Accepting request 1112466 from home:jsmeix:branches:Printing

Security fix CVE-2023-43115 bsc#1215466 for ghostscript and ghostscript-mini

OBS-URL: https://build.opensuse.org/request/show/1112466
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=165

CVE-2023-43115.patch

@@ -0,0 +1,20 @@
+--- devices/gdevijs.c.orig	2022-04-04 15:48:49.000000000 +0200
++++ devices/gdevijs.c	2023-09-20 08:18:09.178777690 +0200
+@@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev)
+     static const char rgb[] = "DeviceRGB";
+     gx_device_ijs *ijsdev = (gx_device_ijs *)dev;
+ 
++    if (ijsdev->memory->gs_lib_ctx->core->path_control_active)
++        return_error(gs_error_invalidaccess);
+     if (!ijsdev->ColorSpace) {
+         ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1,
+                                        "gsijs_initialize");
+@@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_para
+     if (code >= 0)
+         code = gsijs_read_string(plist, "IjsServer",
+             ijsdev->IjsServer, sizeof(ijsdev->IjsServer),
+-            dev->LockSafetyParams, is_open);
++            ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open);
+ 
+     if (code >= 0)
+         code = gsijs_read_string_malloc(plist, "DeviceManufacturer",

ghostscript.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Sep 20 06:23:44 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
+
+- CVE-2023-43115.patch is
+  https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+  that fixes CVE-2023-43115 "remote code execution
+  via crafted PostScript documents in gdevijs.c"
+  see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+  (bsc#1215466)
+
 -------------------------------------------------------------------
 Wed Jul 26 09:35:33 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
 

ghostscript.spec

@@ -76,6 +76,14 @@ Patch103:       CVE-2023-36664.patch
 # as the already fixed CVE-2020-16305 in devices/gdevpcx.c
 # see https://bugs.ghostscript.com/show_bug.cgi?id=701819
 Patch104:       CVE-2023-38559.patch
+# Patch105 CVE-2023-43115.patch is
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+# that fixes CVE-2023-43115
+# "remote code execution via crafted PostScript documents in gdevijs.c"
+# see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+# and https://bugzilla.suse.com/show_bug.cgi?id=1215466
+Patch105:       CVE-2023-43115.patch
+# Build Requirements:
 BuildRequires:  freetype2-devel
 BuildRequires:  libjpeg-devel
 BuildRequires:  liblcms2-devel
@@ -303,6 +311,13 @@ This package contains the development files for Ghostscript.
 # as the already fixed CVE-2020-16305 in devices/gdevpcx.c
 # see https://bugs.ghostscript.com/show_bug.cgi?id=701819
 %patch104
+# Patch105 CVE-2023-43115.patch is
+# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5
+# that fixes CVE-2023-43115
+# "remote code execution via crafted PostScript documents in gdevijs.c"
+# see https://bugs.ghostscript.com/show_bug.cgi?id=707051
+# and https://bugzilla.suse.com/show_bug.cgi?id=1215466
+%patch105
 # Remove patch backup files to avoid packaging
 # cf. https://build.opensuse.org/request/show/581052
 rm -f Resource/Init/*.ps.orig