ghostscript: fix CVE-2024-33871

Added dependent patch [1] for backporting this CVE [1] 8b47f269b8 (From OE-Core rev: edcaa55aa53d51528ae77d1f4b544309c8e1e48e) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-03-06 23:39:40 +01:00 · 2024-05-29 05:41:18 +00:00
parent acf74d7113
commit c44a4b4958
3 changed files with 4908 additions and 0 deletions
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0001.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0001.patch
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0002.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0002.patch
@@ -0,0 +1,43 @@
+From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Mon, 22 Apr 2024 13:33:47 +0100
+Subject: [PATCH 7/7] OPVP device - prevent unsafe parameter change with SAFER
+
+Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library"
+
+The "Driver" parameter for the "opvp"/"oprp" device specifies the name
+of a dynamic library and allows any library to be loaded.
+
+The patch does not allow changing this parameter after activating path
+control.
+
+This addresses CVE-2024-33871
+
+CVE: CVE-2024-33871
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc2396]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ contrib/opvp/gdevopvp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
+index 64afbfe..f49a380 100644
+--- a/contrib/opvp/gdevopvp.c
+++ b/contrib/opvp/gdevopvp.c
+@@ -3453,6 +3453,12 @@ _put_params(gx_device *dev, gs_param_list *plist)
+     code = param_read_string(plist, pname, &vdps);
+     switch (code) {
+     case 0:
+        if (gs_is_path_control_active(dev->memory)
+            && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size
+                || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
+            param_signal_error(plist, pname, gs_error_invalidaccess);
+            return_error(gs_error_invalidaccess);
+        }
+         buff = realloc(buff, vdps.size + 1);
+         memcpy(buff, vdps.data, vdps.size);
+         buff[vdps.size] = 0;
+--
+2.40.0
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -46,6 +46,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                file://CVE-2024-33870.patch \
                file://CVE-2024-33869-0001.patch \
                file://CVE-2024-33869-0002.patch \
+                file://CVE-2024-33871-0001.patch \
+                file://CVE-2024-33871-0002.patch \
 "

 SRC_URI = "${SRC_URI_BASE} \