Added security patch for CVE-2016-7977 (bug #1380415)
This commit is contained in:
parent
716ba11068
commit
a890cdf30f
28
ghostscript-9.20-cve-2016-7977.patch
Normal file
28
ghostscript-9.20-cve-2016-7977.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 8abd22010eb4db0fb1b10e430d5f5d83e015ef70 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris Liddell <chris.liddell@artifex.com>
|
||||||
|
Date: Mon, 3 Oct 2016 01:46:28 +0100
|
||||||
|
Subject: [PATCH] Bug 697169: Be rigorous with SAFER permissions
|
||||||
|
|
||||||
|
Once we've opened our input file from the command line, enforce the SAFER
|
||||||
|
rules.
|
||||||
|
---
|
||||||
|
psi/zfile.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/psi/zfile.c b/psi/zfile.c
|
||||||
|
index b6caea2..2c6c958 100644
|
||||||
|
--- a/psi/zfile.c
|
||||||
|
+++ b/psi/zfile.c
|
||||||
|
@@ -1081,6 +1081,9 @@ lib_file_open(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx
|
||||||
|
gs_main_instance *minst = get_minst_from_memory(mem);
|
||||||
|
int code;
|
||||||
|
|
||||||
|
+ if (i_ctx_p && starting_arg_file)
|
||||||
|
+ i_ctx_p->starting_arg_file = false;
|
||||||
|
+
|
||||||
|
/* when starting arg files (@ files) iodev_default is not yet set */
|
||||||
|
if (iodev == 0)
|
||||||
|
iodev = (gx_io_device *)gx_io_device_table[0];
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
|
|
@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
|
|||||||
Name: ghostscript
|
Name: ghostscript
|
||||||
Version: %{gs_ver}
|
Version: %{gs_ver}
|
||||||
|
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
|
|
||||||
# Included CMap data is Redistributable, no modification permitted,
|
# Included CMap data is Redistributable, no modification permitted,
|
||||||
# see http://bugzilla.redhat.com/487510
|
# see http://bugzilla.redhat.com/487510
|
||||||
@ -26,6 +26,7 @@ Patch5: ghostscript-9.20-cve-2016-7979.patch
|
|||||||
Patch6: ghostscript-9.20-cve-2016-7976.patch
|
Patch6: ghostscript-9.20-cve-2016-7976.patch
|
||||||
Patch7: ghostscript-9.20-cve-2016-7978.patch
|
Patch7: ghostscript-9.20-cve-2016-7978.patch
|
||||||
Patch8: ghostscript-9.20-cve-2016-8602.patch
|
Patch8: ghostscript-9.20-cve-2016-8602.patch
|
||||||
|
Patch9: ghostscript-9.20-cve-2016-7977.patch
|
||||||
|
|
||||||
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
Requires: %{name}-core%{?_isa} = %{version}-%{release}
|
||||||
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
Requires: %{name}-x11%{?_isa} = %{version}-%{release}
|
||||||
@ -139,6 +140,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib
|
|||||||
# Check for sufficient params in .sethalftone5 (bug #1383940):
|
# Check for sufficient params in .sethalftone5 (bug #1383940):
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
|
|
||||||
|
# Honor -dSAFER in .libfile (bug #1380415):
|
||||||
|
%patch9 -p1
|
||||||
|
|
||||||
# Convert manual pages to UTF-8
|
# Convert manual pages to UTF-8
|
||||||
from8859_1() {
|
from8859_1() {
|
||||||
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
||||||
@ -335,6 +339,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/libgs.so
|
%{_libdir}/libgs.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 1 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-4
|
||||||
|
- Added security fix for CVE-2016-7977 (bug #1380415)
|
||||||
|
|
||||||
* Tue Nov 1 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-3
|
* Tue Nov 1 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-3
|
||||||
- Added security fix for CVE-2016-8602 (bug #1383940)
|
- Added security fix for CVE-2016-8602 (bug #1383940)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user