fix cve-2023-52722
(cherry picked from commit 723a89e934ef1112c77a15a9fa7332c56a5c0c6c)
This commit is contained in:
xuchenchen
openeuler-sync-bot
parent
841638b938
commit
b1aaf4c964
38
fix-cve-2023-52722.patch
Normal file
38
fix-cve-2023-52722.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From afd7188f74918cb51b5fb89f52b54eb16e8acfd1 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Liddell <chris.liddell@artifex.com>
|
||||
Date: 2023-09-12 10:46:10 +0100
|
||||
Subject: [PATCH] In SAFER (default) don't allow eexec seeds other than the Type 1 standard
|
||||
|
||||
---
|
||||
psi/zmisc1.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/psi/zmisc1.c b/psi/zmisc1.c
|
||||
index 3c47e99..81556ac 100644
|
||||
--- a/psi/zmisc1.c
|
||||
+++ b/psi/zmisc1.c
|
||||
@@ -93,6 +93,9 @@ zexE(i_ctx_t *i_ctx_p)
|
||||
|
||||
if (code < 0)
|
||||
return code;
|
||||
+ if (gs_is_path_control_active(imemory) != 0 && state.cstate != 55665) {
|
||||
+ return_error(gs_error_rangecheck);
|
||||
+ }
|
||||
return filter_write(i_ctx_p, code, &s_exE_template, (stream_state *)&state, 0);
|
||||
}
|
||||
|
||||
@@ -130,6 +133,11 @@ zexD(i_ctx_t *i_ctx_p)
|
||||
}
|
||||
if (code < 0)
|
||||
return code;
|
||||
+
|
||||
+ if (gs_is_path_control_active(imemory) != 0 && state.cstate != 55665) {
|
||||
+ return_error(gs_error_rangecheck);
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* If we're reading a .PFB file, let the filter know about it,
|
||||
* so it can read recklessly to the end of the binary section.
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: ghostscript
|
||||
Version: 9.55.0
|
||||
Release: 7
|
||||
Release: 8
|
||||
Summary: An interpreter for PostScript and PDF files
|
||||
License: AGPLv3+
|
||||
URL: https://ghostscript.com/
|
||||
@ -23,6 +23,7 @@ Patch4: CVE-2023-28879.patch
|
||||
Patch5: CVE-2023-36664.patch
|
||||
Patch6: backport-CVE-2023-43115-Bug707051-IJS-device-try-and-secure-the-IJS-server-startup.patch
|
||||
Patch7: backport-CVE-2023-46751.patch
|
||||
Patch8: fix-cve-2023-52722.patch
|
||||
|
||||
BuildRequires: automake gcc
|
||||
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
|
||||
@ -183,6 +184,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
|
||||
%{_bindir}/dvipdf
|
||||
|
||||
%changelog
|
||||
* Mon May 6 2024 xuchenchen <xuchenchen@kylinos.cn> - 9.55.0-8
|
||||
- Type:CVE
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DECS: fix CVE-2023-52722
|
||||
|
||||
* Mon Dec 25 2023 liningjie <liningjie@xfusion.com> - 9.55.0-7
|
||||
- Type:CVE
|
||||
- ID:CVE-2023-46751
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user