Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2020-07-31 15:52:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Fri Jul 31 15:52:18 2020 rev:46 rq:823078 version:9.52 Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2020-05-08 23:03:13.813602227 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.3592/ghostscript-mini.changes 2020-07-31 15:52:39.804043267 +0200 @@ -1,0 +2,7 @@ +Tue Jul 28 09:15:30 CEST 2020 - jsm...@suse.de + +- CVE-2020-15900.patch fixes CVE-2020-15900 Memory Corruption + cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 + (bsc#1174415) + +------------------------------------------------------------------- ghostscript.changes: same change New: ---- CVE-2020-15900.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-mini.spec ++++++ --- /var/tmp/diff_new_pack.3Lodx8/_old 2020-07-31 15:52:49.100052348 +0200 +++ /var/tmp/diff_new_pack.3Lodx8/_new 2020-07-31 15:52:49.104052352 +0200 @@ -78,6 +78,13 @@ Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: +# Patch1 CVE-2020-15900.patch is +# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b +# that fixes CVE-2020-15900 Memory Corruption +# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 +# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 +Patch1: CVE-2020-15900.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -146,6 +153,13 @@ # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} +# Patch1 CVE-2020-15900.patch is +# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b +# that fixes CVE-2020-15900 Memory Corruption +# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 +# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 +%patch1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.3Lodx8/_old 2020-07-31 15:52:49.128052375 +0200 +++ /var/tmp/diff_new_pack.3Lodx8/_new 2020-07-31 15:52:49.128052375 +0200 @@ -102,6 +102,13 @@ Source0: ghostscript-%{version}.tar.gz Source1: apparmor_ghostscript # Patch0...Patch9 is for patches from upstream: +# Patch1 CVE-2020-15900.patch is +# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b +# that fixes CVE-2020-15900 Memory Corruption +# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 +# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 +Patch1: CVE-2020-15900.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Source100...Source999 is for sources from SUSE which are not intended for upstream: @@ -283,6 +290,13 @@ # Be quiet when unpacking and # use a directory name matching Source0 to make it work also for ghostscript-mini: %setup -q -n ghostscript-%{tarball_version} +# Patch1 CVE-2020-15900.patch is +# https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b +# that fixes CVE-2020-15900 Memory Corruption +# in the rsearch PostScript function that is implemented as search_impl() in psi/zstring.c +# cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 +# and https://bugzilla.suse.com/show_bug.cgi?id=1174415 +%patch1 # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball. # Again use the zlib sources from Ghostscript upstream ++++++ CVE-2020-15900.patch ++++++ --- psi/zstring.c.orig 2020-03-19 09:21:42.000000000 +0100 +++ psi/zstring.c 2020-07-27 08:25:08.963425295 +0200 @@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forwa return 0; found: op->tas.type_attrs = op1->tas.type_attrs; - op->value.bytes = ptr; - r_set_size(op, size); + op->value.bytes = ptr; /* match */ + op->tas.rsize = size; /* match */ push(2); - op[-1] = *op1; - r_set_size(op - 1, ptr - op[-1].value.bytes); - op1->value.bytes = ptr + size; - r_set_size(op1, count + (!forward ? (size - 1) : 0)); + op[-1] = *op1; /* pre */ + op[-3].value.bytes = ptr + size; /* post */ + if (forward) { + op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ + op[-3].tas.rsize = count; /* post */ + } else { + op[-1].tas.rsize = count; /* pre */ + op[-3].tas.rsize -= count + size; /* post */ + } make_true(op); return 0; }
