From 456eee6041139ec7ed72a1a3edd287a31b304699 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Fri, 23 May 2025 20:56:32 +0800
Subject: [PATCH] Fix CVE-2025-48708

---
 backport-CVE-2025-48708.patch | 29 +++++++++++++++++++++++++++++
 ghostscript.spec              |  9 ++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-48708.patch

diff --git a/backport-CVE-2025-48708.patch b/backport-CVE-2025-48708.patch
new file mode 100644
index 0000000..0a80ba9
--- /dev/null
+++ b/backport-CVE-2025-48708.patch
@@ -0,0 +1,29 @@
+From b587663c623b4462f9e78686a31fd880207303ee Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Sat, 12 Apr 2025 10:24:43 +0100
+Subject: [PATCH] Argument sanitisation - handle '#' as per '='
+
+Bug 708446
+---
+ base/gslibctx.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index da8fa25..c736874 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -1022,9 +1022,9 @@ gs_lib_ctx_stash_sanitized_arg(gs_lib_ctx_t *ctx, const char *arg)
+         case 'S':
+             /* By default, we want to keep the key, but lose the value */
+             p = arg+2;
+-            while (*p && *p != '=')
++            while (*p && *p != '=' && *p != '#')
+                 p++;
+-            if (*p == '=')
++            if (*p == '='|| *p == '#')
+                 p++;
+             if (*p == 0)
+                 break; /* No value to elide */
+-- 
+2.47.1
+
diff --git a/ghostscript.spec b/ghostscript.spec
index b1bf3ef..bc44944 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.52
-Release:          23
+Release:          24
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -71,6 +71,7 @@ Patch52:  backport-CVE-2025-27836.patch
 Patch53:  backport-Fix-memory-leak-in-pdfwrite-device.patch
 Patch54:  backport-Fix-memory-leak-on-error-in-bitmap_paint-and-its-cal.patch
 Patch55:  backport-Fix-memory-leaks-in-tiffsep.patch
+Patch56:  backport-CVE-2025-48708.patch
 
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@@ -231,6 +232,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf
 
 %changelog
+* Fri May 23 2025 Funda Wang <fundawang@yeah.net> - 9.52-24
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: Fix CVE-2025-48708
+
 * Thu Apr 17 2025 hugel <gengqihu2@h-partners.com> - 9.52-23
 - Type:bugfix
 - ID:NA
-- 
Gitee