diff --git a/ghostscript-CVE-2008-0411.patch b/ghostscript-CVE-2008-0411.patch new file mode 100644 index 0000000..92b2916 --- /dev/null +++ b/ghostscript-CVE-2008-0411.patch @@ -0,0 +1,13 @@ +diff -up ghostscript-8.61/src/zicc.c.CVE-2008-0411 ghostscript-8.61/src/zicc.c +--- ghostscript-8.61/src/zicc.c.CVE-2008-0411 2007-09-25 14:31:24.000000000 +0100 ++++ ghostscript-8.61/src/zicc.c 2008-02-27 17:07:30.000000000 +0000 +@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p) + dict_find_string(op, "N", &pnval); + ncomps = pnval->value.intval; + ++ if (2*ncomps > sizeof(range_buff)/sizeof(float)) ++ return_error(e_rangecheck); ++ + /* verify the DataSource entry */ + if (dict_find_string(op, "DataSource", &pstrmval) <= 0) + return_error(e_undefined); diff --git a/ghostscript.spec b/ghostscript.spec index 4ffcc2e..adceb1a 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -5,7 +5,7 @@ Summary: A PostScript(TM) interpreter and renderer. Name: ghostscript Version: %{gs_ver} -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 URL: http://www.ghostscript.com/ @@ -22,6 +22,7 @@ Patch5: http://www.openprinting.org/download/printing/esp-gpl-ghostscript-merge/ Patch6: ghostscript-runlibfileifexists.patch Patch7: ghostscript-gsbug689577.patch Patch8: ghostscript-system-jasper.patch +Patch9: ghostscript-CVE-2008-0411.patch Requires: urw-fonts >= 1.1, ghostscript-fonts BuildRequires: libjpeg-devel, libXt-devel @@ -100,6 +101,8 @@ rm -rf libpng zlib jpeg jasper %patch8 -p1 -b .system-jasper +%patch9 -p1 -b .CVE-2008-0411 + # Convert manual pages to UTF-8 from8859_1() { iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_" @@ -271,6 +274,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Wed Feb 27 2008 Tim Waugh 8.61-8 +- Applied patch to fix CVE-2008-0411 (bug #431536). + * Fri Feb 22 2008 Tim Waugh 8.61-7 - Build with jasper again (bug #433897). Build requires jasper-devel, and a patch to remove jas_set_error_cb reference.