ghostscript: Fix CVE-2019-6116

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. Reference: https://www.openwall.com/lists/oss-security/2019/01/23/5 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a3c4fc169e7c6c1e83874a6bf63a6fb42b (From OE-Core rev: af397d31e467d6af00ef835537221bc211d94ca6) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ovidiu Panait <ovidiu.panait@windriver.com> 2019-02-21 11:30:57 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-02-25 22:27:38 +0000
commit: 7756de368de1654f059343c3cd766a43d10b5d9b (patch)
tree: 82de6a3333fbd6636ad97eff17166de13b61446d /meta/recipes-extended/ghostscript/ghostscript_9.26.bb
parent: 391d8a0fcaf6e90f73511451771a61fdb4547344 (diff)
download: poky-7756de368de1654f059343c3cd766a43d10b5d9b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
index 5ca978f86c..ad4c5e17d2 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
@@ -32,6 +32,13 @@ SRC_URI = "${SRC_URI_BASE} \
           file://ghostscript-9.02-genarch.patch \
           file://objarch.h \
           file://cups-no-gcrypt.patch \
+           file://CVE-2019-6116-0001.patch \
+           file://CVE-2019-6116-0002.patch \
+           file://CVE-2019-6116-0003.patch \
+           file://CVE-2019-6116-0004.patch \
+           file://CVE-2019-6116-0005.patch \
+           file://CVE-2019-6116-0006.patch \
+           file://CVE-2019-6116-0007.patch \
           "
 SRC_URI_class-native = "${SRC_URI_BASE} \
author	Ovidiu Panait <ovidiu.panait@windriver.com>	2019-02-21 11:30:57 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-02-25 22:27:38 +0000
commit	7756de368de1654f059343c3cd766a43d10b5d9b (patch)
tree	82de6a3333fbd6636ad97eff17166de13b61446d /meta/recipes-extended/ghostscript/ghostscript_9.26.bb
parent	391d8a0fcaf6e90f73511451771a61fdb4547344 (diff)
download	poky-7756de368de1654f059343c3cd766a43d10b5d9b.tar.gz

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb index 5ca978f86c..ad4c5e17d2 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.26.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.26.bb
@@ -32,6 +32,13 @@ SRC_URI = "${SRC_URI_BASE} \
32	file://ghostscript-9.02-genarch.patch \	32	file://ghostscript-9.02-genarch.patch \
33	file://objarch.h \	33	file://objarch.h \
34	file://cups-no-gcrypt.patch \	34	file://cups-no-gcrypt.patch \
		35	file://CVE-2019-6116-0001.patch \
		36	file://CVE-2019-6116-0002.patch \
		37	file://CVE-2019-6116-0003.patch \
		38	file://CVE-2019-6116-0004.patch \
		39	file://CVE-2019-6116-0005.patch \
		40	file://CVE-2019-6116-0006.patch \
		41	file://CVE-2019-6116-0007.patch \
35	"	42	"
36		43
37	SRC_URI_class-native = "${SRC_URI_BASE} \	44	SRC_URI_class-native = "${SRC_URI_BASE} \