From 5e083bfca3479f8372a0134de89d9ff2d613ff05 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 28 2017 15:10:36 +0000 Subject: import ghostscript-9.07-20.el7_3.7 --- diff --git a/SOURCES/ghostscript-fix-infinite-for-loop.patch b/SOURCES/ghostscript-fix-infinite-for-loop.patch new file mode 100644 index 0000000..b4edcab --- /dev/null +++ b/SOURCES/ghostscript-fix-infinite-for-loop.patch @@ -0,0 +1,26 @@ +From 26b11a3fe34fc3c4e81e17c4fc82a674aa238d97 Mon Sep 17 00:00:00 2001 +From: Michael Vrhel +Date: Mon, 16 Dec 2013 08:32:12 -0800 +Subject: [PATCH] Fix for goof up in loop index variable. + +Fixes bug 694811 and 694848. Thanks ken for finding this. +--- + base/gdevp14.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gdevp14.c b/base/gdevp14.c +index ef2a50f..bfbf694 100644 +--- a/base/gdevp14.c ++++ b/base/gdevp14.c +@@ -2247,7 +2247,7 @@ pdf14_copy_alpha_color(gx_device * dev, const byte * data, int data_x, + if (overprint) { + if (blendspot) { + /* Overprint simulation of spot colorants */ +- for (k = 0; k < num_comp; ++i) { ++ for (k = 0; k < num_comp; ++k) { + int temp = + (255 - dst_ptr[k * planestride]) * dst[k]; + temp = temp >> 8; +-- +2.9.3 + diff --git a/SOURCES/ghostscript-fix-locksafe.patch b/SOURCES/ghostscript-fix-locksafe.patch new file mode 100644 index 0000000..4550cca --- /dev/null +++ b/SOURCES/ghostscript-fix-locksafe.patch @@ -0,0 +1,30 @@ +From 2d12af7be33df59db60c06e149b013be41aca68c Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Fri, 10 Jun 2016 09:49:02 +0100 +Subject: [PATCH] Fix .locksafe + +Apparently we need to .forceput the definition of getenve into +systemdict, at least when running GSView 5.0. + +Discovered when trying to investigate a customer bug report using +GSView 5. +--- + Resource/Init/gs_init.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index abb9489..0083fa3 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2019,7 +2019,7 @@ readonly def + /LockFilePermissions //true + >> setuserparams + } +- systemdict /getenv {pop //false} put ++ systemdict /getenv {pop //false} .forceput + if + % setpagedevice has the side effect of clearing the page, but + % we will just document that. Using setpagedevice keeps the device +-- +2.9.3 + diff --git a/SPECS/ghostscript.spec b/SPECS/ghostscript.spec index 5330f0d..031fea9 100644 --- a/SPECS/ghostscript.spec +++ b/SPECS/ghostscript.spec @@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer Name: ghostscript Version: %{gs_ver} -Release: 20%{?dist}.5 +Release: 20%{?dist}.7 # Included CMap data is Redistributable, no modification permitted, # see http://bugzilla.redhat.com/487510 @@ -44,6 +44,8 @@ Patch20: ghostscript-hanging-in-convert.patch Patch21: ghostscript-check-icc-profile-errors.patch Patch22: ghostscript-cups-icc-profile.patch Patch28: ghostscript-handle-glyphdirectory-array.patch +Patch29: ghostscript-fix-locksafe.patch +Patch30: ghostscript-fix-infinite-for-loop.patch # Security patches: # ----------------- @@ -219,6 +221,12 @@ rm -rf expat freetype icclib jasper jpeg lcms lcms2 libpng openjpeg zlib cups/li # Fix of SIGSEGV when processing GlyphDirectory (bug #1390847) %patch28 -p1 +# Fix .locksafe [fixes regression from previous CVE fixes](bug #1411725) +%patch29 -p1 + +# Fix infinite 'for' loop in gdevp14.c file (bug #1424752) +%patch30 -p1 + # Fix for corruption of operand stack (bug #1446063): %patch32 -p1 @@ -421,6 +429,12 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Wed May 24 2017 David Kaspar [Dee'Kej] - 9.07-20.el7_3.7 +- Fix infinite 'for' loop in gdevp14.c file (bug #1455084) + +* Tue May 23 2017 David Kaspar [Dee'Kej] - 9.07-20.el7_3.6 +- Fix for regression caused by previous CVE fixes (bug #1411725) + * Thu May 11 2017 David Kaspar [Dee'Kej] - 9.07-20.el7_3.5 - Security fix for CVE-2017-8291 updated to address SIGSEGV