Accepting request 823078 from Printing

Ghostscript security fix CVE-2020-15900 (bsc#1174415) (forwarded request 823076 from jsmeix)

OBS-URL: https://build.opensuse.org/request/show/823078
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=46
This commit is contained in:
Dominique Leuenberger 2020-07-31 13:52:18 +00:00 committed by Git OBS Bridge
commit f18722f7e4
5 changed files with 69 additions and 0 deletions

27
CVE-2020-15900.patch Normal file
View File

@ -0,0 +1,27 @@
--- psi/zstring.c.orig 2020-03-19 09:21:42.000000000 +0100
+++ psi/zstring.c 2020-07-27 08:25:08.963425295 +0200
@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forwa
return 0;
found:
op->tas.type_attrs = op1->tas.type_attrs;
- op->value.bytes = ptr;
- r_set_size(op, size);
+ op->value.bytes = ptr; /* match */
+ op->tas.rsize = size; /* match */
push(2);
- op[-1] = *op1;
- r_set_size(op - 1, ptr - op[-1].value.bytes);
- op1->value.bytes = ptr + size;
- r_set_size(op1, count + (!forward ? (size - 1) : 0));
+ op[-1] = *op1; /* pre */
+ op[-3].value.bytes = ptr + size; /* post */
+ if (forward) {
+ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
+ op[-3].tas.rsize = count; /* post */
+ } else {
+ op[-1].tas.rsize = count; /* pre */
+ op[-3].tas.rsize -= count + size; /* post */
+ }
make_true(op);
return 0;
}

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
(bsc#1174415)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de

View File

@ -78,6 +78,13 @@ Release: 0
Source0: ghostscript-%{version}.tar.gz Source0: ghostscript-%{version}.tar.gz
Source1: apparmor_ghostscript Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream: # Patch0...Patch9 is for patches from upstream:
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
Patch1: CVE-2020-15900.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Source100...Source999 is for sources from SUSE which are not intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@ -146,6 +153,13 @@ This package contains the development files for Minimal Ghostscript.
# Be quiet when unpacking and # Be quiet when unpacking and
# use a directory name matching Source0 to make it work also for ghostscript-mini: # use a directory name matching Source0 to make it work also for ghostscript-mini:
%setup -q -n ghostscript-%{tarball_version} %setup -q -n ghostscript-%{tarball_version}
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
%patch1
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
# Again use the zlib sources from Ghostscript upstream # Again use the zlib sources from Ghostscript upstream

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Jul 28 09:15:30 CEST 2020 - jsmeix@suse.de
- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption
cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
(bsc#1174415)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de

View File

@ -102,6 +102,13 @@ Release: 0
Source0: ghostscript-%{version}.tar.gz Source0: ghostscript-%{version}.tar.gz
Source1: apparmor_ghostscript Source1: apparmor_ghostscript
# Patch0...Patch9 is for patches from upstream: # Patch0...Patch9 is for patches from upstream:
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
Patch1: CVE-2020-15900.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream: # Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Source100...Source999 is for sources from SUSE which are not intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream:
@ -283,6 +290,13 @@ This package contains the development files for Ghostscript.
# Be quiet when unpacking and # Be quiet when unpacking and
# use a directory name matching Source0 to make it work also for ghostscript-mini: # use a directory name matching Source0 to make it work also for ghostscript-mini:
%setup -q -n ghostscript-%{tarball_version} %setup -q -n ghostscript-%{tarball_version}
# Patch1 CVE-2020-15900.patch is
# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
# that fixes CVE-2020-15900 Memory Corruption
# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582
# and https://bugzilla.suse.com/show_bug.cgi?id=1174415
%patch1
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball.
# Again use the zlib sources from Ghostscript upstream # Again use the zlib sources from Ghostscript upstream