From 089cfd9eea1d20da3cc93e6575ff9df862eb7363 Mon Sep 17 00:00:00 2001
From: zhangxingrong <zhangxingrong@uniontech.com>
Date: Fri, 12 Jul 2024 15:16:17 +0800
Subject: [PATCH] add fix-CVE-2024-33869-second.patch

(cherry picked from commit a73c886d503a68b4f9852f4b979e08cac2e5256a)
---
 fix-CVE-2024-33869-second.patch | 49 +++++++++++++++++++++++++++++++++
 ghostscript.spec                | 13 ++++++++-
 2 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 fix-CVE-2024-33869-second.patch

diff --git a/fix-CVE-2024-33869-second.patch b/fix-CVE-2024-33869-second.patch
new file mode 100644
index 0000000..6be1cd7
--- /dev/null
+++ b/fix-CVE-2024-33869-second.patch
@@ -0,0 +1,49 @@
+From 77c8d6426fe91a2df8f3a37934f030ecc396cacb Mon Sep 17 00:00:00 2001
+From: zhangxingrong <zhangxingrong@uniontech.com>
+Date: Fri, 12 Jul 2024 15:09:12 +0800
+Subject: [PATCH] fix for CVE-2024-33869
+
+Bug 707691 part 2
+See bug thread for details
+
+This is the second part of the fix for CVE-2024-33869
+url:https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4
+---
+ base/gpmisc.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index cbc6139..186d9b7 100644
+--- a/base/gpmisc.c
++++ b/base/gpmisc.c
+@@ -1089,6 +1089,27 @@ gp_validate_path_len(const gs_memory_t *mem,
+         rlen = len;
+     }
+     else {
++        char *test = (char *)path, *test1;
++        uint tlen = len, slen;
++
++        /* Look for any pipe (%pipe% or '|' specifications between path separators
++         * Reject any path spec which has a %pipe% or '|' anywhere except at the start.
++         */
++        while (tlen > 0) {
++            if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
++                code = gs_note_error(gs_error_invalidfileaccess);
++                goto exit;
++            }
++            test1 = test;
++            slen = search_separator((const char **)&test, path + len, test1, 1);
++            if(slen == 0)
++                break;
++            test += slen;
++            tlen -= test - test1;
++            if (test >= path + len)
++                break;
++        }
++
+         rlen = len+1;
+         bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
+         if (bufferfull == NULL)
+-- 
+2.43.0
+
diff --git a/ghostscript.spec b/ghostscript.spec
index 5410cf5..5cb6a1d 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -9,7 +9,7 @@
 
 Name:             ghostscript
 Version:          9.56.1
-Release:          6
+Release:          7
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@@ -54,6 +54,10 @@ Patch113:  Bug-707510-review-printing-of-pointers.patch
 Patch114:  Bug-707510-5-Reject-OCRLanguage-changes-after-SAFER-.patch
 Patch115:  Bug-707510-fix-LIBIDN-usage.patch
 
+# See bug thread for details
+#This is the second part of the fix for CVE-2024-33869
+Patch116:  fix-CVE-2024-33869-second.patch
+
 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
 BuildRequires:    google-droid-sans-fonts urw-base35-fonts-devel
@@ -136,6 +140,7 @@ PDF files using Ghostscript and dvips
 %patch113 -p1
 %patch114 -p1
 %patch115 -p1
+%patch116 -p1
 
 
 # Libraries that we already have packaged(see Build Requirements):
@@ -230,6 +235,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf
 
 %changelog
+* Fri Jul 12 2024 zhangxingrong-<zhangxingrong@uniontech.cn> - 9.56.1-7
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: This is the second part of the fix for CVE-2024-33869
+
 * Thu Jul 04 2024 zhangxianting <zhangxianting@uniontech.com> - 9.56.1-6
 - Type:CVE
 - ID:NA
-- 
Gitee