Hello community, here is the log from the commit of package ghostscript-library for openSUSE:Factory checked in at Fri Dec 4 13:08:42 CET 2009. -------- --- ghostscript-library/ghostscript-library.changes 2009-11-24 13:02:17.000000000 +0100 +++ /mounts/work_src_done/STABLE/ghostscript-library/ghostscript-library.changes 2009-11-30 14:54:33.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Nov 30 14:42:21 CET 2009 - werner@suse.de + +- Fix possible vulnerability in ghostscript 8.64 (bnc#559122) + +------------------------------------------------------------------- ghostscript-mini.changes: same change calling whatdependson for head-i586 New: ---- ghostscript-8.64-bnc559122.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-library.spec ++++++ --- /var/tmp/diff_new_pack.KVq5Zb/_old 2009-12-04 13:06:25.000000000 +0100 +++ /var/tmp/diff_new_pack.KVq5Zb/_new 2009-12-04 13:06:25.000000000 +0100 @@ -64,7 +64,7 @@ Summary: Necessary Files for Running Ghostscript %endif Version: 8.64 -Release: 6 +Release: 7 License: GPLv2+ Source0: ghostscript-8.64.tar.bz2 Source1: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/current/ghostscript-fonts-std-8.11.tar.bz2 @@ -127,6 +127,7 @@ Patch51: ghostscript-CVE-2009-0196.patch Patch52: ghostscript-CVE-2009-0792.patch Patch53: ghostscript-8.64-jbig2broken.dif +Patch54: ghostscript-8.64-bnc559122.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %suse_version > 1010 %define xfontdir /usr/share/fonts @@ -327,7 +328,7 @@ %package -n libgimpprint License: GPLv2+ Version: 4.2.7 -Release: 314 +Release: 315 Summary: Gimp-Print libraries Group: Development/Libraries/C and C++ @@ -343,7 +344,7 @@ %package -n libgimpprint-devel License: GPLv2+ Version: 4.2.7 -Release: 314 +Release: 315 PreReq: %install_info_prereq Requires: libgimpprint = %{version} Requires: glibc-devel @@ -424,6 +425,7 @@ %patch51 -p0 -b .CVE20090196 %patch52 -p0 -b .CVE20090792 %patch53 -p0 -b .jbig2broken +%patch54 -p0 -b .bnc559122 %patch1 -p0 -b .pdf %patch2 -p0 -b .sgirdb %patch3 -p0 -b .x11 ghostscript-mini.spec: same change ++++++ ghostscript-8.64-bnc559122.patch ++++++ --- base/gsmisc.c +++ base/gsmisc.c 2009-11-24 17:16:39.000000000 +0000 @@ -70,10 +70,10 @@ int outprintf(const gs_memory_t *mem, co va_start(args, fmt); - count = vsprintf(buf, fmt, args); + count = vsnprintf(buf, sizeof (buf), fmt, args); outwrite(mem, buf, count); - if (count >= PRINTF_BUF_LENGTH) { - count = sprintf(buf, + if (count == -1 || count >= sizeof (buf)) { + count = snprintf(buf, sizeof (buf), "PANIC: printf exceeded %d bytes. Stack has been corrupted.\n", PRINTF_BUF_LENGTH); outwrite(mem, buf, count); @@ -90,10 +90,10 @@ int errprintf(const char *fmt, ...) va_start(args, fmt); - count = vsprintf(buf, fmt, args); + count = vsnprintf(buf, sizeof (buf), fmt, args); errwrite(buf, count); - if (count >= PRINTF_BUF_LENGTH) { - count = sprintf(buf, + if (count == -1 || count >= sizeof (buf)) { + count = snprintf(buf, sizeof (buf), "PANIC: printf exceeded %d bytes. Stack has been corrupted.\n", PRINTF_BUF_LENGTH); errwrite(buf, count); @@ -237,7 +237,7 @@ int gs_throw_imp(const char *func, const va_list ap; va_start(ap, fmt); - vsprintf(msg, fmt, ap); + vsnprintf(msg, sizeof (msg), fmt, ap); msg[sizeof(msg) - 1] = 0; va_end(ap); --- base/gxttfb.c +++ base/gxttfb.c 2009-11-24 17:16:39.000000000 +0000 @@ -246,7 +246,7 @@ static int DebugPrint(ttfFont *ttf, cons if (gs_debug_c('Y')) { va_start(args, fmt); - count = vsprintf(buf, fmt, args); + count = vsnprintf(buf, sizeof (buf), fmt, args); /* NB: moved debug output from stdout to stderr */ errwrite(buf, count); --- base/rinkj/rinkj-byte-stream.c +++ base/rinkj/rinkj-byte-stream.c 2009-11-24 17:16:39.000000000 +0000 @@ -43,7 +43,7 @@ rinkj_byte_stream_printf (RinkjByteStrea va_list ap; va_start (ap, fmt); - len = vsprintf (str, fmt, ap); + len = vsnprintf (str, sizeof (str), fmt, ap); va_end (ap); return rinkj_byte_stream_write (bs, str, len); } --- cups/gdevcups.c +++ cups/gdevcups.c 2009-11-24 17:16:12.000000000 +0000 @@ -2727,11 +2727,11 @@ cups_put_params(gx_device *pdev, /* } \ else if (code == 0) \ { \ - dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \ - (char *)stringval.data); \ strncpy(cups->header.name, (const char *)stringval.data, \ stringval.size); \ cups->header.name[stringval.size] = '\0'; \ + dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \ + cups->header.name); \ } #define intoption(name, sname, type) \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org