!97 [sync] PR-96: 补充CVE-2024-33869CVE缺少的一个补丁

From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-07-12 10:20:16 +00:00 · 2024-07-12 10:20:16 +00:00 · 9751a7726e
commit 9751a7726e
parent 92bafab078 089cfd9eea
2 changed files with 61 additions and 1 deletions
--- a/fix-CVE-2024-33869-second.patch
+++ b/fix-CVE-2024-33869-second.patch
@ -0,0 +1,49 @@
+From 77c8d6426fe91a2df8f3a37934f030ecc396cacb Mon Sep 17 00:00:00 2001
+From: zhangxingrong <zhangxingrong@uniontech.com>
+Date: Fri, 12 Jul 2024 15:09:12 +0800
+Subject: [PATCH] fix for CVE-2024-33869
+
+Bug 707691 part 2
+See bug thread for details
+
+This is the second part of the fix for CVE-2024-33869
+url:https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
+---
+ base/gpmisc.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index cbc6139..186d9b7 100644
+--- a/base/gpmisc.c
+++ b/base/gpmisc.c
+@@ -1089,6 +1089,27 @@ gp_validate_path_len(const gs_memory_t *mem,
+         rlen = len;
+     }
+     else {
+        char *test = (char *)path, *test1;
+        uint tlen = len, slen;
+
+        /* Look for any pipe (%pipe% or '|' specifications between path separators
+         * Reject any path spec which has a %pipe% or '|' anywhere except at the start.
+         */
+        while (tlen > 0) {
+            if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
+                code = gs_note_error(gs_error_invalidfileaccess);
+                goto exit;
+            }
+            test1 = test;
+            slen = search_separator((const char **)&test, path + len, test1, 1);
+            if(slen == 0)
+                break;
+            test += slen;
+            tlen -= test - test1;
+            if (test >= path + len)
+                break;
+        }
+
+         rlen = len+1;
+         bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
+         if (bufferfull == NULL)
+-- 
+2.43.0
+
--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -9,7 +9,7 @@

 Name:             ghostscript
 Version:          9.56.1
-Release:          6
+Release:          7
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@ -54,6 +54,10 @@ Patch113:  Bug-707510-review-printing-of-pointers.patch
 Patch114:  Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch
 Patch115:  Bug-707510-fix-LIBIDN-usage.patch

+# See bug thread for details
+#This is the second part of the fix for CVE-2024-33869
+Patch116:  fix-CVE-2024-33869-second.patch
+
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
 BuildRequires:    google-droid-sans-fonts urw-base35-fonts-devel
@ -136,6 +140,7 @@ PDF files using Ghostscript and dvips
 %patch113 -p1
 %patch114 -p1
 %patch115 -p1
+%patch116 -p1


 # Libraries that we already have packaged(see Build Requirements):
@ -230,6 +235,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf

 %changelog
+* Fri Jul 12 2024 zhangxingrong-<zhangxingrong@uniontech.cn> - 9.56.1-7
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: This is the second part of the fix for CVE-2024-33869
+
 * Thu Jul 04 2024 zhangxianting <zhangxianting@uniontech.com> - 9.56.1-6
 - Type:CVE
 - ID:NA