From be81dd355000db6351363c7b3aab41ce17d0c7c2030b6081247bf8b346ed8fac Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Wed, 20 Sep 2023 07:12:33 +0000 Subject: [PATCH] Accepting request 1112466 from home:jsmeix:branches:Printing Security fix CVE-2023-43115 bsc#1215466 for ghostscript and ghostscript-mini OBS-URL: https://build.opensuse.org/request/show/1112466 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=165 --- CVE-2023-43115.patch | 20 ++++++++++++++++++++ ghostscript.changes | 10 ++++++++++ ghostscript.spec | 15 +++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 CVE-2023-43115.patch diff --git a/CVE-2023-43115.patch b/CVE-2023-43115.patch new file mode 100644 index 0000000..f1a7d79 --- /dev/null +++ b/CVE-2023-43115.patch @@ -0,0 +1,20 @@ +--- devices/gdevijs.c.orig 2022-04-04 15:48:49.000000000 +0200 ++++ devices/gdevijs.c 2023-09-20 08:18:09.178777690 +0200 +@@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev) + static const char rgb[] = "DeviceRGB"; + gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + ++ if (ijsdev->memory->gs_lib_ctx->core->path_control_active) ++ return_error(gs_error_invalidaccess); + if (!ijsdev->ColorSpace) { + ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1, + "gsijs_initialize"); +@@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_para + if (code >= 0) + code = gsijs_read_string(plist, "IjsServer", + ijsdev->IjsServer, sizeof(ijsdev->IjsServer), +- dev->LockSafetyParams, is_open); ++ ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); + + if (code >= 0) + code = gsijs_read_string_malloc(plist, "DeviceManufacturer", diff --git a/ghostscript.changes b/ghostscript.changes index de59921..b0d64d6 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Sep 20 06:23:44 UTC 2023 - Johannes Meixner + +- CVE-2023-43115.patch is + https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 + that fixes CVE-2023-43115 "remote code execution + via crafted PostScript documents in gdevijs.c" + see https://bugs.ghostscript.com/show_bug.cgi?id=707051 + (bsc#1215466) + ------------------------------------------------------------------- Wed Jul 26 09:35:33 UTC 2023 - Johannes Meixner diff --git a/ghostscript.spec b/ghostscript.spec index 900f6df..28ed212 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -76,6 +76,14 @@ Patch103: CVE-2023-36664.patch # as the already fixed CVE-2020-16305 in devices/gdevpcx.c # see https://bugs.ghostscript.com/show_bug.cgi?id=701819 Patch104: CVE-2023-38559.patch +# Patch105 CVE-2023-43115.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 +# that fixes CVE-2023-43115 +# "remote code execution via crafted PostScript documents in gdevijs.c" +# see https://bugs.ghostscript.com/show_bug.cgi?id=707051 +# and https://bugzilla.suse.com/show_bug.cgi?id=1215466 +Patch105: CVE-2023-43115.patch +# Build Requirements: BuildRequires: freetype2-devel BuildRequires: libjpeg-devel BuildRequires: liblcms2-devel @@ -303,6 +311,13 @@ This package contains the development files for Ghostscript. # as the already fixed CVE-2020-16305 in devices/gdevpcx.c # see https://bugs.ghostscript.com/show_bug.cgi?id=701819 %patch104 +# Patch105 CVE-2023-43115.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 +# that fixes CVE-2023-43115 +# "remote code execution via crafted PostScript documents in gdevijs.c" +# see https://bugs.ghostscript.com/show_bug.cgi?id=707051 +# and https://bugzilla.suse.com/show_bug.cgi?id=1215466 +%patch105 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig