import UBI ghostscript-9.54.0-16.el9_4

This commit is contained in:
eabdullin 2024-06-20 08:25:50 +00:00
parent 066c4b3cf8
commit 2c0bf4d4b5
2 changed files with 73 additions and 3 deletions

View File

@ -0,0 +1,62 @@
diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
index 70475ad..013a497 100644
--- a/contrib/opvp/gdevopvp.c
+++ b/contrib/opvp/gdevopvp.c
@@ -185,7 +185,7 @@ static int opvp_copy_color(gx_device *, const byte *, int, int,
static int _get_params(gs_param_list *);
static int opvp_get_params(gx_device *, gs_param_list *);
static int oprp_get_params(gx_device *, gs_param_list *);
-static int _put_params(gs_param_list *);
+static int _put_params(gx_device *, gs_param_list *);
static int opvp_put_params(gx_device *, gs_param_list *);
static int oprp_put_params(gx_device *, gs_param_list *);
static int opvp_fill_path(gx_device *, const gs_gstate *, gx_path *,
@@ -3043,7 +3043,7 @@ _get_params(gs_param_list *plist)
/* vector driver name */
pname = "Driver";
vdps.data = (byte *)vectorDriver;
- vdps.size = (vectorDriver ? strlen(vectorDriver) + 1 : 0);
+ vdps.size = (vectorDriver ? strlen(vectorDriver) : 0);
vdps.persistent = false;
code = param_write_string(plist, pname, &vdps);
if (code) ecode = code;
@@ -3180,7 +3180,7 @@ oprp_get_params(gx_device *dev, gs_param_list *plist)
* put params
*/
static int
-_put_params(gs_param_list *plist)
+_put_params(gx_device *dev, gs_param_list *plist)
{
int code;
int ecode = 0;
@@ -3202,6 +3202,12 @@ _put_params(gs_param_list *plist)
code = param_read_string(plist, pname, &vdps);
switch (code) {
case 0:
+ if (gs_is_path_control_active(dev->memory)
+ && (!vectorDriver || strlen(vectorDriver) != vdps.size
+ || memcmp(vectorDriver, vdps.data, vdps.size) != 0)) {
+ param_signal_error(plist, pname, gs_error_invalidaccess);
+ return_error(gs_error_invalidaccess);
+ }
buff = realloc(buff, vdps.size + 1);
memcpy(buff, vdps.data, vdps.size);
buff[vdps.size] = 0;
@@ -3403,7 +3409,7 @@ opvp_put_params(gx_device *dev, gs_param_list *plist)
int code;
/* put params */
- code = _put_params(plist);
+ code = _put_params(dev, plist);
if (code) return code;
/* put default params */
@@ -3419,7 +3425,7 @@ oprp_put_params(gx_device *dev, gs_param_list *plist)
int code;
/* put params */
- code = _put_params(plist);
+ code = _put_params(dev, plist);
if (code) return code;
/* put default params */

View File

@ -42,7 +42,7 @@
Name: ghostscript Name: ghostscript
Summary: Interpreter for PostScript language & PDF Summary: Interpreter for PostScript language & PDF
Version: 9.54.0 Version: 9.54.0
Release: 14%{?dist} Release: 16%{?dist}
License: AGPLv3+ License: AGPLv3+
@ -113,6 +113,8 @@ Patch008: ghostscript-9.54.0-CVE-2023-28879.patch
Patch009: ghostscript-9.54.0-CVE-2023-36664.patch Patch009: ghostscript-9.54.0-CVE-2023-36664.patch
Patch010: ghostscript-9.54.0-CVE-2023-38559.patch Patch010: ghostscript-9.54.0-CVE-2023-38559.patch
Patch011: ghostscript-9.54.0-CVE-2023-43115.patch Patch011: ghostscript-9.54.0-CVE-2023-43115.patch
# RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library
Patch012: gs-cve-2024-33871.patch
# Downstream patches -- these should be always included when doing rebase: # Downstream patches -- these should be always included when doing rebase:
# ------------------ # ------------------
@ -446,9 +448,15 @@ done
# ============================================================================= # =============================================================================
%changelog %changelog
* Thu Oct 12 2023 Richard Lescak <rlescak@redhat.com> - 9.54.0-14 * Thu Jun 13 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.54.0-16
- RHEL-39110 fix regression discovered in OPVP device
* Fri Jun 07 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.54.0-15
- RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library
* Fri Oct 27 2023 Richard Lescak <rlescak@redhat.com> - 9.54.0-14
- fix for CVE-2023-43115 - fix for CVE-2023-43115
- Resolves: RHEL-10184 - Resolves: RHEL-10185
* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.54.0-13 * Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.54.0-13
- fix for CVE-2023-38559 - fix for CVE-2023-38559