pool/ghostscript
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 945778 from home:jsmeix:branches:Printing

Browse Source 
Ghostscript security fix CVE-2021-45949 (bsc#1194304) including CVE-2021-45944 (bsc#1194303)

OBS-URL: https://build.opensuse.org/request/show/945778
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=148
This commit is contained in:
Johannes Meixner 2022-01-12 09:39:16 +00:00 committed by Git OBS Bridge
parent 5e8edce3ca
commit 064397ec60
5 changed files with 84 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2021-45949.patch Normal file
View File

@ -0,0 +1,36 @@
--- psi/zfsample.c.orig 2022-01-12 09:16:07.639604741 +0100
+++ psi/zfsample.c 2022-01-12 09:21:45.187952236 +0100
@@ -535,13 +535,16 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
}
pop(num_out); /* Move op to base of result values */
+ /* From here on, we have to use ref_stack_pop() rather than pop()
+ so that it handles stack extension blocks properly, before calling
+ sampled_data_sample() which also uses the op stack.
+ */
/* Check if we are done collecting data. */
-
if (increment_cube_indexes(params, penum->indexes)) {
if (stack_depth_adjust == 0)
- pop(O_STACK_PAD); /* Remove spare stack space */
+ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */
else
- pop(stack_depth_adjust - num_out);
+ ref_stack_pop(&o_stack, stack_depth_adjust - num_out);
/* Execute the closing procedure, if given */
code = 0;
if (esp_finish_proc != 0)
@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
if ((O_STACK_PAD - stack_depth_adjust) < 0) {
stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust);
check_op(stack_depth_adjust);
- pop(stack_depth_adjust);
+ ref_stack_pop(&o_stack, stack_depth_adjust);
}
else {
check_ostack(O_STACK_PAD - stack_depth_adjust);
- push(O_STACK_PAD - stack_depth_adjust);
+ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust);
for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
make_null(op - i);
}

11
ghostscript-mini.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de
- CVE-2021-45949.patch fixes CVE-2021-45949
heap-based buffer overflow in sampled_data_finish
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
(bsc#1194304)
- CVE-2021-45944 use-after-free in sampled_data_sample
is already fixed in the Ghostscript 9.54.0 upstream sources
(bsc#1194303)
-------------------------------------------------------------------
Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de

14
ghostscript-mini.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package ghostscript-mini
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -89,6 +89,12 @@ Patch101: ijs_exec_server_dont_use_sh.patch
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
Patch102: CVE-2021-3781.patch
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
Patch103: CVE-2021-45949.patch
# RPM dependencies:
# The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any"
# so other packages can build with any available Ghostscript implementation,
@ -172,6 +178,12 @@ This package contains the development files for Minimal Ghostscript.
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
%patch102 -p1
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
%patch103
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig

11
ghostscript.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de
- CVE-2021-45949.patch fixes CVE-2021-45949
heap-based buffer overflow in sampled_data_finish
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
(bsc#1194304)
- CVE-2021-45944 use-after-free in sampled_data_sample
is already fixed in the Ghostscript 9.54.0 upstream sources
(bsc#1194303)
-------------------------------------------------------------------
Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de

14
ghostscript.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package ghostscript
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -118,6 +118,12 @@ Patch101: ijs_exec_server_dont_use_sh.patch
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
Patch102: CVE-2021-3781.patch
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
Patch103: CVE-2021-45949.patch
# RPM dependencies:
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
# "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11":
@ -313,6 +319,12 @@ This package contains the development files for Ghostscript.
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
%patch102 -p1
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
%patch103
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig