Accepting request 501328 from Printing
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle see https://bugs.ghostscript.com/show_bug.cgi?id=697676 (bsc#1030263) - CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get see https://bugs.ghostscript.com/show_bug.cgi?id=697934 (bsc#1040643) (forwarded request 501324 from dmolkentin) OBS-URL: https://build.opensuse.org/request/show/501328 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=28
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
b87a81b734
30
CVE-2017-7207.patch
Normal file
30
CVE-2017-7207.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
|
||||
From: Ken Sharp <ken.sharp@artifex.com>
|
||||
Date: Mon, 20 Mar 2017 09:34:11 +0000
|
||||
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
|
||||
|
||||
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
|
||||
|
||||
This is only possible by abusing/mis-using Ghostscript-specific
|
||||
language extensions, so cannot happen in a general PostScript program.
|
||||
|
||||
Nevertheless, Ghostscript should not crash. So this commit checks the
|
||||
memory device to see if raster memory has been allocated, before trying
|
||||
to read from it.
|
||||
---
|
||||
base/gdevmem.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
Index: ghostscript-9.15/base/gdevmem.c
|
||||
===================================================================
|
||||
--- ghostscript-9.15.orig/base/gdevmem.c 2014-09-22 12:17:33.000000000 +0200
|
||||
+++ ghostscript-9.15/base/gdevmem.c 2017-04-28 10:55:17.479490151 +0200
|
||||
@@ -590,6 +590,8 @@ mem_get_bits_rectangle(gx_device * dev,
|
||||
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
|
||||
return_error(gs_error_rangecheck);
|
||||
}
|
||||
+ if (mdev->line_ptrs == 0x00)
|
||||
+ return_error(gs_error_rangecheck);
|
||||
if ((w <= 0) | (h <= 0)) {
|
||||
if ((w | h) < 0)
|
||||
return_error(gs_error_rangecheck);
|
||||
31
CVE-2017-9216.patch
Normal file
31
CVE-2017-9216.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
|
||||
From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
|
||||
Date: Wed, 24 May 2017 19:29:57 +0100
|
||||
Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
|
||||
|
||||
The return code from jbig2_decode_text_region was being ignored so the
|
||||
code continued to try and parse the invalid file using incomplete/empty
|
||||
structures.
|
||||
---
|
||||
jbig2dec/jbig2_symbol_dict.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
|
||||
index 3cc17316f..672425d98 100644
|
||||
--- a/jbig2dec/jbig2_symbol_dict.c
|
||||
+++ b/jbig2dec/jbig2_symbol_dict.c
|
||||
@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
|
||||
}
|
||||
|
||||
/* multiple symbols are handled as a text region */
|
||||
- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
|
||||
+ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
|
||||
n_refagg_dicts, image, data, size, GR_stats, as, ws);
|
||||
+ if (code < 0)
|
||||
+ goto cleanup4;
|
||||
|
||||
SDNEWSYMS->glyphs[NSYMSDECODED] = image;
|
||||
refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
|
||||
--
|
||||
2.12.3
|
||||
|
||||
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
|
||||
|
||||
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
|
||||
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
||||
(bsc#1030263)
|
||||
- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get
|
||||
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
||||
(bsc#1040643)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 2 14:27:22 CEST 2017 - jsmeix@suse.de
|
||||
|
||||
|
||||
@ -88,6 +88,15 @@ Patch101: CVE-2017-5951.patch
|
||||
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
|
||||
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
|
||||
Patch102: CVE-2017-8291.patch
|
||||
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
|
||||
Patch103: CVE-2017-9216.patch
|
||||
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
|
||||
Patch104: CVE-2017-7207.patch
|
||||
|
||||
# RPM dependencies:
|
||||
Conflicts: ghostscript
|
||||
Conflicts: ghostscript-x11
|
||||
@ -183,7 +192,14 @@ rm -rf freetype jpeg libpng tiff
|
||||
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
|
||||
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
|
||||
%patch102 -p1 -b .CVE-2017-8291.orig
|
||||
|
||||
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
|
||||
%patch103 -p1 -b .CVE-2017-9216.orig
|
||||
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
|
||||
%patch104 -p1 -b .CVE-2017-7207.orig
|
||||
%build
|
||||
# Derive build timestamp from latest changelog entry
|
||||
export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s)
|
||||
|
||||
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
|
||||
|
||||
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
|
||||
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
||||
(bsc#1030263)
|
||||
- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get
|
||||
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
||||
(bsc#1040643)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 2 14:27:22 CEST 2017 - jsmeix@suse.de
|
||||
|
||||
|
||||
@ -108,6 +108,15 @@ Patch101: CVE-2017-5951.patch
|
||||
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
|
||||
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
|
||||
Patch102: CVE-2017-8291.patch
|
||||
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
|
||||
Patch103: CVE-2017-9216.patch
|
||||
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
|
||||
Patch104: CVE-2017-7207.patch
|
||||
|
||||
# RPM dependencies:
|
||||
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
|
||||
# "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11":
|
||||
@ -234,7 +243,6 @@ For information how to use Ghostscript see
|
||||
|
||||
%package x11
|
||||
Summary: X11 library for Ghostscript
|
||||
Group: Productivity/Publishing/PS
|
||||
# Require the exact matching version-release of the ghostscript main-package because
|
||||
# a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault)
|
||||
# because all Ghostscript software is built from one same Ghostscript source tar ball
|
||||
@ -242,6 +250,7 @@ Group: Productivity/Publishing/PS
|
||||
# The exact matching version-release of the ghostscript main-package is available
|
||||
# on the same package repository where the ghostscript-x11 sub-package is because
|
||||
# all are built simulaneously from the same Ghostscript source package:
|
||||
Group: Productivity/Publishing/PS
|
||||
Requires: ghostscript = %{version}-%{release}
|
||||
# Unfortunately ghostscript-library.spec and ghostscript-mini.spec have
|
||||
# an unversioned "Provides: ghostscript" and for RPM this means that both
|
||||
@ -319,6 +328,14 @@ rm -rf freetype jpeg libpng tiff
|
||||
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
|
||||
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
|
||||
%patch102 -p1 -b .CVE-2017-8291.orig
|
||||
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
|
||||
%patch103 -p1 -b .CVE-2017-9216.orig
|
||||
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
|
||||
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
|
||||
%patch104 -p1 -b .CVE-2017-7207.orig
|
||||
|
||||
%build
|
||||
# Derive build timestamp from latest changelog entry
|
||||
|
||||
Loading…
Reference in New Issue
Block a user