Accepting request 823078 from Printing

Ghostscript security fix CVE-2020-15900 (bsc#1174415) (forwarded request 823076 from jsmeix)

OBS-URL: https://build.opensuse.org/request/show/823078
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=46

CVE-2020-15900.patch

@@ -0,0 +1,27 @@
+--- psi/zstring.c.orig	2020-03-19 09:21:42.000000000 +0100
++++ psi/zstring.c	2020-07-27 08:25:08.963425295 +0200
+@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forwa
+     return 0;
+ found:
+     op->tas.type_attrs = op1->tas.type_attrs;
+-    op->value.bytes = ptr;
+-    r_set_size(op, size);
++    op->value.bytes = ptr;				/* match */
++    op->tas.rsize = size;				/* match */
+     push(2);
+-    op[-1] = *op1;
+-    r_set_size(op - 1, ptr - op[-1].value.bytes);
+-    op1->value.bytes = ptr + size;
+-    r_set_size(op1, count + (!forward ? (size - 1) : 0));
++    op[-1] = *op1;					/* pre */
++    op[-3].value.bytes = ptr + size;			/* post */
++    if (forward) {
++        op[-1].tas.rsize = ptr - op[-1].value.bytes;	/* pre */
++        op[-3].tas.rsize = count;			/* post */
++    } else {
++        op[-1].tas.rsize = count;			/* pre */
++        op[-3].tas.rsize -= count + size;		/* post */
++    }
+     make_true(op);
+     return 0;
+ }

ghostscript-mini.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
+
+- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
+  cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
+  (bsc#1174415)
+
 -------------------------------------------------------------------
 Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de
 

ghostscript-mini.spec

@@ -78,6 +78,13 @@ Release:        0
 Source0:        ghostscript-%{version}.tar.gz
 Source1:        apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
+# Patch1 CVE-2020-15900.patch is
+# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
+# that fixes CVE-2020-15900 Memory Corruption
+# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
+# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
+# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
+Patch1:         CVE-2020-15900.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@@ -146,6 +153,13 @@ This package contains the development files for Minimal Ghostscript.
 # Be quiet when unpacking and
 # use a directory name matching Source0 to make it work also for ghostscript-mini:
 %setup -q -n ghostscript-%{tarball_version}
+# Patch1 CVE-2020-15900.patch is
+# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
+# that fixes CVE-2020-15900 Memory Corruption
+# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
+# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
+# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
+%patch1
 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
 # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
 # Again use the zlib sources from Ghostscript upstream

ghostscript.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
+
+- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
+  cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
+  (bsc#1174415)
+
 -------------------------------------------------------------------
 Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de
 

ghostscript.spec

@@ -102,6 +102,13 @@ Release:        0
 Source0:        ghostscript-%{version}.tar.gz
 Source1:        apparmor_ghostscript
 # Patch0...Patch9 is for patches from upstream:
+# Patch1 CVE-2020-15900.patch is
+# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
+# that fixes CVE-2020-15900 Memory Corruption
+# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
+# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
+# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
+Patch1:         CVE-2020-15900.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@@ -283,6 +290,13 @@ This package contains the development files for Ghostscript.
 # Be quiet when unpacking and
 # use a directory name matching Source0 to make it work also for ghostscript-mini:
 %setup -q -n ghostscript-%{tarball_version}
+# Patch1 CVE-2020-15900.patch is
+# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
+# that fixes CVE-2020-15900 Memory Corruption
+# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
+# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
+# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
+%patch1
 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
 # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
 # Again use the zlib sources from Ghostscript upstream