From ae02a370b79ba3fe1b765c5d11f900feebe1d0f7 Mon Sep 17 00:00:00 2001 From: wh02252983 Date: Mon, 1 Dec 2025 17:07:41 +0800 Subject: [PATCH] [CVE] add patch to fix CVE-2025-7462 To # N/A add patch to fix CVE-2025-7462 Project: TC2024080204 Signed-off-by: wh02252983 wh02252983@alibaba-inc.com --- 4-bugfix-for-CVE-2025-7462.patch | 47 ++++++++++++++++++++++++++++++++ ghostscript.spec | 11 ++++++-- 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 4-bugfix-for-CVE-2025-7462.patch diff --git a/4-bugfix-for-CVE-2025-7462.patch b/4-bugfix-for-CVE-2025-7462.patch new file mode 100644 index 0000000..27d6f6c --- /dev/null +++ b/4-bugfix-for-CVE-2025-7462.patch @@ -0,0 +1,47 @@ +From 619a106ba4c4abed95110f84d5efcd7aee38c7cb Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 25 Jun 2025 13:23:41 +0100 +Subject: Bug 708606: Catch a null file pointer closing pdfwrite. + +In the event of an error opening a new output file. +--- + devices/vector/gdevpdf.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c +index e75f33a6c..d7d5e8c6b 100644 +--- a/devices/vector/gdevpdf.c ++++ b/devices/vector/gdevpdf.c +@@ -983,7 +983,10 @@ pdf_ferror(gx_device_pdf *pdev) + { + int code = 0; + +- gp_fflush(pdev->file); ++ if (pdev->file != NULL) { ++ gp_fflush(pdev->file); ++ code = gp_ferror(pdev->file); ++ } + gp_fflush(pdev->xref.file); + if (pdev->strm->file != NULL) + sflush(pdev->strm); +@@ -992,12 +995,13 @@ pdf_ferror(gx_device_pdf *pdev) + if (pdev->streams.strm->file != NULL) + sflush(pdev->streams.strm); + if (pdev->ObjStm.strm != NULL && pdev->ObjStm.strm->file != NULL) { ++ int code2; + sflush(pdev->ObjStm.strm); +- code = gp_ferror(pdev->ObjStm.file); ++ code2 = gp_ferror(pdev->ObjStm.file); ++ if (code >= 0) code = code2; + } +- return gp_ferror(pdev->file) || gp_ferror(pdev->xref.file) || +- gp_ferror(pdev->asides.file) || gp_ferror(pdev->streams.file) || +- code; ++ return gp_ferror(pdev->xref.file) || gp_ferror(pdev->asides.file) || ++ gp_ferror(pdev->streams.file) || code; + } + + /* Compute the dominant text orientation of a page. */ +-- +cgit v1.2.3 + diff --git a/ghostscript.spec b/ghostscript.spec index 08493d1..932a024 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,4 +1,4 @@ -%define anolis_release 4 +%define anolis_release 5 %global _hardened_build 1 %global _docdir_fmt %{name} @@ -41,6 +41,8 @@ Patch2: 2-bugfix-for-CVE-2025-59798.patch # https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350.patch Patch3: 3-bugfix-for-CVE-2025-59800.patch +# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4abed95110f84d5efcd7aee38c7cb +Patch4: 4-bugfix-for-CVE-2025-7462.patch %description Ghostscript is an interpreter for PostScript® and Portable Document Format (PDF) files. @@ -235,6 +237,9 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/ %changelog +* Mon Dec 1 2025 wh02252983 - 10.05.1-5 +- Add patch to fix CVE-2025-7462 + * Sat Nov 15 2025 tomcruiseqi - 10.05.1-4 - Fix CVE-2025-59800 @@ -243,12 +248,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/ * Fri Oct 31 2025 tomcruiseqi - 10.05.1-2 - Fix CVE-2025-59799 -- Remove commented patches +- Remove unused patches * Fri May 23 2025 yangxinyu - 10.05.1-1 - New version 10.05.1 -* Thu Apr 29 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 10.03.0-7 +* Tue Apr 29 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 10.03.0-7 - Fix CVE-2025-46646 * Mon Apr 28 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 10.03.0-6 -- Gitee