packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-46951

Browse Source
This commit is contained in:
李宁杰 2024-11-01 09:18:06 +00:00 committed by Gitee
parent dff3251f64
commit 850ccb1a4c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
backport-CVE-2024-46951.patch Normal file
View File

@ -0,0 +1,31 @@
From ada21374f0c90cc3acf7ce0e96302394560c7aee Mon Sep 17 00:00:00 2001
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Fri, 30 Aug 2024 13:16:39 +0100
Subject: [PATCH] PS interpreter - check the type of the Pattern Implementation
Bug #707991
See bug report for details.
CVE-2024-46951
---
psi/zcolor.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/psi/zcolor.c b/psi/zcolor.c
index d4e7a4438..d3384d75d 100644
--- a/psi/zcolor.c
+++ b/psi/zcolor.c
@@ -5276,6 +5276,9 @@ static int patterncomponent(i_ctx_t * i_ctx_p, ref *space, int *n)
code = array_get(imemory, pImpl, 0, &pPatInst);
if (code < 0)
return code;
+
+ if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
+ return_error(gs_error_typecheck);
cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
if (pattern_instance_uses_base_space(cc.pattern))
*n = n_comps;
--
2.34.1

10
ghostscript.spec
View File

@ -9,7 +9,7 @@
Name: ghostscript Name: ghostscript
Version: 9.56.1 Version: 9.56.1
Release: 10 Release: 11
Summary: An interpreter for PostScript and PDF files Summary: An interpreter for PostScript and PDF files
License: AGPLv3+ License: AGPLv3+
URL: https://ghostscript.com/ URL: https://ghostscript.com/
@ -66,6 +66,7 @@ Patch116: Bug-707510-fix-LIBIDN-usage.patch
Patch117: fix-CVE-2024-33869-second.patch Patch117: fix-CVE-2024-33869-second.patch
Patch118: backport-CVE-2024-46953.patch Patch118: backport-CVE-2024-46953.patch
Patch119: backport-CVE-2024-46956.patch Patch119: backport-CVE-2024-46956.patch
Patch120: backport-CVE-2024-46951.patch
BuildRequires: automake gcc BuildRequires: automake gcc
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -153,6 +154,7 @@ PDF files using Ghostscript and dvips
%patch117 -p1 %patch117 -p1
%patch118 -p1 %patch118 -p1
%patch119 -p1 %patch119 -p1
%patch120 -p1
# Libraries that we already have packaged(see Build Requirements): # Libraries that we already have packaged(see Build Requirements):
rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib
@ -246,6 +248,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
%{_bindir}/dvipdf %{_bindir}/dvipdf
%changelog %changelog
* Fri Nov 01 2024 liningjie <liningjie@xfusion.com> - 9.56.1-11
- Type:CVE
- ID:NA
- SUG:NA
- DECS: Fix CVE-2024-46951
* Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.56.1-10 * Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.56.1-10
- Type:CVE - Type:CVE
- ID:NA - ID:NA