From 43bcbd9288c083abc87e27dcfd7b0e9b1abd4498 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Fri, 25 Jul 2025 02:43:06 +0800
Subject: [PATCH] fix CVE-2025-7462

---
 backport-CVE-2025-7462.patch | 47 ++++++++++++++++++++++++++++++++++++
 ghostscript.spec             |  6 ++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-7462.patch

diff --git a/backport-CVE-2025-7462.patch b/backport-CVE-2025-7462.patch
new file mode 100644
index 0000000..27d6f6c
--- /dev/null
+++ b/backport-CVE-2025-7462.patch
@@ -0,0 +1,47 @@
+From 619a106ba4c4abed95110f84d5efcd7aee38c7cb Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 25 Jun 2025 13:23:41 +0100
+Subject: Bug 708606: Catch a null file pointer closing pdfwrite.
+
+In the event of an error opening a new output file.
+---
+ devices/vector/gdevpdf.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c
+index e75f33a6c..d7d5e8c6b 100644
+--- a/devices/vector/gdevpdf.c
++++ b/devices/vector/gdevpdf.c
+@@ -983,7 +983,10 @@ pdf_ferror(gx_device_pdf *pdev)
+ {
+     int code = 0;
+ 
+-    gp_fflush(pdev->file);
++    if (pdev->file != NULL) {
++        gp_fflush(pdev->file);
++        code = gp_ferror(pdev->file);
++    }
+     gp_fflush(pdev->xref.file);
+     if (pdev->strm->file != NULL)
+         sflush(pdev->strm);
+@@ -992,12 +995,13 @@ pdf_ferror(gx_device_pdf *pdev)
+     if (pdev->streams.strm->file != NULL)
+         sflush(pdev->streams.strm);
+     if (pdev->ObjStm.strm != NULL && pdev->ObjStm.strm->file != NULL) {
++        int code2;
+         sflush(pdev->ObjStm.strm);
+-        code = gp_ferror(pdev->ObjStm.file);
++        code2 = gp_ferror(pdev->ObjStm.file);
++        if (code >= 0) code = code2;
+     }
+-    return gp_ferror(pdev->file) || gp_ferror(pdev->xref.file) ||
+-        gp_ferror(pdev->asides.file) || gp_ferror(pdev->streams.file) ||
+-        code;
++    return gp_ferror(pdev->xref.file) || gp_ferror(pdev->asides.file) ||
++           gp_ferror(pdev->streams.file) || code;
+ }
+ 
+ /* Compute the dominant text orientation of a page. */
+-- 
+cgit v1.2.3
+
diff --git a/ghostscript.spec b/ghostscript.spec
index add4f25..30cd8b0 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,13 +9,14 @@
 
 Name:             ghostscript
 Version:          10.05.1
-Release:          1
+Release:          2
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPL-3.0-or-later
 URL:              https://ghostscript.com/
 Source0:          https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs%{version_short}/ghostscript-%{version}.tar.xz
 
 Patch0:           ghostscript-9.23-100-run-dvipdf-securely.patch
+Patch6001:        backport-CVE-2025-7462.patch
 
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@@ -181,6 +182,9 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/gsx
 
 %changelog
+* Fri Jul 25 2025 Funda Wang <fundawang@yeah.net> - 10.05.1-2
+- fix CVE-2025-7462
+
 * Wed Apr 30 2025 Funda Wang <fundawang@yeah.net> - 10.05.1-1
 - update to 10.05.1
 
-- 
Gitee