pool/ghostscript
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 614286 from home:jsmeix:branches:Printing

Browse Source 
CVE-2018-10194.patch fixes stack-based buffer overflow (bsc#1090099)

OBS-URL: https://build.opensuse.org/request/show/614286
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=91
This commit is contained in:
Johannes Meixner 2018-06-05 13:32:09 +00:00 committed by Git OBS Bridge
parent dc0a03b301
commit 1829075053
5 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CVE-2018-10194.patch Normal file
View File

@ -0,0 +1,18 @@
--- devices/vector/gdevpdts.c.orig 2018-03-21 09:48:06.000000000 +0100
+++ devices/vector/gdevpdts.c 2018-06-05 14:39:39.000000000 +0200
@@ -103,9 +103,14 @@ append_text_move(pdf_text_state_t *pts,
static int
set_text_distance(gs_point *pdist, double dx, double dy, const gs_matrix *pmat)
{
- int code = gs_distance_transform_inverse(dx, dy, pmat, pdist);
+ int code;
double rounded;
+ if (dx > 1e38 || dy > 1e38)
+ code = gs_error_undefinedresult;
+ else
+ code = gs_distance_transform_inverse(dx, dy, pmat, pdist);
+
if (code == gs_error_undefinedresult) {
/* The CTM is degenerate.
Can't know the distance in user space.

8
ghostscript-mini.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de
- CVE-2018-10194.patch fixes stack-based buffer overflow
in gdevpdts.c (bsc#1090099), see
https://bugs.ghostscript.com/show_bug.cgi?id=699255 and
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
-------------------------------------------------------------------
Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de

10
ghostscript-mini.spec
View File

@ -79,6 +79,11 @@ Patch12: fix_ln_docdir_gsdatadir.patch
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
# Patch101 fixes stack-based buffer overflow in gdevpdts.c
# see https://bugzilla.suse.com/show_bug.cgi?id=1090099
# and https://bugs.ghostscript.com/show_bug.cgi?id=699255
# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
Patch101: CVE-2018-10194.patch
# RPM dependencies:
Conflicts: ghostscript
Conflicts: ghostscript-x11
@ -149,6 +154,11 @@ This package contains the development files for Minimal Ghostscript.
# and disable remove-zlib-h-dependency.patch because
# Ghostscript 9.21 does no longer build this way:
#patch100 -p1 -b remove-zlib-h-dependency.orig
# Patch101 fixes stack-based buffer overflow in gdevpdts.c
# see https://bugzilla.suse.com/show_bug.cgi?id=1090099
# and https://bugs.ghostscript.com/show_bug.cgi?id=699255
# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
%patch101 -b CVE-2018-10194.orig
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig

8
ghostscript.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de
- CVE-2018-10194.patch fixes stack-based buffer overflow
in gdevpdts.c (bsc#1090099), see
https://bugs.ghostscript.com/show_bug.cgi?id=699255 and
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
-------------------------------------------------------------------
Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de

10
ghostscript.spec
View File

@ -99,6 +99,11 @@ Patch12: fix_ln_docdir_gsdatadir.patch
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
# Patch101 fixes stack-based buffer overflow in gdevpdts.c
# see https://bugzilla.suse.com/show_bug.cgi?id=1090099
# and https://bugs.ghostscript.com/show_bug.cgi?id=699255
# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
Patch101: CVE-2018-10194.patch
# RPM dependencies:
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
# "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11":
@ -285,6 +290,11 @@ This package contains the development files for Ghostscript.
# and disable remove-zlib-h-dependency.patch because
# Ghostscript 9.21 does no longer build this way:
#patch100 -p1 -b remove-zlib-h-dependency.orig
# Patch101 fixes stack-based buffer overflow in gdevpdts.c
# see https://bugzilla.suse.com/show_bug.cgi?id=1090099
# and https://bugs.ghostscript.com/show_bug.cgi?id=699255
# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
%patch101 -b CVE-2018-10194.orig
# Remove patch backup files to avoid packaging
# cf. https://build.opensuse.org/request/show/581052
rm -f Resource/Init/*.ps.orig