From 0d51ca033ace19c81f319a485e294e1fcc66c1f3 Mon Sep 17 00:00:00 2001 From: ut005731 Date: Mon, 14 Oct 2024 20:04:31 +0800 Subject: [PATCH 1/6] cve: cve-2024-33871 --- 0001-cve-CVE-2024-33871.patch | 82 ++++++++++++++++++++++++ 0002-add-gs_is_path_control_active.patch | 46 +++++++++++++ ghostscript.spec | 9 ++- 3 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 0001-cve-CVE-2024-33871.patch create mode 100644 0002-add-gs_is_path_control_active.patch diff --git a/0001-cve-CVE-2024-33871.patch b/0001-cve-CVE-2024-33871.patch new file mode 100644 index 0000000..5443278 --- /dev/null +++ b/0001-cve-CVE-2024-33871.patch @@ -0,0 +1,82 @@ +From b3a73a4d4a226a1a42ee1cd623ab03f9e57dc474 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 14 Oct 2024 19:17:31 +0800 +Subject: [PATCH] cve: CVE-2024-33871 + +--- + contrib/opvp/gdevopvp.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c +index c8da341..9f6166a 100644 +--- a/contrib/opvp/gdevopvp.c ++++ b/contrib/opvp/gdevopvp.c +@@ -75,6 +75,7 @@ + #include "gxcvalue.h" + + #include "opvp_common.h" ++#include "gslibctx.h" + + #define ENABLE_SIMPLE_MODE 1 + #define ENABLE_SKIP_RASTER 1 +@@ -185,7 +186,7 @@ static int opvp_copy_color(gx_device *, const byte *, int, int, + static int _get_params(gs_param_list *); + static int opvp_get_params(gx_device *, gs_param_list *); + static int oprp_get_params(gx_device *, gs_param_list *); +-static int _put_params(gs_param_list *); ++static int _put_params(gx_device *, gs_param_list *); + static int opvp_put_params(gx_device *, gs_param_list *); + static int oprp_put_params(gx_device *, gs_param_list *); + static int opvp_fill_path(gx_device *, const gs_gstate *, gx_path *, +@@ -3039,7 +3040,7 @@ _get_params(gs_param_list *plist) + /* vector driver name */ + pname = "Driver"; + vdps.data = (byte *)vectorDriver; +- vdps.size = (vectorDriver ? strlen(vectorDriver) + 1 : 0); ++ vdps.size = (vectorDriver ? strlen(vectorDriver) : 0); + vdps.persistent = false; + code = param_write_string(plist, pname, &vdps); + if (code) ecode = code; +@@ -3176,7 +3177,7 @@ oprp_get_params(gx_device *dev, gs_param_list *plist) + * put params + */ + static int +-_put_params(gs_param_list *plist) ++_put_params(gx_device *dev, gs_param_list *plist) + { + int code; + int ecode = 0; +@@ -3198,6 +3199,12 @@ _put_params(gs_param_list *plist) + code = param_read_string(plist, pname, &vdps); + switch (code) { + case 0: ++ if (gs_is_path_control_active(dev->memory) ++ && (!vectorDriver || strlen(vectorDriver) != vdps.size ++ || memcmp(vectorDriver, vdps.data, vdps.size) != 0)) { ++ param_signal_error(plist, pname, gs_error_invalidaccess); ++ return_error(gs_error_invalidaccess); ++ } + buff = realloc(buff, vdps.size + 1); + memcpy(buff, vdps.data, vdps.size); + buff[vdps.size] = 0; +@@ -3399,7 +3406,7 @@ opvp_put_params(gx_device *dev, gs_param_list *plist) + int code; + + /* put params */ +- code = _put_params(plist); ++ code = _put_params(dev, plist); + if (code) return code; + + /* put default params */ +@@ -3415,7 +3422,7 @@ oprp_put_params(gx_device *dev, gs_param_list *plist) + int code; + + /* put params */ +- code = _put_params(plist); ++ code = _put_params(dev, plist); + if (code) return code; + + /* put default params */ +-- +2.39.3 + diff --git a/0002-add-gs_is_path_control_active.patch b/0002-add-gs_is_path_control_active.patch new file mode 100644 index 0000000..1aad21a --- /dev/null +++ b/0002-add-gs_is_path_control_active.patch @@ -0,0 +1,46 @@ +From 0ef96f32fdf927fb2620f3140233e936224613c9 Mon Sep 17 00:00:00 2001 +From: ut005731 +Date: Mon, 14 Oct 2024 19:57:23 +0800 +Subject: [PATCH] add gs_is_path_control_active + +--- + base/gslibctx.c | 12 ++++++++++++ + base/gslibctx.h | 3 +++ + 2 files changed, 15 insertions(+) + +diff --git a/base/gslibctx.c b/base/gslibctx.c +index a72011a..569b655 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -375,3 +375,15 @@ gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, co + } + return code; + } ++ ++int ++gs_is_path_control_active(const gs_memory_t *mem) ++{ ++ gs_lib_ctx_core_t *core; ++ ++ if (mem == NULL || mem->gs_lib_ctx == NULL || ++ (core = mem->gs_lib_ctx->core) == NULL) ++ return 0; ++ ++ return core->path_control_active; ++} +diff --git a/base/gslibctx.h b/base/gslibctx.h +index 348bde0..ece9a20 100644 +--- a/base/gslibctx.h ++++ b/base/gslibctx.h +@@ -152,6 +152,9 @@ gs_lib_ctx_get_default_device_list(const gs_memory_t *mem, char** dev_list_str, + int + gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission); + ++int ++gs_is_path_control_active(const gs_memory_t *mem); ++ + #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout) + #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr) + +-- +2.39.3 diff --git a/ghostscript.spec b/ghostscript.spec index 6b91718..3cc37f3 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -34,7 +34,7 @@ Name: ghostscript Summary: Interpreter for PostScript language & PDF Version: 9.25 -Release: 5%{?dist} +Release: 5%{?dist}.01 License: AGPLv3+ @@ -112,6 +112,10 @@ Patch018: ghostscript-cve-2019-14869.patch # ------------------ Patch100: ghostscript-9.23-100-run-dvipdf-securely.patch Patch101: ghostscript-9.25-101-reenable-cups-filters.patch +#add by uos +Patch102: 0001-cve-CVE-2024-33871.patch +Patch103: 0002-add-gs_is_path_control_active.patch +#end # Downstream patches for RHEL -- patches that we keep only in RHEL for various @@ -430,6 +434,9 @@ install -m 0755 -d %{buildroot}%{_sysconfdir}/%{name}/ # ============================================================================= %changelog +* Mon Oct 14 2024 zhuhongbo - 9.25-5.01 +- cve: CVE-2024-33871 + * Tue Mar 31 2020 Zdenek Dohnal - 9.25-5 - 1812284 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER -- Gitee From 6f794f5a18a02a2301e559e54fd554f2869b26de Mon Sep 17 00:00:00 2001 From: ut005731 Date: Tue, 15 Oct 2024 09:47:35 +0800 Subject: [PATCH 2/6] cve: cve-2024-33871 --- 0003-add-gs_lib_ctx_core_t.patch | 112 +++++++++++++++++++++++++++++++ ghostscript.spec | 1 + 2 files changed, 113 insertions(+) create mode 100644 0003-add-gs_lib_ctx_core_t.patch diff --git a/0003-add-gs_lib_ctx_core_t.patch b/0003-add-gs_lib_ctx_core_t.patch new file mode 100644 index 0000000..57a0f25 --- /dev/null +++ b/0003-add-gs_lib_ctx_core_t.patch @@ -0,0 +1,112 @@ +From 9ca9ce10a6ddf1e28ea54b0ceedb0c5d7358318d Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 15 Oct 2024 09:44:08 +0800 +Subject: [PATCH] add gs_lib_ctx_core_t + +--- + base/gslibctx.h | 89 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 89 insertions(+) + +diff --git a/base/gslibctx.h b/base/gslibctx.h +index ece9a20..0d47334 100644 +--- a/base/gslibctx.h ++++ b/base/gslibctx.h +@@ -101,6 +101,95 @@ typedef struct gs_lib_ctx_s + void *sjpxd_private; /* optional for use of jpx codec */ + } gs_lib_ctx_t; + ++typedef struct { ++ void *monitor; ++ int refs; ++ gs_memory_t *memory; ++ FILE *fstdin; ++ FILE *fstdout; ++ FILE *fstderr; ++ gp_file *fstdout2; /* for redirecting %stdout and diagnostics */ ++ int stdout_is_redirected; /* to stderr or fstdout2 */ ++ int stdout_to_stderr; ++ int stdin_is_interactive; ++ void *default_caller_handle; /* identifies caller of GS DLL/shared object */ ++ void *std_caller_handle; ++ void *poll_caller_handle; ++ void *custom_color_callback; /* pointer to color callback structure */ ++ int (GSDLLCALL *stdin_fn)(void *caller_handle, char *buf, int len); ++ int (GSDLLCALL *stdout_fn)(void *caller_handle, const char *str, int len); ++ int (GSDLLCALL *stderr_fn)(void *caller_handle, const char *str, int len); ++ int (GSDLLCALL *poll_fn)(void *caller_handle); ++ ulong gs_next_id; /* gs_id initialized here, private variable of gs_next_ids() */ ++ /* True if we are emulating CPSI. Ideally this would be in the imager ++ * state, but this can't be done due to problems detecting changes in it ++ * for the clist based devices. */ ++ int CPSI_mode; ++ int scanconverter; ++ int act_on_uel; ++ ++ int path_control_active; ++ gs_path_control_set_t permit_reading; ++ gs_path_control_set_t permit_writing; ++ gs_path_control_set_t permit_control; ++ gs_fs_list_t *fs; ++ /* Ideally this pointer would only be present in CAL builds, ++ * but that's too hard to arrange, so we live with it in ++ * all builds. */ ++ void *cal_ctx; ++ ++ gs_callout_list_t *callouts; ++ ++ /* Stashed args */ ++ int arg_max; ++ int argc; ++ char **argv; ++} gs_lib_ctx_core_t; ++ ++typedef struct gs_lib_ctx_s ++{ ++ gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ ++ gs_lib_ctx_core_t *core; ++ void *top_of_system; /* use accessor functions to walk down the system ++ * to the desired structure gs_lib_ctx_get_*() ++ */ ++ name_table_ptr gs_name_table; /* hack this is the ps interpreters name table ++ * doesn't belong here ++ */ ++ gs_gc_root_ptr name_table_root; ++ /* Define whether dictionaries expand automatically when full. */ ++ int dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */ ++ /* A table of local copies of the IODevices */ ++ struct gx_io_device_s **io_device_table; ++ int io_device_table_count; ++ int io_device_table_size; ++ gs_gc_root_ptr io_device_table_root; ++ client_check_file_permission_t client_check_file_permission; ++ /* Define the default value of AccurateScreens that affects setscreen ++ and setcolorscreen. */ ++ int screen_accurate_screens; ++ uint screen_min_screen_levels; ++ /* Accuracy vs. performance for ICC color */ ++ uint icc_color_accuracy; ++ /* real time clock 'bias' value. Not strictly required, but some FTS ++ * tests work better if realtime starts from 0 at boot time. */ ++ long real_time_0[2]; ++ ++ /* font directory - see gsfont.h */ ++ gs_font_dir *font_dir; ++ gs_gc_root_ptr font_dir_root; ++ /* Keep the path for the ICCProfiles here so devices and the icc_manager ++ * can get to it. Prevents needing two copies, one in the icc_manager ++ * and one in the device */ ++ char *profiledir; /* Directory used in searching for ICC profiles */ ++ int profiledir_len; /* length of directory name (allows for Unicode) */ ++ void *cms_context; /* Opaque context pointer from underlying CMS in use */ ++ gs_fapi_server **fapi_servers; ++ char *default_device_list; ++ int gcsignal; ++ void *sjpxd_private; /* optional for use of jpx codec */ ++} gs_lib_ctx_t; ++ + enum { + GS_SCANCONVERTER_OLD = 0, + GS_SCANCONVERTER_DEFAULT = 1, +-- +2.39.3 + diff --git a/ghostscript.spec b/ghostscript.spec index 3cc37f3..fd62470 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -115,6 +115,7 @@ Patch101: ghostscript-9.25-101-reenable-cups-filters.patch #add by uos Patch102: 0001-cve-CVE-2024-33871.patch Patch103: 0002-add-gs_is_path_control_active.patch +Patch104: 0003-add-gs_lib_ctx_core_t.patch #end -- Gitee From 37aa17c6cc69c9e884a307447a5643dbbb55def6 Mon Sep 17 00:00:00 2001 From: ut005731 Date: Tue, 15 Oct 2024 10:15:32 +0800 Subject: [PATCH 3/6] cve: cve-2024-33871 --- 0003-add-gs_lib_ctx_core_t.patch | 63 +++----------------------------- 1 file changed, 6 insertions(+), 57 deletions(-) diff --git a/0003-add-gs_lib_ctx_core_t.patch b/0003-add-gs_lib_ctx_core_t.patch index 57a0f25..f7a2609 100644 --- a/0003-add-gs_lib_ctx_core_t.patch +++ b/0003-add-gs_lib_ctx_core_t.patch @@ -1,17 +1,17 @@ -From 9ca9ce10a6ddf1e28ea54b0ceedb0c5d7358318d Mon Sep 17 00:00:00 2001 +From c3662fa58a446e49121e54913031dc07719f6ba9 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Tue, 15 Oct 2024 09:44:08 +0800 +Date: Tue, 15 Oct 2024 10:13:50 +0800 Subject: [PATCH] add gs_lib_ctx_core_t --- - base/gslibctx.h | 89 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 89 insertions(+) + base/gslibctx.h | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) diff --git a/base/gslibctx.h b/base/gslibctx.h -index ece9a20..0d47334 100644 +index ece9a20..4140a39 100644 --- a/base/gslibctx.h +++ b/base/gslibctx.h -@@ -101,6 +101,95 @@ typedef struct gs_lib_ctx_s +@@ -101,6 +101,44 @@ typedef struct gs_lib_ctx_s void *sjpxd_private; /* optional for use of jpx codec */ } gs_lib_ctx_t; @@ -22,7 +22,6 @@ index ece9a20..0d47334 100644 + FILE *fstdin; + FILE *fstdout; + FILE *fstderr; -+ gp_file *fstdout2; /* for redirecting %stdout and diagnostics */ + int stdout_is_redirected; /* to stderr or fstdout2 */ + int stdout_to_stderr; + int stdin_is_interactive; @@ -43,66 +42,16 @@ index ece9a20..0d47334 100644 + int act_on_uel; + + int path_control_active; -+ gs_path_control_set_t permit_reading; -+ gs_path_control_set_t permit_writing; -+ gs_path_control_set_t permit_control; -+ gs_fs_list_t *fs; + /* Ideally this pointer would only be present in CAL builds, + * but that's too hard to arrange, so we live with it in + * all builds. */ + void *cal_ctx; + -+ gs_callout_list_t *callouts; -+ + /* Stashed args */ + int arg_max; + int argc; + char **argv; +} gs_lib_ctx_core_t; -+ -+typedef struct gs_lib_ctx_s -+{ -+ gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -+ gs_lib_ctx_core_t *core; -+ void *top_of_system; /* use accessor functions to walk down the system -+ * to the desired structure gs_lib_ctx_get_*() -+ */ -+ name_table_ptr gs_name_table; /* hack this is the ps interpreters name table -+ * doesn't belong here -+ */ -+ gs_gc_root_ptr name_table_root; -+ /* Define whether dictionaries expand automatically when full. */ -+ int dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */ -+ /* A table of local copies of the IODevices */ -+ struct gx_io_device_s **io_device_table; -+ int io_device_table_count; -+ int io_device_table_size; -+ gs_gc_root_ptr io_device_table_root; -+ client_check_file_permission_t client_check_file_permission; -+ /* Define the default value of AccurateScreens that affects setscreen -+ and setcolorscreen. */ -+ int screen_accurate_screens; -+ uint screen_min_screen_levels; -+ /* Accuracy vs. performance for ICC color */ -+ uint icc_color_accuracy; -+ /* real time clock 'bias' value. Not strictly required, but some FTS -+ * tests work better if realtime starts from 0 at boot time. */ -+ long real_time_0[2]; -+ -+ /* font directory - see gsfont.h */ -+ gs_font_dir *font_dir; -+ gs_gc_root_ptr font_dir_root; -+ /* Keep the path for the ICCProfiles here so devices and the icc_manager -+ * can get to it. Prevents needing two copies, one in the icc_manager -+ * and one in the device */ -+ char *profiledir; /* Directory used in searching for ICC profiles */ -+ int profiledir_len; /* length of directory name (allows for Unicode) */ -+ void *cms_context; /* Opaque context pointer from underlying CMS in use */ -+ gs_fapi_server **fapi_servers; -+ char *default_device_list; -+ int gcsignal; -+ void *sjpxd_private; /* optional for use of jpx codec */ -+} gs_lib_ctx_t; + enum { GS_SCANCONVERTER_OLD = 0, -- Gitee From 86ff6623a97e7d33dc9156d3fff42b44bcecf871 Mon Sep 17 00:00:00 2001 From: ut005731 Date: Tue, 15 Oct 2024 10:44:50 +0800 Subject: [PATCH 4/6] cve: cve-2024-33871 --- 0004-add-gs_lib_ctx_core_t-core.patch | 23 +++++++++++++++++++++++ ghostscript.spec | 1 + 2 files changed, 24 insertions(+) create mode 100644 0004-add-gs_lib_ctx_core_t-core.patch diff --git a/0004-add-gs_lib_ctx_core_t-core.patch b/0004-add-gs_lib_ctx_core_t-core.patch new file mode 100644 index 0000000..47ab8b7 --- /dev/null +++ b/0004-add-gs_lib_ctx_core_t-core.patch @@ -0,0 +1,23 @@ +From c60e5120cb6b002a8d88982011a2b5d514b1147d Mon Sep 17 00:00:00 2001 +From: ut005731 +Date: Tue, 15 Oct 2024 10:43:18 +0800 +Subject: [PATCH] add gs_lib_ctx_core_t core + +--- + base/gslibctx.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/base/gslibctx.h b/base/gslibctx.h +index 4140a39..6170667 100644 +--- a/base/gslibctx.h ++++ b/base/gslibctx.h +@@ -42,6 +42,7 @@ typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fna + typedef struct gs_lib_ctx_s + { + gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ ++ gs_lib_ctx_core_t *core; + FILE *fstdin; + FILE *fstdout; + FILE *fstderr; +-- +2.39.3 diff --git a/ghostscript.spec b/ghostscript.spec index fd62470..9b2ca66 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -116,6 +116,7 @@ Patch101: ghostscript-9.25-101-reenable-cups-filters.patch Patch102: 0001-cve-CVE-2024-33871.patch Patch103: 0002-add-gs_is_path_control_active.patch Patch104: 0003-add-gs_lib_ctx_core_t.patch +Patch105: 0004-add-gs_lib_ctx_core_t-core.patch #end -- Gitee From b4fe7b51ca838a5ee22d1d2b1f3810c9e2423ead Mon Sep 17 00:00:00 2001 From: ut005731 Date: Tue, 15 Oct 2024 13:11:25 +0800 Subject: [PATCH 5/6] cve: cve-2024-33871 --- 0003-add-gs_lib_ctx_core_t.patch | 61 --------------------------- 0004-add-gs_lib_ctx_core_t-core.patch | 23 ---------- ghostscript.spec | 2 - 3 files changed, 86 deletions(-) delete mode 100644 0003-add-gs_lib_ctx_core_t.patch delete mode 100644 0004-add-gs_lib_ctx_core_t-core.patch diff --git a/0003-add-gs_lib_ctx_core_t.patch b/0003-add-gs_lib_ctx_core_t.patch deleted file mode 100644 index f7a2609..0000000 --- a/0003-add-gs_lib_ctx_core_t.patch +++ /dev/null @@ -1,61 +0,0 @@ -From c3662fa58a446e49121e54913031dc07719f6ba9 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 15 Oct 2024 10:13:50 +0800 -Subject: [PATCH] add gs_lib_ctx_core_t - ---- - base/gslibctx.h | 38 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 38 insertions(+) - -diff --git a/base/gslibctx.h b/base/gslibctx.h -index ece9a20..4140a39 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -101,6 +101,44 @@ typedef struct gs_lib_ctx_s - void *sjpxd_private; /* optional for use of jpx codec */ - } gs_lib_ctx_t; - -+typedef struct { -+ void *monitor; -+ int refs; -+ gs_memory_t *memory; -+ FILE *fstdin; -+ FILE *fstdout; -+ FILE *fstderr; -+ int stdout_is_redirected; /* to stderr or fstdout2 */ -+ int stdout_to_stderr; -+ int stdin_is_interactive; -+ void *default_caller_handle; /* identifies caller of GS DLL/shared object */ -+ void *std_caller_handle; -+ void *poll_caller_handle; -+ void *custom_color_callback; /* pointer to color callback structure */ -+ int (GSDLLCALL *stdin_fn)(void *caller_handle, char *buf, int len); -+ int (GSDLLCALL *stdout_fn)(void *caller_handle, const char *str, int len); -+ int (GSDLLCALL *stderr_fn)(void *caller_handle, const char *str, int len); -+ int (GSDLLCALL *poll_fn)(void *caller_handle); -+ ulong gs_next_id; /* gs_id initialized here, private variable of gs_next_ids() */ -+ /* True if we are emulating CPSI. Ideally this would be in the imager -+ * state, but this can't be done due to problems detecting changes in it -+ * for the clist based devices. */ -+ int CPSI_mode; -+ int scanconverter; -+ int act_on_uel; -+ -+ int path_control_active; -+ /* Ideally this pointer would only be present in CAL builds, -+ * but that's too hard to arrange, so we live with it in -+ * all builds. */ -+ void *cal_ctx; -+ -+ /* Stashed args */ -+ int arg_max; -+ int argc; -+ char **argv; -+} gs_lib_ctx_core_t; -+ - enum { - GS_SCANCONVERTER_OLD = 0, - GS_SCANCONVERTER_DEFAULT = 1, --- -2.39.3 - diff --git a/0004-add-gs_lib_ctx_core_t-core.patch b/0004-add-gs_lib_ctx_core_t-core.patch deleted file mode 100644 index 47ab8b7..0000000 --- a/0004-add-gs_lib_ctx_core_t-core.patch +++ /dev/null @@ -1,23 +0,0 @@ -From c60e5120cb6b002a8d88982011a2b5d514b1147d Mon Sep 17 00:00:00 2001 -From: ut005731 -Date: Tue, 15 Oct 2024 10:43:18 +0800 -Subject: [PATCH] add gs_lib_ctx_core_t core - ---- - base/gslibctx.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/gslibctx.h b/base/gslibctx.h -index 4140a39..6170667 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -42,6 +42,7 @@ typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fna - typedef struct gs_lib_ctx_s - { - gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -+ gs_lib_ctx_core_t *core; - FILE *fstdin; - FILE *fstdout; - FILE *fstderr; --- -2.39.3 diff --git a/ghostscript.spec b/ghostscript.spec index 9b2ca66..3cc37f3 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -115,8 +115,6 @@ Patch101: ghostscript-9.25-101-reenable-cups-filters.patch #add by uos Patch102: 0001-cve-CVE-2024-33871.patch Patch103: 0002-add-gs_is_path_control_active.patch -Patch104: 0003-add-gs_lib_ctx_core_t.patch -Patch105: 0004-add-gs_lib_ctx_core_t-core.patch #end -- Gitee From f821817711d4c49519e470fdc6ade0ebf75024a3 Mon Sep 17 00:00:00 2001 From: ut005731 Date: Tue, 15 Oct 2024 13:43:31 +0800 Subject: [PATCH 6/6] cve: cve-2024-33871 --- 0003-gs_lib_ctx_core_t.patch | 67 ++++++++++++++++++++++++++++++++++++ ghostscript.spec | 1 + 2 files changed, 68 insertions(+) create mode 100644 0003-gs_lib_ctx_core_t.patch diff --git a/0003-gs_lib_ctx_core_t.patch b/0003-gs_lib_ctx_core_t.patch new file mode 100644 index 0000000..904ad99 --- /dev/null +++ b/0003-gs_lib_ctx_core_t.patch @@ -0,0 +1,67 @@ +From 6edca04372cd1ac4794ce61c2cb8790881eb4753 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 15 Oct 2024 13:41:29 +0800 +Subject: [PATCH] gs_lib_ctx_core_t + +--- + base/gslibctx.h | 41 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +diff --git a/base/gslibctx.h b/base/gslibctx.h +index ece9a20..9f7dc0e 100644 +--- a/base/gslibctx.h ++++ b/base/gslibctx.h +@@ -39,9 +39,50 @@ typedef struct gs_font_dir_s gs_font_dir; + + typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission); + ++typedef struct { ++ void *monitor; ++ int refs; ++ gs_memory_t *memory; ++ FILE *fstdin; ++ FILE *fstdout; ++ FILE *fstderr; ++ int stdout_is_redirected; /* to stderr or fstdout2 */ ++ int stdout_to_stderr; ++ int stdin_is_interactive; ++ void *default_caller_handle; /* identifies caller of GS DLL/shared object */ ++ void *std_caller_handle; ++ void *poll_caller_handle; ++ void *custom_color_callback; /* pointer to color callback structure */ ++ ulong gs_next_id; /* gs_id initialized here, private variable of gs_next_ids() */ ++ /* True if we are emulating CPSI. Ideally this would be in the imager ++ * state, but this can't be done due to problems detecting changes in it ++ * for the clist based devices. */ ++ int CPSI_mode; ++ int scanconverter; ++ int act_on_uel; ++ ++ int path_control_active; ++ /* Ideally this pointer would only be present in CAL builds, ++ * but that's too hard to arrange, so we live with it in ++ * all builds. */ ++ void *cal_ctx; ++ ++ void *cms_context; /* Opaque context pointer from underlying CMS in use */ ++ ++ /* Stashed args */ ++ int arg_max; ++ int argc; ++ char **argv; ++ ++ /* clist io procs pointers. Indirected through here to allow ++ * easy build time selection. */ ++ ++} gs_lib_ctx_core_t; ++ + typedef struct gs_lib_ctx_s + { + gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ ++ gs_lib_ctx_core_t *core; + FILE *fstdin; + FILE *fstdout; + FILE *fstderr; +-- +2.39.3 + diff --git a/ghostscript.spec b/ghostscript.spec index 3cc37f3..24135aa 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -115,6 +115,7 @@ Patch101: ghostscript-9.25-101-reenable-cups-filters.patch #add by uos Patch102: 0001-cve-CVE-2024-33871.patch Patch103: 0002-add-gs_is_path_control_active.patch +Patch104: 0003-gs_lib_ctx_core_t.patch #end -- Gitee