fix for CVE-2023-4042

Resolves: rhbz#2228153

ghostscript-9.27-CVE-2023-4042.patch

@@ -0,0 +1,28 @@
+From 2793769ff107d8d22dadd30c6e68cd781b569550 Mon Sep 17 00:00:00 2001
+From: Julian Smith <jules@op59.net>
+Date: Mon, 4 Nov 2019 12:30:33 +0000
+Subject: [PATCH] Bug 701819: fixed ordering in if expression to avoid
+ out-of-bounds access.
+
+Fixes:
+    ./sanbin/gs -dBATCH -dNOPAUSE -r965 -sOutputFile=tmp -sDEVICE=pcx16 ../bug-701819.pdf
+---
+ devices/gdevpcx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/devices/gdevpcx.c b/devices/gdevpcx.c
+index 1735851d2..91de4abb6 100644
+--- a/devices/gdevpcx.c
++++ b/devices/gdevpcx.c
+@@ -442,7 +442,7 @@ pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file)
+         byte data = *from;
+ 
+         from += step;
+-        if (data != *from || from == end) {
++        if (from >= end || data != *from) {
+             if (data >= 0xc0)
+                 putc(0xc1, file);
+         } else {
+-- 
+2.41.0
+

ghostscript.spec

@@ -37,7 +37,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.27
-Release:          10%{?dist}
+Release:          11%{?dist}
 
 License:          AGPLv3+
 
@@ -111,6 +111,7 @@ Patch018: ghostscript-9.27-fix-bbox.patch
 Patch019: ghostscript-9.27-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch
 Patch020: ghostscript-9.27-CVE-2023-28879.patch
 Patch021: ghostscript-9.27-CVE-2023-38559.patch
+Patch022: ghostscript-9.27-CVE-2023-4042.patch
 
 
 # Downstream patches -- these should be always included when doing rebase:
@@ -451,6 +452,10 @@ done
 # =============================================================================
 
 %changelog
+* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-11
+- fix for CVE-2023-4042
+- Resolves: rhbz#2228153
+
 * Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-10
 - fix for CVE-2023-38559
 - Resolves: rhbz#2224371