diff --git a/ghostscript-9.20-cve-2016-7977.patch b/ghostscript-9.20-cve-2016-7977.patch new file mode 100644 index 0000000..176ba9e --- /dev/null +++ b/ghostscript-9.20-cve-2016-7977.patch @@ -0,0 +1,28 @@ +From 8abd22010eb4db0fb1b10e430d5f5d83e015ef70 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 3 Oct 2016 01:46:28 +0100 +Subject: [PATCH] Bug 697169: Be rigorous with SAFER permissions + +Once we've opened our input file from the command line, enforce the SAFER +rules. +--- + psi/zfile.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/psi/zfile.c b/psi/zfile.c +index b6caea2..2c6c958 100644 +--- a/psi/zfile.c ++++ b/psi/zfile.c +@@ -1081,6 +1081,9 @@ lib_file_open(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx + gs_main_instance *minst = get_minst_from_memory(mem); + int code; + ++ if (i_ctx_p && starting_arg_file) ++ i_ctx_p->starting_arg_file = false; ++ + /* when starting arg files (@ files) iodev_default is not yet set */ + if (iodev == 0) + iodev = (gx_io_device *)gx_io_device_table[0]; +-- +2.7.4 + diff --git a/ghostscript.spec b/ghostscript.spec index 46890a0..1a3a760 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer Name: ghostscript Version: %{gs_ver} -Release: 3%{?dist} +Release: 4%{?dist} # Included CMap data is Redistributable, no modification permitted, # see http://bugzilla.redhat.com/487510 @@ -26,6 +26,7 @@ Patch5: ghostscript-9.20-cve-2016-7979.patch Patch6: ghostscript-9.20-cve-2016-7976.patch Patch7: ghostscript-9.20-cve-2016-7978.patch Patch8: ghostscript-9.20-cve-2016-8602.patch +Patch9: ghostscript-9.20-cve-2016-7977.patch Requires: %{name}-core%{?_isa} = %{version}-%{release} Requires: %{name}-x11%{?_isa} = %{version}-%{release} @@ -139,6 +140,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib # Check for sufficient params in .sethalftone5 (bug #1383940): %patch8 -p1 +# Honor -dSAFER in .libfile (bug #1380415): +%patch9 -p1 + # Convert manual pages to UTF-8 from8859_1() { iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" @@ -335,8 +339,11 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Tue Nov 1 2016 David Kaspar [Dee'Kej] - 9.20-4 +- Added security fix for CVE-2016-7977 (bug #1380415) + * Tue Nov 1 2016 David Kaspar [Dee'Kej] - 9.20-3 -- Added security fix for CVE-2016-8602 (bug #1383940) +- Added security fix for CVE-2016-8602 (bug #1383940) * Fri Oct 7 2016 David Kaspar [Dee'Kej] - 9.20-2 - Added security fixes for: