diff --git a/ghostscript-10.01.2-CVE-2023-43115.patch b/ghostscript-10.01.2-CVE-2023-43115.patch new file mode 100644 index 0000000..d2ef80f --- /dev/null +++ b/ghostscript-10.01.2-CVE-2023-43115.patch @@ -0,0 +1,20 @@ +--- a/devices/gdevijs.c ++++ b/devices/gdevijs.c +@@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev) + static const char rgb[] = "DeviceRGB"; + gx_device_ijs *ijsdev = (gx_device_ijs *)dev; + ++ if (ijsdev->memory->gs_lib_ctx->core->path_control_active) ++ return_error(gs_error_invalidaccess); + if (!ijsdev->ColorSpace) { + ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1, + "gsijs_initialize"); +@@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_param_list *plist) + if (code >= 0) + code = gsijs_read_string(plist, "IjsServer", + ijsdev->IjsServer, sizeof(ijsdev->IjsServer), +- dev->LockSafetyParams, is_open); ++ ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open); + + if (code >= 0) + code = gsijs_read_string_malloc(plist, "DeviceManufacturer", diff --git a/ghostscript.spec b/ghostscript.spec index 6ef2afe..282b6dc 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -45,7 +45,7 @@ Name: ghostscript Summary: Interpreter for PostScript language & PDF Version: 10.01.2 -Release: 3%{?dist} +Release: 4%{?dist} License: AGPL-3.0-or-later @@ -109,6 +109,7 @@ BuildRequires: make Patch001: ghostscript-10.01.0-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch Patch002: ghostscript-10.01.0-convert-defaultpage-to-lowercase.patch Patch003: ghostscript-10.01.2-CVE-2023-38559.patch +Patch004: ghostscript-10.01.2-CVE-2023-43115.patch # Downstream patches -- these should be always included when doing rebase: @@ -423,6 +424,9 @@ done # ============================================================================= %changelog +* Wed Oct 11 2023 Richard Lescak - 10.01.2-4 +- fix for CVE-2023-43115 (#2241112) + * Mon Aug 07 2023 Richard Lescak - 10.01.2-3 - fix for CVE-2023-38559 (#2225380)