From 03d1d391b8b03bc8551288335b666ac551307a9182f6ea599f771b4067d03f84 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Wed, 29 Apr 2020 10:44:01 +0000 Subject: [PATCH] Accepting request 798866 from home:jsmeix:branches:Printing Ghostscript version upgrade to 9.52 which is primarily a general security upgrade that fixes in particular CVE-2020-12268 (bsc#1170603) OBS-URL: https://build.opensuse.org/request/show/798866 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=126 --- CVE-2019-10216.patch | 44 ----- ghostscript-9.27.tar.gz | 3 - ghostscript-9.52.tar.gz | 3 + ghostscript-mini.changes | 141 ++++++++++++++++ ghostscript-mini.spec | 31 +--- ghostscript.changes | 122 +++++++++++++- ghostscript.spec | 31 +--- gs-CVE-2019-14811-885444fc.patch | 59 ------- gs-CVE-2019-14817-cd1b1cac.patch | 200 ----------------------- openjpeg4gs-CVE-2018-6616-8ee33522.patch | 67 -------- 10 files changed, 283 insertions(+), 418 deletions(-) delete mode 100644 CVE-2019-10216.patch delete mode 100644 ghostscript-9.27.tar.gz create mode 100644 ghostscript-9.52.tar.gz delete mode 100644 gs-CVE-2019-14811-885444fc.patch delete mode 100644 gs-CVE-2019-14817-cd1b1cac.patch delete mode 100644 openjpeg4gs-CVE-2018-6616-8ee33522.patch diff --git a/CVE-2019-10216.patch b/CVE-2019-10216.patch deleted file mode 100644 index 7b6b488..0000000 --- a/CVE-2019-10216.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Fri, 2 Aug 2019 15:18:26 +0100 -Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly - ---- - Resource/Init/gs_type1.ps | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - ---- Resource/Init/gs_type1.ps -+++ Resource/Init/gs_type1.ps 2019-09-16 13:09:12.277074046 +0000 -@@ -118,25 +118,25 @@ - ( to be the same as glyph: ) print 1 index //== exec } if - 3 index exch 3 index .forceput - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname -- } -+ }executeonly - {pop} ifelse -- } forall -+ } executeonly forall - pop pop -- } -+ } executeonly - { - pop pop pop - } ifelse -- } -+ } executeonly - { - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname - pop pop - } ifelse -- } forall -+ } executeonly forall - 3 1 roll pop pop -- } if -+ } executeonly if - pop - dup /.AGLprocessed~GS //true .forceput -- } if -+ } executeonly if - - %% We need to excute the C .buildfont1 in a stopped context so that, if there - %% are errors we can put the stack back sanely and exit. Otherwise callers won't diff --git a/ghostscript-9.27.tar.gz b/ghostscript-9.27.tar.gz deleted file mode 100644 index 57d5716..0000000 --- a/ghostscript-9.27.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285 -size 42277543 diff --git a/ghostscript-9.52.tar.gz b/ghostscript-9.52.tar.gz new file mode 100644 index 0000000..2759897 --- /dev/null +++ b/ghostscript-9.52.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c2501d8e8e0814c4a5aa7e443e230e73d7af7f70287546f7b697e5ef49e32176 +size 49722607 diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 649c74c..3413783 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,134 @@ +------------------------------------------------------------------- +Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de + +- The version upgrade to 9.52 fixes in particular + CVE-2020-12268: jbic2dec: heap-based buffer overflow + in jbig2_image_compose (bsc#1170603) +- Version upgrade to 9.52 + Highlights in this release include: + * The 9.52 release replaces the 9.51 release after a problem + was reported with 9.51 which warranted the quick turnaround. + Thus, like 9.51, 9.52 is primarily a maintenance release, + consolidating the changes we introduced in 9.50. + * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt + (the "mt" indicating "multi-thread"). + LCMS2 is not thread-safe, and cannot be made thread-safe + without breaking the ABI. Our fork will be thread-safe and + include performance enhancements (these changes have all + been offered and rejected upstream). We will maintain + compatibility between Ghostscript and LCMS2 for a time, + but not in perpetuity. If there is sufficient interest, + our fork will be available as its own package separately + from Ghostscript (and MuPDF). + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + Incompatible changes: + * New option -dALLOWPSTRANSPARENCY: The transparency compositor + (and related features), whilst we are improving it, remains + sensitive to being driven correctly, and incorrect use + can have unexpected/undefined results. Hence, as part of + improving security, we limited access to these operators, + originally using the -dSAFER feature. As we made "SAFER" + the default mode, that became unacceptable, hence the + new option -dALLOWPSTRANSPARENCY which enables access + to the operators, cf. + https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY + For a release summary see: + https://www.ghostscript.com/doc/9.52/News.htm + For details see the News.htm and History9.htm files. +- Version upgrade to 9.51 + Highlights in this release include: + * 9.51 is primarily a maintainance release, consolidating + the changes we introduced in 9.50. + * We have continued our work on code hygiene for this release, + with a focus on the static analysis tool Coverity + (from Synopsys, Inc) and we are now maintaining a policy of + zero Coverity issues in the Ghostscript/GhostPDL source base. + * IMPORTANT: In consultation with a representative of + OpenPrinting (http://www.openprinting.org/) it is our + intention to deprecate and, in the not distant future, + remove the OpenPrinting Vector/Raster Printer Drivers + (that is, the opvp and oprp devices). + If you rely on either of these devices, please get in touch + with us (i.e. Ghostscript upstream), so we can discuss your + use case, and revise our plans accordingly. + * We (i.e. Ghostscript upstream) are in the process of forking + LittleCMS, cf. the other release notes entries below. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + For a release summary see: + https://www.ghostscript.com/doc/9.51/News.htm + For details see the News.htm and History9.htm files. +- Version upgrade to 9.50 + Highlights in this release include: + * The change to version 9.50 follows recognition + of the extent and importance of the file access control + redesign/reimplementation outlined below. + * The file access control capability (enable with -dSAFER) + has been completely rewritten, with a ground-up rethink + of the design. For more details, see: "SAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#Safer + * It is important to note that -dSAFER now only enables the + file access controls, and no longer applies restrictions + to standard Postscript functionality (specifically, + restrictions on setpagedevice). If your application relies + on these Postscript restrictions, see "OLDSAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer + and please get in touch, as we do plan to remove those + Postscript restrictions unless we have reason not to. + IMPORTANT: File access controls are now enabled by default. + In order to run Ghostscript without these controls, + see "NOSAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer + * We (i.e. Ghostscript upstream) are in the process of forking + LittleCMS, cf. the other release notes entries below. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + Incompatible changes: + * There are a couple of subtle incompatibilities between the old + and new SAFER implementations. Firstly, as mentioned above, + SAFER now leaves standard Postcript functionality unchanged + (except for the file access limitations). Secondly, the + interaction with save/restore operations, see "SAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#Safer + * The following is not strictly speaking new to 9.50, + as not much has changed since 9.27 in this area, + but for those who don't upgrade with every release: + The process of "tidying" the Postscript name space should have + removed only non-standard and undocumented operators. + Nevertheless, it is possible that any integrations or utilities + that rely on those non-standard and undocumented operators + may stop working, or may change behaviour. + If you encounter such a case, please contact us + (i.e. Ghostscript upstream, either the #ghostscript IRC channel + or the gs-devel mailing list would be best), and we'll work + with you to either find an alternative solution or return the + previous functionality, if there is genuinely no other option. + One case we know this has occurred is GSView 5 (and earlier). + GSView 5 support for PDF files relied upon internal use only + features which are no longer available. GSView 5 will still + work as previously for Postscript files. For PDF files, + users are encouraged to look at MuPDF https://www.mupdf.com/ + For a release summary see: + https://www.ghostscript.com/doc/9.50/News.htm + For details see the News.htm and History9.htm files. +- CVE-2019-10216.patch + gs-CVE-2019-14811-885444fc.patch + gs-CVE-2019-14817-cd1b1cac.patch + openjpeg4gs-CVE-2018-6616-8ee33522.patch + are fixed in the version 9.52 upstream sources. + +------------------------------------------------------------------- +Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns + +- Use system openjpeg2 on Tumbleweed/Factory. + +------------------------------------------------------------------- +Mon Sep 23 08:24:49 UTC 2019 - Johannes Segitz + +- Made ghostscript profile enforcing and limit it to the ghostscript + binaries (bsc#1150338) + ------------------------------------------------------------------- Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink @@ -32,6 +163,11 @@ Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink https://bugzilla.suse.com/show_bug.cgi?id=1144621 bsc#1144621 https://bugs.ghostscript.com/show_bug.cgi?id=701394 +------------------------------------------------------------------- +Wed May 8 08:46:43 UTC 2019 - jsegitz@suse.com + +- Set AA profile to complain and added fixes for ps2epsi (boo#1134327) + ------------------------------------------------------------------- Thu Apr 4 14:37:09 CEST 2019 - jsmeix@suse.de @@ -981,6 +1117,11 @@ Tue Sep 9 16:06:31 CEST 2014 - jsmeix@suse.de it is fixed in the upstream sources. - Removed trailing whitespaces in spec file and changes file. +------------------------------------------------------------------- +Mon Aug 18 15:12:28 UTC 2014 - meissner@suse.com + +- gs does not seem to require libopenssl-devel for building. + ------------------------------------------------------------------- Thu Mar 27 12:21:55 CET 2014 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index bb469ce..b207ae1 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -47,7 +47,7 @@ URL: https://www.ghostscript.com/ # so that we keep additionally the previous version number to upgrade from the previous version: # Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. #Version: 9.25pre26rc1 -Version: 9.27 +Version: 9.52 Release: 0 # Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": @@ -59,7 +59,7 @@ Release: 0 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): #define built_version %{version} -%define built_version 9.27 +%define built_version 9.52 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -71,21 +71,13 @@ Release: 0 #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz +# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz # URL for MD5 checksums: -# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS -# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz +# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS +# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 -Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch -# Patch1 Add commit from of upstream to fix CVE-2019-10216 -Patch1: CVE-2019-10216.patch -# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -Patch2: gs-CVE-2019-14811-885444fc.patch -# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 -Patch3: gs-CVE-2019-14817-cd1b1cac.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -93,6 +85,8 @@ Patch3: gs-CVE-2019-14817-cd1b1cac.patch # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch +# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem +# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch # RPM dependencies: Conflicts: ghostscript @@ -152,21 +146,14 @@ This package contains the development files for Minimal Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 -# openjpeg4gs-CVE-2018-6616-8ee33522.patch -%patch0 -# Patch1 Add commit from of upstream to fix CVE-2019-10216 -%patch1 -p0 -# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -%patch2 -p1 -# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 -%patch3 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: #patch100 -p1 -b remove-zlib-h-dependency.orig +# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem +# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 diff --git a/ghostscript.changes b/ghostscript.changes index 8e06409..090e920 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,123 @@ +------------------------------------------------------------------- +Wed Apr 29 12:09:39 CEST 2020 - jsmeix@suse.de + +- The version upgrade to 9.52 fixes in particular + CVE-2020-12268: jbic2dec: heap-based buffer overflow + in jbig2_image_compose (bsc#1170603) +- Version upgrade to 9.52 + Highlights in this release include: + * The 9.52 release replaces the 9.51 release after a problem + was reported with 9.51 which warranted the quick turnaround. + Thus, like 9.51, 9.52 is primarily a maintenance release, + consolidating the changes we introduced in 9.50. + * IMPORTANT: We have forked LittleCMS2 into LittleCMS2mt + (the "mt" indicating "multi-thread"). + LCMS2 is not thread-safe, and cannot be made thread-safe + without breaking the ABI. Our fork will be thread-safe and + include performance enhancements (these changes have all + been offered and rejected upstream). We will maintain + compatibility between Ghostscript and LCMS2 for a time, + but not in perpetuity. If there is sufficient interest, + our fork will be available as its own package separately + from Ghostscript (and MuPDF). + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + Incompatible changes: + * New option -dALLOWPSTRANSPARENCY: The transparency compositor + (and related features), whilst we are improving it, remains + sensitive to being driven correctly, and incorrect use + can have unexpected/undefined results. Hence, as part of + improving security, we limited access to these operators, + originally using the -dSAFER feature. As we made "SAFER" + the default mode, that became unacceptable, hence the + new option -dALLOWPSTRANSPARENCY which enables access + to the operators, cf. + https://www.ghostscript.com/doc/9.52/Use.htm#ALLOWPSTRANSPARENCY + For a release summary see: + https://www.ghostscript.com/doc/9.52/News.htm + For details see the News.htm and History9.htm files. +- Version upgrade to 9.51 + Highlights in this release include: + * 9.51 is primarily a maintainance release, consolidating + the changes we introduced in 9.50. + * We have continued our work on code hygiene for this release, + with a focus on the static analysis tool Coverity + (from Synopsys, Inc) and we are now maintaining a policy of + zero Coverity issues in the Ghostscript/GhostPDL source base. + * IMPORTANT: In consultation with a representative of + OpenPrinting (http://www.openprinting.org/) it is our + intention to deprecate and, in the not distant future, + remove the OpenPrinting Vector/Raster Printer Drivers + (that is, the opvp and oprp devices). + If you rely on either of these devices, please get in touch + with us (i.e. Ghostscript upstream), so we can discuss your + use case, and revise our plans accordingly. + * We (i.e. Ghostscript upstream) are in the process of forking + LittleCMS, cf. the other release notes entries below. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + For a release summary see: + https://www.ghostscript.com/doc/9.51/News.htm + For details see the News.htm and History9.htm files. +- Version upgrade to 9.50 + Highlights in this release include: + * The change to version 9.50 follows recognition + of the extent and importance of the file access control + redesign/reimplementation outlined below. + * The file access control capability (enable with -dSAFER) + has been completely rewritten, with a ground-up rethink + of the design. For more details, see: "SAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#Safer + * It is important to note that -dSAFER now only enables the + file access controls, and no longer applies restrictions + to standard Postscript functionality (specifically, + restrictions on setpagedevice). If your application relies + on these Postscript restrictions, see "OLDSAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#OldSafer + and please get in touch, as we do plan to remove those + Postscript restrictions unless we have reason not to. + IMPORTANT: File access controls are now enabled by default. + In order to run Ghostscript without these controls, + see "NOSAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#NoSafer + * We (i.e. Ghostscript upstream) are in the process of forking + LittleCMS, cf. the other release notes entries below. + * The usual round of bug fixes, compatibility changes, + and incremental improvements. + Incompatible changes: + * There are a couple of subtle incompatibilities between the old + and new SAFER implementations. Firstly, as mentioned above, + SAFER now leaves standard Postcript functionality unchanged + (except for the file access limitations). Secondly, the + interaction with save/restore operations, see "SAFER" at + https://www.ghostscript.com/doc/9.50/Use.htm#Safer + * The following is not strictly speaking new to 9.50, + as not much has changed since 9.27 in this area, + but for those who don't upgrade with every release: + The process of "tidying" the Postscript name space should have + removed only non-standard and undocumented operators. + Nevertheless, it is possible that any integrations or utilities + that rely on those non-standard and undocumented operators + may stop working, or may change behaviour. + If you encounter such a case, please contact us + (i.e. Ghostscript upstream, either the #ghostscript IRC channel + or the gs-devel mailing list would be best), and we'll work + with you to either find an alternative solution or return the + previous functionality, if there is genuinely no other option. + One case we know this has occurred is GSView 5 (and earlier). + GSView 5 support for PDF files relied upon internal use only + features which are no longer available. GSView 5 will still + work as previously for Postscript files. For PDF files, + users are encouraged to look at MuPDF https://www.mupdf.com/ + For a release summary see: + https://www.ghostscript.com/doc/9.50/News.htm + For details see the News.htm and History9.htm files. +- CVE-2019-10216.patch + gs-CVE-2019-14811-885444fc.patch + gs-CVE-2019-14817-cd1b1cac.patch + openjpeg4gs-CVE-2018-6616-8ee33522.patch + are fixed in the version 9.52 upstream sources. + ------------------------------------------------------------------- Fri Jan 31 17:26:37 UTC 2020 - Stefan Brüns @@ -33,7 +153,7 @@ Tue Aug 13 12:38:45 UTC 2019 - Dr. Werner Fink - Use update-alternatives to get the real ghostscript binary from /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to - use this with its wrapper script + use this with its wrapper script ------------------------------------------------------------------- Mon Aug 12 11:32:08 UTC 2019 - Dr. Werner Fink diff --git a/ghostscript.spec b/ghostscript.spec index 59291c6..61565fb 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -71,7 +71,7 @@ URL: https://www.ghostscript.com/ # so that we keep additionally the previous version number to upgrade from the previous version: # Starting SLE12/rpm-4.10, one can use tildeversions: 9.15~rc1. #Version: 9.25pre26rc1 -Version: 9.27 +Version: 9.52 Release: 0 # Normal version for Ghostscript releases is the upstream version: # tarball_version is used below to specify the directory via "setup -n": @@ -83,7 +83,7 @@ Release: 0 # Separated built_version needed in case of Ghostscript release candidates e.g. "define built_version 9.15". # For Ghostscript releases built_version and version are the same (i.e. the upstream version): #define built_version %{version} -%define built_version 9.27 +%define built_version 9.52 # Source0...Source9 is for sources from upstream: # Special URLs for Ghostscript release candidates: # see https://github.com/ArtifexSoftware/ghostpdl-downloads/releases @@ -95,21 +95,13 @@ Release: 0 #Source0: ghostscript-%{tarball_version}.tar.gz # Normal URLs for Ghostscript releases: # URL for Source0: -# wget -O ghostscript-9.27.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/ghostscript-9.27.tar.gz +# wget -O ghostscript-9.52.tar.gz https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/ghostscript-9.52.tar.gz # URL for MD5 checksums: -# wget -O gs927.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/MD5SUMS -# MD5 checksum for Source0: c3990a504a3a23b9babe9de00ed6597d ghostscript-9.27.tar.gz +# wget -O gs952.MD5SUMS https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/MD5SUMS +# MD5 checksum for Source0: 0f6964ab9b83a63b7e373f136243f901 ghostscript-9.52.tar.gz Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: -# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 -Patch0: openjpeg4gs-CVE-2018-6616-8ee33522.patch -# Patch1 Add commit from of upstream to fix CVE-2019-10216 -Patch1: CVE-2019-10216.patch -# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -Patch2: gs-CVE-2019-14811-885444fc.patch -# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 -Patch3: gs-CVE-2019-14817-cd1b1cac.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -117,6 +109,8 @@ Patch3: gs-CVE-2019-14817-cd1b1cac.patch # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: Patch100: remove-zlib-h-dependency.patch +# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem +# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): Patch101: ijs_exec_server_dont_use_sh.patch # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from @@ -289,21 +283,14 @@ This package contains the development files for Ghostscript. # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} -# Patch0 Add commit from openjpeg upstream to fix CVE-2018-6616 -# openjpeg4gs-CVE-2018-6616-8ee33522.patch -%patch0 -# Patch1 Add commit from of upstream to fix CVE-2019-10216 -%patch1 -p0 -# Patch1 Add commit from ghostscript upstream to fix CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 -%patch2 -p1 -# Patch2 Add commit from ghostscript upstream to fix CVE-2019-14817 -%patch3 -p1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream # and disable remove-zlib-h-dependency.patch because # Ghostscript 9.21 does no longer build this way: #patch100 -p1 -b remove-zlib-h-dependency.orig +# Patch101 ijs_exec_server_dont_use_sh.patch fixes IJS printing problem +# additionally allow exec'ing hpijs in apparmor profile was needed (bsc#1128467): %patch101 -p1 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 diff --git a/gs-CVE-2019-14811-885444fc.patch b/gs-CVE-2019-14811-885444fc.patch deleted file mode 100644 index 31cb84e..0000000 --- a/gs-CVE-2019-14811-885444fc.patch +++ /dev/null @@ -1,59 +0,0 @@ -Based on 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Tue, 20 Aug 2019 10:10:28 +0100 -Subject: [PATCH] make .forceput inaccessible - -Bug #701343, #701344, #701345 - -More defensive programming. We don't want people to access .forecput -even though it is no longer sufficient to bypass SAFER. The exploit -in #701343 didn't work anyway because of earlier work to stop the error -handler being used, but nevertheless, prevent access to .forceput from -.setuserparams2. - ---- - Resource/Init/gs_lev2.ps | 6 +++--- - Resource/Init/gs_pdfwr.ps | 4 ++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -158,7 +158,7 @@ end - { - pop pop - } ifelse -- } forall -+ } executeonly forall - % A context switch might have occurred during the above loop, - % causing the interpreter-level parameters to be reset. - % Set them again to the new values. From here on, we are safe, -@@ -229,9 +229,9 @@ end - { pop pop - } - ifelse -- } -+ } executeonly - forall pop --} .bind odef -+} .bind executeonly odef - - % Initialize the passwords. - % NOTE: the names StartJobPassword and SystemParamsPassword are known to -diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps ---- a/Resource/Init/gs_pdfwr.ps -+++ b/Resource/Init/gs_pdfwr.ps -@@ -652,11 +652,11 @@ currentdict /.pdfmarkparams .undef - systemdict /.pdf_hooked_DSC_Creator //true .forceput - } executeonly if - pop -- } if -+ } executeonly if - } { - pop - } ifelse -- } -+ } executeonly - { - pop - } ifelse diff --git a/gs-CVE-2019-14817-cd1b1cac.patch b/gs-CVE-2019-14817-cd1b1cac.patch deleted file mode 100644 index 51b9438..0000000 --- a/gs-CVE-2019-14817-cd1b1cac.patch +++ /dev/null @@ -1,200 +0,0 @@ -Based on cd1b1cacadac2479e291efe611979bdc1b3bdb19 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Wed, 21 Aug 2019 10:10:51 +0100 -Subject: [PATCH] PDF interpreter - review .forceput security - -Bug #701450 "Safer Mode Bypass by .forceput Exposure in .pdfexectoken" - -By abusing the error handler it was possible to get the PDFDEBUG portion -of .pdfexectoken, which uses .forceput left readable. - -Add an executeonly appropriately to make sure that clause isn't readable -no mstter what. - -Review all the uses of .forceput searching for similar cases, add -executeonly as required to secure those. All cases in the PostScript -support files seem to be covered already. - ---- - Resource/Init/pdf_base.ps | 2 +- - Resource/Init/pdf_draw.ps | 14 +++++++------- - Resource/Init/pdf_font.ps | 21 +++++++++++---------- - Resource/Init/pdf_main.ps | 6 +++--- - Resource/Init/pdf_ops.ps | 11 ++++++----- - 5 files changed, 28 insertions(+), 26 deletions(-) - -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps ---- a/Resource/Init/pdf_base.ps -+++ b/Resource/Init/pdf_base.ps -@@ -157,7 +157,7 @@ currentdict /num-chars-dict .undef - { - dup ==only () = flush - } ifelse % PDFSTEP -- } if % PDFDEBUG -+ } executeonly if % PDFDEBUG - 2 copy .knownget { - exch pop exch pop exch pop exec - } { -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps ---- a/Resource/Init/pdf_draw.ps -+++ b/Resource/Init/pdf_draw.ps -@@ -501,8 +501,8 @@ end - ( Output may be incorrect.\n) pdfformaterror - //pdfdict /.gs_warning_issued //true .forceput - PDFSTOPONERROR { /gs /undefined signalerror } if -- } if -- } -+ } executeonly if -+ } executeonly - ifelse - } bind executeonly def - -@@ -1142,7 +1142,7 @@ currentdict end readonly def - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput -@@ -1150,8 +1150,8 @@ currentdict end readonly def - pdfformaterror - } executeonly ifelse - end -- } ifelse -- } loop -+ } executeonly ifelse -+ } executeonly loop - { - (\n **** Error: File has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) - //pdfdict /.Qqwarning_issued .knownget -@@ -1165,14 +1165,14 @@ currentdict end readonly def - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -+ } executeonly if - pop - - % restore pdfemptycount -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps ---- a/Resource/Init/pdf_font.ps -+++ b/Resource/Init/pdf_font.ps -@@ -701,9 +701,9 @@ currentdict end readonly def - } if - PDFDEBUG { - (.processToUnicode end) = -- } if -- } if -- } stopped -+ } executeonly if -+ } executeonly if -+ } executeonly stopped - { - .dstackdepth 1 countdictstack 1 sub - {pop end} for -@@ -1233,19 +1233,20 @@ currentdict /eexec_pdf_param_dict .undef - //pdfdict /.Qqwarning_issued //true .forceput - } executeonly if - Q -- } repeat -+ } executeonly repeat - Q -- } PDFfile fileposition 2 .execn % Keep pdfcount valid. -+ } executeonly PDFfile fileposition 2 .execn % Keep pdfcount valid. - PDFfile exch setfileposition -- } ifelse -- } { -+ } executeonly ifelse -+ } executeonly -+ { - % PDF Type 3 fonts don't use .notdef - % d1 implementation adjusts the width as needed - 0 0 0 0 0 0 - pdfopdict /d1 get exec - } ifelse - end end -- } bdef -+ } executeonly bdef - dup currentdict Encoding .processToUnicode - currentdict end .completefont exch pop - } bind executeonly odef -@@ -2045,9 +2046,9 @@ currentdict /CMap_read_dict undef - (Will continue, but content may be missing.) = flush - } ifelse - } if -- } if -+ } executeonly if - /findresource cvx /undefined signalerror -- } loop -+ } executeonly loop - } bind executeonly odef - - /buildCIDType0 { % buildCIDType0 -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps ---- a/Resource/Init/pdf_main.ps -+++ b/Resource/Init/pdf_main.ps -@@ -2749,15 +2749,15 @@ currentdict /PDF2PS_matrix_key undef - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -- } if -+ } executeonly if -+ } executeonly if - pop - count PDFexecstackcount sub { pop } repeat - (after exec) VMDEBUG -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps ---- a/Resource/Init/pdf_ops.ps -+++ b/Resource/Init/pdf_ops.ps -@@ -186,14 +186,14 @@ currentdict /gput_always_allow .undef - .setglobal - pdfformaterror - } executeonly ifelse -- } -+ } executeonly - { - currentglobal //pdfdict gcheck .setglobal - //pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror - } executeonly ifelse -- } if -+ } executeonly if - } bind executeonly odef - - % Save PDF gstate -@@ -440,11 +440,12 @@ currentdict /gput_always_allow .undef - dup type /booleantype eq { - .currentSMask type /dicttype eq { - .currentSMask /Processed 2 index .forceput -+ } executeonly -+ { -+ .setSMask -+ }ifelse - } executeonly - { -- .setSMask -- }ifelse -- }{ - .setSMask - }ifelse - diff --git a/openjpeg4gs-CVE-2018-6616-8ee33522.patch b/openjpeg4gs-CVE-2018-6616-8ee33522.patch deleted file mode 100644 index 3ff7872..0000000 --- a/openjpeg4gs-CVE-2018-6616-8ee33522.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 8ee335227bbcaf1614124046aa25e53d67b11ec3 Mon Sep 17 00:00:00 2001 -From: Hugo Lefeuvre -Date: Fri, 14 Dec 2018 04:58:40 +0100 -Subject: [PATCH] convertbmp: detect invalid file dimensions early - -width/length dimensions read from bmp headers are not necessarily -valid. For instance they may have been maliciously set to very large -values with the intention to cause DoS (large memory allocation, stack -overflow). In these cases we want to detect the invalid size as early -as possible. - -This commit introduces a counter which verifies that the number of -written bytes corresponds to the advertized width/length. - -Fixes #1059 (CVE-2018-6616). ---- - openjpeg/src/bin/jp2/convertbmp.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - ---- openjpeg/src/bin/jp2/convertbmp.c -+++ openjpeg/src/bin/jp2/convertbmp.c 2019-09-12 08:22:52.272682353 +0000 -@@ -519,14 +519,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE* - static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, - OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) - { -- OPJ_UINT32 x, y; -+ OPJ_UINT32 x, y, written; - OPJ_UINT8 *pix; - const OPJ_UINT8 *beyond; - - beyond = pData + stride * height; - pix = pData; - -- x = y = 0U; -+ x = y = written = 0U; - while (y < height) { - int c = getc(IN); - if (c == EOF) { -@@ -546,6 +546,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* - for (j = 0; (j < c) && (x < width) && - ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { - *pix = c1; -+ written++; - } - } else { - c = getc(IN); -@@ -583,6 +584,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* - } - c1 = (OPJ_UINT8)c1_int; - *pix = c1; -+ written++; - } - if ((OPJ_UINT32)c & 1U) { /* skip padding byte */ - c = getc(IN); -@@ -593,6 +595,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* - } - } - }/* while() */ -+ -+ if (written != width * height) { -+ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); -+ return OPJ_FALSE; -+ } -+ - return OPJ_TRUE; - } -