rpm/ghostscript
SHA256
1
0
Fork 0
forked from pool/ghostscript
Code Pull Requests Activity

Accepting request 554966 from Printing

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/554966
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ghostscript?expand=0&rev=29
This commit is contained in:
Dominique Leuenberger 2017-12-10 17:13:29 +00:00 committed by Git OBS Bridge
commit 4173b6edaa
10 changed files with 177 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-2017-5951.patch
View File

@ -1,19 +0,0 @@
--- psi/iparam.c.orig 2017-03-16 11:12:02.000000000 +0100
+++ psi/iparam.c 2017-04-12 11:42:57.000000000 +0200
@@ -770,12 +770,13 @@ ref_param_read_typed(gs_param_list * pli
gs_param_enumerator_t enumr;
gs_param_key_t key;
ref_type keytype;
+ dict_param_list *dlist = (dict_param_list *) pvalue->value.d.list;
param_init_enumerator(&enumr);
- if (!(*((iparam_list *) plist)->enumerate)
- ((iparam_list *) pvalue->value.d.list, &enumr, &key, &keytype)
+ if (!(*(dlist->enumerate))
+ ((iparam_list *) dlist, &enumr, &key, &keytype)
&& keytype == t_integer) {
- ((dict_param_list *) pvalue->value.d.list)->int_keys = 1;
+ dlist->int_keys = 1;
pvalue->type = gs_param_type_dict_int_keys;
}
}

30
CVE-2017-7207.patch
View File

@ -1,30 +0,0 @@
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Mon, 20 Mar 2017 09:34:11 +0000
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
This is only possible by abusing/mis-using Ghostscript-specific
language extensions, so cannot happen in a general PostScript program.
Nevertheless, Ghostscript should not crash. So this commit checks the
memory device to see if raster memory has been allocated, before trying
to read from it.
---
base/gdevmem.c | 2 ++
1 file changed, 2 insertions(+)
Index: ghostscript-9.15/base/gdevmem.c
===================================================================
--- ghostscript-9.15.orig/base/gdevmem.c 2014-09-22 12:17:33.000000000 +0200
+++ ghostscript-9.15/base/gdevmem.c 2017-04-28 10:55:17.479490151 +0200
@@ -590,6 +590,8 @@ mem_get_bits_rectangle(gx_device * dev,
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
return_error(gs_error_rangecheck);
}
+ if (mdev->line_ptrs == 0x00)
+ return_error(gs_error_rangecheck);
if ((w <= 0) | (h <= 0)) {
if ((w | h) < 0)
return_error(gs_error_rangecheck);

59
CVE-2017-8291.patch
View File

@ -1,59 +0,0 @@
--- ghostscript-9.21/psi/zmisc3.c.orig 2017-03-16 11:12:02.000000000 +0100
+++ ghostscript-9.21/psi/zmisc3.c 2017-05-02 14:43:41.000000000 +0200
@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
ref2_t stack[MAX_DEPTH + 1];
ref2_t *top = stack;
+ if (ref_stack_count(&o_stack) < 2)
+ return_error(gs_error_stackunderflow);
+ if (!r_is_array(op - 1) || !r_is_array(op)) {
+ return_error(gs_error_typecheck);
+ }
+
make_array(&stack[0].proc1, 0, 1, op - 1);
make_array(&stack[0].proc2, 0, 1, op);
for (;;) {
--- ghostscript-9.21/psi/zfrsd.c.orig 2017-03-16 11:12:02.000000000 +0100
+++ ghostscript-9.21/psi/zfrsd.c 2017-05-02 14:45:35.000000000 +0200
@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
ref *pFilter;
ref *pDecodeParms;
int Intent = 0;
- bool AsyncRead;
+ bool AsyncRead = false;
ref empty_array, filter1_array, parms1_array;
uint i;
- int code;
+ int code = 0;
+
+ if (ref_stack_count(&o_stack) < 1)
+ return_error(gs_error_stackunderflow);
+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+ return_error(gs_error_typecheck);
+ }
make_empty_array(&empty_array, a_readonly);
- if (dict_find_string(op, "Filter", &pFilter) > 0) {
+ if (r_has_type(op, t_dictionary)
+ && dict_find_string(op, "Filter", &pFilter) > 0) {
if (!r_is_array(pFilter)) {
if (!r_has_type(pFilter, t_name))
return_error(gs_error_typecheck);
@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
return_error(gs_error_typecheck);
}
}
- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+ if (r_has_type(op, t_dictionary))
+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
return code;
- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
- )
- return code;
+ if (r_has_type(op, t_dictionary))
+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
+ return code;
push(1);
op[-1] = *pFilter;
if (pDecodeParms)

31
CVE-2017-9216.patch
View File

@ -1,31 +0,0 @@
From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
Date: Wed, 24 May 2017 19:29:57 +0100
Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
The return code from jbig2_decode_text_region was being ignored so the
code continued to try and parse the invalid file using incomplete/empty
structures.
---
jbig2dec/jbig2_symbol_dict.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/jbig2dec/jbig2_symbol_dict.c b/jbig2dec/jbig2_symbol_dict.c
index 3cc17316f..672425d98 100644
--- a/jbig2dec/jbig2_symbol_dict.c
+++ b/jbig2dec/jbig2_symbol_dict.c
@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
}
/* multiple symbols are handled as a text region */
- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
+ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
n_refagg_dicts, image, data, size, GR_stats, as, ws);
+ if (code < 0)
+ goto cleanup4;
SDNEWSYMS->glyphs[NSYMSDECODED] = image;
refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
--
2.12.3

3
ghostscript-9.21.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:02bceadbc4dddeb6f2eec9c8b1623d945d355ca11b8b4df035332b217d58ce85
size 38398778

3
ghostscript-9.22.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7f5f4487c0df9dce37481e4c8f192c0322e4c69f5a2ba900a7833c992331bcf4
size 38773429

71
ghostscript-mini.changes
View File

@ -1,10 +1,77 @@
-------------------------------------------------------------------
Wed Nov 29 16:04:48 CET 2017 - jsmeix@suse.de
- Version upgrade to 9.22.
For details see the News.htm and History9.htm files.
Highlights in this release include:
* Ghostscript can now consume and produce (via the pdfwrite
device) PDF 2.0 compliant files.
* The main focus of this release has been security and code
cleanliness. Hence many AddressSanitizer, Valgrind and
Coverity issues have been addressed.
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
Incompatible changes
* The planned device API tidy (still!) did not happen for
this release, due to time pressures, but we still intend
to undertake the following: We plan to somewhat tidy up
the device API. We intend to remove deprecated device procs
(methods/function pointers) and change the device API
so every device proc takes a graphics state parameter
(rather than the current scheme where only a very few procs
take an imager state parameter). This should serve as notice
to anyone maintaining a Ghostscript device outside the
canonical source tree that you may (probably will) need
to update your device(s) when these changes happen.
Devices using only the non-deprecated procs should be
trivial to update.
- Up to 9.22rc1 it "just built" for all openSUSE versions but
since 9.22rc2 the libijs part does no longer buid for any
released openSUSE version where if fails with messages like
libtool: Version mismatch error.
This is libtool 2.4.6 Debian-2.4.6-2, but the
definition of this LT_INIT comes from libtool 2.4.2.
You should recreate aclocal.m4 with macros from
libtool 2.4.6 Debian-2.4.6-2 and run autoconf again.
Makefile: recipe for target 'ijs.lo' failed
so that currently it only builds for Tumbleweed/Factory.
Presumably it is not too complicated to make it build again
also for released openSUSE versions but currently I have
less than zero energy to fix on such "latest breaking changes"
so that for now Ghostscript 9.22 is only provided for
openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15.
-------------------------------------------------------------------
Fri Sep 29 09:12:06 CEST 2017 - jsmeix@suse.de
- Version upgrade to 9.22rc2 (second release candidate for 9.22).
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
see https://build.opensuse.org/project/show/Printing
-------------------------------------------------------------------
Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de
- Version upgrade to 9.22rc1 (first release candidate for 9.22).
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
see https://build.opensuse.org/project/show/Printing
- Since Ghostscript 9.22rc1 font2c and wftopfa are removed.
- CVE-2017-5951.patch CVE-2017-7207.patch
CVE-2017-8291.patch and CVE-2017-9216.patch
are fixed in the version 9.22rc1 upstream sources.
-------------------------------------------------------------------
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
- CVE-2017-7207.patch fixes a NULL pointer dereference
in mem_get_bits_rectangle
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
(bsc#1030263)
- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get
- CVE-2017-9216.patch fixes a NULL pointer dereference
in jbig2_huffman_get
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
(bsc#1040643)

72
ghostscript-mini.spec
View File

@ -36,32 +36,33 @@ Url: http://www.ghostscript.com/
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version:
#Version: 9.19pre20rc1
#Version: 9.21pre22rc2
# Normal version for Ghostscript releases is the upstream version:
Version: 9.21
Version: 9.22
Release: 0
# tarball_version is used below to specify the directory via "setup -n":
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
%define tarball_version %{version}
#define tarball_version 9.20rc1
#define tarball_version 9.22rc2
# built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
%define built_version %{version}
#define built_version 9.20
#define built_version 9.22
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz
# How to download it:
# wget -O ghostscript-9.20rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
# wget -O ghostscript-9.22rc2.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz
#Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz
# How to download it:
# wget -O ghostscript-9.21.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# URL for MD5 checksums: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/MD5SUMS
# MD5 checksum for Source0: 5f213281761d2750fcf27476c404d17f
# wget -O ghostscript-9.22.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz
# URL for MD5 checksums:
# wget -O gs922.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/MD5SUMS
# MD5 checksum for Source0: eff6bc41b1d7e26e988d2a5c813889d1
Source0: ghostscript-%{version}.tar.gz
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream:
@ -77,25 +78,6 @@ Patch11: ppc64le-support.patch
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
Patch101: CVE-2017-5951.patch
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
Patch102: CVE-2017-8291.patch
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
Patch103: CVE-2017-9216.patch
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
Patch104: CVE-2017-7207.patch
# RPM dependencies:
Conflicts: ghostscript
@ -181,25 +163,7 @@ This package contains the development files for Minimal Ghostscript.
# is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE:
#rm -rf freetype jpeg libpng tiff zlib
rm -rf freetype jpeg libpng tiff
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
%patch101 -b .CVE-2017-5951.orig
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
%patch102 -p1 -b .CVE-2017-8291.orig
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
%patch103 -p1 -b .CVE-2017-9216.orig
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
%patch104 -p1 -b .CVE-2017-7207.orig
%build
# Derive build timestamp from latest changelog entry
export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s)
@ -280,6 +244,12 @@ popd
rm %{buildroot}%{_bindir}/ijs_client_example
rm %{buildroot}%{_bindir}/ijs_server_example
rm %{buildroot}%{_libdir}/libijs.la
# Since Ghostscript 9.22rc1 bin/font2c and bin/wftopfa are removed
# but the matching man pages are still installed which are hereby also removed:
#rm %{buildroot}%{_mandir}/man1/font2c.1
#rm %{buildroot}%{_mandir}/man1/wftopfa.1
#rm %{buildroot}%{_mandir}/de/man1/font2c.1
#rm %{buildroot}%{_mandir}/de/man1/wftopfa.1
# Install documentation which is not installed by default
# see http://bugs.ghostscript.com/show_bug.cgi?id=693002
# and fail intentionally as notification if something changed:
@ -328,7 +298,6 @@ exit 0
%defattr(-, root, root)
%{_bindir}/dvipdf
%{_bindir}/eps2eps
%{_bindir}/font2c
%{_bindir}/gs
%{_bindir}/gsx
%{_bindir}/gsc
@ -355,10 +324,8 @@ exit 0
%{_bindir}/ps2ps
%{_bindir}/ps2ps2
%{_bindir}/unix-lpr.sh
%{_bindir}/wftopfa
%doc %{_mandir}/man1/dvipdf.1.gz
%doc %{_mandir}/man1/eps2eps.1.gz
%doc %{_mandir}/man1/font2c.1.gz
%doc %{_mandir}/man1/gs.1.gz
%doc %{_mandir}/man1/gsbj.1.gz
%doc %{_mandir}/man1/gsdj.1.gz
@ -379,10 +346,8 @@ exit 0
%doc %{_mandir}/man1/ps2pdf14.1.gz
%doc %{_mandir}/man1/ps2pdfwr.1.gz
%doc %{_mandir}/man1/ps2ps.1.gz
%doc %{_mandir}/man1/wftopfa.1.gz
%doc %{_mandir}/de/man1/dvipdf.1.gz
%doc %{_mandir}/de/man1/eps2eps.1.gz
%doc %{_mandir}/de/man1/font2c.1.gz
%doc %{_mandir}/de/man1/gsnd.1.gz
%doc %{_mandir}/de/man1/pdf2dsc.1.gz
%doc %{_mandir}/de/man1/pdf2ps.1.gz
@ -393,7 +358,6 @@ exit 0
%doc %{_mandir}/de/man1/ps2pdf13.1.gz
%doc %{_mandir}/de/man1/ps2pdf14.1.gz
%doc %{_mandir}/de/man1/ps2ps.1.gz
%doc %{_mandir}/de/man1/wftopfa.1.gz
%doc %{_defaultdocdir}/ghostscript
%dir %{_datadir}/ghostscript
%dir %{_datadir}/ghostscript/%{built_version}

71
ghostscript.changes
View File

@ -1,10 +1,77 @@
-------------------------------------------------------------------
Wed Nov 29 16:04:48 CET 2017 - jsmeix@suse.de
- Version upgrade to 9.22.
For details see the News.htm and History9.htm files.
Highlights in this release include:
* Ghostscript can now consume and produce (via the pdfwrite
device) PDF 2.0 compliant files.
* The main focus of this release has been security and code
cleanliness. Hence many AddressSanitizer, Valgrind and
Coverity issues have been addressed.
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
Incompatible changes
* The planned device API tidy (still!) did not happen for
this release, due to time pressures, but we still intend
to undertake the following: We plan to somewhat tidy up
the device API. We intend to remove deprecated device procs
(methods/function pointers) and change the device API
so every device proc takes a graphics state parameter
(rather than the current scheme where only a very few procs
take an imager state parameter). This should serve as notice
to anyone maintaining a Ghostscript device outside the
canonical source tree that you may (probably will) need
to update your device(s) when these changes happen.
Devices using only the non-deprecated procs should be
trivial to update.
- Up to 9.22rc1 it "just built" for all openSUSE versions but
since 9.22rc2 the libijs part does no longer buid for any
released openSUSE version where if fails with messages like
libtool: Version mismatch error.
This is libtool 2.4.6 Debian-2.4.6-2, but the
definition of this LT_INIT comes from libtool 2.4.2.
You should recreate aclocal.m4 with macros from
libtool 2.4.6 Debian-2.4.6-2 and run autoconf again.
Makefile: recipe for target 'ijs.lo' failed
so that currently it only builds for Tumbleweed/Factory.
Presumably it is not too complicated to make it build again
also for released openSUSE versions but currently I have
less than zero energy to fix on such "latest breaking changes"
so that for now Ghostscript 9.22 is only provided for
openSUSE Tumbleweed/Factory and the upcoming SLE15/Leap15.
-------------------------------------------------------------------
Fri Sep 29 09:12:06 CEST 2017 - jsmeix@suse.de
- Version upgrade to 9.22rc2 (second release candidate for 9.22).
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
see https://build.opensuse.org/project/show/Printing
-------------------------------------------------------------------
Thu Sep 14 15:19:40 CEST 2017 - jsmeix@suse.de
- Version upgrade to 9.22rc1 (first release candidate for 9.22).
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
see https://build.opensuse.org/project/show/Printing
- Since Ghostscript 9.22rc1 font2c and wftopfa are removed.
- CVE-2017-5951.patch CVE-2017-7207.patch
CVE-2017-8291.patch and CVE-2017-9216.patch
are fixed in the version 9.22rc1 upstream sources.
-------------------------------------------------------------------
Fri Jun 2 09:12:45 UTC 2017 - daniel.molkentin@suse.com
- CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
- CVE-2017-7207.patch fixes a NULL pointer dereference
in mem_get_bits_rectangle
see https://bugs.ghostscript.com/show_bug.cgi?id=697676
(bsc#1030263)
- CVE-2017-9216.patch fixes a NULL pointer dereference in jbig2_huffman_get
- CVE-2017-9216.patch fixes a NULL pointer dereference
in jbig2_huffman_get
see https://bugs.ghostscript.com/show_bug.cgi?id=697934
(bsc#1040643)

73
ghostscript.spec
View File

@ -56,32 +56,33 @@ Url: http://www.ghostscript.com/
# But only with the alphabetic prefix "9.pre15rc1" would be older than the previous version number "9.14"
# because rpmvercmp would treat 9.pre15rc1 as 9.pre.15.rc1 and letters are older than numbers
# so that we keep additionally the previous version number to upgrade from the previous version:
#Version: 9.19pre20rc1
#Version: 9.21pre22rc2
# Normal version for Ghostscript releases is the upstream version:
Version: 9.21
Version: 9.22
Release: 0
# tarball_version is used below to specify the directory via "setup -n":
# Special tarball_version needed for Ghostscript release candidates e.g. "define tarball_version 9.15rc1".
# For Ghostscript releases tarball_version and version are the same (i.e. the upstream version):
%define tarball_version %{version}
#define tarball_version 9.20rc1
#define tarball_version 9.22rc2
# built_version is used below in the install and files sections:
# Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15".
# For Ghostscript releases built_version and version are the same (i.e. the upstream version):
%define built_version %{version}
#define built_version 9.20
#define built_version 9.22
# Source0...Source9 is for sources from upstream:
# Special URLs for Ghostscript release candidates:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz
# How to download it:
# wget -O ghostscript-9.20rc1.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs920rc1/ghostscript-9.20rc1.tar.gz
# wget -O ghostscript-9.22rc2.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922rc2/ghostscript-9.22rc2.tar.gz
#Source0: ghostscript-%{tarball_version}.tar.gz
# Normal URLs for Ghostscript releases:
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# URL for Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz
# How to download it:
# wget -O ghostscript-9.21.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/ghostscript-9.21.tar.gz
# URL for MD5 checksums: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs921/MD5SUMS
# MD5 checksum for Source0: 5f213281761d2750fcf27476c404d17f
# wget -O ghostscript-9.22.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/ghostscript-9.22.tar.gz
# URL for MD5 checksums:
# wget -O gs922.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs922/MD5SUMS
# MD5 checksum for Source0: eff6bc41b1d7e26e988d2a5c813889d1
Source0: ghostscript-%{version}.tar.gz
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream:
@ -97,25 +98,6 @@ Patch11: ppc64le-support.patch
# Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h
# in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball:
Patch100: remove-zlib-h-dependency.patch
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
Patch101: CVE-2017-5951.patch
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
Patch102: CVE-2017-8291.patch
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
Patch103: CVE-2017-9216.patch
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
Patch104: CVE-2017-7207.patch
# RPM dependencies:
# Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from
@ -243,6 +225,7 @@ For information how to use Ghostscript see
%package x11
Summary: X11 library for Ghostscript
Group: Productivity/Publishing/PS
# Require the exact matching version-release of the ghostscript main-package because
# a non-matching ghostscript main-package may let it fail or even crash (e.g. segfault)
# because all Ghostscript software is built from one same Ghostscript source tar ball
@ -250,7 +233,6 @@ Summary: X11 library for Ghostscript
# The exact matching version-release of the ghostscript main-package is available
# on the same package repository where the ghostscript-x11 sub-package is because
# all are built simulaneously from the same Ghostscript source package:
Group: Productivity/Publishing/PS
Requires: ghostscript = %{version}-%{release}
# Unfortunately ghostscript-library.spec and ghostscript-mini.spec have
# an unversioned "Provides: ghostscript" and for RPM this means that both
@ -317,25 +299,6 @@ This package contains the development files for Ghostscript.
# is specially modified to work with Ghostscript so that we cannot use lcms2 from SUSE:
#rm -rf freetype jpeg libpng tiff zlib
rm -rf freetype jpeg libpng tiff
# Patch101 CVE-2017-5951.patch fixes
# null pointer dereference in ref_stack_index() that is
# related to mem_get_bits_rectangle() in base/gdevmem.c
# https://bugs.ghostscript.com/show_bug.cgi?id=697548
# (bsc#1032114)
%patch101 -b .CVE-2017-5951.orig
# Patch102 CVE-2017-8291.patch fixes a type confusion in .rsdparams and .eqproc
# see https://bugs.ghostscript.com/show_bug.cgi?id=697808
# and https://bugs.ghostscript.com/show_bug.cgi?id=697799
# and https://bugzilla.opensuse.org/show_bug.cgi?id=1036453
%patch102 -p1 -b .CVE-2017-8291.orig
# Patch103 fixes NULL pointer dereference in the jbig2_huffman_get function
# see https://bugs.ghostscript.com/show_bug.cgi?id=697934
# and https://bugzilla.suse.com/show_bug.cgi?id=1040643
%patch103 -p1 -b .CVE-2017-9216.orig
# Patch104 CVE-2017-7207.patch fixes a NULL pointer dereference in mem_get_bits_rectangle
# see https://bugs.ghostscript.com/show_bug.cgi?id=697676
# and https://bugzilla.suse.com/show_bug.cgi?id=1030263
%patch104 -p1 -b .CVE-2017-7207.orig
%build
# Derive build timestamp from latest changelog entry
@ -417,6 +380,12 @@ popd
rm %{buildroot}%{_bindir}/ijs_client_example
rm %{buildroot}%{_bindir}/ijs_server_example
rm %{buildroot}%{_libdir}/libijs.la
# Since Ghostscript 9.22rc1 bin/font2c and bin/wftopfa are removed
# but the matching man pages are still installed which are hereby also removed:
#rm %{buildroot}%{_mandir}/man1/font2c.1
#rm %{buildroot}%{_mandir}/man1/wftopfa.1
#rm %{buildroot}%{_mandir}/de/man1/font2c.1
#rm %{buildroot}%{_mandir}/de/man1/wftopfa.1
# Install documentation which is not installed by default
# see http://bugs.ghostscript.com/show_bug.cgi?id=693002
# and fail intentionally as notification if something changed:
@ -465,7 +434,6 @@ exit 0
%defattr(-, root, root)
%{_bindir}/dvipdf
%{_bindir}/eps2eps
%{_bindir}/font2c
%{_bindir}/gs
%{_bindir}/gsx
%{_bindir}/gsc
@ -492,10 +460,8 @@ exit 0
%{_bindir}/ps2ps
%{_bindir}/ps2ps2
%{_bindir}/unix-lpr.sh
%{_bindir}/wftopfa
%doc %{_mandir}/man1/dvipdf.1.gz
%doc %{_mandir}/man1/eps2eps.1.gz
%doc %{_mandir}/man1/font2c.1.gz
%doc %{_mandir}/man1/gs.1.gz
%doc %{_mandir}/man1/gsbj.1.gz
%doc %{_mandir}/man1/gsdj.1.gz
@ -516,10 +482,8 @@ exit 0
%doc %{_mandir}/man1/ps2pdf14.1.gz
%doc %{_mandir}/man1/ps2pdfwr.1.gz
%doc %{_mandir}/man1/ps2ps.1.gz
%doc %{_mandir}/man1/wftopfa.1.gz
%doc %{_mandir}/de/man1/dvipdf.1.gz
%doc %{_mandir}/de/man1/eps2eps.1.gz
%doc %{_mandir}/de/man1/font2c.1.gz
%doc %{_mandir}/de/man1/gsnd.1.gz
%doc %{_mandir}/de/man1/pdf2dsc.1.gz
%doc %{_mandir}/de/man1/pdf2ps.1.gz
@ -530,7 +494,6 @@ exit 0
%doc %{_mandir}/de/man1/ps2pdf13.1.gz
%doc %{_mandir}/de/man1/ps2pdf14.1.gz
%doc %{_mandir}/de/man1/ps2ps.1.gz
%doc %{_mandir}/de/man1/wftopfa.1.gz
%doc %{_defaultdocdir}/ghostscript
%dir %{_datadir}/ghostscript
%dir %{_datadir}/ghostscript/%{built_version}