[packages/ghostscript] up to 10.04.0 (fixes CVE-2024-33869 CVE-2023-52722 CVE-2024-33870 CVE-2024-33871 CVE-2024-29510)
atler
atler at pld-linux.org
Wed Sep 18 19:11:50 CEST 2024
commit 91eeeef5a02b54f3e695fb3ddceaf3ee144c177d
Author: Jan Palus <atler at pld-linux.org>
Date: Wed Sep 18 19:10:54 2024 +0200
up to 10.04.0 (fixes CVE-2024-33869 CVE-2023-52722 CVE-2024-33870 CVE-2024-33871 CVE-2024-29510)
gdevescp-fwrite.patch | 12 ------------
ghostscript.spec | 10 +++-------
pdf_sec.patch | 29 -----------------------------
3 files changed, 3 insertions(+), 48 deletions(-)
---
diff --git a/ghostscript.spec b/ghostscript.spec
index 64c3c02..52fc779 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -21,20 +21,18 @@ Summary(ja.UTF-8): PostScript インタープリタ・レンダラー
Summary(pl.UTF-8): Bezpłatny interpreter i renderer PostScriptu i PDF
Summary(tr.UTF-8): PostScript & PDF yorumlayıcı ve gösterici
Name: ghostscript
-Version: 10.03.1
+Version: 10.04.0
Release: 1
License: AGPL v3+
Group: Applications/Graphics
#Source0Download: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
-Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10031/%{name}-%{version}.tar.xz
-# Source0-md5: 248294abc5aee3ca8161012853d73b52
+Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10040/%{name}-%{version}.tar.xz
+# Source0-md5: a86a78cac91b6e1fc674c7961e760c3f
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 9b5953aa0cc155f4364f20036b848585
Patch0: %{name}-missquotes.patch
Patch1: %{name}-a4.patch
Patch2: ijs-pkgconfig.patch
-Patch3: gdevescp-fwrite.patch
-Patch4: pdf_sec.patch
Patch6: %{name}-gdevcd8-fixes.patch
# fedora
@@ -219,8 +217,6 @@ Statyczna wersja biblioteki IJS.
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch4 -p1
%patch6 -p1
diff --git a/gdevescp-fwrite.patch b/gdevescp-fwrite.patch
deleted file mode 100644
index d08585b..0000000
--- a/gdevescp-fwrite.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur ghostscript-10.03.1.old/devices/gdevescp.c ghostscript-10.03.1/devices/gdevescp.c
---- ghostscript-10.03.1.old/devices/gdevescp.c 2024-05-02 11:45:25.000000000 +0200
-+++ ghostscript-10.03.1/devices/gdevescp.c 2024-07-10 10:47:10.751123360 +0200
-@@ -162,7 +162,7 @@
- ** margin measured from the *top* of the page:
- */
-
-- fwrite("\033(U\001\0\n\033(C\002\0t\020\033(c\004\0\0\0t\020",
-+ gp_fwrite("\033(U\001\0\n\033(C\002\0t\020\033(c\004\0\0\0t\020",
- 1, 22, prn_stream);
- #endif
-
diff --git a/pdf_sec.patch b/pdf_sec.patch
deleted file mode 100644
index 057be09..0000000
--- a/pdf_sec.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 90cabe08422afdd16bac5dd9217602679d943045 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <Ken.Sharp at artifex.com>
-Date: Fri, 8 Mar 2024 09:19:05 +0000
-Subject: [PATCH] Bug #707649 - fix apply_sasl in error cases.
-
-Forgot to dereference the pointers before assigning the values, if we
-get non-fatal errors returned from stringprep.
----
- pdf/pdf_sec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pdf/pdf_sec.c b/pdf/pdf_sec.c
-index 565ae80ca..7e8f6719d 100644
---- a/pdf/pdf_sec.c
-+++ b/pdf/pdf_sec.c
-@@ -183,8 +183,8 @@ static int apply_sasl(pdf_context *ctx, char *Password, int Len, char **NewPassw
- * this easy: the errors we want to ignore are the ones with
- * codes less than 100. */
- if ((int)err < 100) {
-- NewPassword = Password;
-- NewLen = Len;
-+ *NewPassword = Password;
-+ *NewLen = Len;
- return 0;
- }
-
---
-2.34.1
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ghostscript.git/commitdiff/91eeeef5a02b54f3e695fb3ddceaf3ee144c177d
More information about the pld-cvs-commit
mailing list