diff --git a/ghostscript-9.20-cve-2016-10217.patch b/ghostscript-9.20-cve-2016-10217.patch new file mode 100644 index 0000000..269ab84 --- /dev/null +++ b/ghostscript-9.20-cve-2016-10217.patch @@ -0,0 +1,33 @@ +From 90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb Mon Sep 17 00:00:00 2001 +From: Michael Vrhel +Date: Thu, 29 Dec 2016 14:00:21 -0800 +Subject: [PATCH] Bug 697456. Dont create new ctx when pdf14 device reenabled + +This bug had yet another weird case where the user created a +file that pushed the pdf14 device twice. We were in that case, +creating a new ctx and blowing away the original one with out +proper clean up. To avoid, only create a new one when we need it. +--- + base/gdevp14.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/base/gdevp14.c b/base/gdevp14.c +index fd56ec9..f19318e 100644 +--- a/base/gdevp14.c ++++ b/base/gdevp14.c +@@ -1669,8 +1669,10 @@ pdf14_open(gx_device *dev) + rect.p.y = 0; + rect.q.x = dev->width; + rect.q.y = dev->height; +- pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components, +- pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev); ++ /* If we are reenabling the device dont create a new ctx. Bug 697456 */ ++ if (pdev->ctx == NULL) ++ pdev->ctx = pdf14_ctx_new(&rect, dev->color_info.num_components, ++ pdev->color_info.polarity != GX_CINFO_POLARITY_SUBTRACTIVE, dev); + if (pdev->ctx == NULL) + return_error(gs_error_VMerror); + pdev->free_devicen = true; +-- +2.9.3 + diff --git a/ghostscript.spec b/ghostscript.spec index d2e0dea..4b2b259 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer Name: ghostscript Version: %{gs_ver} -Release: 8%{?dist} +Release: 9%{?dist} # Included CMap data is Redistributable, no modification permitted, # see http://bugzilla.redhat.com/487510 @@ -31,6 +31,7 @@ Patch8: ghostscript-9.20-cve-2016-8602.patch Patch9: ghostscript-9.20-cve-2016-7977.patch Patch12: ghostscript-9.20-cve-2016-9601.patch Patch13: ghostscript-9.20-cve-2017-7207.patch +Patch14: ghostscript-9.20-cve-2016-10217.patch Requires: %{name}-core%{?_isa} = %{version}-%{release} Requires: %{name}-x11%{?_isa} = %{version}-%{release} @@ -159,6 +160,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib # Check for null-pointer dereference in mem_get_bits_rectangle() (bug #1434497): %patch13 -p1 +# CVE-2016-10217 (bug #1441564): +%patch14 -p1 + # Convert manual pages to UTF-8 from8859_1() { iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" @@ -355,6 +359,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Thu Apr 27 2017 David Kaspar [Dee'Kej] - 9.20-9 +- Added security fixes for: + - CVE-2016-10217 (bug #1441564) + * Thu Apr 06 2017 David Kaspar [Dee'Kej] - 9.20-8 Added security fix for CVE-2017-7207 (bug #1434497)