| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate CVE patches that are now in source.
Add CUPSCONFIG to configure options.
(From OE-Core rev: 3041f94896b50a5a5d19caf0dd0e7910c730e18e)
Signed-off-by: Joe Slater <jslater@windriver.com>
to be scrunched
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER
mode protection mechanism and consequently read arbitrary files via the
use of the .libfile operator in a crafted postscript document.
Use-after-free vulnerability in Ghostscript 9.20 might allow remote
attackers to execute arbitrary code via vectors related to a reference
leak in .setdevice.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER
mode protection mechanism and consequently execute arbitrary code by
leveraging type confusion in .initialize_dsc_parser.
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,
has a NULL pointer dereference in the jbig2_huffman_get function in
jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-7977
https://nvd.nist.gov/vuln/detail/CVE-2016-7978
https://nvd.nist.gov/vuln/detail/CVE-2016-7979
https://nvd.nist.gov/vuln/detail/CVE-2017-9216
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=875a0095f37626a721c7ff57d606a0f95af03913
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853
(From OE-Core rev: 584dfa2f780d5785aaff01f84fbabc18b3478d76)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following warning occurs when building with meta-zephyr
with MACHINE set to arduino-101-sss:
WARNING: /srv/sdc/builds/11319/meta/recipes-extended/ghostscript/ghostscript_9.20.bb: Unable to get checksum for ghostscript SRC_URI entry objarch.h: file could not be found
This is due to the the TARGET_ARCH = "arc" for meta-zephyr is not
supported by ghostscript and causing bitbake unable to locate the
correct config file during recipe parse.
Adding checker in the recipe to raise an exception if the target
architecture is "arc". This would then only display an error if
someone specifically tries to build the recipe:
ERROR: ghostscript was skipped: incompatible with host arc-yocto-elf (not in COMPATIBLE_HOST)
[YOCTO #11344]
(From OE-Core rev: 720a7230b92d734106d5340a426270dd4e921e8e)
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote
attackers to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted Postscript document that calls .sethalftone5 with an
empty operand stack.
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because
of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c
during operations on a crafted JBIG2 file, leading to a denial of service (application
crash) or possibly execution of arbitrary code.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8602
https://nvd.nist.gov/vuln/detail/CVE-2017-7975
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298
(From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
(From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207
Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091
(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 10001924baf112a4556c5e85c16c482cbf435950)
(From OE-Core rev: 4e8e884054b56c578d51d7b4af7150b77806368d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1)Upgrade ghostscript from 9.19 to 9.20.
2)Modify ghostscript-9.15-parallel-make.patch, since the data has been changed.
(From OE-Core rev: 4f3483c3a0ba22f46d768d78d6f56880e8ac5608)
(From OE-Core rev: 9133ba6b8138951f3ef798f0a1cc6f694fe71868)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|