From 87aaf2368d8690e19b4c82dd34295d4de0bb68ec Mon Sep 17 00:00:00 2001 From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> Date: Fri, 31 Oct 2025 22:41:58 +0800 Subject: [PATCH] [CVE] CVE-2025-59799 to #26340 add patch to fix CVE-2025-59799 Project: TC2024080204 Signed-off-by: tomcruiseqi --- 1-bugfix-for-CVE-2025-59799.patch | 37 +++++++++++++++ ghostscript.spec | 77 +++---------------------------- 2 files changed, 44 insertions(+), 70 deletions(-) create mode 100644 1-bugfix-for-CVE-2025-59799.patch diff --git a/1-bugfix-for-CVE-2025-59799.patch b/1-bugfix-for-CVE-2025-59799.patch new file mode 100644 index 0000000..304faa4 --- /dev/null +++ b/1-bugfix-for-CVE-2025-59799.patch @@ -0,0 +1,37 @@ +From 6dab38fb211f15226c242ab7a83fa53e4b0ff781 Mon Sep 17 00:00:00 2001 +From: Piotr Kajda +Date: Thu, 8 May 2025 11:37:09 +0100 +Subject: [PATCH] pdfwrite - bounds check some strings + +Bug #708517 + +This differs very slightly from the proposed patch in the bug report, I +had a quick scout through the C file and found another similar case. + +Both fixed here. +--- + devices/vector/gdevpdfm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/devices/vector/gdevpdfm.c b/devices/vector/gdevpdfm.c +index 5aa3644e2e..4b1d7d89c3 100644 +--- a/devices/vector/gdevpdfm.c ++++ b/devices/vector/gdevpdfm.c +@@ -200,6 +200,8 @@ pdfmark_coerce_dest(gs_param_string *dstr, char dest[MAX_DEST_STRING]) + { + const byte *data = dstr->data; + uint size = dstr->size; ++ if (size > MAX_DEST_STRING) ++ return_error(gs_error_limitcheck); + if (size == 0 || data[0] != '(') + return 0; + /****** HANDLE ESCAPES ******/ +@@ -868,6 +870,8 @@ pdfmark_put_ao_pairs(gx_device_pdf * pdev, cos_dict_t *pcd, + char buf[30]; + int d0, d1; + ++ if (Action[1].size > 29) ++ return_error(gs_error_rangecheck); + memcpy(buf, Action[1].data, Action[1].size); + buf[Action[1].size] = 0; + if (sscanf(buf, "%d %d R", &d0, &d1) == 2) diff --git a/ghostscript.spec b/ghostscript.spec index d46fb7a..a39caa2 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %global _hardened_build 1 %global _docdir_fmt %{name} @@ -33,75 +33,8 @@ Obsoletes: ghostscript-core < 9.53.3-6 Patch0: ghostscript-10.01.0-fix-linkage.patch -# CVE-2024-29510 -# Tracking bug: https://security-tracker.debian.org/tracker/CVE-2024-29510 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f -#Patch1: Bugfix-for-CVE-2024-29510.patch - -# CVE-2024-33870 -# Tracking bug: https://security-tracker.debian.org/tracker/CVE-2024-33870 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 -#Patch2: Bugfix-for-CVE-2024-33870.patch - -# CVE-2024-33869 -# Tracking bug: https://security-tracker.debian.org/tracker/CVE-2024-33869 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 -#Patch3: Bugfix-for-CVE-2024-33869.patch - -# CVE-2024-33871 -# Tracking bug: https://security-tracker.debian.org/tracker/CVE-2024-33871 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 -#Patch4: Bugfix-for-CVE-2024-33871.patch - -# CVE-2025-27830 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708241 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dc17ab3fe8c -#Patch5: bugfix-for-cve-2025-27830.patch - -# CVE-2025-27831 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708132 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=e4db46d7529a -#Patch6: bugfix-for-cve-2025-27831.patch - -# CVE-2025-27832 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708133 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=36ac25fca7b -#Patch7: bugfix-for-cve-2025-27832.patch - -# CVE-2025-27833 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708259 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=477e36cfa1f -#Patch8: bugfix-for-cve-2025-27833.patch - -# CVE-2025-27834 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708253 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3885f830772 -#Patch9: bugfix-for-cve-2025-27834.patch - -# CVE-2025-27835 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708131 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=920fae68870 -#Patch10: bugfix-for-cve-2025-27835.patch - -# CVE-2025-27836 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708192 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=db77f4c0ce0 -#Patch11: bugfix-for-cve-2025-27836.patch - -# CVE-2025-27837 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708192 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=db77f4c0ce0 -#Patch12: bugfix-for-cve-2025-27837.patch - -# CVE-2024-46954 (parent) -# CVE-2025-46646 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=707788 -# Tracking bug: https://bugs.ghostscript.com/show_bug.cgi?id=708311 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/patch/?id=55f587dd039282316f512e1bea64218fd991f934 -# Upstream fix: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f -#Patch13: bugfix-for-cve-2024-46954.patch -#Patch14: bugfix-for-cve-2025-46646.patch +# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781.patch +Patch1: 1-bugfix-for-CVE-2025-59799.patch %description Ghostscript is an interpreter for PostScript® and Portable Document Format (PDF) files. @@ -296,6 +229,10 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/ %changelog +* Fri Oct 31 2025 tomcruiseqi - 10.05.1-2 +- Fix CVE-2025-59799 +- Remove commented patches + * Fri May 23 2025 yangxinyu - 10.05.1-1 - New version 10.05.1 -- Gitee