pool/ghostscript
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 526288 from home:jsmeix:branches:Printing

Browse Source 
Ghostscript version upgrade to 9.22rc1 (first release candidate for 9.22)

OBS-URL: https://build.opensuse.org/request/show/526288
OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=81
This commit is contained in:
Johannes Meixner 2017-09-15 08:07:56 +00:00 committed by Git OBS Bridge
parent 404156ec6d
commit ec293cdc8d
10 changed files with 73 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-2017-5951.patch
View File

@ -1,19 +0,0 @@
--- psi/iparam.c.orig 2017-03-16 11:12:02.000000000 +0100
+++ psi/iparam.c 2017-04-12 11:42:57.000000000 +0200
@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * pli
gs_param_enumerator_t enumr;
gs_param_key_t key;
ref_type keytype;
+ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list;
param_init_enumerator(&enumr);
- if (!(*((iparam_list *) plist)->enumerate)
- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype)
+ if (!(*(dlist->enumerate))
+ ((iparam_list *) dlist, &enumr, &key, &keytype)
&& keytype == t_integer) {
- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1;
+ dlist->int_keys = 1;
pvalue->type = gs_param_type_dict_int_keys;
}
}

30
CVE-2017-7207.patch
View File

@ -1,30 +0,0 @@
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Mon, 20 Mar 2017 09:34:11 +0000
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
This is only possible by abusing/mis-using Ghostscript-specific
language extensions, so cannot happen in a general PostScript program.
Nevertheless, Ghostscript should not crash. So this commit checks the
memory device to see if raster memory has been allocated, before trying
to read from it.
---
base/gdevmem.c | 2 ++
1 file changed, 2 insertions(+)
Index: ghostscript-9.15/base/gdevmem.c
===================================================================
--- ghostscript-9.15.orig/base/gdevmem.c 2014-09-22 12:17:33.000000000 +0200
+++ ghostscript-9.15/base/gdevmem.c 2017-04-28 10:55:17.479490151 +0200
@@ -590,6 +590,8 @@ mem_get_bits_rectangle(gx_device * dev,
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
return_error(gs_error_rangecheck);
}
+ if (mdev->line_ptrs == 0x00)
+ return_error(gs_error_rangecheck);
if ((w <= 0) | (h <= 0)) {
if ((w | h) < 0)
return_error(gs_error_rangecheck);

59
CVE-2017-8291.patch
View File

@ -1,59 +0,0 @@
--- ghostscript-9.21/psi/zmisc3.c.orig 2017-03-16 11:12:02.000000000 +0100
+++ ghostscript-9.21/psi/zmisc3.c 2017-05-02 14:43:41.000000000 +0200
@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
ref2_t stack[MAX_DEPTH + 1];
ref2_t *top = stack;
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+ if (!r_is_array(op - 1) || !r_is_array(op)) {
+ return_error(gs_error_typecheck);
+ }
+
make_array(&stack[0].proc1, 0, 1, op - 1);
make_array(&stack[0].proc2, 0, 1, op);
for (;;) {
--- ghostscript-9.21/psi/zfrsd.c.orig 2017-03-16 11:12:02.000000000 +0100
+++ ghostscript-9.21/psi/zfrsd.c 2017-05-02 14:45:35.000000000 +0200
@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
ref *pFilter;
ref *pDecodeParms;
int Intent = 0;
- bool AsyncRead;
+ bool AsyncRead = false;
ref empty_array, filter1_array, parms1_array;
uint i;
- int code;
+ int code = 0;
+
+ if (ref_stack_count(&o_stack) < 1)
+ return_error(gs_error_stackunderflow);
+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+ return_error(gs_error_typecheck);
+ }
make_empty_array(&empty_array, a_readonly);
- if (dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (r_has_type(op, t_dictionary)
+ && dict_find_string(op, "Filter", &pFilter) > 0) {
if (!r_is_array(pFilter)) {
if (!r_has_type(pFilter, t_name))
return_error(gs_error_typecheck);
@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
return_error(gs_error_typecheck);
}
}
- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (r_has_type(op, t_dictionary))
+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
return code;
- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
- )
- return code;
+ if (r_has_type(op, t_dictionary))
+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
+ return code;
push(1);
op[-1] = *pFilter;
if (pDecodeParms)

31
CVE-2017-9216.patch
View File

@ -1,31 +0,0 @@
From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
Date: Wed, 24 May 2017 19:29:57 +0100
Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
The return code from jbig2_decode_text_region was being ignored so the
code continued to try and parse the invalid file using incomplete/empty
structures.
---
jbig2dec/jbig2_symbol_dict.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
index 3cc17316f..672425d98 100644
--- a/jbig2dec/jbig2_symbol_dict.c
+++ b/jbig2dec/jbig2_symbol_dict.c
@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
}
/* multiple symbols are handled as a text region */
- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
+ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
n_refagg_dicts, image, data, size, GR_stats, as, ws);
+ if (code < 0)
+ goto cleanup4;
SDNEWSYMS->glyphs[NSYMSDECODED] = image;
refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
--
2.12.3

3
ghostscript-9.21.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:02bceadbc4dddeb6f2eec9c8b1623d945d355ca11b8b4df035332b217d58ce85
size 38398778

3
ghostscript-9.22rc1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d307041c35141999f38a4da6a1e86b8bdf2ad237b2bf973c551851940ed5b09b
size 38681545

19
ghostscript-mini.changes
View File

@ -1,10 +1,25 @@
-------------------------------------------------------------------
Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de
- Version upgrade to 9.22rc1 (first release candidate for 9.22).
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
see https://build.opensuse.org/project/show/Printing
- Since Ghostscript 9.22rc1 font2c and wftopfa are removed.
- CVE-2017-5951.patch CVE-2017-7207.patch
CVE-2017-8291.patch and CVE-2017-9216.patch
are fixed in the version 9.22rc1 upstream sources.
-------------------------------------------------------------------
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
- CVE-2017-7207.patch fixes a NULL pointer dereference
in mem_get_bits_rectangle
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
(bsc#1030263)
- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get
- CVE-2017-9216.patch fixes a NULL pointer dereference
in jbig2_huffman_get
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
(bsc#1040643)

73
ghostscript-mini.spec
View File

@ -36,33 +36,33 @@ Url: http://www.ghostscript.com/
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version:
#Version: 9.19pre20rc1
# Normal version for Ghostscript releases is the upstream version:
Version: 9.21
Version: 9.21pre22rc1
Release: 0
# Normal version for Ghostscript releases is the upstream version:
#Version: 9.21
# tarball_version is used below to specify the directory via "setup -n":
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
%define tarball_version %{version}
#define tarball_version 9.20rc1
#define tarball_version %{version}
%define tarball_version 9.22rc1
# built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
%define built_version %{version}
#define built_version 9.20
#define built_version %{version}
%define built_version 9.22
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc1/ghostscript-9.22rc1.tar.gz
# How to download it:
# wget -O ghostscript-9.20rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
#Source0: ghostscript-%{tarball_version}.tar.gz
# wget -O ghostscript-9.22rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc1/ghostscript-9.22rc1.tar.gz
Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# How to download it:
# wget -O ghostscript-9.21.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# URL for MD5 checksums: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/MD5SUMS
# MD5 checksum for Source0: 5f213281761d2750fcf27476c404d17f
Source0: ghostscript-%{version}.tar.gz
#Source0: ghostscript-%{version}.tar.gz
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
@ -77,25 +77,6 @@ Patch11: ppc64le-support.patch
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
Patch101: CVE-2017-5951.patch
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
Patch102: CVE-2017-8291.patch
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
Patch103: CVE-2017-9216.patch
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
Patch104: CVE-2017-7207.patch
# RPM dependencies:
Conflicts: ghostscript
@ -181,25 +162,7 @@ This package contains the development files for Minimal Ghostscript.
# is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE:
#rm -rf freetype jpeg libpng tiff zlib
rm -rf freetype jpeg libpng tiff
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
%patch101 -b .CVE-2017-5951.orig
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
%patch102 -p1 -b .CVE-2017-8291.orig
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
%patch103 -p1 -b .CVE-2017-9216.orig
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
%patch104 -p1 -b .CVE-2017-7207.orig
%build
# Derive build timestamp from latest changelog entry
export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s)
@ -280,6 +243,12 @@ popd
rm %{buildroot}%{_bindir}/ijs_client_example
rm %{buildroot}%{_bindir}/ijs_server_example
rm %{buildroot}%{_libdir}/libijs.la
# Since Ghostscript 9.22rc1 bin/font2c and bin/wftopfa are removed
# but the matching man pages are still installed which are hereby also removed:
rm %{buildroot}%{_mandir}/man1/font2c.1
rm %{buildroot}%{_mandir}/man1/wftopfa.1
rm %{buildroot}%{_mandir}/de/man1/font2c.1
rm %{buildroot}%{_mandir}/de/man1/wftopfa.1
# Install documentation which is not installed by default
# see http://bugs.ghostscript.com/show_bug.cgi?id=693002
# and fail intentionally as notification if something changed:
@ -328,7 +297,6 @@ exit 0
%defattr(-, root, root)
%{_bindir}/dvipdf
%{_bindir}/eps2eps
%{_bindir}/font2c
%{_bindir}/gs
%{_bindir}/gsx
%{_bindir}/gsc
@ -355,10 +323,8 @@ exit 0
%{_bindir}/ps2ps
%{_bindir}/ps2ps2
%{_bindir}/unix-lpr.sh
%{_bindir}/wftopfa
%doc %{_mandir}/man1/dvipdf.1.gz
%doc %{_mandir}/man1/eps2eps.1.gz
%doc %{_mandir}/man1/font2c.1.gz
%doc %{_mandir}/man1/gs.1.gz
%doc %{_mandir}/man1/gsbj.1.gz
%doc %{_mandir}/man1/gsdj.1.gz
@ -379,10 +345,8 @@ exit 0
%doc %{_mandir}/man1/ps2pdf14.1.gz
%doc %{_mandir}/man1/ps2pdfwr.1.gz
%doc %{_mandir}/man1/ps2ps.1.gz
%doc %{_mandir}/man1/wftopfa.1.gz
%doc %{_mandir}/de/man1/dvipdf.1.gz
%doc %{_mandir}/de/man1/eps2eps.1.gz
%doc %{_mandir}/de/man1/font2c.1.gz
%doc %{_mandir}/de/man1/gsnd.1.gz
%doc %{_mandir}/de/man1/pdf2dsc.1.gz
%doc %{_mandir}/de/man1/pdf2ps.1.gz
@ -393,7 +357,6 @@ exit 0
%doc %{_mandir}/de/man1/ps2pdf13.1.gz
%doc %{_mandir}/de/man1/ps2pdf14.1.gz
%doc %{_mandir}/de/man1/ps2ps.1.gz
%doc %{_mandir}/de/man1/wftopfa.1.gz
%doc %{_defaultdocdir}/ghostscript
%dir %{_datadir}/ghostscript
%dir %{_datadir}/ghostscript/%{built_version}

19
ghostscript.changes
View File

@ -1,10 +1,25 @@
-------------------------------------------------------------------
Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de
- Version upgrade to 9.22rc1 (first release candidate for 9.22).
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
see https://build.opensuse.org/project/show/Printing
- Since Ghostscript 9.22rc1 font2c and wftopfa are removed.
- CVE-2017-5951.patch CVE-2017-7207.patch
CVE-2017-8291.patch and CVE-2017-9216.patch
are fixed in the version 9.22rc1 upstream sources.
-------------------------------------------------------------------
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
- CVE-2017-7207.patch fixes a NULL pointer dereference
in mem_get_bits_rectangle
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
(bsc#1030263)
- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get
- CVE-2017-9216.patch fixes a NULL pointer dereference
in jbig2_huffman_get
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
(bsc#1040643)

74
ghostscript.spec
View File

@ -56,33 +56,33 @@ Url: http://www.ghostscript.com/
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version:
#Version: 9.19pre20rc1
# Normal version for Ghostscript releases is the upstream version:
Version: 9.21
Version: 9.21pre22rc1
Release: 0
# Normal version for Ghostscript releases is the upstream version:
#Version: 9.21
# tarball_version is used below to specify the directory via "setup -n":
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
%define tarball_version %{version}
#define tarball_version 9.20rc1
#define tarball_version %{version}
%define tarball_version 9.22rc1
# built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
%define built_version %{version}
#define built_version 9.20
#define built_version %{version}
%define built_version 9.22
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc1/ghostscript-9.22rc1.tar.gz
# How to download it:
# wget -O ghostscript-9.20rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
#Source0: ghostscript-%{tarball_version}.tar.gz
# wget -O ghostscript-9.22rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc1/ghostscript-9.22rc1.tar.gz
Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# How to download it:
# wget -O ghostscript-9.21.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# URL for MD5 checksums: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/MD5SUMS
# MD5 checksum for Source0: 5f213281761d2750fcf27476c404d17f
Source0: ghostscript-%{version}.tar.gz
#Source0: ghostscript-%{version}.tar.gz
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
@ -97,25 +97,6 @@ Patch11: ppc64le-support.patch
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
Patch101: CVE-2017-5951.patch
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
Patch102: CVE-2017-8291.patch
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
Patch103: CVE-2017-9216.patch
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
Patch104: CVE-2017-7207.patch
# RPM dependencies:
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
@ -243,6 +224,7 @@ For information how to use Ghostscript see
%package x11
Summary: X11 library for Ghostscript
Group: Productivity/Publishing/PS
# Require the exact matching version-release of the ghostscript main-package because
# a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault)
# because all Ghostscript software is built from one same Ghostscript source tar ball
@ -250,7 +232,6 @@ Summary: X11 library for Ghostscript
# The exact matching version-release of the ghostscript main-package is available
# on the same package repository where the ghostscript-x11 sub-package is because
# all are built simulaneously from the same Ghostscript source package:
Group: Productivity/Publishing/PS
Requires: ghostscript = %{version}-%{release}
# Unfortunately ghostscript-library.spec and ghostscript-mini.spec have
# an unversioned "Provides: ghostscript" and for RPM this means that both
@ -317,25 +298,6 @@ This package contains the development files for Ghostscript.
# is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE:
#rm -rf freetype jpeg libpng tiff zlib
rm -rf freetype jpeg libpng tiff
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
%patch101 -b .CVE-2017-5951.orig
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
%patch102 -p1 -b .CVE-2017-8291.orig
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
%patch103 -p1 -b .CVE-2017-9216.orig
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
%patch104 -p1 -b .CVE-2017-7207.orig
%build
# Derive build timestamp from latest changelog entry
@ -417,6 +379,12 @@ popd
rm %{buildroot}%{_bindir}/ijs_client_example
rm %{buildroot}%{_bindir}/ijs_server_example
rm %{buildroot}%{_libdir}/libijs.la
# Since Ghostscript 9.22rc1 bin/font2c and bin/wftopfa are removed
# but the matching man pages are still installed which are hereby also removed:
rm %{buildroot}%{_mandir}/man1/font2c.1
rm %{buildroot}%{_mandir}/man1/wftopfa.1
rm %{buildroot}%{_mandir}/de/man1/font2c.1
rm %{buildroot}%{_mandir}/de/man1/wftopfa.1
# Install documentation which is not installed by default
# see http://bugs.ghostscript.com/show_bug.cgi?id=693002
# and fail intentionally as notification if something changed:
@ -465,7 +433,6 @@ exit 0
%defattr(-, root, root)
%{_bindir}/dvipdf
%{_bindir}/eps2eps
%{_bindir}/font2c
%{_bindir}/gs
%{_bindir}/gsx
%{_bindir}/gsc
@ -492,10 +459,8 @@ exit 0
%{_bindir}/ps2ps
%{_bindir}/ps2ps2
%{_bindir}/unix-lpr.sh
%{_bindir}/wftopfa
%doc %{_mandir}/man1/dvipdf.1.gz
%doc %{_mandir}/man1/eps2eps.1.gz
%doc %{_mandir}/man1/font2c.1.gz
%doc %{_mandir}/man1/gs.1.gz
%doc %{_mandir}/man1/gsbj.1.gz
%doc %{_mandir}/man1/gsdj.1.gz
@ -516,10 +481,8 @@ exit 0
%doc %{_mandir}/man1/ps2pdf14.1.gz
%doc %{_mandir}/man1/ps2pdfwr.1.gz
%doc %{_mandir}/man1/ps2ps.1.gz
%doc %{_mandir}/man1/wftopfa.1.gz
%doc %{_mandir}/de/man1/dvipdf.1.gz
%doc %{_mandir}/de/man1/eps2eps.1.gz
%doc %{_mandir}/de/man1/font2c.1.gz
%doc %{_mandir}/de/man1/gsnd.1.gz
%doc %{_mandir}/de/man1/pdf2dsc.1.gz
%doc %{_mandir}/de/man1/pdf2ps.1.gz
@ -530,7 +493,6 @@ exit 0
%doc %{_mandir}/de/man1/ps2pdf13.1.gz
%doc %{_mandir}/de/man1/ps2pdf14.1.gz
%doc %{_mandir}/de/man1/ps2ps.1.gz
%doc %{_mandir}/de/man1/wftopfa.1.gz
%doc %{_defaultdocdir}/ghostscript
%dir %{_datadir}/ghostscript
%dir %{_datadir}/ghostscript/%{built_version}