rpms/ghostscript
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI ghostscript-9.27-17.el8_10

Browse Source
This commit is contained in:
eabdullin 2025-06-03 01:34:13 +00:00
parent 389c66ce90
commit a22a559aed
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
SOURCES/0001-Bug-708133-Avoid-integer-overflow-leading-to-buffer-.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/contrib/japanese/gdevnpdl.c b/contrib/japanese/gdevnpdl.c
index 597ecc8..0aa5128 100644
--- a/contrib/japanese/gdevnpdl.c
+++ b/contrib/japanese/gdevnpdl.c
@@ -580,7 +580,7 @@ npdl_print_page_copies(gx_device_printer * pdev, FILE * prn_stream, int num_copi
int code;
int maxY = lprn->BlockLine / lprn->nBh * lprn->nBh;
- if (!(lprn->CompBuf = gs_malloc(pdev->memory->non_gc_memory, line_size * maxY, sizeof(byte), "npdl_print_page_copies(CompBuf)")))
+ if (!(lprn->CompBuf = gs_malloc(pdev->memory->non_gc_memory, line_size, maxY, "npdl_print_page_copies(CompBuf)")))
return_error(gs_error_VMerror);
/* Initialize printer */
@@ -675,7 +675,7 @@ npdl_print_page_copies(gx_device_printer * pdev, FILE * prn_stream, int num_copi
/* Form Feed */
fputs("\014", prn_stream);
- gs_free(pdev->memory->non_gc_memory, lprn->CompBuf, line_size * maxY, sizeof(byte), "npdl_print_page_copies(CompBuf)");
+ gs_free(pdev->memory->non_gc_memory, lprn->CompBuf, line_size, maxY, "npdl_print_page_copies(CompBuf)");
return 0;
}

8
SPECS/ghostscript.spec
View File

@ -37,7 +37,7 @@
Name: ghostscript Name: ghostscript
Summary: Interpreter for PostScript language & PDF Summary: Interpreter for PostScript language & PDF
Version: 9.27 Version: 9.27
Release: 16%{?dist} Release: 17%{?dist}
License: AGPLv3+ License: AGPLv3+
@ -150,6 +150,9 @@ Patch033: 0001-Bug-707793-Check-for-overflow-validating-format-stri.patch
# RHEL-67051 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution # RHEL-67051 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3 # https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3
Patch034: 0001-PostScript-interpreter-fix-buffer-length-check.patch Patch034: 0001-PostScript-interpreter-fix-buffer-length-check.patch
# RHEL-88965 CVE-2025-27832 ghostscript: NPDL device: Compression buffer overflow
# https://github.com/ArtifexSoftware/ghostpdl/commit/57291c8463
Patch035: 0001-Bug-708133-Avoid-integer-overflow-leading-to-buffer-.patch
# Downstream patches -- these should be always included when doing rebase: # Downstream patches -- these should be always included when doing rebase:
@ -490,6 +493,9 @@ done
# ============================================================================= # =============================================================================
%changelog %changelog
* Wed May 07 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-17
- RHEL-88965 CVE-2025-27832 ghostscript: NPDL device: Compression buffer overflow
* Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-16 * Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-16
- RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable() - RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
- RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space - RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space