diff --git a/CVE-2018-10194.patch b/CVE-2018-10194.patch new file mode 100644 index 0000000..3b95340 --- /dev/null +++ b/CVE-2018-10194.patch @@ -0,0 +1,18 @@ +--- devices/vector/gdevpdts.c.orig 2018-03-21 09:48:06.000000000 +0100 ++++ devices/vector/gdevpdts.c 2018-06-05 14:39:39.000000000 +0200 +@@ -103,9 +103,14 @@ append_text_move(pdf_text_state_t *pts, + static int + set_text_distance(gs_point *pdist, double dx, double dy, const gs_matrix *pmat) + { +- int code = gs_distance_transform_inverse(dx, dy, pmat, pdist); ++ int code; + double rounded; + ++ if (dx > 1e38 || dy > 1e38) ++ code = gs_error_undefinedresult; ++ else ++ code = gs_distance_transform_inverse(dx, dy, pmat, pdist); ++ + if (code == gs_error_undefinedresult) { + /* The CTM is degenerate. + Can't know the distance in user space. diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 1e9d831..1117792 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de + +- CVE-2018-10194.patch fixes stack-based buffer overflow + in gdevpdts.c (bsc#1090099), see + https://bugs.ghostscript.com/show_bug.cgi?id=699255 and + http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 + ------------------------------------------------------------------- Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index 8d36bb3..34a3d14 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -79,6 +79,11 @@ Patch12: fix_ln_docdir_gsdatadir.patch # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch +# Patch101 fixes stack-based buffer overflow in gdevpdts.c +# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 +# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 +# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 +Patch101: CVE-2018-10194.patch # RPM dependencies: Conflicts: ghostscript Conflicts: ghostscript-x11 @@ -149,6 +154,11 @@ This package contains the development files for Minimal Ghostscript. # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: #patch100 -p1 -b remove-zlib-h-dependency.orig +# Patch101 fixes stack-based buffer overflow in gdevpdts.c +# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 +# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 +# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 +%patch101 -b CVE-2018-10194.orig # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig diff --git a/ghostscript.changes b/ghostscript.changes index 1805077..d6cf090 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jun 5 14:47:59 CEST 2018 - jsmeix@suse.de + +- CVE-2018-10194.patch fixes stack-based buffer overflow + in gdevpdts.c (bsc#1090099), see + https://bugs.ghostscript.com/show_bug.cgi?id=699255 and + http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 + ------------------------------------------------------------------- Thu Mar 22 12:51:39 CET 2018 - jsmeix@suse.de diff --git a/ghostscript.spec b/ghostscript.spec index 1fe1100..49e6a96 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -99,6 +99,11 @@ Patch12: fix_ln_docdir_gsdatadir.patch # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch +# Patch101 fixes stack-based buffer overflow in gdevpdts.c +# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 +# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 +# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 +Patch101: CVE-2018-10194.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from # "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11": @@ -285,6 +290,11 @@ This package contains the development files for Ghostscript. # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: #patch100 -p1 -b remove-zlib-h-dependency.orig +# Patch101 fixes stack-based buffer overflow in gdevpdts.c +# see https://bugzilla.suse.com/show_bug.cgi?id=1090099 +# and https://bugs.ghostscript.com/show_bug.cgi?id=699255 +# and http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 +%patch101 -b CVE-2018-10194.orig # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig