From fb69d56b4ed126ea07246c1bf72ce7eb27a5f0be Mon Sep 17 00:00:00 2001
From: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
Date: Apr 27 2017 15:58:32 +0000
Subject: Added security patch for CVE-2016-10217


  Resolves: #1441564

---

diff --git a/ghostscript-9.20-cve-2016-10217.patch b/ghostscript-9.20-cve-2016-10217.patch
new file mode 100644
index 0000000..269ab84
--- /dev/null
+++ b/ghostscript-9.20-cve-2016-10217.patch
@@ -0,0 +1,33 @@
+From 90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb Mon Sep 17 00:00:00 2001
+From: Michael Vrhel <michael.vrhel@artifex.com>
+Date: Thu, 29 Dec 2016 14:00:21 -0800
+Subject: [PATCH] Bug 697456.  Dont create new ctx when pdf14 device reenabled
+
+This bug had yet another weird case where the user created a
+file that pushed the pdf14 device twice.  We were in that case,
+creating a new ctx and blowing away the original one with out
+proper clean up.  To avoid, only create a new one when we need it.
+---
+ base/gdevp14.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/base/gdevp14.c b/base/gdevp14.c
+index fd56ec9..f19318e 100644
+--- a/base/gdevp14.c
++++ b/base/gdevp14.c
+@@ -1669,8 +1669,10 @@ pdf14_open(gx_device *dev)
+     rect.p.y = 0;
+     rect.q.x = dev->width;
+     rect.q.y = dev->height;
+-    pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components,
+-        pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev);
++    /* If we are reenabling the device dont create a new ctx. Bug 697456 */
++    if (pdev->ctx == NULL)
++        pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components,
++            pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev);
+     if (pdev->ctx == NULL)
+         return_error(gs_error_VMerror);
+     pdev->free_devicen = true;
+-- 
+2.9.3
+
diff --git a/ghostscript.spec b/ghostscript.spec
index d2e0dea..4b2b259 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 # Included CMap data is Redistributable, no modification permitted,
 # see http://bugzilla.redhat.com/487510
@@ -31,6 +31,7 @@ Patch8: ghostscript-9.20-cve-2016-8602.patch
 Patch9: ghostscript-9.20-cve-2016-7977.patch
 Patch12: ghostscript-9.20-cve-2016-9601.patch
 Patch13: ghostscript-9.20-cve-2017-7207.patch
+Patch14: ghostscript-9.20-cve-2016-10217.patch
 
 Requires: %{name}-core%{?_isa} = %{version}-%{release}
 Requires: %{name}-x11%{?_isa} = %{version}-%{release}
@@ -159,6 +160,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib 
 # Check for null-pointer dereference in mem_get_bits_rectangle() (bug #1434497):
 %patch13 -p1
 
+# CVE-2016-10217 (bug #1441564):
+%patch14 -p1
+
 # Convert manual pages to UTF-8
 from8859_1() {
         iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -355,6 +359,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Thu Apr 27 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-9
+- Added security fixes for:
+  - CVE-2016-10217 (bug #1441564)
+
 * Thu Apr 06 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-8
   Added security fix for CVE-2017-7207 (bug #1434497)