From da972996b4e7a5e545ef1af2d8aa2842c87bca8049d86cea5f631cf03c79d182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 22 Jan 2019 12:10:44 +0000 Subject: [PATCH 1/2] Accepting request 664448 from home:weberho:branches:Printing - ghostscript-2.26-subclassing-devices-fix-put_image-method.patch fixes Ghostscript issue #700315 and bsc#1121490 https://bugs.ghostscript.com/show_bug.cgi?id=700315 Segfault in GS 9.26 with certain PDFs with -dLastPage=1 OBS-URL: https://build.opensuse.org/request/show/664448 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=101 --- ...lassing-devices-fix-put_image-method.patch | 34 +++++++++++++++++++ ghostscript-mini.spec | 2 +- ghostscript.changes | 8 +++++ ghostscript.spec | 6 ++-- 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 ghostscript-2.26-subclassing-devices-fix-put_image-method.patch diff --git a/ghostscript-2.26-subclassing-devices-fix-put_image-method.patch b/ghostscript-2.26-subclassing-devices-fix-put_image-method.patch new file mode 100644 index 0000000..0568b4a --- /dev/null +++ b/ghostscript-2.26-subclassing-devices-fix-put_image-method.patch @@ -0,0 +1,34 @@ +From fae21f1668d2b44b18b84cf0923a1d5f3008a696 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Tue, 4 Dec 2018 21:31:31 +0000 +Subject: [PATCH] subclassing devices - fix put_image method + +The subclassing devices need to change the 'memory device' parameter to +be the child device, when its the same as the subclassing device. + +Otherwise we end up trying to access the child device's memory pointers +in the subclassing device, which may not contain valid copies of +those pointers. +--- + base/gdevsclass.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/base/gdevsclass.c b/base/gdevsclass.c +index d9c85d2..5109258 100644 +--- a/base/gdevsclass.c ++++ b/base/gdevsclass.c +@@ -797,7 +797,10 @@ int default_subclass_put_image(gx_device *dev, gx_device *mdev, const byte **buf + int alpha_plane_index, int tag_plane_index) + { + if (dev->child) +- return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); ++ if (dev == mdev) ++ return dev_proc(dev->child, put_image)(dev->child, dev->child, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); ++ else ++ return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); + + return 0; + } +-- +2.9.1 + diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index f9b560d..af12500 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/ghostscript.changes b/ghostscript.changes index c9a4692..3525986 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jan 10 17:09:16 UTC 2019 - jweberhofer@weberhofer.at + +- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch + fixes Ghostscript issue #700315 and bsc#1121490 + https://bugs.ghostscript.com/show_bug.cgi?id=700315 + Segfault in GS 9.26 with certain PDFs with -dLastPage=1 + ------------------------------------------------------------------- Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de diff --git a/ghostscript.spec b/ghostscript.spec index 0a0c3d7..bd2dd8e 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -88,6 +88,7 @@ Release: 0 # MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz Source0: ghostscript-%{version}.tar.gz # Patch0...Patch9 is for patches from upstream: +Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -211,7 +212,6 @@ For information how to use Ghostscript see %package x11 Summary: X11 library for Ghostscript -Group: Productivity/Publishing/PS # Require the exact matching version-release of the ghostscript main-package because # a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault) # because all Ghostscript software is built from one same Ghostscript source tar ball @@ -219,6 +219,7 @@ Group: Productivity/Publishing/PS # The exact matching version-release of the ghostscript main-package is available # on the same package repository where the ghostscript-x11 sub-package is because # all are built simulaneously from the same Ghostscript source package: +Group: Productivity/Publishing/PS Requires: ghostscript = %{version}-%{release} # Unfortunately ghostscript-library.spec and ghostscript-mini.spec have # an unversioned "Provides: ghostscript" and for RPM this means that both @@ -269,6 +270,7 @@ This package contains the development files for Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} +%patch0 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream From ce1ba2ad82740650219c56c3e8fa36c39ba713128efb60b785b81c53b7166b63 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Wed, 23 Jan 2019 16:44:20 +0000 Subject: [PATCH 2/2] Accepting request 668140 from home:jsmeix:branches:Printing Ghostscript security fix upgrade (purely a security fix) to fix CVE-2019-6116 bsc#1122319 OBS-URL: https://build.opensuse.org/request/show/668140 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=102 --- ghostscript-9.26.tar.gz | 3 --- ghostscript-9.26a.tar.gz | 3 +++ ghostscript-mini.changes | 18 ++++++++++++++++++ ghostscript-mini.spec | 16 +++++++++++----- ghostscript.changes | 10 ++++++++++ ghostscript.spec | 16 ++++++++++------ 6 files changed, 52 insertions(+), 14 deletions(-) delete mode 100644 ghostscript-9.26.tar.gz create mode 100644 ghostscript-9.26a.tar.gz diff --git a/ghostscript-9.26.tar.gz b/ghostscript-9.26.tar.gz deleted file mode 100644 index 2b11523..0000000 --- a/ghostscript-9.26.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:831fc019bd477f7cc2d481dc5395ebfa4a593a95eb2fe1eb231a97e450d7540d -size 42084660 diff --git a/ghostscript-9.26a.tar.gz b/ghostscript-9.26a.tar.gz new file mode 100644 index 0000000..913924f --- /dev/null +++ b/ghostscript-9.26a.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:79482d5b8350a542ed830ce724b7317f878bcddbdbc163471e2a74848462eb3b +size 42087219 diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 072c057..86988e3 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Jan 23 16:52:00 CET 2019 - jsmeix@suse.de + +- Version upgrade to 9.26a + The version 9.26a is a special security bugfix version to fix + * CVE-2019-6116: subroutines within pseudo-operators + must themselves be pseudo-operators + https://bugs.ghostscript.com/show_bug.cgi?id=700317 + https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319 + +------------------------------------------------------------------- +Thu Jan 10 17:09:16 UTC 2019 - jweberhofer@weberhofer.at + +- ghostscript-2.26-subclassing-devices-fix-put_image-method.patch + fixes Ghostscript issue #700315 and bsc#1121490 + https://bugs.ghostscript.com/show_bug.cgi?id=700315 + Segfault in GS 9.26 with certain PDFs with -dLastPage=1 + ------------------------------------------------------------------- Fri Nov 30 09:01:17 CET 2018 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index af12500..c11dfcc 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,9 +38,13 @@ Url: http://www.ghostscript.com/ # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: #Version: 9.25pre26rc1 -# Normal version for Ghostscript releases is the upstream version: -Version: 9.26 +# The upstream version 9.26a is a special Ghostscript upstream security bugfix tar ball +# where upstream provides a complete and consistent state of the whole Ghostscript code +# that includes in particular the complete patchset that is really non-trivial +# to fix the Ghostscript upstream bug 700317 CVE-2019-6116: +Version: 9.26a Release: 0 +# Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): @@ -49,8 +53,8 @@ Release: 0 # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): -%define built_version %{version} -#define built_version 9.26 +#define built_version %{version} +%define built_version 9.26 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -68,6 +72,7 @@ Release: 0 # MD5 checksum for Source0: 806bc2dedbc7f69b003f536658e08d4a ghostscript-9.26.tar.gz Source0: ghostscript-%{version}.tar.gz # Patch0...Patch9 is for patches from upstream: +Patch0: ghostscript-2.26-subclassing-devices-fix-put_image-method.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -133,6 +138,7 @@ This package contains the development files for Minimal Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} +%patch0 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream diff --git a/ghostscript.changes b/ghostscript.changes index 3525986..cb4d1c2 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Jan 23 16:52:00 CET 2019 - jsmeix@suse.de + +- Version upgrade to 9.26a + The version 9.26a is a special security bugfix version to fix + * CVE-2019-6116: subroutines within pseudo-operators + must themselves be pseudo-operators + https://bugs.ghostscript.com/show_bug.cgi?id=700317 + https://bugzilla.suse.com/show_bug.cgi?id=1122319 bsc#1122319 + ------------------------------------------------------------------- Thu Jan 10 17:09:16 UTC 2019 - jweberhofer@weberhofer.at diff --git a/ghostscript.spec b/ghostscript.spec index bd2dd8e..c66b670 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -58,9 +58,13 @@ Url: http://www.ghostscript.com/ # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: #Version: 9.25pre26rc1 -# Normal version for Ghostscript releases is the upstream version: -Version: 9.26 +# The upstream version 9.26a is a special Ghostscript upstream security bugfix tar ball +# where upstream provides a complete and consistent state of the whole Ghostscript code +# that includes in particular the complete patchset that is really non-trivial +# to fix the Ghostscript upstream bug 700317 CVE-2019-6116: +Version: 9.26a Release: 0 +# Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1". # For Ghostscript releases tarball_version and version are the same (i.e. the upstream version): @@ -69,8 +73,8 @@ Release: 0 # built_version is used below in the install and files sections: # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): -%define built_version %{version} -#define built_version 9.26 +#define built_version %{version} +%define built_version 9.26 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -212,6 +216,7 @@ For information how to use Ghostscript see %package x11 Summary: X11 library for Ghostscript +Group: Productivity/Publishing/PS # Require the exact matching version-release of the ghostscript main-package because # a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault) # because all Ghostscript software is built from one same Ghostscript source tar ball @@ -219,7 +224,6 @@ Summary: X11 library for Ghostscript # The exact matching version-release of the ghostscript main-package is available # on the same package repository where the ghostscript-x11 sub-package is because # all are built simulaneously from the same Ghostscript source package: -Group: Productivity/Publishing/PS Requires: ghostscript = %{version}-%{release} # Unfortunately ghostscript-library.spec and ghostscript-mini.spec have # an unversioned "Provides: ghostscript" and for RPM this means that both