mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 17:19:20 +00:00
Code Issues Projects Releases Wiki Activity

ghostscript: Backport fix for CVE-2023-46751

Browse Source 
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a]

(From OE-Core rev: f01a0e7fcf3c2d277be0cd85c0cd6b2eff2e5f0a)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2023-12-13 09:30:12 +05:30
committed by Steve Sakoman
parent 1520bf97aa
commit a7f86b0e78
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46751.patch
+41
View File
@@ -0,0 +1,41 @@
From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Mon, 16 Oct 2023 16:49:40 +0100
Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output
files
In the device initialization redesign, tiffsep and tiffsep1 lost the requirement
for the output files to be seekable.
Fixing that highlighted a problem with the error handling in
gdev_prn_open_printer_seekable() where closing the erroring file would leave a
dangling pointer, and lead to a crash.
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a]
CVE: CVE-2023-46751
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
base/gdevprn.c | 1 +
devices/gdevtsep.c | 1 +
2 files changed, 2 insertions(+)
--- a/base/gdevprn.c
+++ b/base/gdevprn.c
@@ -1251,6 +1251,7 @@ gdev_prn_open_printer_seekable(gx_device
&& !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
+ ppdev->file = NULL;
if (code < 0)
return code;
}
--- a/devices/gdevtsep.c
+++ b/devices/gdevtsep.c
@@ -738,6 +738,7 @@ tiffsep_initialize_device_procs(gx_devic
{
gdev_prn_initialize_device_procs(dev);
+ set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
set_dev_proc(dev, open_device, tiffsep_prn_open);
set_dev_proc(dev, close_device, tiffsep_prn_close);
set_dev_proc(dev, map_color_rgb, tiffsep_decode_color);
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+1
View File
@@ -42,6 +42,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://CVE-2023-36664-0002.patch \
file://CVE-2023-38559.patch \
file://CVE-2023-43115.patch \
file://CVE-2023-46751.patch \
"
SRC_URI = "${SRC_URI_BASE} \