From 716ba1106893778fe9771ce13a6bcda88cc27430 Mon Sep 17 00:00:00 2001
From: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
Date: Nov 01 2016 13:25:58 +0000
Subject: Added security patch for CVE-2016-8602 (bug #1383940)


---

diff --git a/ghostscript-9.20-cve-2016-8602.patch b/ghostscript-9.20-cve-2016-8602.patch
new file mode 100644
index 0000000..7e57bd0
--- /dev/null
+++ b/ghostscript-9.20-cve-2016-8602.patch
@@ -0,0 +1,42 @@
+From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Sat, 8 Oct 2016 16:10:27 +0100
+Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
+
+and param types
+---
+ psi/zht2.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/psi/zht2.c b/psi/zht2.c
+index fb4a264..dfa27a4 100644
+--- a/psi/zht2.c
++++ b/psi/zht2.c
+@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
+     gs_memory_t *mem;
+     uint edepth = ref_stack_count(&e_stack);
+     int npop = 2;
+-    int dict_enum = dict_first(op);
++    int dict_enum;
+     ref rvalue[2];
+     int cname, colorant_number;
+     byte * pname;
+     uint name_size;
+     int halftonetype, type = 0;
+     gs_gstate *pgs = igs;
+-    int space_index = r_space_index(op - 1);
++    int space_index;
++
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(gs_error_stackunderflow);
++    check_type(*op, t_dictionary);
++    check_type(*(op - 1), t_dictionary);
++
++    dict_enum = dict_first(op);
++    space_index = r_space_index(op - 1);
+ 
+     mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
+ 
+-- 
+2.7.4
+
diff --git a/ghostscript.spec b/ghostscript.spec
index cd8877f..46890a0 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 # Included CMap data is Redistributable, no modification permitted,
 # see http://bugzilla.redhat.com/487510
@@ -25,6 +25,7 @@ Patch4: ghostscript-9.20-urw-fonts-naming.patch
 Patch5: ghostscript-9.20-cve-2016-7979.patch
 Patch6: ghostscript-9.20-cve-2016-7976.patch
 Patch7: ghostscript-9.20-cve-2016-7978.patch
+Patch8: ghostscript-9.20-cve-2016-8602.patch
 
 Requires: %{name}-core%{?_isa} = %{version}-%{release}
 Requires: %{name}-x11%{?_isa} = %{version}-%{release}
@@ -135,6 +136,9 @@ rm -rf expat freetype icclib jasper jpeg jpegxr lcms lcms2 libpng openjpeg zlib 
 # Reference count device icc profile (bug #1382300):
 %patch7 -p1
 
+# Check for sufficient params in .sethalftone5 (bug #1383940):
+%patch8 -p1
+
 # Convert manual pages to UTF-8
 from8859_1() {
         iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -331,6 +335,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Tue Nov  1 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-3
+- Added security fix for CVE-2016-8602  (bug #1383940)
+
 * Fri Oct  7 2016 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.20-2
 - Added security fixes for:
   - CVE-2016-7979 (bug #1382305)