Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2024-01-04 15:55:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new.28375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Thu Jan 4 15:55:37 2024 rev:63 rq:1136517 version:9.56.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript.changes 2023-12-19 23:15:50.661559511 +0100 +++ /work/SRC/openSUSE:Factory/.ghostscript.new.28375/ghostscript.changes 2024-01-04 15:56:52.463372340 +0100 @@ -1,0 +2,11 @@ +Wed Jan 3 12:15:46 UTC 2024 - Johannes Meixner <[email protected]> + +- CVE-2023-46751.patch is + https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 + adapted for Ghostscript-9.56.1 that fixes + https://bugs.ghostscript.com/show_bug.cgi?id=707264 + which includes a fix for CVE-2023-46751 + "dangling pointer in gdev_prn_open_printer_seekable()" + (bsc#1217871) + +------------------------------------------------------------------- New: ---- CVE-2023-46751.patch BETA DEBUG BEGIN: New: - CVE-2023-46751.patch is https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.EYlqGH/_old 2024-01-04 15:56:53.275402004 +0100 +++ /var/tmp/diff_new_pack.EYlqGH/_new 2024-01-04 15:56:53.279402150 +0100 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -83,6 +83,14 @@ # see https://bugs.ghostscript.com/show_bug.cgi?id=707051 # and https://bugzilla.suse.com/show_bug.cgi?id=1215466 Patch105: CVE-2023-43115.patch +# Patch106 CVE-2023-46751.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 +# adapted for Ghostscript-9.56.1 that fixes +# https://bugs.ghostscript.com/show_bug.cgi?id=707264 +# which includes a fix for CVE-2023-46751 +# "dangling pointer in gdev_prn_open_printer_seekable()" +# see https://bugzilla.suse.com/show_bug.cgi?id=1217871 +Patch106: CVE-2023-46751.patch # Build Requirements: BuildRequires: freetype2-devel BuildRequires: libjpeg-devel @@ -318,6 +326,14 @@ # see https://bugs.ghostscript.com/show_bug.cgi?id=707051 # and https://bugzilla.suse.com/show_bug.cgi?id=1215466 %patch105 +# Patch106 CVE-2023-46751.patch is +# https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13 +# adapted for Ghostscript-9.56.1 that fixes +# https://bugs.ghostscript.com/show_bug.cgi?id=707264 +# which includes a fix for CVE-2023-46751 +# "dangling pointer in gdev_prn_open_printer_seekable()" +# see https://bugzilla.suse.com/show_bug.cgi?id=1217871 +%patch106 # Remove patch backup files to avoid packaging # cf. https://build.opensuse.org/request/show/581052 rm -f Resource/Init/*.ps.orig ++++++ CVE-2023-46751.patch ++++++ --- base/gdevprn.c.orig 2022-04-04 15:48:49.000000000 +0200 +++ base/gdevprn.c 2024-01-03 12:53:20.009504451 +0100 @@ -1268,6 +1268,7 @@ gdev_prn_open_printer_seekable(gx_device && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) { code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file); + ppdev->file = NULL; if (code < 0) return code; } --- devices/gdevtsep.c.orig 2022-04-04 15:48:49.000000000 +0200 +++ devices/gdevtsep.c 2024-01-03 13:04:42.048210048 +0100 @@ -736,6 +736,7 @@ tiffsep_initialize_device_procs(gx_devic { gdev_prn_initialize_device_procs(dev); + set_dev_proc(dev, output_page, gdev_prn_output_page_seekable); set_dev_proc(dev, open_device, tiffsep_prn_open); set_dev_proc(dev, close_device, tiffsep_prn_close); set_dev_proc(dev, map_color_rgb, tiffsep_decode_color);
