From 716ba1106893778fe9771ce13a6bcda88cc27430 Mon Sep 17 00:00:00 2001 From: "David Kaspar [Dee'Kej]" Date: Tue, 1 Nov 2016 14:25:58 +0100 Subject: [PATCH] Added security patch for CVE-2016-8602 (bug #1383940) --- ghostscript-9.20-cve-2016-8602.patch | 42 ++++++++++++++++++++++++++++ ghostscript.spec | 9 +++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 ghostscript-9.20-cve-2016-8602.patch diff --git a/ghostscript-9.20-cve-2016-8602.patch b/ghostscript-9.20-cve-2016-8602.patch new file mode 100644 index 0000000..7e57bd0 --- /dev/null +++ b/ghostscript-9.20-cve-2016-8602.patch @@ -0,0 +1,42 @@ +From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Sat, 8 Oct 2016 16:10:27 +0100 +Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 + +and param types +--- + psi/zht2.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/psi/zht2.c b/psi/zht2.c +index fb4a264..dfa27a4 100644 +--- a/psi/zht2.c ++++ b/psi/zht2.c +@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) + gs_memory_t *mem; + uint edepth = ref_stack_count(&e_stack); + int npop = 2; +- int dict_enum = dict_first(op); ++ int dict_enum; + ref rvalue[2]; + int cname, colorant_number; + byte * pname; + uint name_size; + int halftonetype, type = 0; + gs_gstate *pgs = igs; +- int space_index = r_space_index(op - 1); ++ int space_index; ++ ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ check_type(*op, t_dictionary); ++ check_type(*(op - 1), t_dictionary); ++ ++ dict_enum = dict_first(op); ++ space_index = r_space_index(op - 1); + + mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; + +-- +2.7.4 + diff --git a/ghostscript.spec b/ghostscript.spec index cd8877f..46890a0 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer Name: ghostscript Version: %{gs_ver} -Release: 2%{?dist} +Release: 3%{?dist} # Included CMap data is Redistributable, no modification permitted, # see http://bugzilla.redhat.com/487510 @@ -25,6 +25,7 @@ Patch4: ghostscript-9.20-urw-fonts-naming.patch Patch5: ghostscript-9.20-cve-2016-7979.patch Patch6: ghostscript-9.20-cve-2016-7976.patch Patch7: ghostscript-9.20-cve-2016-7978.patch +Patch8: ghostscript-9.20-cve-2016-8602.patch Requires: %{name}-core%{?_isa} = %{version}-%{release} Requires: %{name}-x11%{?_isa} = %{version}-%{release} @@ -135,6 +136,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib # Reference count device icc profile (bug #1382300): %patch7 -p1 +# Check for sufficient params in .sethalftone5 (bug #1383940): +%patch8 -p1 + # Convert manual pages to UTF-8 from8859_1() { iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" @@ -331,6 +335,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Tue Nov 1 2016 David Kaspar [Dee'Kej] - 9.20-3 +- Added security fix for CVE-2016-8602 (bug #1383940) + * Fri Oct 7 2016 David Kaspar [Dee'Kej] - 9.20-2 - Added security fixes for: - CVE-2016-7979 (bug #1382305)