From a94b87d8062784169a4c10db85c0a511056d900fa41d19036949ecaf9feb93f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Mon, 9 Sep 2019 07:14:34 +0000 Subject: [PATCH 1/4] Accepting request 725214 from home:jengelh:branches:Printing - Update RPM groups. OBS-URL: https://build.opensuse.org/request/show/725214 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=117 --- ghostscript-mini.changes | 5 +++++ ghostscript-mini.spec | 9 +++++---- ghostscript.changes | 5 +++++ ghostscript.spec | 12 +++++------- 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 2bca600..10299ee 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt + +- Update RPM groups. + ------------------------------------------------------------------- Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index a055969..c71aa6a 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -35,8 +35,8 @@ Requires(post): update-alternatives Requires(preun): update-alternatives Summary: Minimal Ghostscript for minimal build requirements License: AGPL-3.0-only -Group: System/Libraries -Url: http://www.ghostscript.com/ +Group: Productivity/Office/Other +URL: https://www.ghostscript.com/ # Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1). # Version 9.15rc1 would be newer than 9.15 (run "zypper vcmp 9.15rc1 9.15") because the rpmvercmp algorithm # would treat 9.15rc1 as 9.15.rc.1 (alphabetic and numeric sections get separated into different elements) @@ -45,6 +45,7 @@ Url: http://www.ghostscript.com/ # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: +# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. #Version: 9.25pre26rc1 Version: 9.27 Release: 0 @@ -194,8 +195,8 @@ rm -rf lcms2art # Derive build timestamp from latest changelog entry export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) # Set our preferred architecture-specific flags for the compiler and linker: -export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +export CFLAGS="%{optflags} -fno-strict-aliasing" +export CXXFLAGS="%{optflags} -fno-strict-aliasing" autoreconf -fi # --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used. # --disable-cups and --without-pdftoraster diff --git a/ghostscript.changes b/ghostscript.changes index 6f562fd..c06e8f1 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt + +- Update RPM groups. + ------------------------------------------------------------------- Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink diff --git a/ghostscript.spec b/ghostscript.spec index a486489..7839038 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -55,8 +55,8 @@ Requires(post): update-alternatives Requires(preun): update-alternatives Summary: The Ghostscript interpreter for PostScript and PDF License: AGPL-3.0-only -Group: System/Libraries -Url: http://www.ghostscript.com/ +Group: Productivity/Office/Other +URL: https://www.ghostscript.com/ # Special version needed for Ghostscript release candidates (e.g. "Version: 9.14pre15rc1" for 9.15rc1). # Version 9.15rc1 would be newer than 9.15 (run "zypper vcmp 9.15rc1 9.15") because the rpmvercmp algorithm # would treat 9.15rc1 as 9.15.rc.1 (alphabetic and numeric sections get separated into different elements) @@ -65,6 +65,7 @@ Url: http://www.ghostscript.com/ # But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14" # because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers # so that we keep additionally the previous version number to upgrade from the previous version: +# Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. #Version: 9.25pre26rc1 Version: 9.27 Release: 0 @@ -125,9 +126,6 @@ Patch101: ijs_exec_server_dont_use_sh.patch # ghostscript_x11 # ghostscript-mini # Which other packages need those in openSUSE:Factory (dated 22 Feb. 2012): -# blocxx-doc BuildRequires ghostscript -# iproute2 BuildRequires ghostscript -# gle-graphics Requires ghostscript # webdot Requires ghostscript # ddd BuildRequires ghostscript_any # emacs-auctex BuildRequires ghostscript_any @@ -330,8 +328,8 @@ rm -rf lcms2art # Derive build timestamp from latest changelog entry export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) # Set our preferred architecture-specific flags for the compiler and linker: -export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +export CFLAGS="%{optflags} -fno-strict-aliasing" +export CXXFLAGS="%{optflags} -fno-strict-aliasing" autoreconf -fi # --docdir=%%{_defaultdocdir}/%%{name} does not work therefore it is not used. # --enable-cups but no longer --with-pdftoraster --enable-dbus --with-install-cups because From ac4ca4e97e1f0d8c16007026c66c1af23f1a456541f338a6d5a70e4a93ee1e98 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Mon, 16 Sep 2019 12:16:35 +0000 Subject: [PATCH 2/4] Add two patch to fix security bugs OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=118 --- ghostscript-mini.changes | 16 +- ghostscript-mini.spec | 13 ++ ghostscript.changes | 16 +- ghostscript.spec | 15 ++ gs-CVE-2019-14811-885444fc.patch | 59 +++++++ gs-CVE-2019-14817-cd1b1cac.patch | 200 +++++++++++++++++++++++ openjpeg4gs-CVE-2018-6616-8ee33522.patch | 67 ++++++++ 7 files changed, 384 insertions(+), 2 deletions(-) create mode 100644 gs-CVE-2019-14811-885444fc.patch create mode 100644 gs-CVE-2019-14817-cd1b1cac.patch create mode 100644 openjpeg4gs-CVE-2018-6616-8ee33522.patch diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 10299ee..fcc6206 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink + +- Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882 + for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 +- Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884 + for CVE-2019-14817 + +------------------------------------------------------------------- +Fri Sep 13 14:15:10 UTC 2019 - Dr. Werner Fink + +- Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359 + for CVE-2019-12973 + ------------------------------------------------------------------- Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt @@ -8,7 +22,7 @@ Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink - Use update-alternatives to get the real ghostscript binary from /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to - use this with ist wrapper script + use this with its wrapper script ------------------------------------------------------------------- Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index c71aa6a..2d9d18d 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -78,6 +78,12 @@ Release: 0 Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: ++# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 +Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch +# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 +Patch1: gs-CVE-2019-14811-885444fc.patch +# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 +Patch2: gs-CVE-2019-14817-cd1b1cac.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -144,6 +150,13 @@ This package contains the development files for Minimal Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} +# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 +# openjpeg4gs-CVE-2018-6616-8ee33522.patch +%patch0 +# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 +%patch1 -p1 +# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 +%patch2 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream diff --git a/ghostscript.changes b/ghostscript.changes index c06e8f1..a9b1c50 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink + +- Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882 + for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 +- Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884 + for CVE-2019-14817 + +------------------------------------------------------------------- +Fri Sep 13 14:15:10 UTC 2019 - Dr. Werner Fink + +- Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359 + for CVE-2019-12973 + ------------------------------------------------------------------- Thu Aug 22 06:20:43 UTC 2019 - Jan Engelhardt @@ -8,7 +22,7 @@ Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink - Use update-alternatives to get the real ghostscript binary from /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to - use this with ist wrapper script + use this with its wrapper script ------------------------------------------------------------------- Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com diff --git a/ghostscript.spec b/ghostscript.spec index 7839038..5401438 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -46,6 +46,8 @@ BuildRequires: update-alternatives BuildRequires: xorg-x11-devel BuildRequires: xorg-x11-fonts BuildRequires: zlib-devel +# Always check if latest version of penjpeg becomes compatible with ghostscript +#BuildRequires: pkgconfig(libopenjp2) %if 0%{?suse_version} >= 1500 BuildRequires: apparmor-abstractions BuildRequires: apparmor-rpm-macros @@ -98,6 +100,12 @@ Release: 0 Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: +# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 +Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch +# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 +Patch1: gs-CVE-2019-14811-885444fc.patch +# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 +Patch2: gs-CVE-2019-14817-cd1b1cac.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -277,6 +285,13 @@ This package contains the development files for Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} +# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 +# openjpeg4gs-CVE-2018-6616-8ee33522.patch +%patch0 +# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 +%patch1 -p1 +# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 +%patch2 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream diff --git a/gs-CVE-2019-14811-885444fc.patch b/gs-CVE-2019-14811-885444fc.patch new file mode 100644 index 0000000..31cb84e --- /dev/null +++ b/gs-CVE-2019-14811-885444fc.patch @@ -0,0 +1,59 @@ +Based on 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Tue, 20 Aug 2019 10:10:28 +0100 +Subject: [PATCH] make .forceput inaccessible + +Bug #701343, #701344, #701345 + +More defensive programming. We don't want people to access .forecput +even though it is no longer sufficient to bypass SAFER. The exploit +in #701343 didn't work anyway because of earlier work to stop the error +handler being used, but nevertheless, prevent access to .forceput from +.setuserparams2. + +--- + Resource/Init/gs_lev2.ps | 6 +++--- + Resource/Init/gs_pdfwr.ps | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps +--- a/Resource/Init/gs_lev2.ps ++++ b/Resource/Init/gs_lev2.ps +@@ -158,7 +158,7 @@ end + { + pop pop + } ifelse +- } forall ++ } executeonly forall + % A context switch might have occurred during the above loop, + % causing the interpreter-level parameters to be reset. + % Set them again to the new values. From here on, we are safe, +@@ -229,9 +229,9 @@ end + { pop pop + } + ifelse +- } ++ } executeonly + forall pop +-} .bind odef ++} .bind executeonly odef + + % Initialize the passwords. + % NOTE: the names StartJobPassword and SystemParamsPassword are known to +diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps +--- a/Resource/Init/gs_pdfwr.ps ++++ b/Resource/Init/gs_pdfwr.ps +@@ -652,11 +652,11 @@ currentdict /.pdfmarkparams .undef + systemdict /.pdf_hooked_DSC_Creator //true .forceput + } executeonly if + pop +- } if ++ } executeonly if + } { + pop + } ifelse +- } ++ } executeonly + { + pop + } ifelse diff --git a/gs-CVE-2019-14817-cd1b1cac.patch b/gs-CVE-2019-14817-cd1b1cac.patch new file mode 100644 index 0000000..51b9438 --- /dev/null +++ b/gs-CVE-2019-14817-cd1b1cac.patch @@ -0,0 +1,200 @@ +Based on cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Wed, 21 Aug 2019 10:10:51 +0100 +Subject: [PATCH] PDF interpreter - review .forceput security + +Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken" + +By abusing the error handler it was possible to get the PDFDEBUG portion +of .pdfexectoken, which uses .forceput left readable. + +Add an executeonly appropriately to make sure that clause isn't readable +no mstter what. + +Review all the uses of .forceput searching for similar cases, add +executeonly as required to secure those. All cases in the PostScript +support files seem to be covered already. + +--- + Resource/Init/pdf_base.ps | 2 +- + Resource/Init/pdf_draw.ps | 14 +++++++------- + Resource/Init/pdf_font.ps | 21 +++++++++++---------- + Resource/Init/pdf_main.ps | 6 +++--- + Resource/Init/pdf_ops.ps | 11 ++++++----- + 5 files changed, 28 insertions(+), 26 deletions(-) + +diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps +--- a/Resource/Init/pdf_base.ps ++++ b/Resource/Init/pdf_base.ps +@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef + { + dup ==only () = flush + } ifelse % PDFSTEP +- } if % PDFDEBUG ++ } executeonly if % PDFDEBUG + 2 copy .knownget { + exch pop exch pop exch pop exec + } { +diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps +--- a/Resource/Init/pdf_draw.ps ++++ b/Resource/Init/pdf_draw.ps +@@ -501,8 +501,8 @@ end + ( Output may be incorrect.\n) pdfformaterror + //pdfdict /.gs_warning_issued //true .forceput + PDFSTOPONERROR { /gs /undefined signalerror } if +- } if +- } ++ } executeonly if ++ } executeonly + ifelse + } bind executeonly def + +@@ -1142,7 +1142,7 @@ currentdict end readonly def + .setglobal + pdfformaterror + } executeonly ifelse +- } ++ } executeonly + { + currentglobal //pdfdict gcheck .setglobal + //pdfdict /.Qqwarning_issued //true .forceput +@@ -1150,8 +1150,8 @@ currentdict end readonly def + pdfformaterror + } executeonly ifelse + end +- } ifelse +- } loop ++ } executeonly ifelse ++ } executeonly loop + { + (\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) + //pdfdict /.Qqwarning_issued .knownget +@@ -1165,14 +1165,14 @@ currentdict end readonly def + .setglobal + pdfformaterror + } executeonly ifelse +- } ++ } executeonly + { + currentglobal //pdfdict gcheck .setglobal + //pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror + } executeonly ifelse +- } if ++ } executeonly if + pop + + % restore pdfemptycount +diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps +--- a/Resource/Init/pdf_font.ps ++++ b/Resource/Init/pdf_font.ps +@@ -701,9 +701,9 @@ currentdict end readonly def + } if + PDFDEBUG { + (.processToUnicode end) = +- } if +- } if +- } stopped ++ } executeonly if ++ } executeonly if ++ } executeonly stopped + { + .dstackdepth 1 countdictstack 1 sub + {pop end} for +@@ -1233,19 +1233,20 @@ currentdict /eexec_pdf_param_dict .undef + //pdfdict /.Qqwarning_issued //true .forceput + } executeonly if + Q +- } repeat ++ } executeonly repeat + Q +- } PDFfile fileposition 2 .execn % Keep pdfcount valid. ++ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid. + PDFfile exch setfileposition +- } ifelse +- } { ++ } executeonly ifelse ++ } executeonly ++ { + % PDF Type 3 fonts don't use .notdef + % d1 implementation adjusts the width as needed + 0 0 0 0 0 0 + pdfopdict /d1 get exec + } ifelse + end end +- } bdef ++ } executeonly bdef + dup currentdict Encoding .processToUnicode + currentdict end .completefont exch pop + } bind executeonly odef +@@ -2045,9 +2046,9 @@ currentdict /CMap_read_dict undef + (Will continue, but content may be missing.) = flush + } ifelse + } if +- } if ++ } executeonly if + /findresource cvx /undefined signalerror +- } loop ++ } executeonly loop + } bind executeonly odef + + /buildCIDType0 { % buildCIDType0 +diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps +--- a/Resource/Init/pdf_main.ps ++++ b/Resource/Init/pdf_main.ps +@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef + .setglobal + pdfformaterror + } executeonly ifelse +- } ++ } executeonly + { + currentglobal //pdfdict gcheck .setglobal + //pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror + } executeonly ifelse +- } if +- } if ++ } executeonly if ++ } executeonly if + pop + count PDFexecstackcount sub { pop } repeat + (after exec) VMDEBUG +diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps +--- a/Resource/Init/pdf_ops.ps ++++ b/Resource/Init/pdf_ops.ps +@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef + .setglobal + pdfformaterror + } executeonly ifelse +- } ++ } executeonly + { + currentglobal //pdfdict gcheck .setglobal + //pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror + } executeonly ifelse +- } if ++ } executeonly if + } bind executeonly odef + + % Save PDF gstate +@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef + dup type /booleantype eq { + .currentSMask type /dicttype eq { + .currentSMask /Processed 2 index .forceput ++ } executeonly ++ { ++ .setSMask ++ }ifelse + } executeonly + { +- .setSMask +- }ifelse +- }{ + .setSMask + }ifelse + diff --git a/openjpeg4gs-CVE-2018-6616-8ee33522.patch b/openjpeg4gs-CVE-2018-6616-8ee33522.patch new file mode 100644 index 0000000..3ff7872 --- /dev/null +++ b/openjpeg4gs-CVE-2018-6616-8ee33522.patch @@ -0,0 +1,67 @@ +From 8ee335227bbcaf1614124046aa25e53d67b11ec3 Mon Sep 17 00:00:00 2001 +From: Hugo Lefeuvre +Date: Fri, 14 Dec 2018 04:58:40 +0100 +Subject: [PATCH] convertbmp: detect invalid file dimensions early + +width/length dimensions read from bmp headers are not necessarily +valid. For instance they may have been maliciously set to very large +values with the intention to cause DoS (large memory allocation, stack +overflow). In these cases we want to detect the invalid size as early +as possible. + +This commit introduces a counter which verifies that the number of +written bytes corresponds to the advertized width/length. + +Fixes #1059 (CVE-2018-6616). +--- + openjpeg/src/bin/jp2/convertbmp.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- openjpeg/src/bin/jp2/convertbmp.c ++++ openjpeg/src/bin/jp2/convertbmp.c 2019-09-12 08:22:52.272682353 +0000 +@@ -519,14 +519,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE* + static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) + { +- OPJ_UINT32 x, y; ++ OPJ_UINT32 x, y, written; + OPJ_UINT8 *pix; + const OPJ_UINT8 *beyond; + + beyond = pData + stride * height; + pix = pData; + +- x = y = 0U; ++ x = y = written = 0U; + while (y < height) { + int c = getc(IN); + if (c == EOF) { +@@ -546,6 +546,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + *pix = c1; ++ written++; + } + } else { + c = getc(IN); +@@ -583,6 +584,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* + } + c1 = (OPJ_UINT8)c1_int; + *pix = c1; ++ written++; + } + if ((OPJ_UINT32)c & 1U) { /* skip padding byte */ + c = getc(IN); +@@ -593,6 +595,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* + } + } + }/* while() */ ++ ++ if (written != width * height) { ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); ++ return OPJ_FALSE; ++ } ++ + return OPJ_TRUE; + } + From d137c48cfef925c71b14b4a436542833bf6c6285321ae66085f6e016b8c7fbdb Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Mon, 16 Sep 2019 12:32:08 +0000 Subject: [PATCH 3/4] Typo in ghostscript-mini.spec OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=119 --- ghostscript-mini.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index 2d9d18d..d72ddc3 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -78,7 +78,7 @@ Release: 0 Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -+# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 +# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch # Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 Patch1: gs-CVE-2019-14811-885444fc.patch From 9db58690583929ffe4badb3081e6c9b7d1fc40a9c94314390b86927f0ad769c4 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Mon, 16 Sep 2019 13:20:05 +0000 Subject: [PATCH 4/4] Add overseen fix for CVE-2019-10216 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=120 --- CVE-2019-10216.patch | 44 ++++++++++++++++++++++++++++++++++++++++ ghostscript-mini.changes | 8 ++++++++ ghostscript-mini.spec | 12 +++++++---- ghostscript.changes | 8 ++++++++ ghostscript.spec | 12 +++++++---- 5 files changed, 76 insertions(+), 8 deletions(-) create mode 100644 CVE-2019-10216.patch diff --git a/CVE-2019-10216.patch b/CVE-2019-10216.patch new file mode 100644 index 0000000..7b6b488 --- /dev/null +++ b/CVE-2019-10216.patch @@ -0,0 +1,44 @@ +From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Fri, 2 Aug 2019 15:18:26 +0100 +Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly + +--- + Resource/Init/gs_type1.ps | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- Resource/Init/gs_type1.ps ++++ Resource/Init/gs_type1.ps 2019-09-16 13:09:12.277074046 +0000 +@@ -118,25 +118,25 @@ + ( to be the same as glyph: ) print 1 index //== exec } if + 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname +- } ++ }executeonly + {pop} ifelse +- } forall ++ } executeonly forall + pop pop +- } ++ } executeonly + { + pop pop pop + } ifelse +- } ++ } executeonly + { + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + pop pop + } ifelse +- } forall ++ } executeonly forall + 3 1 roll pop pop +- } if ++ } executeonly if + pop + dup /.AGLprocessed~GS //true .forceput +- } if ++ } executeonly if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there + %% are errors we can put the stack back sanely and exit. Otherwise callers won't diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index fcc6206..649c74c 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -24,6 +24,14 @@ Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to use this with its wrapper script +------------------------------------------------------------------- +Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink + +- CVE-2019-10216.patch fixes CVE-2019-10216 + forceput/superexec in .buildfont1 is still accessible + https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621 + https://bugs.ghostscript.com/show_bug.cgi?id=701394 + ------------------------------------------------------------------- Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index d72ddc3..1fd2e66 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -80,10 +80,12 @@ Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: # Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch +# Patch1 Add commit from of upstream to fix CVE-2019-10216 +Patch1: CVE-2019-10216.patch # Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -Patch1: gs-CVE-2019-14811-885444fc.patch +Patch2: gs-CVE-2019-14811-885444fc.patch # Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 -Patch2: gs-CVE-2019-14817-cd1b1cac.patch +Patch3: gs-CVE-2019-14817-cd1b1cac.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -153,10 +155,12 @@ This package contains the development files for Minimal Ghostscript. # Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 # openjpeg4gs-CVE-2018-6616-8ee33522.patch %patch0 +# Patch1 Add commit from of upstream to fix CVE-2019-10216 +%patch1 -p0 # Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -%patch1 -p1 -# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 %patch2 -p1 +# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 +%patch3 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream diff --git a/ghostscript.changes b/ghostscript.changes index a9b1c50..124a712 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -24,6 +24,14 @@ Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to use this with its wrapper script +------------------------------------------------------------------- +Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink + +- CVE-2019-10216.patch fixes CVE-2019-10216 + forceput/superexec in .buildfont1 is still accessible + https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621 + https://bugs.ghostscript.com/show_bug.cgi?id=701394 + ------------------------------------------------------------------- Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com diff --git a/ghostscript.spec b/ghostscript.spec index 5401438..16cb20b 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -102,10 +102,12 @@ Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: # Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch +# Patch1 Add commit from of upstream to fix CVE-2019-10216 +Patch1: CVE-2019-10216.patch # Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -Patch1: gs-CVE-2019-14811-885444fc.patch +Patch2: gs-CVE-2019-14811-885444fc.patch # Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 -Patch2: gs-CVE-2019-14817-cd1b1cac.patch +Patch3: gs-CVE-2019-14817-cd1b1cac.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -288,10 +290,12 @@ This package contains the development files for Ghostscript. # Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 # openjpeg4gs-CVE-2018-6616-8ee33522.patch %patch0 +# Patch1 Add commit from of upstream to fix CVE-2019-10216 +%patch1 -p0 # Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -%patch1 -p1 -# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 %patch2 -p1 +# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 +%patch3 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream