fix CVE-2022-2085
This commit is contained in:
panxiaohe
parent
22efb3ed8a
commit
e31c7a99d2
38
backport-CVE-2022-2085.patch
Normal file
38
backport-CVE-2022-2085.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From ae1061d948d88667bdf51d47d918c4684d0f67df Mon Sep 17 00:00:00 2001
|
||||
From: Robin Watts <Robin.Watts@artifex.com>
|
||||
Date: Wed, 16 Feb 2022 15:22:50 +0000
|
||||
Subject: [PATCH] Bug 704945: Add init_device_procs entry for mem_x_device.
|
||||
|
||||
When allocating a buffer device, we rely on an init_device_procs
|
||||
being defined for the device we are using as a prototype. Which
|
||||
device we use as a prototype depends upon the number of bits per
|
||||
pixel we are using. For bpp > 64, we use mem_x_device, which does
|
||||
not currently have an init_device_procs defined.
|
||||
|
||||
This is a fairly hard case to tickle, as very few devices use
|
||||
more than 64 bits per pixel. The DeviceN device is one of the
|
||||
few that does, and then the problem only kicks in if the
|
||||
MaxBitmap figure is high enough (or conversely the resolution is
|
||||
low enough).
|
||||
---
|
||||
base/gdevmx.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/base/gdevmx.c b/base/gdevmx.c
|
||||
index 08b0cbcfe1..89e9ff7745 100644
|
||||
--- a/base/gdevmx.c
|
||||
+++ b/base/gdevmx.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* Copyright (C) 2001-2021 Artifex Software, Inc.
|
||||
+/* Copyright (C) 2001-2022 Artifex Software, Inc.
|
||||
All Rights Reserved.
|
||||
|
||||
This software is provided AS-IS with no warranty, either express or
|
||||
@@ -25,4 +25,4 @@
|
||||
|
||||
/* The device descriptor. */
|
||||
const gx_device_memory mem_x_device =
|
||||
- mem_device("imagex", 256, 0, NULL);
|
||||
+ mem_device("imagex", 256, 0, mem_initialize_device_procs);
|
||||
--
|
||||
2.25.1
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: ghostscript
|
||||
Version: 9.55.0
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: An interpreter for PostScript and PDF files
|
||||
License: AGPLv3+
|
||||
URL: https://ghostscript.com/
|
||||
@ -17,6 +17,7 @@ Source0: https://github.com/ArtifexSoftware/ghostpdl-downloads/releases
|
||||
|
||||
Patch0: ghostscript-9.23-100-run-dvipdf-securely.patch
|
||||
Patch1: backport-Bug-704405-Fix-typo-in-non-forked-lcms2-code.patch
|
||||
Patch2: backport-CVE-2022-2085.patch
|
||||
|
||||
BuildRequires: automake gcc
|
||||
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
|
||||
@ -177,6 +178,9 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
|
||||
%{_bindir}/dvipdf
|
||||
|
||||
%changelog
|
||||
* Tue Jul 5 2022 panxiaohe <panxh.life@foxmail.com> - 9.55.0-2
|
||||
- fix CVE-2022-2085
|
||||
|
||||
* Sat Dec 11 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 9.55.0-1
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user