summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
Commit message (Collapse)AuthorAgeFilesLines
* ghostscript: move to version 9.21Joe Slater2017-06-231-119/+0
| | | | | | | | | | | | | | | | Eliminate CVE patches that are now in source. Add CUPSCONFIG to configure options. (From OE-Core rev: 3041f94896b50a5a5d19caf0dd0e7910c730e18e) Signed-off-by: Joe Slater <jslater@windriver.com> to be scrunched Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2017-9216Catalin Enache2017-05-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. References: https://nvd.nist.gov/vuln/detail/CVE-2016-7977 https://nvd.nist.gov/vuln/detail/CVE-2016-7978 https://nvd.nist.gov/vuln/detail/CVE-2016-7979 https://nvd.nist.gov/vuln/detail/CVE-2017-9216 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=875a0095f37626a721c7ff57d606a0f95af03913 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853 (From OE-Core rev: 584dfa2f780d5785aaff01f84fbabc18b3478d76) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: check for incompatible hostChang Rebecca Swee Fun2017-05-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | The following warning occurs when building with meta-zephyr with MACHINE set to arduino-101-sss: WARNING: /srv/sdc/builds/11319/meta/recipes-extended/ghostscript/ghostscript_9.20.bb: Unable to get checksum for ghostscript SRC_URI entry objarch.h: file could not be found This is due to the the TARGET_ARCH = "arc" for meta-zephyr is not supported by ghostscript and causing bitbake unable to locate the correct config file during recipe parse. Adding checker in the recipe to raise an exception if the target architecture is "arc". This would then only display an error if someone specifically tries to build the recipe: ERROR: ghostscript was skipped: incompatible with host arc-yocto-elf (not in COMPATIBLE_HOST) [YOCTO #11344] (From OE-Core rev: 720a7230b92d734106d5340a426270dd4e921e8e) Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2016-8602, CVE-2017-7975Catalin Enache2017-05-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. References: https://nvd.nist.gov/vuln/detail/CVE-2016-8602 https://nvd.nist.gov/vuln/detail/CVE-2017-7975 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298 (From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951Catalin Enache2017-04-291-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8 http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 (From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2017-7207Catalin Enache2017-04-101-0/+1
| | | | | | | | | | | | | | | | | | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207 Upstream patch: http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091 (From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: fix upstream version checkAlexander Kanavin2016-12-171-0/+1
| | | | | | | | | | (From OE-Core rev: 10001924baf112a4556c5e85c16c482cbf435950) (From OE-Core rev: 4e8e884054b56c578d51d7b4af7150b77806368d) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript 9.19 -> 9.20Huang Qiyu2016-12-171-0/+105
1)Upgrade ghostscript from 9.19 to 9.20. 2)Modify ghostscript-9.15-parallel-make.patch, since the data has been changed. (From OE-Core rev: 4f3483c3a0ba22f46d768d78d6f56880e8ac5608) (From OE-Core rev: 9133ba6b8138951f3ef798f0a1cc6f694fe71868) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-17 02:46:55 +0000