fix CVE-2023-46751
(cherry picked from commit ac992eb585f15519f3c31a9f72b956ef6dae5132)
This commit is contained in:
liningjie
openeuler-sync-bot
parent
8ed8e969db
commit
cad3c46a27
30
backport-CVE-2023-46751.patch
Normal file
30
backport-CVE-2023-46751.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001
|
||||
From: Chris Liddell <chris.liddell@artifex.com>
|
||||
Date: Mon, 16 Oct 2023 16:49:40 +0100
|
||||
Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output
|
||||
files
|
||||
|
||||
In the device initialization redesign, tiffsep and tiffsep1 lost the requirement
|
||||
for the output files to be seekable.
|
||||
|
||||
Fixing that highlighted a problem with the error handling in
|
||||
gdev_prn_open_printer_seekable() where closing the erroring file would leave a
|
||||
dangling pointer, and lead to a crash.
|
||||
---
|
||||
base/gdevprn.c | 1 +
|
||||
devices/gdevtsep.c | 1 +
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/base/gdevprn.c b/base/gdevprn.c
|
||||
index 0491a3c6c..033632387 100644
|
||||
--- a/base/gdevprn.c
|
||||
+++ b/base/gdevprn.c
|
||||
@@ -1271,6 +1271,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
|
||||
&& !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
|
||||
|
||||
code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
|
||||
+ ppdev->file = NULL;
|
||||
if (code < 0)
|
||||
return code;
|
||||
}
|
||||
2.34.1
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: ghostscript
|
||||
Version: 9.52
|
||||
Release: 11
|
||||
Release: 12
|
||||
Summary: An interpreter for PostScript and PDF files
|
||||
License: AGPLv3+
|
||||
URL: https://ghostscript.com/
|
||||
@ -52,7 +52,8 @@ Patch33: backport-CVE-2021-3781-BUg-704342-Include-device-specifier-strings-in-a
|
||||
Patch34: CVE-2023-38559.patch
|
||||
Patch35: CVE-2023-28879.patch
|
||||
Patch36: CVE-2023-36664.patch
|
||||
Patch37: backport-CVE-2023-43115-Bug707051-IJS-device-try-and-secure-the-IJS-server-startup.patch
|
||||
Patch37: backport-CVE-2023-43115-Bug707051-IJS-device-try-and-secure-the-IJS-server-startup.patch
|
||||
Patch38: backport-CVE-2023-46751.patch
|
||||
|
||||
BuildRequires: automake gcc
|
||||
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
|
||||
@ -213,6 +214,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
|
||||
%{_bindir}/dvipdf
|
||||
|
||||
%changelog
|
||||
* Mon Dec 25 2023 liningjie <liningjie@xfusion.com> - 9.52-12
|
||||
- Type:CVE
|
||||
- ID:CVE-2023-46751
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2023-46751
|
||||
|
||||
* Fri Sep 22 2023 dillon chen <dillon.chen@gmail.com> - 9.52-11
|
||||
- Type:CVE
|
||||
- ID:CVE-2023-43115
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user