From c929cf8ecd85b3d1faa976c74313ba3fdd46789c Mon Sep 17 00:00:00 2001 From: David Kaspar [Dee'Kej] Date: Apr 27 2017 16:17:06 +0000 Subject: Added security patch for CVE-2016-10218 Resolves: #1441568 --- diff --git a/ghostscript-9.20-cve-2016-10218.patch b/ghostscript-9.20-cve-2016-10218.patch new file mode 100644 index 0000000..11c8278 --- /dev/null +++ b/ghostscript-9.20-cve-2016-10218.patch @@ -0,0 +1,30 @@ +From c0502b3771e4eac89a199a3558182337d146d4ab Mon Sep 17 00:00:00 2001 +From: Michael Vrhel +Date: Thu, 29 Dec 2016 12:00:40 -0800 +Subject: [PATCH] Bug 697444 Unmatched transparency group pop + +This issue can only occur if there is an unmatched group pop. +If the interpreter is doing that, then the interpreter is +broken. With this bug the user is intentionally doing it. +We now throw and error when it occurs. +--- + base/gdevp14.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/base/gdevp14.c b/base/gdevp14.c +index ad3478f..84f0f40 100644 +--- a/base/gdevp14.c ++++ b/base/gdevp14.c +@@ -985,6 +985,9 @@ pdf14_pop_transparency_group(gs_gstate *pgs, pdf14_ctx *ctx, + bool blendspot = pdev->blendspot; + bool nonicc_conversion = true; + ++ if (nos == NULL) ++ return_error(gs_error_unknownerror); /* Unmatched group pop */ ++ + #ifdef DEBUG + pdf14_debug_mask_stack_state(ctx); + #endif +-- +2.9.3 + diff --git a/ghostscript.spec b/ghostscript.spec index 4b2b259..aecce54 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -32,6 +32,7 @@ Patch9: ghostscript-9.20-cve-2016-7977.patch Patch12: ghostscript-9.20-cve-2016-9601.patch Patch13: ghostscript-9.20-cve-2017-7207.patch Patch14: ghostscript-9.20-cve-2016-10217.patch +Patch15: ghostscript-9.20-cve-2016-10218.patch Requires: %{name}-core%{?_isa} = %{version}-%{release} Requires: %{name}-x11%{?_isa} = %{version}-%{release} @@ -163,6 +164,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib # CVE-2016-10217 (bug #1441564): %patch14 -p1 +# CVE-2016-10218 (bug #1441568): +%patch15 -p1 + # Convert manual pages to UTF-8 from8859_1() { iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" @@ -362,6 +366,7 @@ rm -rf $RPM_BUILD_ROOT * Thu Apr 27 2017 David Kaspar [Dee'Kej] - 9.20-9 - Added security fixes for: - CVE-2016-10217 (bug #1441564) + - CVE-2016-10218 (bug #1441568) * Thu Apr 06 2017 David Kaspar [Dee'Kej] - 9.20-8 Added security fix for CVE-2017-7207 (bug #1434497)