David Kaspar [Dee'Kej]
parent
9a57fb6419
commit
3706c3f331
33
ghostscript-9.20-cve-2017-7207.patch
Normal file
33
ghostscript-9.20-cve-2017-7207.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 309eca4e0a31ea70dcc844812691439312dad091 Mon Sep 17 00:00:00 2001
|
||||
From: Ken Sharp <ken.sharp@artifex.com>
|
||||
Date: Mon, 20 Mar 2017 09:34:11 +0000
|
||||
Subject: [PATCH] Ensure a device has raster memory, before trying to read it.
|
||||
|
||||
Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()"
|
||||
|
||||
This is only possible by abusing/mis-using Ghostscript-specific
|
||||
language extensions, so cannot happen in a general PostScript program.
|
||||
|
||||
Nevertheless, Ghostscript should not crash. So this commit checks the
|
||||
memory device to see if raster memory has been allocated, before trying
|
||||
to read from it.
|
||||
---
|
||||
base/gdevmem.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/base/gdevmem.c b/base/gdevmem.c
|
||||
index afd05bd..d52d684 100644
|
||||
--- a/base/gdevmem.c
|
||||
+++ b/base/gdevmem.c
|
||||
@@ -606,6 +606,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect,
|
||||
GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
|
||||
return_error(gs_error_rangecheck);
|
||||
}
|
||||
+ if (mdev->line_ptrs == 0x00)
|
||||
+ return_error(gs_error_rangecheck);
|
||||
if ((w <= 0) | (h <= 0)) {
|
||||
if ((w | h) < 0)
|
||||
return_error(gs_error_rangecheck);
|
||||
--
|
||||
2.9.3
|
||||
|
||||
@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
|
||||
Name: ghostscript
|
||||
Version: %{gs_ver}
|
||||
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
|
||||
# Included CMap data is Redistributable, no modification permitted,
|
||||
# see http://bugzilla.redhat.com/487510
|
||||
@ -30,6 +30,7 @@ Patch7: ghostscript-9.20-cve-2016-7978.patch
|
||||
Patch8: ghostscript-9.20-cve-2016-8602.patch
|
||||
Patch9: ghostscript-9.20-cve-2016-7977.patch
|
||||
Patch12: ghostscript-9.20-cve-2016-9601.patch
|
||||
Patch13: ghostscript-9.20-cve-2017-7207.patch
|
||||
|
||||
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
||||
@ -155,6 +156,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib
|
||||
# Squash signed/unsigned warnings in MSVC jbig2 build (bug #1410021):
|
||||
%patch12 -p1
|
||||
|
||||
# Check for null-pointer dereference in mem_get_bits_rectangle() (bug #1434497):
|
||||
%patch13 -p1
|
||||
|
||||
# Convert manual pages to UTF-8
|
||||
from8859_1() {
|
||||
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
||||
@ -351,6 +355,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/libgs.so
|
||||
|
||||
%changelog
|
||||
* Thu Apr 06 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-8
|
||||
Added security fix for CVE-2017-7207 (bug #1434497)
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.20-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user