packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!97 [sync] PR-96: 补充CVE-2024-33869CVE缺少的一个补丁

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-07-12 10:20:16 +00:00 committed by Gitee
commit 9751a7726e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
fix-CVE-2024-33869-second.patch Normal file
View File

@ -0,0 +1,49 @@
From 77c8d6426fe91a2df8f3a37934f030ecc396cacb Mon Sep 17 00:00:00 2001
From: zhangxingrong <zhangxingrong@uniontech.com>
Date: Fri, 12 Jul 2024 15:09:12 +0800
Subject: [PATCH] fix for CVE-2024-33869
Bug 707691 part 2
See bug thread for details
This is the second part of the fix for CVE-2024-33869
url:https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
---
base/gpmisc.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/base/gpmisc.c b/base/gpmisc.c
index cbc6139..186d9b7 100644
--- a/base/gpmisc.c
+++ b/base/gpmisc.c
@@ -1089,6 +1089,27 @@ gp_validate_path_len(const gs_memory_t *mem,
rlen = len;
}
else {
+ char *test = (char *)path, *test1;
+ uint tlen = len, slen;
+
+ /* Look for any pipe (%pipe% or '|' specifications between path separators
+ * Reject any path spec which has a %pipe% or '|' anywhere except at the start.
+ */
+ while (tlen > 0) {
+ if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
+ code = gs_note_error(gs_error_invalidfileaccess);
+ goto exit;
+ }
+ test1 = test;
+ slen = search_separator((const char **)&test, path + len, test1, 1);
+ if(slen == 0)
+ break;
+ test += slen;
+ tlen -= test - test1;
+ if (test >= path + len)
+ break;
+ }
+
rlen = len+1;
bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
if (bufferfull == NULL)
--
2.43.0

13
ghostscript.spec
View File

@ -9,7 +9,7 @@
Name: ghostscript Name: ghostscript
Version: 9.56.1 Version: 9.56.1
Release: 6 Release: 7
Summary: An interpreter for PostScript and PDF files Summary: An interpreter for PostScript and PDF files
License: AGPLv3+ License: AGPLv3+
URL: https://ghostscript.com/ URL: https://ghostscript.com/
@ -54,6 +54,10 @@ Patch113: Bug-707510-review-printing-of-pointers.patch
Patch114: Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch Patch114: Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch
Patch115: Bug-707510-fix-LIBIDN-usage.patch Patch115: Bug-707510-fix-LIBIDN-usage.patch
# See bug thread for details
#This is the second part of the fix for CVE-2024-33869
Patch116: fix-CVE-2024-33869-second.patch
BuildRequires: automake gcc BuildRequires: automake gcc
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
BuildRequires: google-droid-sans-fonts urw-base35-fonts-devel BuildRequires: google-droid-sans-fonts urw-base35-fonts-devel
@ -136,6 +140,7 @@ PDF files using Ghostscript and dvips
%patch113 -p1 %patch113 -p1
%patch114 -p1 %patch114 -p1
%patch115 -p1 %patch115 -p1
%patch116 -p1
# Libraries that we already have packaged(see Build Requirements): # Libraries that we already have packaged(see Build Requirements):
@ -230,6 +235,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
%{_bindir}/dvipdf %{_bindir}/dvipdf
%changelog %changelog
* Fri Jul 12 2024 zhangxingrong-<zhangxingrong@uniontech.cn> - 9.56.1-7
- Type:CVE
- ID:NA
- SUG:NA
- DECS: This is the second part of the fix for CVE-2024-33869
* Thu Jul 04 2024 zhangxianting <zhangxianting@uniontech.com> - 9.56.1-6 * Thu Jul 04 2024 zhangxianting <zhangxianting@uniontech.com> - 9.56.1-6
- Type:CVE - Type:CVE
- ID:NA - ID:NA