Accepting request 635772 from home:jsmeix:branches:Printing

Ghostscript version upgrade to 9.25 which provides fixes for regressions in Ghostscript 9.24 and more security bufgixes, see https://www.ghostscript.com/doc/9.25/News.htm

OBS-URL: https://build.opensuse.org/request/show/635772
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=95
This commit is contained in:
Johannes Meixner 2018-09-14 13:41:35 +00:00 committed by Git OBS Bridge
parent c0eb0b9d23
commit 07ebe5c7a1
6 changed files with 225 additions and 27 deletions

3
ghostscript-9.25.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:baafa64740b090bff50b220a6df3be95c46069b7e30f4b4effed28316e5b2389
size 42017635

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:30955a417fac3d9faeb37ec6ef3f9309d0f6d3c2bce3ea1073fe547d5f755615
size 42019310

View File

@ -1,3 +1,102 @@
-------------------------------------------------------------------
Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
- Version upgrade to 9.25
For the highlights in this release see the highlights in the
9.25rc1 first release candidate for 9.25 entry below.
PLEASE NOTE:
We (i.e. Ghostscript upstream) strongly urge users to upgrade
to this latest release to avoid these issues.
For a release summary see:
http://www.ghostscript.com/doc/9.25/News.htm
For details see the News.htm and History9.htm files.
The Ghostscript 9.25 release should fix (see below)
in particular those security issues:
* CVE-2018-15909: shading_param incomplete type checking
https://bugs.ghostscript.com/show_bug.cgi?id=699660
https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
* CVE-2018-15908: .tempfile file permission issues
https://bugs.ghostscript.com/show_bug.cgi?id=699657
https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
* CVE-2018-15910: LockDistillerParams type confusion
https://bugs.ghostscript.com/show_bug.cgi?id=699656
https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
* CVE-2018-15911: uninitialized memory access in the aesdecode
https://bugs.ghostscript.com/show_bug.cgi?id=699665
https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
* CVE-2018-16513: setcolor missing type check
https://bugs.ghostscript.com/show_bug.cgi?id=699655
https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
* CVE-2018-16509: /invalidaccess bypass after failed restore
https://bugs.ghostscript.com/show_bug.cgi?id=699654
https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
* CVE-2018-16510: Incorrect exec stack handling in the "CS"
and "SC" PDF primitives
https://bugs.ghostscript.com/show_bug.cgi?id=699671
https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
* CVE-2018-16542: .definemodifiedfont memory corruption
if /typecheck is handled
https://bugs.ghostscript.com/show_bug.cgi?id=699668
https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
* CVE-2018-16541 incorrect free logic in pagedevice replacement
https://bugs.ghostscript.com/show_bug.cgi?id=699664
https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
* CVE-2018-16540 use-after-free in copydevice handling
https://bugs.ghostscript.com/show_bug.cgi?id=699661
https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
* CVE-2018-16539: incorrect access checking in temp file
handling to disclose contents of files
https://bugs.ghostscript.com/show_bug.cgi?id=699658
https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
* CVE-2018-16543: gssetresolution and gsgetresolution allow
for unspecified impact
https://bugs.ghostscript.com/show_bug.cgi?id=699670
https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
* CVE-2018-16511: type confusion in "ztype" could be used by
remote attackers able to supply crafted PostScript to crash
the interpreter or possibly have unspecified other impact
https://bugs.ghostscript.com/show_bug.cgi?id=699659
https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
* CVE-2018-16585 .setdistillerkeys PostScript command is
accepted even though it is not intended for use
https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
* CVE-2018-16802: Incorrect"restoration of privilege" checking
when running out of stack during exceptionhandling could be
used by attackers able to supply crafted PostScript to execute
code using the "pipe" instruction. This is due to an incomplete
fix for CVE-2018-16509
https://bugs.ghostscript.com/show_bug.cgi?id=699714
https://bugs.ghostscript.com/show_bug.cgi?id=699718
https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
Regarding what the above "should fix" means:
PostScript is a general purpose Turing-complete programming
language (cf. https://en.wikipedia.org/wiki/PostScript)
that supports in particular file access on the system disk.
When Ghostscript processes PostScript it runs a PostScript
program as the user who runs Ghostscript.
When Ghostscript processes an arbitrary PostScript file,
the user who runs Ghostscript runs an arbitrary program
which can do anything on the system where Ghostscript runs
that this user is allowed to do on that system.
To make it safer when Ghostscript runs a PostScript program
the Ghostscript command line option '-dSAFER' disables
certain file access functionality, for details see
/usr/share/doc/ghostscript/9.25/Use.htm
Its name 'SAFER' says everything: It makes it 'safer'
to let Ghostscript run a PostScript program,
but it does not make it completely safe.
In theory software is safe against misuse (i.e. has no bugs).
In practice there is an endless sequence of various kind of
security issues (i.e. software can be misused to do more than
what is intended) that get fixed issue by issue ad infinitum.
In the end all that means:
In practice the user who runs Ghostscript must not let it
process arbitrary PostScript files from untrusted origin.
In particular Ghostscript is usually run when printing
documents (with the '-dSAFER' option set), see the part about
"It is crucial to limit access to CUPS to trusted users" in
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de

View File

@ -37,20 +37,20 @@ Url: http://www.ghostscript.com/
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version: # so that we keep additionally the previous version number to upgrade from the previous version:
Version: 9.24pre25rc1 #Version: 9.24pre25rc1
Release: 0
# Normal version for Ghostscript releases is the upstream version: # Normal version for Ghostscript releases is the upstream version:
#Version: 9.24 Version: 9.25
Release: 0
# tarball_version is used below to specify the directory via "setup -n": # tarball_version is used below to specify the directory via "setup -n":
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
#define tarball_version %{version} %define tarball_version %{version}
%define tarball_version 9.25rc1 #define tarball_version 9.25rc1
# built_version is used below in the install and files sections: # built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version): # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
#define built_version %{version} %define built_version %{version}
%define built_version 9.25 #define built_version 9.25
# Source0...Source9 is for sources from upstream: # Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates: # Special URLs for Ghostscript release candidates:
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@ -59,14 +59,14 @@ Release: 0
# URL for MD5 checksums: # URL for MD5 checksums:
# wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS # wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS
# MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz # MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz
Source0: ghostscript-%{tarball_version}.tar.gz #Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases: # Normal URLs for Ghostscript releases:
# URL for Source0: # URL for Source0:
# wget -O ghostscript-9.24.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/ghostscript-9.24.tar.gz # wget -O ghostscript-9.25.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/ghostscript-9.25.tar.gz
# URL for MD5 checksums: # URL for MD5 checksums:
# wget -O gs924.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/MD5SUMS # wget -O gs925.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/MD5SUMS
# MD5 checksum for Source0: c5c3fa8eb737a6540814314a9d9e4995 ghostscript-9.24.tar.gz # MD5 checksum for Source0: eebd0fadbfa8e800094422ce65e94d5d ghostscript-9.25.tar.gz
#Source0: ghostscript-%{version}.tar.gz Source0: ghostscript-%{version}.tar.gz
# Patch0...Patch9 is for patches from upstream: # Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream:

View File

@ -1,3 +1,102 @@
-------------------------------------------------------------------
Fri Sep 14 10:47:33 CEST 2018 - jsmeix@suse.de
- Version upgrade to 9.25
For the highlights in this release see the highlights in the
9.25rc1 first release candidate for 9.25 entry below.
PLEASE NOTE:
We (i.e. Ghostscript upstream) strongly urge users to upgrade
to this latest release to avoid these issues.
For a release summary see:
http://www.ghostscript.com/doc/9.25/News.htm
For details see the News.htm and History9.htm files.
The Ghostscript 9.25 release should fix (see below)
in particular those security issues:
* CVE-2018-15909: shading_param incomplete type checking
https://bugs.ghostscript.com/show_bug.cgi?id=699660
https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
* CVE-2018-15908: .tempfile file permission issues
https://bugs.ghostscript.com/show_bug.cgi?id=699657
https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
* CVE-2018-15910: LockDistillerParams type confusion
https://bugs.ghostscript.com/show_bug.cgi?id=699656
https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
* CVE-2018-15911: uninitialized memory access in the aesdecode
https://bugs.ghostscript.com/show_bug.cgi?id=699665
https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
* CVE-2018-16513: setcolor missing type check
https://bugs.ghostscript.com/show_bug.cgi?id=699655
https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
* CVE-2018-16509: /invalidaccess bypass after failed restore
https://bugs.ghostscript.com/show_bug.cgi?id=699654
https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
* CVE-2018-16510: Incorrect exec stack handling in the "CS"
and "SC" PDF primitives
https://bugs.ghostscript.com/show_bug.cgi?id=699671
https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
* CVE-2018-16542: .definemodifiedfont memory corruption
if /typecheck is handled
https://bugs.ghostscript.com/show_bug.cgi?id=699668
https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
* CVE-2018-16541 incorrect free logic in pagedevice replacement
https://bugs.ghostscript.com/show_bug.cgi?id=699664
https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
* CVE-2018-16540 use-after-free in copydevice handling
https://bugs.ghostscript.com/show_bug.cgi?id=699661
https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
* CVE-2018-16539: incorrect access checking in temp file
handling to disclose contents of files
https://bugs.ghostscript.com/show_bug.cgi?id=699658
https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
* CVE-2018-16543: gssetresolution and gsgetresolution allow
for unspecified impact
https://bugs.ghostscript.com/show_bug.cgi?id=699670
https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
* CVE-2018-16511: type confusion in "ztype" could be used by
remote attackers able to supply crafted PostScript to crash
the interpreter or possibly have unspecified other impact
https://bugs.ghostscript.com/show_bug.cgi?id=699659
https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
* CVE-2018-16585 .setdistillerkeys PostScript command is
accepted even though it is not intended for use
https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
* CVE-2018-16802: Incorrect"restoration of privilege" checking
when running out of stack during exceptionhandling could be
used by attackers able to supply crafted PostScript to execute
code using the "pipe" instruction. This is due to an incomplete
fix for CVE-2018-16509
https://bugs.ghostscript.com/show_bug.cgi?id=699714
https://bugs.ghostscript.com/show_bug.cgi?id=699718
https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
Regarding what the above "should fix" means:
PostScript is a general purpose Turing-complete programming
language (cf. https://en.wikipedia.org/wiki/PostScript)
that supports in particular file access on the system disk.
When Ghostscript processes PostScript it runs a PostScript
program as the user who runs Ghostscript.
When Ghostscript processes an arbitrary PostScript file,
the user who runs Ghostscript runs an arbitrary program
which can do anything on the system where Ghostscript runs
that this user is allowed to do on that system.
To make it safer when Ghostscript runs a PostScript program
the Ghostscript command line option '-dSAFER' disables
certain file access functionality, for details see
/usr/share/doc/ghostscript/9.25/Use.htm
Its name 'SAFER' says everything: It makes it 'safer'
to let Ghostscript run a PostScript program,
but it does not make it completely safe.
In theory software is safe against misuse (i.e. has no bugs).
In practice there is an endless sequence of various kind of
security issues (i.e. software can be misused to do more than
what is intended) that get fixed issue by issue ad infinitum.
In the end all that means:
In practice the user who runs Ghostscript must not let it
process arbitrary PostScript files from untrusted origin.
In particular Ghostscript is usually run when printing
documents (with the '-dSAFER' option set), see the part about
"It is crucial to limit access to CUPS to trusted users" in
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de Thu Sep 13 14:14:39 CEST 2018 - jsmeix@suse.de

View File

@ -57,20 +57,20 @@ Url: http://www.ghostscript.com/
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version: # so that we keep additionally the previous version number to upgrade from the previous version:
Version: 9.24pre25rc1 #Version: 9.24pre25rc1
Release: 0
# Normal version for Ghostscript releases is the upstream version: # Normal version for Ghostscript releases is the upstream version:
#Version: 9.24 Version: 9.25
Release: 0
# tarball_version is used below to specify the directory via "setup -n": # tarball_version is used below to specify the directory via "setup -n":
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
#define tarball_version %{version} %define tarball_version %{version}
%define tarball_version 9.25rc1 #define tarball_version 9.25rc1
# built_version is used below in the install and files sections: # built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version): # For Ghostscript releases built_version and version are the same (i.e. the upstream version):
#define built_version %{version} %define built_version %{version}
%define built_version 9.25 #define built_version 9.25
# Source0...Source9 is for sources from upstream: # Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates: # Special URLs for Ghostscript release candidates:
# see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
@ -79,14 +79,14 @@ Release: 0
# URL for MD5 checksums: # URL for MD5 checksums:
# wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS # wget -O gs925rc1.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925rc1/MD5SUMS
# MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz # MD5 checksum for Source0: 2dc56f05c4e479b9a2cbb8221f669c8f ghostscript-9.25rc1.tar.gz
Source0: ghostscript-%{tarball_version}.tar.gz #Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases: # Normal URLs for Ghostscript releases:
# URL for Source0: # URL for Source0:
# wget -O ghostscript-9.24.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/ghostscript-9.24.tar.gz # wget -O ghostscript-9.25.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/ghostscript-9.25.tar.gz
# URL for MD5 checksums: # URL for MD5 checksums:
# wget -O gs924.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/MD5SUMS # wget -O gs925.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs925/MD5SUMS
# MD5 checksum for Source0: c5c3fa8eb737a6540814314a9d9e4995 ghostscript-9.24.tar.gz # MD5 checksum for Source0: eebd0fadbfa8e800094422ce65e94d5d ghostscript-9.25.tar.gz
#Source0: ghostscript-%{version}.tar.gz Source0: ghostscript-%{version}.tar.gz
# Patch0...Patch9 is for patches from upstream: # Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: