- Applied patch from upstream to fix CVE-2007-2721 (bug #346511).
This commit is contained in:
parent
a945254617
commit
03b91a7480
48
ghostscript-CVE-2007-2721.patch
Normal file
48
ghostscript-CVE-2007-2721.patch
Normal file
@ -0,0 +1,48 @@
|
||||
diff -up ghostscript-8.60/jasper/src/libjasper/jp2/jp2_cod.c.CVE-2007-2721 ghostscript-8.60/jasper/src/libjasper/jp2/jp2_cod.c
|
||||
--- ghostscript-8.60/jasper/src/libjasper/jp2/jp2_cod.c.CVE-2007-2721 2006-02-08 06:21:28.000000000 +0000
|
||||
+++ ghostscript-8.60/jasper/src/libjasper/jp2/jp2_cod.c 2007-10-23 14:15:01.000000000 +0100
|
||||
@@ -247,7 +247,7 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
|
||||
box = 0;
|
||||
tmpstream = 0;
|
||||
|
||||
- if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
|
||||
+ if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) {
|
||||
goto error;
|
||||
}
|
||||
box->ops = &jp2_boxinfo_unk.ops;
|
||||
diff -up ghostscript-8.60/jasper/src/libjasper/jpc/jpc_cs.c.CVE-2007-2721 ghostscript-8.60/jasper/src/libjasper/jpc/jpc_cs.c
|
||||
--- ghostscript-8.60/jasper/src/libjasper/jpc/jpc_cs.c.CVE-2007-2721 2006-02-08 06:21:28.000000000 +0000
|
||||
+++ ghostscript-8.60/jasper/src/libjasper/jpc/jpc_cs.c 2007-10-23 14:15:01.000000000 +0100
|
||||
@@ -991,7 +991,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
|
||||
compparms->numstepsizes = (len - n) / 2;
|
||||
break;
|
||||
}
|
||||
-if (compparms->numstepsizes > 0) {
|
||||
+if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
|
||||
+ jpc_qcx_destroycompparms(compparms);
|
||||
+ return -1;
|
||||
+ } else if (compparms->numstepsizes > 0) {
|
||||
compparms->stepsizes = jas_malloc(compparms->numstepsizes *
|
||||
sizeof(uint_fast32_t));
|
||||
assert(compparms->stepsizes);
|
||||
diff -up ghostscript-8.60/jasper/src/libjasper/jpc/jpc_dec.c.CVE-2007-2721 ghostscript-8.60/jasper/src/libjasper/jpc/jpc_dec.c
|
||||
--- ghostscript-8.60/jasper/src/libjasper/jpc/jpc_dec.c.CVE-2007-2721 2006-12-06 22:25:01.000000000 +0000
|
||||
+++ ghostscript-8.60/jasper/src/libjasper/jpc/jpc_dec.c 2007-10-23 14:15:01.000000000 +0100
|
||||
@@ -1219,7 +1219,7 @@ static int jpc_dec_process_siz(jpc_dec_t
|
||||
dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
|
||||
dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
|
||||
dec->numtiles = dec->numhtiles * dec->numvtiles;
|
||||
- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
|
||||
+ if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1243,7 +1243,7 @@ static int jpc_dec_process_siz(jpc_dec_t
|
||||
tile->pkthdrstreampos = 0;
|
||||
tile->pptstab = 0;
|
||||
tile->cp = 0;
|
||||
- if (!(tile->tcomps = jas_malloc(dec->numcomps *
|
||||
+ if (!(tile->tcomps = jas_calloc(dec->numcomps,
|
||||
sizeof(jpc_dec_tcomp_t)))) {
|
||||
return -1;
|
||||
}
|
@ -5,7 +5,7 @@ Summary: A PostScript(TM) interpreter and renderer.
|
||||
Name: ghostscript
|
||||
Version: %{gs_ver}
|
||||
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
|
||||
License: GPLv2
|
||||
URL: http://www.ghostscript.com/
|
||||
@ -21,6 +21,7 @@ Patch3: ghostscript-noopt.patch
|
||||
Patch4: ghostscript-fPIC.patch
|
||||
Patch5: http://www.openprinting.org/download/printing/esp-gpl-ghostscript-merge/ghostscript-8.57-ijs-krgb.patch
|
||||
Patch6: ghostscript-mkstemp64.patch
|
||||
Patch7: ghostscript-CVE-2007-2721.patch
|
||||
|
||||
Requires: urw-fonts >= 1.1, ghostscript-fonts
|
||||
BuildRequires: libjpeg-devel, libXt-devel
|
||||
@ -89,8 +90,12 @@ A GTK-enabled version of Ghostscript, called 'gsx'.
|
||||
# IJS KRGB patch.
|
||||
%patch5 -p1 -b .ijs-krgb
|
||||
|
||||
# From upstream.
|
||||
%patch6 -p1 -b .mkstemp64
|
||||
|
||||
# Applied patch from upstream to fix CVE-2007-2721 (bug #346511).
|
||||
%patch7 -p1 -b .CVE-2007-2721
|
||||
|
||||
# Convert manual pages to UTF-8
|
||||
from8859_1() {
|
||||
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
|
||||
@ -269,6 +274,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/libgs.so
|
||||
|
||||
%changelog
|
||||
* Tue Oct 23 2007 Tim Waugh <twaugh@redhat.com> 8.60-5
|
||||
- Applied patch from upstream to fix CVE-2007-2721 (bug #346511).
|
||||
|
||||
* Tue Oct 9 2007 Tim Waugh <twaugh@redhat.com> 8.60-4
|
||||
- Marked localized man pages as %%lang (bug #322321).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user