diff --git a/SOURCES/ghostscript-cve-2019-3835.patch b/SOURCES/ghostscript-cve-2019-3835.patch new file mode 100644 index 0000000..e09c605 --- /dev/null +++ b/SOURCES/ghostscript-cve-2019-3835.patch @@ -0,0 +1,304 @@ +From: Ray Johnston +Date: Thu, 14 Feb 2019 18:20:03 +0000 (-0800) +Subject: Fix bug 700585: Restrict superexec and remove it from internals and gs_cet.ps + +Fix bug 700585: Restrict superexec and remove it from internals and gs_cet.ps + +Also while changing things, restructure the CETMODE so that it will +work with -dSAFER. The gs_cet.ps is now run when we are still at save +level 0 with systemdict writeable. Allows us to undefine .makeoperator +and .setCPSImode internal operators after CETMODE is handled. + +Change previous uses of superexec to using .forceput (with the usual +.bind executeonly to hide it). + +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=205591753126802da850ada6511a0ff8411aa287 + +From: Ray Johnston +Date: Mon, 25 Feb 2019 06:01:04 +0000 (-0800) +Subject: Bug 700585: Obliterate "superexec". We don't need it, nor do any known apps. + +Bug 700585: Obliterate "superexec". We don't need it, nor do any known apps. + +We were under the impression that the Windows driver 'PScript5.dll' used +superexec, but after testing with our extensive suite of PostScript file, +and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear +that this operator is needed anymore. Get rid of superexec and all of the +references to it, since it is a potential security hole. + +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d683d1e6450d74619e6277efeebfc222d9a5cb91 +--- + +diff -up ghostscript-9.07/psi/icontext.c.cve-2019-3835 ghostscript-9.07/psi/icontext.c +--- ghostscript-9.07/psi/icontext.c.cve-2019-3835 2019-03-14 08:06:24.215719498 +0100 ++++ ghostscript-9.07/psi/icontext.c 2019-03-14 08:06:40.692519949 +0100 +@@ -148,7 +148,6 @@ context_state_alloc(gs_context_state_t * + pcst->rand_state = rand_state_initial; + pcst->usertime_total = 0; + pcst->keep_usertime = false; +- pcst->in_superexec = 0; + pcst->plugin_list = 0; + make_t(&pcst->error_object, t__invalid); + { /* +diff -up ghostscript-9.07/psi/icstate.h.cve-2019-3835 ghostscript-9.07/psi/icstate.h +--- ghostscript-9.07/psi/icstate.h.cve-2019-3835 2019-03-14 08:07:26.329967229 +0100 ++++ ghostscript-9.07/psi/icstate.h 2019-03-14 08:07:47.537710381 +0100 +@@ -52,7 +52,6 @@ struct gs_context_state_s { + long usertime_total; /* total accumulated usertime, */ + /* not counting current time if running */ + bool keep_usertime; /* true if context ever executed usertime */ +- int in_superexec; /* # of levels of superexec */ + /* View clipping is handled in the graphics state. */ + ref error_object; /* t__invalid or error object from operator */ + ref userparams; /* t_dictionary */ +diff -up ghostscript-9.07/psi/zcontrol.c.cve-2019-3835 ghostscript-9.07/psi/zcontrol.c +--- ghostscript-9.07/psi/zcontrol.c.cve-2019-3835 2019-03-14 08:08:02.356530913 +0100 ++++ ghostscript-9.07/psi/zcontrol.c 2019-03-14 08:08:51.888931020 +0100 +@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p) + return o_push_estack; + } + +-/* superexec - */ +-static int end_superexec(i_ctx_t *); +-static int +-zsuperexec(i_ctx_t *i_ctx_p) +-{ +- os_ptr op = osp; +- es_ptr ep; +- +- check_op(1); +- if (!r_has_attr(op, a_executable)) +- return 0; /* literal object just gets pushed back */ +- check_estack(2); +- ep = esp += 3; +- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */ +- make_op_estack(ep - 1, end_superexec); /* normal case */ +- ref_assign(ep, op); +- esfile_check_cache(); +- pop(1); +- i_ctx_p->in_superexec++; +- return o_push_estack; +-} +-static int +-end_superexec(i_ctx_t *i_ctx_p) +-{ +- i_ctx_p->in_superexec--; +- return 0; +-} +- + /* .runandhide */ + /* before executing , is been removed from */ + /* the operand stack and placed on the execstack with attributes */ +@@ -969,8 +941,6 @@ const op_def zcontrol3_op_defs[] = { + {"0%loop_continue", loop_continue}, + {"0%repeat_continue", repeat_continue}, + {"0%stopped_push", stopped_push}, +- {"1superexec", zsuperexec}, +- {"0%end_superexec", end_superexec}, + {"2.runandhide", zrunandhide}, + {"0%end_runandhide", end_runandhide}, + op_def_end(0) +diff -up ghostscript-9.07/psi/zdict.c.cve-2019-3835 ghostscript-9.07/psi/zdict.c +--- ghostscript-9.07/psi/zdict.c.cve-2019-3835 2019-03-14 08:09:12.708678873 +0100 ++++ ghostscript-9.07/psi/zdict.c 2019-03-14 08:11:28.575033391 +0100 +@@ -211,8 +211,7 @@ zundef(i_ctx_t *i_ctx_p) + int code; + + check_type(*op1, t_dictionary); +- if (i_ctx_p->in_superexec == 0) +- check_dict_write(*op1); ++ check_dict_write(*op1); + code = idict_undef(op1, op); + if (code < 0 && code != e_undefined) /* ignore undefined error */ + return code; +@@ -491,8 +490,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p) + int code; + + check_type(*op1, t_dictionary); +- if (i_ctx_p->in_superexec == 0) +- check_dict_write(*op1); ++ check_dict_write(*op1); + check_type(*op, t_integer); + if (op->value.intval < 0) + return_error(e_rangecheck); +diff -up ghostscript-9.07/psi/zgeneric.c.cve-2019-3835 ghostscript-9.07/psi/zgeneric.c +--- ghostscript-9.07/psi/zgeneric.c.cve-2019-3835 2019-03-14 08:11:52.593742496 +0100 ++++ ghostscript-9.07/psi/zgeneric.c 2019-03-14 08:12:24.319358265 +0100 +@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p) + + switch (r_type(op2)) { + case t_dictionary: +- if (i_ctx_p->in_superexec == 0) +- check_dict_write(*op2); ++ check_dict_write(*op2); + { + int code = idict_put(op2, op1, op); + +diff -up ghostscript-9.07/Resource/Init/gs_cet.ps.cve-2019-3835 ghostscript-9.07/Resource/Init/gs_cet.ps +--- ghostscript-9.07/Resource/Init/gs_cet.ps.cve-2019-3835 2019-03-14 08:12:40.178166195 +0100 ++++ ghostscript-9.07/Resource/Init/gs_cet.ps 2019-03-14 08:16:26.875420666 +0100 +@@ -1,27 +1,22 @@ +-%!PS + % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET + +-% do this in the server level so it is persistent across jobs +-//true 0 startjob not { +- (*** Warning: CET startup is not in server default) = flush +-} if ++% Note: this must be run at save level 0 and when systemdict is writeable ++currentglobal //true setglobal ++systemdict dup dup dup ++/version (3017.102) readonly .forceput % match CPSI 3017.102 ++/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102 ++/revision 0 put % match CPSI 3017.103 Tek shows revision 5 ++/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461 ++ ++systemdict /.odef { % odef - ++ 1 index exch //.makeoperator def ++} .bind .forceput % this will be undefined at the end + + 300 .sethiresscreen % needed for language switch build since it + % processes gs_init.ps BEFORE setting the resolution + + 0 array 0 setdash % CET 09-08 wants local setdash + +-currentglobal //true setglobal +- +-{ +- systemdict dup dup dup +- /version (3017.102) readonly put % match CPSI 3017.102 +- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102 +- /revision 0 put % match CPSI 3017.103 Tek shows revision 5 +- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461 +- systemdict /deviceinfo undef % for CET 20-23-1 +-} superexec +- + { } bind dup + setblackgeneration + setundercolorremoval +@@ -69,4 +64,4 @@ userdict /.smoothness currentsmoothness + } bind odef + /currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS . + +-//false 0 startjob pop % re-enter encapsulated mode ++systemdict /.odef .undef +diff -up ghostscript-9.07/Resource/Init/gs_dps1.ps.cve-2019-3835 ghostscript-9.07/Resource/Init/gs_dps1.ps +--- ghostscript-9.07/Resource/Init/gs_dps1.ps.cve-2019-3835 2019-03-14 08:16:53.023103986 +0100 ++++ ghostscript-9.07/Resource/Init/gs_dps1.ps 2019-03-14 08:17:53.611370192 +0100 +@@ -86,7 +86,7 @@ level2dict begin + % definition, copy it into the local directory. + //systemdict /SharedFontDirectory .knownget + { 1 index .knownget +- { //.FontDirectory 2 index 3 -1 roll { put } //superexec } % readonly ++ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly + if + } + if +diff -up ghostscript-9.07/Resource/Init/gs_fonts.ps.cve-2019-3835 ghostscript-9.07/Resource/Init/gs_fonts.ps +--- ghostscript-9.07/Resource/Init/gs_fonts.ps.cve-2019-3835 2019-03-14 08:18:37.485838827 +0100 ++++ ghostscript-9.07/Resource/Init/gs_fonts.ps 2019-03-14 08:20:45.465288857 +0100 +@@ -501,11 +501,11 @@ buildfontdict 3 /.buildfont3 cvx put + % the font in LocalFontDirectory. + .currentglobal + { //systemdict /LocalFontDirectory .knownget +- { 2 index 2 index { .growput } //superexec } % readonly ++ { 2 index 2 index .forceput } % readonly + if + } + if +- dup //.FontDirectory 4 -2 roll { .growput } //superexec % readonly ++ dup //.FontDirectory 4 -2 roll .forceput % readonly + % If the font originated as a resource, register it. + currentfile .currentresourcefile eq { dup .registerfont } if + readonly +@@ -1149,12 +1149,12 @@ currentdict /.putgstringcopy .forceundef + //.FontDirectory 1 index known not { + 2 dict dup /FontName 3 index put + dup /FontType 1 put +- //.FontDirectory 3 1 roll { put } //superexec % readonly ++ //.FontDirectory 3 1 roll //.forceput exec % readonly + } { + pop + } ifelse + } forall +- } ++ } executeonly % hide .forceput + FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined + + % Install initial fonts from Fontmap. +diff -up ghostscript-9.07/Resource/Init/gs_init.ps.cve-2019-3835 ghostscript-9.07/Resource/Init/gs_init.ps +--- ghostscript-9.07/Resource/Init/gs_init.ps.cve-2019-3835 2019-03-14 08:21:08.923004756 +0100 ++++ ghostscript-9.07/Resource/Init/gs_init.ps 2019-03-14 08:23:18.726432696 +0100 +@@ -2125,9 +2125,6 @@ SAFER { .setsafe } if + /.endtransparencygroup % transparency-example.ps + /.setdotlength % Bug687720.ps + /.sort /.setdebug /.mementolistnewblocks /getenv +- +-/.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER +- + /unread + ] + {systemdict exch .forceundef} forall +@@ -2206,7 +2203,6 @@ SAFER { .setsafe } if + + % Used by our own test suite files + %/.fileposition %image-qa.ps +-%/.makeoperator /.setCPSImode % gs_cet.ps + + % Either our code uses these in ways which mean they can't be undefined, or they are used directly by + % test files/utilities, or engineers expressed a desire to keep them visible. +@@ -2383,6 +2379,16 @@ end + /vmreclaim where + { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if + } if ++ ++% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps) ++systemdict /CETMODE .knownget { ++ { ++ (gs_cet.ps) runlibfile ++ } if ++} if ++systemdict /.makeoperator .undef % must be after gs_cet.ps ++systemdict /.setCPSImode .undef % must be after gs_cet.ps ++ + DELAYBIND not { + systemdict /.bindnow .undef % We only need this for DELAYBIND + systemdict /.forcecopynew .undef % remove temptation +@@ -2390,11 +2396,6 @@ DELAYBIND not { + systemdict /.forceput .undef % ditto + systemdict /.forceundef .undef % ditto + } if +-% Move superexec to internaldict if superexec is defined. +-currentdict /superexec .knownget { +- 1183615869 internaldict /superexec 3 -1 roll put +- currentdict /superexec .undef +-} if + + % Can't remove this one until the last minute :-) + systemdict /.undef .undef +diff -up ghostscript-9.07/Resource/Init/gs_type1.ps.cve-2019-3835 ghostscript-9.07/Resource/Init/gs_type1.ps +--- ghostscript-9.07/Resource/Init/gs_type1.ps.cve-2019-3835 2019-03-14 08:23:35.960223978 +0100 ++++ ghostscript-9.07/Resource/Init/gs_type1.ps 2019-03-14 08:25:47.363632945 +0100 +@@ -66,11 +66,11 @@ + 2 index 1 index known { + pop pop + } { +- 3 1 roll get //.growput superexec dup dup ++ 3 1 roll get .forceput dup dup + } ifelse + } { + 2 index 1 index known { +- exch 3 1 roll get //.growput superexec dup dup ++ exch 3 1 roll get .forceput dup dup + } { + pop pop + } ifelse +@@ -80,7 +80,7 @@ + + //.buildfont1 + 3 2 roll .setglobal +- } bind def ++ } .bind executeonly def % hide .forceput + + % If the diskfont feature isn't included, define a dummy .loadfontdict. + /.loadfontdict where diff --git a/SOURCES/ghostscript-cve-2019-3838.patch b/SOURCES/ghostscript-cve-2019-3838.patch new file mode 100644 index 0000000..48141d2 --- /dev/null +++ b/SOURCES/ghostscript-cve-2019-3838.patch @@ -0,0 +1,42 @@ +From: Chris Liddell +Date: Wed, 20 Feb 2019 09:54:28 +0000 (+0000) +Subject: Bug 700576: Make a transient proc executeonly (in DefineResource). + +Bug 700576: Make a transient proc executeonly (in DefineResource). + +This prevents access to .forceput + +Solution originally suggested by cbuissar@redhat.com. + +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed9fcd95bb01f0768bf273b2526732e381202319 + +From: Chris Liddell +Date: Fri, 22 Feb 2019 12:28:23 +0000 (+0000) +Subject: Bug 700576(redux): an extra transient proc needs executeonly'ed. + +Bug 700576(redux): an extra transient proc needs executeonly'ed. + +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b +--- + +diff -up ghostscript-9.07/Resource/Init/gs_res.ps.cve-2019-3838 ghostscript-9.07/Resource/Init/gs_res.ps +--- ghostscript-9.07/Resource/Init/gs_res.ps.cve-2019-3838 2019-02-28 12:08:09.181546939 +0100 ++++ ghostscript-9.07/Resource/Init/gs_res.ps 2019-02-28 12:09:32.410456904 +0100 +@@ -425,7 +425,7 @@ status { + % so we have to use .forcedef here. + /.Instances 1 index .forcedef % Category dict is read-only + } executeonly if +- } ++ } executeonly + { .LocalInstances dup //.emptydict eq + { pop 3 dict localinstancedict Category 2 index put + } +@@ -437,7 +437,7 @@ status { + % Now make the resource value read-only. + 0 2 copy get { readonly } .internalstopped pop + dup 4 1 roll put exch pop exch pop +- } ++ } executeonly + { /defineresource cvx /typecheck signaloperror + } + ifelse diff --git a/SOURCES/ghostscript-fix-DSC-comment-parsing.patch b/SOURCES/ghostscript-fix-DSC-comment-parsing.patch new file mode 100644 index 0000000..e090658 --- /dev/null +++ b/SOURCES/ghostscript-fix-DSC-comment-parsing.patch @@ -0,0 +1,124 @@ +From: Ken Sharp +Date: Fri, 21 Sep 2018 14:28:15 +0000 (+0100) +Subject: pdfwrite - fix DSC comment parsing + +pdfwrite - fix DSC comment parsing + +This may affect other DSC parsing utilities. For some reason double +comment (%%) marks are being interpreted 'sometimes' in gs_init.ps +as DSC comments. This only happens when reading the init files from disk +becuase the ROM file system strips comments. + +Passing these to pdfwrite causes it to drop later DSC comments, such +as %%Title: and %%Creator: which meant the information wasn't being +embedded in the document information dictionary. + +Fix by converting double %% to single % comments, document this in the +header of gs_init.ps. + +https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f31702b38fba21153e26c3417c838618e7cfd16f +--- + +diff -up ghostscript-9.07/Resource/Init/gs_init.ps.comment_fix ghostscript-9.07/Resource/Init/gs_init.ps +--- ghostscript-9.07/Resource/Init/gs_init.ps.comment_fix 2019-01-29 16:14:32.480751012 +0100 ++++ ghostscript-9.07/Resource/Init/gs_init.ps 2019-01-29 16:18:17.998840535 +0100 +@@ -20,6 +20,11 @@ + % %% Replace + % indicate places where the next lines should be replaced by + % the contents of , when creating a single merged init file. ++% ++% For reasons not clear to me, some cases of %% are being treated as ++% DSC comments when (and only when) the resource files are disk based ++% This can kill DSC parsing for pdfwrite at least, so avoid using ++% double % comments in this file. + + % The interpreter can call out to PostScript code. All procedures + % called in this way, and no other procedures defined in these +@@ -2132,22 +2137,22 @@ SAFER { .setsafe } if + + /UndefinePostScriptOperators { + +-%% This list is of Display PostScript operators. We believe that Display PostScript +-%% was never fully implemented and the only known user, GNUStep, is no longer +-%% using it. So lets remove it. ++% This list is of Display PostScript operators. We believe that Display PostScript ++% was never fully implemented and the only known user, GNUStep, is no longer ++% using it. So lets remove it. + [ + /condition /currentcontext /detach /.fork /join /.localfork /lock /monitor /notify + /wait /yield /.currentscreenphase /.setscreenphase /.image2 /eoviewclip /initviewclip + /viewclip /viewclippath /defineusername +-%% NeXT DPS extensions ++% NeXT DPS extensions + /currentalpha /setalpha /.alphaimage /composite /compositerect /dissolve /sizeimagebox /.sizeimageparams + ] + {systemdict exch .forceundef} forall + +-%% This list is of operators which no longer appear to be used, and which we do not believe +-%% to have any real use. For now we will undefine the operstors so they cannot easily be used +-%% but can be easily restored (just delete the name from the list in the array). In future +-%% we may remove the operator and the code implementation entirely. ++% This list is of operators which no longer appear to be used, and which we do not believe ++% to have any real use. For now we will undefine the operstors so they cannot easily be used ++% but can be easily restored (just delete the name from the list in the array). In future ++% we may remove the operator and the code implementation entirely. + [ + /.bitadd /.charboxpath /.cond /.runandhide /.popdevicefilter + /.execfile /.filenamesplit /.file_name_parent +@@ -2156,15 +2161,15 @@ SAFER { .setsafe } if + /.currentlimitclamp /.dotorientation /.setaccuratecurves /.setcurvejoin /.setdashadapt /.setdotorientation + /.setlimitclamp /.currentscreenlevels /.dashpath /.pathbbox /.identeq /.identne /.tokenexec /.forgetsave /.pantonecallback + +-%% Used by our own test suite files +-%%/.setdotlength % Bug687720.ps ++% Used by our own test suite files ++%/.setdotlength % Bug687720.ps + ] + {systemdict exch .forceundef} forall + +-%% This list of operators are used internally by various parts of the Ghostscript startup code. +-%% Since each operator is a potential security vulnerability, and any operator listed here +-%% is not required once the initislisation is complete and functions are bound, we undefine +-%% the ones that aren't needed at runtime. ++% This list of operators are used internally by various parts of the Ghostscript startup code. ++% Since each operator is a potential security vulnerability, and any operator listed here ++% is not required once the initislisation is complete and functions are bound, we undefine ++% the ones that aren't needed at runtime. + [ + /.callinstall /.callbeginpage /.callendpage + /.currentstackprotect /.setstackprotect /.errorexec /.finderrorobject /.installsystemnames /.bosobject /.fontbbox +@@ -2219,10 +2224,10 @@ SAFER { .setsafe } if + } bind def + + /UndefinePDFOperators { +-%% This list of operators are used internally by various parts of the Ghostscript PDF interpreter. +-%% Since each operator is a potential security vulnerability, and any operator listed here +-%% is not required once the initislisation is complete and functions are bound, we undefine +-%% the ones that aren't needed at runtime. ++% This list of operators are used internally by various parts of the Ghostscript PDF interpreter. ++% Since each operator is a potential security vulnerability, and any operator listed here ++% is not required once the initislisation is complete and functions are bound, we undefine ++% the ones that aren't needed at runtime. + [ + /.pdfawidthshow /.pdfwidthshow + /.setfillcolor /.setfillcolorspace /.setstrokecolor /.setstrokecolorspace /.currentrenderingintent /.setrenderingintent +@@ -2363,8 +2368,8 @@ currentdict /.shadingtypes .undef + currentdict /.wheredict .undef + currentdict /.renderingintentdict .undef + +-%% If we are using DELAYBIND we have to defer the undefinition +-%% until .bindnow. ++% If we are using DELAYBIND we have to defer the undefinition ++% until .bindnow. + DELAYBIND not { + SAFER { + //systemdict /SAFERUndefinePostScriptOperators get exec +@@ -2391,7 +2396,7 @@ currentdict /superexec .knownget { + currentdict /superexec .undef + } if + +-%% Can't remove this one until the last minute :-) ++% Can't remove this one until the last minute :-) + systemdict /.undef .undef + + WRITESYSTEMDICT not { systemdict readonly pop } if diff --git a/SPECS/ghostscript.spec b/SPECS/ghostscript.spec index 38f9e4e..3db2a9c 100644 --- a/SPECS/ghostscript.spec +++ b/SPECS/ghostscript.spec @@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer Name: ghostscript Version: %{gs_ver} -Release: 31%{?dist}.9 +Release: 31%{?dist}.10 # Included CMap data is Redistributable, no modification permitted, # see http://bugzilla.redhat.com/487510 @@ -53,6 +53,7 @@ Patch36: ghostscript-more-than-11-elements-in-array.patch Patch41: ghostscript-remove-as-many-non-standard-operators-as-possible.patch Patch47: ghostscript-restore-flushpage.patch Patch57: ghostscript-pdf2ps-reports-error-when-reading-stdin.patch +Patch63: ghostscript-fix-DSC-comment-parsing.patch # Security patches: # ----------------- @@ -86,6 +87,8 @@ Patch59: ghostscript-cve-2018-19475.patch Patch60: ghostscript-cve-2018-19476.patch Patch61: ghostscript-cve-2018-19477.patch Patch62: ghostscript-cve-2019-6116.patch +Patch64: ghostscript-cve-2019-3835.patch +Patch65: ghostscript-cve-2019-3838.patch # Upstream is not versioning the SONAME correctly, thus the rpmbuild is unable # to recognize we need a newer version of lcms2. This 'hackish' workaround @@ -361,6 +364,16 @@ rm -rf expat freetype icclib jasper jpeg lcms lcms2 libpng openjpeg zlib cups/li # CVE-2019-6116 (bug 1667442): %patch62 -p1 +# ghostscript: Regression: double comment chars '%%' in gs_init.ps +# leading to missing metadata (bug #1673915): +%patch63 -p1 + +# CVE-2019-3835 (bug #1678171): +%patch64 -p1 + +# CVE-2019-3838 (bug #1680025): +%patch65 -p1 + # Remove pdfopt man pages which were mistakenly left in (bug #963882). rm man/{de/,}pdfopt.1 @@ -560,6 +573,14 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgs.so %changelog +* Tue Jan 29 2019 Martin Osvald - 9.07-31.el7_6.10 +- Resolves: #1673915 - ghostscript: Regression: double comment chars + '%%' in gs_init.ps leading to missing metadata +- Resolves: #1678171 - CVE-2019-3835 ghostscript: superexec operator + is available (700585) +- Resolves: #1680025 - CVE-2019-3838 ghostscript: forceput in DefineResource + is still accessible (700576) + * Thu Jan 24 2019 Martin Osvald - 9.07-31.el7_6.9 - Related: #1667442 - CVE-2019-6116 - added missing parts of patch