.1

10
ghostscript.spec
View File

@ -9,7 +9,7 @@
Name: ghostscript Name: ghostscript
Version: 9.56.1 Version: 9.56.1
Release: 1 Release: 3
Summary: An interpreter for PostScript and PDF files Summary: An interpreter for PostScript and PDF files
License: AGPLv3+ License: AGPLv3+
URL: https://ghostscript.com/ URL: https://ghostscript.com/
@ -39,6 +39,7 @@ Patch102: CVE-2023-36664.patch
# as the already fixed CVE-2020-16305 in devices/gdevpcx.c # as the already fixed CVE-2020-16305 in devices/gdevpcx.c
# see https://bugs.ghostscript.com/show_bug.cgi?id=701819 # see https://bugs.ghostscript.com/show_bug.cgi?id=701819
Patch103: CVE-2023-38559.patch Patch103: CVE-2023-38559.patch
Patch104: backport-CVE-2023-46751.patch
BuildRequires: automake gcc BuildRequires: automake gcc
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -110,6 +111,7 @@ PDF files using Ghostscript and dvips
%patch101 -p0 %patch101 -p0
%patch102 -p0 %patch102 -p0
%patch103 -p0 %patch103 -p0
%patch104 -p1
# Libraries that we already have packaged(see Build Requirements): # Libraries that we already have packaged(see Build Requirements):
rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib
@ -203,6 +205,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
%{_bindir}/dvipdf %{_bindir}/dvipdf
%changelog %changelog
* Mon Dec 25 2023 liningjie <liningjie@xfusion.com> - 9.56.1-3
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2023-46751
* Wed Aug 2 2023 dillon chen <dillon.chen@gmail.com> - 9.56.1-2 * Wed Aug 2 2023 dillon chen <dillon.chen@gmail.com> - 9.56.1-2
- Type:CVE - Type:CVE
- ID:NA - ID:NA