Accepting request 945779 from Printing
Ghostscript security fix CVE-2021-45949 (bsc#1194304) including CVE-2021-45944 (bsc#1194303) (forwarded request 945778 from jsmeix) OBS-URL: https://build.opensuse.org/request/show/945779 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=53
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
ff483dd254
36
CVE-2021-45949.patch
Normal file
36
CVE-2021-45949.patch
Normal file
@ -0,0 +1,36 @@
|
||||
--- psi/zfsample.c.orig 2022-01-12 09:16:07.639604741 +0100
|
||||
+++ psi/zfsample.c 2022-01-12 09:21:45.187952236 +0100
|
||||
@@ -535,13 +535,16 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
|
||||
}
|
||||
pop(num_out); /* Move op to base of result values */
|
||||
|
||||
+ /* From here on, we have to use ref_stack_pop() rather than pop()
|
||||
+ so that it handles stack extension blocks properly, before calling
|
||||
+ sampled_data_sample() which also uses the op stack.
|
||||
+ */
|
||||
/* Check if we are done collecting data. */
|
||||
-
|
||||
if (increment_cube_indexes(params, penum->indexes)) {
|
||||
if (stack_depth_adjust == 0)
|
||||
- pop(O_STACK_PAD); /* Remove spare stack space */
|
||||
+ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */
|
||||
else
|
||||
- pop(stack_depth_adjust - num_out);
|
||||
+ ref_stack_pop(&o_stack, stack_depth_adjust - num_out);
|
||||
/* Execute the closing procedure, if given */
|
||||
code = 0;
|
||||
if (esp_finish_proc != 0)
|
||||
@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
|
||||
if ((O_STACK_PAD - stack_depth_adjust) < 0) {
|
||||
stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust);
|
||||
check_op(stack_depth_adjust);
|
||||
- pop(stack_depth_adjust);
|
||||
+ ref_stack_pop(&o_stack, stack_depth_adjust);
|
||||
}
|
||||
else {
|
||||
check_ostack(O_STACK_PAD - stack_depth_adjust);
|
||||
- push(O_STACK_PAD - stack_depth_adjust);
|
||||
+ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust);
|
||||
for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
|
||||
make_null(op - i);
|
||||
}
|
||||
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de
|
||||
|
||||
- CVE-2021-45949.patch fixes CVE-2021-45949
|
||||
heap-based buffer overflow in sampled_data_finish
|
||||
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
||||
(bsc#1194304)
|
||||
- CVE-2021-45944 use-after-free in sampled_data_sample
|
||||
is already fixed in the Ghostscript 9.54.0 upstream sources
|
||||
(bsc#1194303)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package ghostscript-mini
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -89,6 +89,12 @@ Patch101: ijs_exec_server_dont_use_sh.patch
|
||||
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
|
||||
Patch102: CVE-2021-3781.patch
|
||||
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
|
||||
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
|
||||
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
|
||||
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
|
||||
Patch103: CVE-2021-45949.patch
|
||||
# RPM dependencies:
|
||||
# The "Provides: ghostscript_any" is there to support "BuildRequires: ghostscript_any"
|
||||
# so other packages can build with any available Ghostscript implementation,
|
||||
@ -172,6 +178,12 @@ This package contains the development files for Minimal Ghostscript.
|
||||
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
|
||||
%patch102 -p1
|
||||
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
|
||||
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
|
||||
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
|
||||
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
|
||||
%patch103
|
||||
# Remove patch backup files to avoid packaging
|
||||
# cf. https://build.opensuse.org/request/show/581052
|
||||
rm -f Resource/Init/*.ps.orig
|
||||
|
||||
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 11 13:40:10 CET 2022 - jsmeix@suse.de
|
||||
|
||||
- CVE-2021-45949.patch fixes CVE-2021-45949
|
||||
heap-based buffer overflow in sampled_data_finish
|
||||
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
||||
(bsc#1194304)
|
||||
- CVE-2021-45944 use-after-free in sampled_data_sample
|
||||
is already fixed in the Ghostscript 9.54.0 upstream sources
|
||||
(bsc#1194303)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 10 09:37:46 CEST 2021 - jsmeix@suse.de
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package ghostscript
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -118,6 +118,12 @@ Patch101: ijs_exec_server_dont_use_sh.patch
|
||||
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
|
||||
Patch102: CVE-2021-3781.patch
|
||||
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
|
||||
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
|
||||
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
|
||||
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
|
||||
Patch103: CVE-2021-45949.patch
|
||||
# RPM dependencies:
|
||||
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
|
||||
# "rpm -q --provides ghostscript-library" and "rpm -q --provides ghostscript-x11":
|
||||
@ -313,6 +319,12 @@ This package contains the development files for Ghostscript.
|
||||
# cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1190381
|
||||
%patch102 -p1
|
||||
# Patch103 CVE-2021-45949.patch was derived for Ghostscript-9.54 from
|
||||
# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
|
||||
# that fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish
|
||||
# cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
|
||||
# and https://bugzilla.suse.com/show_bug.cgi?id=1194304
|
||||
%patch103
|
||||
# Remove patch backup files to avoid packaging
|
||||
# cf. https://build.opensuse.org/request/show/581052
|
||||
rm -f Resource/Init/*.ps.orig
|
||||
|
||||
Loading…
Reference in New Issue
Block a user