ghostscript: fix CVE-2024-29511

(From OE-Core rev: 1710676f80df2ba1ee77d15b4e0e532df10be5a5) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2024-08-06 06:35:51 +0000
committer: Steve Sakoman <steve@sakoman.com> 2024-08-16 08:09:14 -0700
commit: 6313a595f9b5e0764701db134e91e2f1d7b72fa5 (patch)
tree: 79a82dcf55bb02dbb686774d270a3ff94f88ce7a
parent: 25a9b7b70cd8464bf898381ad2824ba4e149d24b (diff)
download: poky-6313a595f9b5e0764701db134e91e2f1d7b72fa5.tar.gz
3 files changed, 321 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
new file mode 100644
index 0000000000..fa46f3429a
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
@@ -0,0 +1,100 @@
+From 638159c43dbb48425a187d244ec288d252d0ecf4 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 31 Jan 2024 14:08:18 +0000
+Subject: [PATCH 1/2] Bug 707510(5): Reject OCRLanguage changes after SAFER
+ enabled
+In the devices that support OCR, OCRLanguage really ought never to be set from
+PostScript, so reject attempts to change it if path_control_active is true.
+CVE: CVE-2024-29511
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3d4cfdc1a44b1969a0f14c86673a372654d443c4]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ devices/gdevocr.c         | 15 ++++++++++-----
+ devices/gdevpdfocr.c      | 15 ++++++++++-----
+ devices/vector/gdevpdfp.c | 15 ++++++++++-----
+ 3 files changed, 30 insertions(+), 15 deletions(-)
+diff --git a/devices/gdevocr.c b/devices/gdevocr.c
+index 88c759c..287b74b 100644
+--- a/devices/gdevocr.c
+++ b/devices/gdevocr.c
+@@ -187,11 +187,16 @@ ocr_put_params(gx_device *dev, gs_param_list *plist)
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            len = langstr.size;
+-            if (len >= sizeof(pdev->language))
+-                len = sizeof(pdev->language)-1;
+-            memcpy(pdev->language, langstr.data, len);
+-            pdev->language[len] = 0;
+            if (pdev->memory->gs_lib_ctx->core->path_control_active) {
+                return_error(gs_error_invalidaccess);
+            }
+            else {
+                len = langstr.size;
+                if (len >= sizeof(pdev->language))
+                    len = sizeof(pdev->language)-1;
+                memcpy(pdev->language, langstr.data, len);
+                pdev->language[len] = 0;
+            }
+             break;
+         case 1:
+             break;
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index 8dd5a59..4c694e3 100644
+--- a/devices/gdevpdfocr.c
+++ b/devices/gdevpdfocr.c
+@@ -50,11 +50,16 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            len = langstr.size;
+-            if (len >= sizeof(pdf_dev->ocr.language))
+-                len = sizeof(pdf_dev->ocr.language)-1;
+-            memcpy(pdf_dev->ocr.language, langstr.data, len);
+-            pdf_dev->ocr.language[len] = 0;
+            if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
+                return_error(gs_error_invalidaccess);
+            }
+            else {
+                len = langstr.size;
+                if (len >= sizeof(pdf_dev->ocr.language))
+                    len = sizeof(pdf_dev->ocr.language)-1;
+                memcpy(pdf_dev->ocr.language, langstr.data, len);
+                pdf_dev->ocr.language[len] = 0;
+            }
+             break;
+         case 1:
+             break;
+diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
+index 42fa1c5..23e9bc8 100644
+--- a/devices/vector/gdevpdfp.c
+++ b/devices/vector/gdevpdfp.c
+@@ -458,11 +458,16 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
+         gs_param_string langstr;
+         switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+             case 0:
+-                len = langstr.size;
+-                if (len >= sizeof(pdev->ocr_language))
+-                    len = sizeof(pdev->ocr_language)-1;
+-                memcpy(pdev->ocr_language, langstr.data, len);
+-                pdev->ocr_language[len] = 0;
+                if (pdev->memory->gs_lib_ctx->core->path_control_active) {
+                    return_error(gs_error_invalidaccess);
+                }
+                else {
+                    len = langstr.size;
+                    if (len >= sizeof(pdev->ocr_language))
+                        len = sizeof(pdev->ocr_language)-1;
+                    memcpy(pdev->ocr_language, langstr.data, len);
+                    pdev->ocr_language[len] = 0;
+                }
+                 break;
+             case 1:
+                 break;
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch
new file mode 100644
index 0000000000..34f6d23e85
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch
@@ -0,0 +1,219 @@
+From 360153f3aa63c8fef0d507eccde75f46342c5264 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 31 Jan 2024 14:08:18 +0000
+Subject: [PATCH 2/2] Bug 707510(5)2: The original fix was overly aggressive
+The way the default OCRLanguage value was set was for the relevant get_params
+methods to check if the value had been set, and if not return a default value.
+This could result in the first time the put_params seeing that value being after
+path control has been enabled, meaning it would throw an invalidaccess error.
+This changes how we set the default: they now uses an init_device method, so
+the string is populated from the device's creation. This works correctly for
+both the default value, and for values set on the command line.
+CVE: CVE-2024-29511
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=638159c43dbb48425a187d244ec288d252d0ecf4]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ devices/gdevocr.c         | 17 ++++++++++++++++-
+ devices/gdevpdfocr.c      | 28 ++++++++++++++++++++++------
+ devices/vector/gdevpdf.c  | 15 +++++++++++++++
+ devices/vector/gdevpdfp.c |  3 ++-
+ 4 files changed, 55 insertions(+), 8 deletions(-)
+diff --git a/devices/gdevocr.c b/devices/gdevocr.c
+index 287b74b..a616ef4 100644
+--- a/devices/gdevocr.c
+++ b/devices/gdevocr.c
+@@ -30,6 +30,7 @@
+ #define X_DPI 72
+ #define Y_DPI 72
+static dev_proc_initialize_device(ocr_initialize_device);
+ static dev_proc_print_page(ocr_print_page);
+ static dev_proc_print_page(hocr_print_page);
+ static dev_proc_get_params(ocr_get_params);
+@@ -55,6 +56,7 @@ ocr_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_gray_bg(dev);
+    set_dev_proc(dev, initialize_device, ocr_initialize_device);
+     set_dev_proc(dev, open_device, ocr_open);
+     set_dev_proc(dev, close_device, ocr_close);
+     set_dev_proc(dev, get_params, ocr_get_params);
+@@ -79,6 +81,7 @@ hocr_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_gray_bg(dev);
+    set_dev_proc(dev, initialize_device, ocr_initialize_device);
+     set_dev_proc(dev, open_device, ocr_open);
+     set_dev_proc(dev, close_device, hocr_close);
+     set_dev_proc(dev, get_params, ocr_get_params);
+@@ -102,6 +105,17 @@ const gx_device_ocr gs_hocr_device =
+ #define HOCR_HEADER "<html>\n <body>\n"
+ #define HOCR_TRAILER " </body>\n</html>\n"
+static int
+ocr_initialize_device(gx_device *dev)
+{
+    gx_device_ocr *odev = (gx_device_ocr *)dev;
+    const char *default_ocr_lang = "eng";
+
+    odev->language[0] = '\0';
+    strcpy(odev->language, default_ocr_lang);
+    return 0;
+}
+
+ static int
+ ocr_open(gx_device *pdev)
+ {
+@@ -187,7 +201,8 @@ ocr_put_params(gx_device *dev, gs_param_list *plist)
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            if (pdev->memory->gs_lib_ctx->core->path_control_active) {
+                if (pdev->memory->gs_lib_ctx->core->path_control_active
+                && (strlen(pdev->language) != langstr.size || memcmp(pdev->language, langstr.data, langstr.size) != 0)) {
+                 return_error(gs_error_invalidaccess);
+             }
+             else {
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index 4c694e3..e4f9862 100644
+--- a/devices/gdevpdfocr.c
+++ b/devices/gdevpdfocr.c
+@@ -33,9 +33,9 @@
+ #include "gdevpdfimg.h"
+ #include "tessocr.h"
+-int pdf_ocr_open(gx_device *pdev);
+-int pdf_ocr_close(gx_device *pdev);
+-
+static dev_proc_initialize_device(pdf_ocr_initialize_device);
+static dev_proc_open_device(pdf_ocr_open);
+static dev_proc_close_device(pdf_ocr_close);
+ static int
+ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
+@@ -50,7 +50,8 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
+     switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+         case 0:
+-            if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
+                if (pdf_dev->memory->gs_lib_ctx->core->path_control_active
+                && (strlen(pdf_dev->ocr.language) != langstr.size || memcmp(pdf_dev->ocr.language, langstr.data, langstr.size) != 0)) {
+                 return_error(gs_error_invalidaccess);
+             }
+             else {
+@@ -152,6 +153,8 @@ pdfocr8_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_gray(dev);
+    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+     set_dev_proc(dev, open_device, pdf_ocr_open);
+     set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, close_device, pdf_ocr_close);
+@@ -185,6 +188,7 @@ pdfocr24_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_rgb(dev);
+    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+     set_dev_proc(dev, open_device, pdf_ocr_open);
+     set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, close_device, pdf_ocr_close);
+@@ -216,6 +220,7 @@ pdfocr32_initialize_device_procs(gx_device *dev)
+ {
+     gdev_prn_initialize_device_procs_cmyk8(dev);
+    set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
+     set_dev_proc(dev, open_device, pdf_ocr_open);
+     set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
+     set_dev_proc(dev, close_device, pdf_ocr_close);
+@@ -703,7 +708,18 @@ ocr_end_page(gx_device_pdf_image *dev)
+     return 0;
+ }
+-int
+static int
+pdf_ocr_initialize_device(gx_device *dev)
+{
+    gx_device_pdf_image *ppdev = (gx_device_pdf_image *)dev;
+    const char *default_ocr_lang = "eng";
+
+    ppdev->ocr.language[0] = '\0';
+    strcpy(ppdev->ocr.language, default_ocr_lang);
+    return 0;
+}
+
+static int
+ pdf_ocr_open(gx_device *pdev)
+ {
+     gx_device_pdf_image *ppdev;
+@@ -726,7 +742,7 @@ pdf_ocr_open(gx_device *pdev)
+     return 0;
+ }
+-int
+static int
+ pdf_ocr_close(gx_device *pdev)
+ {
+     gx_device_pdf_image *pdf_dev;
+diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c
+index 9ab562c..5caabb8 100644
+--- a/devices/vector/gdevpdf.c
+++ b/devices/vector/gdevpdf.c
+@@ -206,6 +206,7 @@ device_pdfwrite_finalize(const gs_memory_t *cmem, void *vpdev)
+ }
+ /* Driver procedures */
+static dev_proc_initialize_device(pdfwrite_initialize_device);
+ static dev_proc_open_device(pdf_open);
+ static dev_proc_output_page(pdf_output_page);
+ static dev_proc_close_device(pdf_close);
+@@ -223,6 +224,7 @@ static dev_proc_close_device(pdf_close);
+ static void
+ pdfwrite_initialize_device_procs(gx_device *dev)
+ {
+    set_dev_proc(dev, initialize_device, pdfwrite_initialize_device);
+     set_dev_proc(dev, open_device, pdf_open);
+     set_dev_proc(dev, get_initial_matrix, gx_upright_get_initial_matrix);
+     set_dev_proc(dev, output_page, pdf_output_page);
+@@ -766,6 +768,19 @@ pdf_reset_text(gx_device_pdf * pdev)
+     pdf_reset_text_state(pdev->text);
+ }
+static int
+pdfwrite_initialize_device(gx_device *dev)
+{
+#if OCR_VERSION > 0
+    gx_device_pdf *pdev = (gx_device_pdf *) dev;
+    const char *default_ocr_lang = "eng";
+    pdev->ocr_language[0] = '\0';
+    strcpy(pdev->ocr_language, default_ocr_lang);
+#endif
+    return 0;
+}
+
+
+ /* Open the device. */
+ static int
+ pdf_open(gx_device * dev)
+diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
+index 23e9bc8..42a1794 100644
+--- a/devices/vector/gdevpdfp.c
+++ b/devices/vector/gdevpdfp.c
+@@ -458,7 +458,8 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
+         gs_param_string langstr;
+         switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
+             case 0:
+-                if (pdev->memory->gs_lib_ctx->core->path_control_active) {
+                if (pdev->memory->gs_lib_ctx->core->path_control_active
+                && (strlen(pdev->ocr_language) != langstr.size || memcmp(pdev->ocr_language, langstr.data, langstr.size) != 0)) {
+                     return_error(gs_error_invalidaccess);
+                 }
+                 else {
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 2e332b1589..ab4a2def4c 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -50,6 +50,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                file://CVE-2024-33871-0002.patch \
                file://CVE-2024-29510.patch \
                file://CVE-2023-52722.patch \
+                file://CVE-2024-29511-0001.patch \
+                file://CVE-2024-29511-0002.patch \
 "
 SRC_URI = "${SRC_URI_BASE} \
author	Archana Polampalli <archana.polampalli@windriver.com>	2024-08-06 06:35:51 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-08-16 08:09:14 -0700
commit	6313a595f9b5e0764701db134e91e2f1d7b72fa5 (patch)
tree	79a82dcf55bb02dbb686774d270a3ff94f88ce7a
parent	25a9b7b70cd8464bf898381ad2824ba4e149d24b (diff)
download	poky-6313a595f9b5e0764701db134e91e2f1d7b72fa5.tar.gz

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch new file mode 100644 index 0000000000..fa46f3429a --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0001.patch
@@ -0,0 +1,100 @@
		1	From 638159c43dbb48425a187d244ec288d252d0ecf4 Mon Sep 17 00:00:00 2001
		2	From: Chris Liddell <chris.liddell@artifex.com>
		3	Date: Wed, 31 Jan 2024 14:08:18 +0000
		4	Subject: [PATCH 1/2] Bug 707510(5): Reject OCRLanguage changes after SAFER
		5	enabled
		6
		7	In the devices that support OCR, OCRLanguage really ought never to be set from
		8	PostScript, so reject attempts to change it if path_control_active is true.
		9
		10	CVE: CVE-2024-29511
		11
		12	Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3d4cfdc1a44b1969a0f14c86673a372654d443c4]
		13
		14	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		15	---
		16	devices/gdevocr.c \| 15 ++++++++++-----
		17	devices/gdevpdfocr.c \| 15 ++++++++++-----
		18	devices/vector/gdevpdfp.c \| 15 ++++++++++-----
		19	3 files changed, 30 insertions(+), 15 deletions(-)
		20
		21	diff --git a/devices/gdevocr.c b/devices/gdevocr.c
		22	index 88c759c..287b74b 100644
		23	--- a/devices/gdevocr.c
		24	+++ b/devices/gdevocr.c
		25	@@ -187,11 +187,16 @@ ocr_put_params(gx_device dev, gs_param_list plist)
		26
		27	switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
		28	case 0:
		29	- len = langstr.size;
		30	- if (len >= sizeof(pdev->language))
		31	- len = sizeof(pdev->language)-1;
		32	- memcpy(pdev->language, langstr.data, len);
		33	- pdev->language[len] = 0;
		34	+ if (pdev->memory->gs_lib_ctx->core->path_control_active) {
		35	+ return_error(gs_error_invalidaccess);
		36	+ }
		37	+ else {
		38	+ len = langstr.size;
		39	+ if (len >= sizeof(pdev->language))
		40	+ len = sizeof(pdev->language)-1;
		41	+ memcpy(pdev->language, langstr.data, len);
		42	+ pdev->language[len] = 0;
		43	+ }
		44	break;
		45	case 1:
		46	break;
		47	diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
		48	index 8dd5a59..4c694e3 100644
		49	--- a/devices/gdevpdfocr.c
		50	+++ b/devices/gdevpdfocr.c
		51	@@ -50,11 +50,16 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
		52
		53	switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
		54	case 0:
		55	- len = langstr.size;
		56	- if (len >= sizeof(pdf_dev->ocr.language))
		57	- len = sizeof(pdf_dev->ocr.language)-1;
		58	- memcpy(pdf_dev->ocr.language, langstr.data, len);
		59	- pdf_dev->ocr.language[len] = 0;
		60	+ if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
		61	+ return_error(gs_error_invalidaccess);
		62	+ }
		63	+ else {
		64	+ len = langstr.size;
		65	+ if (len >= sizeof(pdf_dev->ocr.language))
		66	+ len = sizeof(pdf_dev->ocr.language)-1;
		67	+ memcpy(pdf_dev->ocr.language, langstr.data, len);
		68	+ pdf_dev->ocr.language[len] = 0;
		69	+ }
		70	break;
		71	case 1:
		72	break;
		73	diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
		74	index 42fa1c5..23e9bc8 100644
		75	--- a/devices/vector/gdevpdfp.c
		76	+++ b/devices/vector/gdevpdfp.c
		77	@@ -458,11 +458,16 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
		78	gs_param_string langstr;
		79	switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
		80	case 0:
		81	- len = langstr.size;
		82	- if (len >= sizeof(pdev->ocr_language))
		83	- len = sizeof(pdev->ocr_language)-1;
		84	- memcpy(pdev->ocr_language, langstr.data, len);
		85	- pdev->ocr_language[len] = 0;
		86	+ if (pdev->memory->gs_lib_ctx->core->path_control_active) {
		87	+ return_error(gs_error_invalidaccess);
		88	+ }
		89	+ else {
		90	+ len = langstr.size;
		91	+ if (len >= sizeof(pdev->ocr_language))
		92	+ len = sizeof(pdev->ocr_language)-1;
		93	+ memcpy(pdev->ocr_language, langstr.data, len);
		94	+ pdev->ocr_language[len] = 0;
		95	+ }
		96	break;
		97	case 1:
		98	break;
		99	--
		100	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch new file mode 100644 index 0000000000..34f6d23e85 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29511-0002.patch
@@ -0,0 +1,219 @@
		1	From 360153f3aa63c8fef0d507eccde75f46342c5264 Mon Sep 17 00:00:00 2001
		2	From: Chris Liddell <chris.liddell@artifex.com>
		3	Date: Wed, 31 Jan 2024 14:08:18 +0000
		4	Subject: [PATCH 2/2] Bug 707510(5)2: The original fix was overly aggressive
		5
		6	The way the default OCRLanguage value was set was for the relevant get_params
		7	methods to check if the value had been set, and if not return a default value.
		8	This could result in the first time the put_params seeing that value being after
		9	path control has been enabled, meaning it would throw an invalidaccess error.
		10
		11	This changes how we set the default: they now uses an init_device method, so
		12	the string is populated from the device's creation. This works correctly for
		13	both the default value, and for values set on the command line.
		14
		15	CVE: CVE-2024-29511
		16
		17	Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=638159c43dbb48425a187d244ec288d252d0ecf4]
		18
		19	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		20	---
		21	devices/gdevocr.c \| 17 ++++++++++++++++-
		22	devices/gdevpdfocr.c \| 28 ++++++++++++++++++++++------
		23	devices/vector/gdevpdf.c \| 15 +++++++++++++++
		24	devices/vector/gdevpdfp.c \| 3 ++-
		25	4 files changed, 55 insertions(+), 8 deletions(-)
		26
		27	diff --git a/devices/gdevocr.c b/devices/gdevocr.c
		28	index 287b74b..a616ef4 100644
		29	--- a/devices/gdevocr.c
		30	+++ b/devices/gdevocr.c
		31	@@ -30,6 +30,7 @@
		32	#define X_DPI 72
		33	#define Y_DPI 72
		34
		35	+static dev_proc_initialize_device(ocr_initialize_device);
		36	static dev_proc_print_page(ocr_print_page);
		37	static dev_proc_print_page(hocr_print_page);
		38	static dev_proc_get_params(ocr_get_params);
		39	@@ -55,6 +56,7 @@ ocr_initialize_device_procs(gx_device *dev)
		40	{
		41	gdev_prn_initialize_device_procs_gray_bg(dev);
		42
		43	+ set_dev_proc(dev, initialize_device, ocr_initialize_device);
		44	set_dev_proc(dev, open_device, ocr_open);
		45	set_dev_proc(dev, close_device, ocr_close);
		46	set_dev_proc(dev, get_params, ocr_get_params);
		47	@@ -79,6 +81,7 @@ hocr_initialize_device_procs(gx_device *dev)
		48	{
		49	gdev_prn_initialize_device_procs_gray_bg(dev);
		50
		51	+ set_dev_proc(dev, initialize_device, ocr_initialize_device);
		52	set_dev_proc(dev, open_device, ocr_open);
		53	set_dev_proc(dev, close_device, hocr_close);
		54	set_dev_proc(dev, get_params, ocr_get_params);
		55	@@ -102,6 +105,17 @@ const gx_device_ocr gs_hocr_device =
		56	#define HOCR_HEADER "<html>\n <body>\n"
		57	#define HOCR_TRAILER " </body>\n</html>\n"
		58
		59	+static int
		60	+ocr_initialize_device(gx_device *dev)
		61	+{
		62	+ gx_device_ocr odev = (gx_device_ocr )dev;
		63	+ const char *default_ocr_lang = "eng";
		64	+
		65	+ odev->language[0] = '\0';
		66	+ strcpy(odev->language, default_ocr_lang);
		67	+ return 0;
		68	+}
		69	+
		70	static int
		71	ocr_open(gx_device *pdev)
		72	{
		73	@@ -187,7 +201,8 @@ ocr_put_params(gx_device dev, gs_param_list plist)
		74
		75	switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
		76	case 0:
		77	- if (pdev->memory->gs_lib_ctx->core->path_control_active) {
		78	+ if (pdev->memory->gs_lib_ctx->core->path_control_active
		79	+ && (strlen(pdev->language) != langstr.size \|\| memcmp(pdev->language, langstr.data, langstr.size) != 0)) {
		80	return_error(gs_error_invalidaccess);
		81	}
		82	else {
		83	diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
		84	index 4c694e3..e4f9862 100644
		85	--- a/devices/gdevpdfocr.c
		86	+++ b/devices/gdevpdfocr.c
		87	@@ -33,9 +33,9 @@
		88	#include "gdevpdfimg.h"
		89	#include "tessocr.h"
		90
		91	-int pdf_ocr_open(gx_device *pdev);
		92	-int pdf_ocr_close(gx_device *pdev);
		93	-
		94	+static dev_proc_initialize_device(pdf_ocr_initialize_device);
		95	+static dev_proc_open_device(pdf_ocr_open);
		96	+static dev_proc_close_device(pdf_ocr_close);
		97
		98	static int
		99	pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
		100	@@ -50,7 +50,8 @@ pdfocr_put_some_params(gx_device * dev, gs_param_list * plist)
		101
		102	switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
		103	case 0:
		104	- if (pdf_dev->memory->gs_lib_ctx->core->path_control_active) {
		105	+ if (pdf_dev->memory->gs_lib_ctx->core->path_control_active
		106	+ && (strlen(pdf_dev->ocr.language) != langstr.size \|\| memcmp(pdf_dev->ocr.language, langstr.data, langstr.size) != 0)) {
		107	return_error(gs_error_invalidaccess);
		108	}
		109	else {
		110	@@ -152,6 +153,8 @@ pdfocr8_initialize_device_procs(gx_device *dev)
		111	{
		112	gdev_prn_initialize_device_procs_gray(dev);
		113
		114	+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
		115	+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
		116	set_dev_proc(dev, open_device, pdf_ocr_open);
		117	set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
		118	set_dev_proc(dev, close_device, pdf_ocr_close);
		119	@@ -185,6 +188,7 @@ pdfocr24_initialize_device_procs(gx_device *dev)
		120	{
		121	gdev_prn_initialize_device_procs_rgb(dev);
		122
		123	+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
		124	set_dev_proc(dev, open_device, pdf_ocr_open);
		125	set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
		126	set_dev_proc(dev, close_device, pdf_ocr_close);
		127	@@ -216,6 +220,7 @@ pdfocr32_initialize_device_procs(gx_device *dev)
		128	{
		129	gdev_prn_initialize_device_procs_cmyk8(dev);
		130
		131	+ set_dev_proc(dev, initialize_device, pdf_ocr_initialize_device);
		132	set_dev_proc(dev, open_device, pdf_ocr_open);
		133	set_dev_proc(dev, output_page, gdev_prn_output_page_seekable);
		134	set_dev_proc(dev, close_device, pdf_ocr_close);
		135	@@ -703,7 +708,18 @@ ocr_end_page(gx_device_pdf_image *dev)
		136	return 0;
		137	}
		138
		139	-int
		140	+static int
		141	+pdf_ocr_initialize_device(gx_device *dev)
		142	+{
		143	+ gx_device_pdf_image ppdev = (gx_device_pdf_image )dev;
		144	+ const char *default_ocr_lang = "eng";
		145	+
		146	+ ppdev->ocr.language[0] = '\0';
		147	+ strcpy(ppdev->ocr.language, default_ocr_lang);
		148	+ return 0;
		149	+}
		150	+
		151	+static int
		152	pdf_ocr_open(gx_device *pdev)
		153	{
		154	gx_device_pdf_image *ppdev;
		155	@@ -726,7 +742,7 @@ pdf_ocr_open(gx_device *pdev)
		156	return 0;
		157	}
		158
		159	-int
		160	+static int
		161	pdf_ocr_close(gx_device *pdev)
		162	{
		163	gx_device_pdf_image *pdf_dev;
		164	diff --git a/devices/vector/gdevpdf.c b/devices/vector/gdevpdf.c
		165	index 9ab562c..5caabb8 100644
		166	--- a/devices/vector/gdevpdf.c
		167	+++ b/devices/vector/gdevpdf.c
		168	@@ -206,6 +206,7 @@ device_pdfwrite_finalize(const gs_memory_t cmem, void vpdev)
		169	}
		170
		171	/* Driver procedures */
		172	+static dev_proc_initialize_device(pdfwrite_initialize_device);
		173	static dev_proc_open_device(pdf_open);
		174	static dev_proc_output_page(pdf_output_page);
		175	static dev_proc_close_device(pdf_close);
		176	@@ -223,6 +224,7 @@ static dev_proc_close_device(pdf_close);
		177	static void
		178	pdfwrite_initialize_device_procs(gx_device *dev)
		179	{
		180	+ set_dev_proc(dev, initialize_device, pdfwrite_initialize_device);
		181	set_dev_proc(dev, open_device, pdf_open);
		182	set_dev_proc(dev, get_initial_matrix, gx_upright_get_initial_matrix);
		183	set_dev_proc(dev, output_page, pdf_output_page);
		184	@@ -766,6 +768,19 @@ pdf_reset_text(gx_device_pdf * pdev)
		185	pdf_reset_text_state(pdev->text);
		186	}
		187
		188	+static int
		189	+pdfwrite_initialize_device(gx_device *dev)
		190	+{
		191	+#if OCR_VERSION > 0
		192	+ gx_device_pdf pdev = (gx_device_pdf ) dev;
		193	+ const char *default_ocr_lang = "eng";
		194	+ pdev->ocr_language[0] = '\0';
		195	+ strcpy(pdev->ocr_language, default_ocr_lang);
		196	+#endif
		197	+ return 0;
		198	+}
		199	+
		200	+
		201	/* Open the device. */
		202	static int
		203	pdf_open(gx_device * dev)
		204	diff --git a/devices/vector/gdevpdfp.c b/devices/vector/gdevpdfp.c
		205	index 23e9bc8..42a1794 100644
		206	--- a/devices/vector/gdevpdfp.c
		207	+++ b/devices/vector/gdevpdfp.c
		208	@@ -458,7 +458,8 @@ gdev_pdf_put_params_impl(gx_device * dev, const gx_device_pdf * save_dev, gs_par
		209	gs_param_string langstr;
		210	switch (code = param_read_string(plist, (param_name = "OCRLanguage"), &langstr)) {
		211	case 0:
		212	- if (pdev->memory->gs_lib_ctx->core->path_control_active) {
		213	+ if (pdev->memory->gs_lib_ctx->core->path_control_active
		214	+ && (strlen(pdev->ocr_language) != langstr.size \|\| memcmp(pdev->ocr_language, langstr.data, langstr.size) != 0)) {
		215	return_error(gs_error_invalidaccess);
		216	}
		217	else {
		218	--
		219	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 2e332b1589..ab4a2def4c 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -50,6 +50,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
50	file://CVE-2024-33871-0002.patch \	50	file://CVE-2024-33871-0002.patch \
51	file://CVE-2024-29510.patch \	51	file://CVE-2024-29510.patch \
52	file://CVE-2023-52722.patch \	52	file://CVE-2023-52722.patch \
		53	file://CVE-2024-29511-0001.patch \
		54	file://CVE-2024-29511-0002.patch \
53	"	55	"
54		56
55	SRC_URI = "${SRC_URI_BASE} \	57	SRC_URI = "${SRC_URI_BASE} \