ghostscript: upgrade to 10.01.1

Drop the merged fix for CVE-2023-28879. (From OE-Core rev: 659b0cf41db00420366d0eca103f16922c2c5d72) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2023-06-05 15:43:44 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-06-06 07:41:42 +0100
commit: bcb0d3f385495db1bfb38f8690bd7a11fba8b421 (patch)
tree: 69ccfc37f5560252effc94087d1863e15c14e803
parent: 816e0b9b8456435321c09c616f9b0e8fa5c1a5ee (diff)
download: poky-bcb0d3f385495db1bfb38f8690bd7a11fba8b421.tar.gz
3 files changed, 1 insertions, 103 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch b/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
deleted file mode 100644
index ba62820df1..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 4c3575346b9c7d394ebc73b4e5fabebadd8877ec Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 24 Nov 2022 16:33:47 +0000
-Subject: [PATCH] Fix a little bitrot in the cross-compiling logic
-Removing the option to disable FAPI meant configuring for cross compiling would
-fail because the option being passed to the sub-call to configure would include
-an unknown command line option.
-Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;f=configure.ac;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/configure.ac b/configure.ac
-index d5c68c4b3..738eb10a9 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then
-   echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in
- 
-   AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary tools)])
-  "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-fapi --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers=""
-+  "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers=""
-   status=$?
-   cp config.log "$olddir/configaux.log"
-   if test $status -eq 0 ; then
-@@ -2530,7 +2530,7 @@ PDF=
- PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak"
- PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak"
- 
-if test x"$with_pdf" != x"no" ; then
-+if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then
- 
-   if test x"$JBIG2_DECODER" = x""; then
-       AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support])
-- 
-2.25.1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
deleted file mode 100644
index 604b927521..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <ken.sharp@artifex.com>
-Date: Fri, 24 Mar 2023 13:19:57 +0000
-Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
-Bug #706494 "Buffer Overflow in s_xBCPE_process"
-As described in detail in the bug report, if the write buffer is filled
-to one byte less than full, and we then try to write an escaped
-character, we overrun the buffer because we don't check before
-writing two bytes to it.
-This just checks if we have two bytes before starting to write an
-escaped character and exits if we don't (replacing the consumed byte
-of the input).
-Up for further discussion; why do we even permit a BCP encoding filter
-anyway ? I think we should remove this, at least when SAFER is true.
---
-CVE: CVE-2023-28879
-Upstream-Status: Backport [see text]
-git://git.ghostscript.com/ghostpdl
-cherry-pick
-Signed-off-by: Joe Slater <joe.slater@windriver.com.
---
- base/sbcp.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-diff --git a/base/sbcp.c b/base/sbcp.c
-index 979ae0992..47fc233ec 100644
--- a/base/sbcp.c
-+++ b/base/sbcp.c
-@@ -1,4 +1,4 @@
-/* Copyright (C) 2001-2021 Artifex Software, Inc.
-+/* Copyright (C) 2001-2023 Artifex Software, Inc.
-    All Rights Reserved.
- 
-    This software is provided AS-IS with no warranty, either express or
-@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
-         byte ch = *++p;
- 
-         if (ch <= 31 && escaped[ch]) {
-+            /* Make sure we have space to store two characters in the write buffer,
-+             * if we don't then exit without consuming the input character, we'll process
-+             * that on the next time round.
-+             */
-+            if (pw->limit - q < 2) {
-+                p--;
-+                break;
-+            }
-             if (p == rlimit) {
-                 p--;
-                 break;
-- 
-2.25.1
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
index 86ecdbe24a..5d4b8cdc91 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
@@ -33,8 +33,6 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                file://do-not-check-local-libpng-source.patch \
                file://avoid-host-contamination.patch \
                file://mkdir-p.patch \
-                file://cross-compile.patch \
-                file://cve-2023-28879.patch \
 "
 SRC_URI = "${SRC_URI_BASE} \
@@ -46,7 +44,7 @@ SRC_URI:class-native = "${SRC_URI_BASE} \
                        file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \
                        "
-SRC_URI[sha256sum] = "a57764d70caf85e2fc0b0f59b83b92e25775631714dcdb97cc6e0cea414bb5a3"
+SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
 # Put something like
 #
author	Ross Burton <ross.burton@arm.com>	2023-06-05 15:43:44 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-06-06 07:41:42 +0100
commit	bcb0d3f385495db1bfb38f8690bd7a11fba8b421 (patch)
tree	69ccfc37f5560252effc94087d1863e15c14e803
parent	816e0b9b8456435321c09c616f9b0e8fa5c1a5ee (diff)
download	poky-bcb0d3f385495db1bfb38f8690bd7a11fba8b421.tar.gz

diff --git a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch b/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch deleted file mode 100644 index ba62820df1..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch +++ /dev/null
@@ -1,40 +0,0 @@
1	From 4c3575346b9c7d394ebc73b4e5fabebadd8877ec Mon Sep 17 00:00:00 2001
2	From: Chris Liddell <chris.liddell@artifex.com>
3	Date: Thu, 24 Nov 2022 16:33:47 +0000
4	Subject: [PATCH] Fix a little bitrot in the cross-compiling logic
5
6	Removing the option to disable FAPI meant configuring for cross compiling would
7	fail because the option being passed to the sub-call to configure would include
8	an unknown command line option.
9
10	Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;f=configure.ac;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec]
11	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
12	---
13	configure.ac \| 4 ++--
14	1 file changed, 2 insertions(+), 2 deletions(-)
15
16	diff --git a/configure.ac b/configure.ac
17	index d5c68c4b3..738eb10a9 100644
18	--- a/configure.ac
19	+++ b/configure.ac
20	@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then
21	echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in
22
23	AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary tools)])
24	- "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-fapi --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers=""
25	+ "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers=""
26	status=$?
27	cp config.log "$olddir/configaux.log"
28	if test $status -eq 0 ; then
29	@@ -2530,7 +2530,7 @@ PDF=
30	PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak"
31	PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak"
32
33	-if test x"$with_pdf" != x"no" ; then
34	+if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then
35
36	if test x"$JBIG2_DECODER" = x""; then
37	AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support])
38	--
39	2.25.1
40


diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch deleted file mode 100644 index 604b927521..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch +++ /dev/null
@@ -1,60 +0,0 @@
1	From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
2	From: Ken Sharp <ken.sharp@artifex.com>
3	Date: Fri, 24 Mar 2023 13:19:57 +0000
4	Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
5
6	Bug #706494 "Buffer Overflow in s_xBCPE_process"
7
8	As described in detail in the bug report, if the write buffer is filled
9	to one byte less than full, and we then try to write an escaped
10	character, we overrun the buffer because we don't check before
11	writing two bytes to it.
12
13	This just checks if we have two bytes before starting to write an
14	escaped character and exits if we don't (replacing the consumed byte
15	of the input).
16
17	Up for further discussion; why do we even permit a BCP encoding filter
18	anyway ? I think we should remove this, at least when SAFER is true.
19	---
20	CVE: CVE-2023-28879
21
22	Upstream-Status: Backport [see text]
23
24	git://git.ghostscript.com/ghostpdl
25	cherry-pick
26
27	Signed-off-by: Joe Slater <joe.slater@windriver.com.
28
29	---
30	base/sbcp.c \| 10 +++++++++-
31	1 file changed, 9 insertions(+), 1 deletion(-)
32
33	diff --git a/base/sbcp.c b/base/sbcp.c
34	index 979ae0992..47fc233ec 100644
35	--- a/base/sbcp.c
36	+++ b/base/sbcp.c
37	@@ -1,4 +1,4 @@
38	-/* Copyright (C) 2001-2021 Artifex Software, Inc.
39	+/* Copyright (C) 2001-2023 Artifex Software, Inc.
40	All Rights Reserved.
41
42	This software is provided AS-IS with no warranty, either express or
43	@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
44	byte ch = *++p;
45
46	if (ch <= 31 && escaped[ch]) {
47	+ /* Make sure we have space to store two characters in the write buffer,
48	+ * if we don't then exit without consuming the input character, we'll process
49	+ * that on the next time round.
50	+ */
51	+ if (pw->limit - q < 2) {
52	+ p--;
53	+ break;
54	+ }
55	if (p == rlimit) {
56	p--;
57	break;
58	--
59	2.25.1
60


diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb index 86ecdbe24a..5d4b8cdc91 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
@@ -33,8 +33,6 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
33	file://do-not-check-local-libpng-source.patch \	33	file://do-not-check-local-libpng-source.patch \
34	file://avoid-host-contamination.patch \	34	file://avoid-host-contamination.patch \
35	file://mkdir-p.patch \	35	file://mkdir-p.patch \
36	file://cross-compile.patch \
37	file://cve-2023-28879.patch \
38	"	36	"
39		37
40	SRC_URI = "${SRC_URI_BASE} \	38	SRC_URI = "${SRC_URI_BASE} \
@@ -46,7 +44,7 @@ SRC_URI:class-native = "${SRC_URI_BASE} \
46	file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \	44	file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \
47	"	45	"
48		46
49	SRC_URI[sha256sum] = "a57764d70caf85e2fc0b0f59b83b92e25775631714dcdb97cc6e0cea414bb5a3"	47	SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
50		48
51	# Put something like	49	# Put something like
52	#	50	#