From ac992eb585f15519f3c31a9f72b956ef6dae5132 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Mon, 25 Dec 2023 11:59:27 +0800
Subject: [PATCH] fix CVE-2023-46751

---
 backport-CVE-2023-46751.patch | 30 ++++++++++++++++++++++++++++++
 ghostscript.spec              | 11 +++++++++--
 2 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 backport-CVE-2023-46751.patch

diff --git a/backport-CVE-2023-46751.patch b/backport-CVE-2023-46751.patch
new file mode 100644
index 0000000..b4a9aee
--- /dev/null
+++ b/backport-CVE-2023-46751.patch
@@ -0,0 +1,30 @@
+From 5d2da96e81c7455338302c71a291088a8396245a Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 16 Oct 2023 16:49:40 +0100
+Subject: [PATCH] Bug 707264: Fix tiffsep(1) requirement for seekable output
+ files
+
+In the device initialization redesign, tiffsep and tiffsep1 lost the requirement
+for the output files to be seekable.
+
+Fixing that highlighted a problem with the error handling in
+gdev_prn_open_printer_seekable() where closing the erroring file would leave a
+dangling pointer, and lead to a crash.
+---
+ base/gdevprn.c     | 1 +
+ devices/gdevtsep.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/base/gdevprn.c b/base/gdevprn.c
+index 0491a3c6c..033632387 100644
+--- a/base/gdevprn.c
++++ b/base/gdevprn.c
+@@ -1271,6 +1271,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
+               && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
+ 
+                 code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
++                ppdev->file = NULL;
+                 if (code < 0)
+                     return code;
+             }
+2.34.1
diff --git a/ghostscript.spec b/ghostscript.spec
index 8e09038..ceb9b2a 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.52
-Release:          11
+Release:          12
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -52,7 +52,8 @@ Patch33: backport-CVE-2021-3781-BUg-704342-Include-device-specifier-strings-in-a
 Patch34: CVE-2023-38559.patch
 Patch35: CVE-2023-28879.patch
 Patch36: CVE-2023-36664.patch
-Patch37: backport-CVE-2023-43115-Bug707051-IJS-device-try-and-secure-the-IJS-server-startup.patch 
+Patch37: backport-CVE-2023-43115-Bug707051-IJS-device-try-and-secure-the-IJS-server-startup.patch
+Patch38: backport-CVE-2023-46751.patch
 
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@@ -213,6 +214,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf
 
 %changelog
+* Mon Dec 25 2023 liningjie <liningjie@xfusion.com> - 9.52-12
+- Type:CVE
+- ID:CVE-2023-46751
+- SUG:NA
+- DESC:fix CVE-2023-46751
+
 * Fri Sep 22 2023 dillon chen <dillon.chen@gmail.com> - 9.52-11
 - Type:CVE
 - ID:CVE-2023-43115
-- 
Gitee