| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This should have been removed in a previous change but was accidentally
left behind and points at an invalid directory.
(From OE-Core rev: 9d6ce24207189c711099f45265b240d0cdc0e686)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop all custom objarch.h files; ghostscript nowadays generates
that with autoconf.
Freetype can no longer be disabled.
Building out of source tree is broken.
(From OE-Core rev: bb699a99b2e99a868520430c614d55ea3004427c)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: e0d972a054e286d62ccf9e3ccc4ec00892198038)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Due to recent changes to the tune, in order to match config.guess, the name
of the big-endian microblaze architecture was changes to 'microblaze'.
(From OE-Core rev: 6f6a6bbac684ead3fe6d070d61f17c2f611a2c87)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2b2ebb11da16975e3b0cba7854c3cfe54e0305a3)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version 9.50 incorporates previously-backported fixes for
CVE-2019-14811 and CVE-2019-14817.
CVE: CVE-2019-14811
CVE: CVE-2019-14817
(From OE-Core rev: 8c626421840da9441be03587a57e9cf1ebd3d6f0)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
https://www.openwall.com/lists/oss-security/2019/08/28/2
(From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in all versions of ghostscript 9.x before 9.28,
where the `.charkeys` procedure, where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
An attacker could abuse this flaw by creating a specially crafted
PostScript file that could escalate privileges within the Ghostscript
and access files outside of restricted areas or execute commands.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-14869
Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904
(From OE-Core rev: 0bb88ac63b4e1728373c6425477a32f7a6362b2c)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OE does not provide libpaper recipe, and the configure check looks for
libpaper if not disabled, this causes problems especially when shared
state is built on a machine which has libpaper installed on host but the
consumer machine although running same OS, but does not have libpaper
installed, the artifact from sstate are re-used but then native binary
./obj/aux/packps fails to execute
./obj/aux/packps: error while loading shared libraries: libpaper.so.1: cannot open shared object file: No such file or directory
So either we need to provide libpaper in OE or we disable it, disabling
is best for now
(From OE-Core rev: 11e85220d97299be5f65d5208ec21d4ad215317a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdf_hook_DSC_Creator procedure where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdfexectoken and other procedures where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-14811
https://nvd.nist.gov/vuln/detail/CVE-2019-14817
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
(From OE-Core rev: 1533b92848ea73d6fe6ba22d87d7b6749b47842c)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
- Rebase ghostscript-9.02-genarch.patch
- Drop backported CVE patches
(From OE-Core rev: 62510fc82a8eee19bfc51d7b5bc1c6f2aec3825b)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 721e69aa12dd9ee22618ef13f29fb6d28eeab9af)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.
It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.
It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6116
https://www.openwall.com/lists/oss-security/2019/01/23/5
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e
(From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
- Drop backported CVE fixes
000[1-8]*.patch
(From OE-Core rev: f30bd6bf01dbf81f0872382be44d507fb981f953)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving the 1Policy
operator.
(From OE-Core rev: 98ab5c5770d20b39bf3c58083f31f31838f2e940)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.
(From OE-Core rev: 6098c19e1f179896af7013c4b5db3081549c97bc)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.
(From OE-Core rev: 6c32ea184941d292cd8f0eb898e6cc90120ada40)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed below patches, as v9.25 source already has those
changes/security fixes:
0001-Bug-699665-memory-corruption-in-aesdecode.patch
0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch
0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
0003-Fix-Bug-699660-shading_param-incomplete-type-checkin.patch
0004-Hide-the-.shfill-operator.patch
0005-Bug-699657-properly-apply-file-permissions-to-.tempf.patch
remove-direct-symlink.patch
Re-worked ghostscript-9.21-native-fix-disable-system-libtiff.patch
and ghostscript-9.21-prevent_recompiling.patch
to fix warnings in do_patch task of ghostscript v9.25 recipe.
Highlights of ghostscript v9.25 release:
---------------------------------------
- This release fixes problems with argument handling, some unintended results
of the security fixes to the SAFER file access restrictions
(specifically accessing ICC profile files), and some additional security
issues over the recent 9.24 release.
- Note: The ps2epsi utility does not, and cannot call Ghostscript with
the -dSAFER command line option. It should never be called with input
from untrusted sources.
- Security issues have been the primary focus of this release, including
solving several (well publicised) real and potential exploits.
- As well as Ghostscript itself, jbig2dec has had a significant amount of work
improving its robustness in the face of out specification files.
- IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread
safe, and cannot be made thread safe without breaking the ABI.
Our fork will be thread safe, and include performance enhancements
(these changes have all be been offered and rejected upstream). We will
maintain compatibility between Ghostscript and LCMS2 for a time, but not in
perpetuity. Our fork will be available as its own package separately from
Ghostscript (and MuPDF).
- The usual round of bug fixes, compatibility changes, and incremental
improvements.
(From OE-Core rev: 4340928b8878b91b5a2750eb6bc87918740511ca)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-15911
(From OE-Core rev: b6d32d43fd2b016e932b7dc81fb943eb936b73bb)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
(From OE-Core rev: 4b56d6a61bfe4ca28d1301ae83898a979d3df73a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Drop backported patches
- CVE-2017-7207.patch
- CVE-2017-5951.patch
- CVE-2017-7975.patch
- CVE-2017-9216.patch
- CVE-2017-9611.patch
- CVE-2017-9612.patch
- CVE-2017-9739.patch
- CVE-2017-9726.patch
- CVE-2017-9727.patch
- CVE-2017-9835.patch
- CVE-2017-11714.patch
2. Rebase to 9.23
- ghostscript-9.15-parallel-make.patch
- ghostscript-9.16-Werror-return-type.patch
- do-not-check-local-libpng-source.patch
- avoid-host-contamination.patch
- mkdir-p.patch
- ghostscript-9.21-prevent_recompiling.patch
- ghostscript-9.02-genarch.patch
- cups-no-gcrypt.patch
- ghostscript-9.21-native-fix-disable-system-libtiff.patch
- base-genht.c-add-a-preprocessor-define-to-allow-fope.patch
3. Add packps from (native to target) to support cross compiling.
4. Add remove-direct-symlink.patch to fix
do_populate_sysroot failure
(From OE-Core rev: f8b4636472c6784fb78ca09a7dd7ebe53011f631)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch was adding a change to the source file that was already there,
so the lines of code were repeated twice. This didn't create a bug or a
security issue, but it may well have.
Long story:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
(From OE-Core rev: 1fc1a5f392ec6773cd520cbbd19b58931c6a2d66)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 49437de120ffdf26396fb295254f51ccc204560a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-9727: make bounds check in gx_ttfReader__Read more robust
CVE-2017-9835: bounds check the array allocations methods
CVE-2017-11714: prevent trying to reloc a freed object
(From OE-Core rev: 2eae91f9fa1cfdd3f0e6111956c8f193fd0db69f)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-9611
CVE-2017-9612
CVE-2017-9739
CVE-2017-9726
(From OE-Core rev: 3e5d80c84f4c141bc3f3193d1db899b0e56993cf)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
png_mak.patch was created for ghostscript 9.16 and causes make circular
dependency now. Check source code base/png.mak after apply png_mak.patch:
Line 77: $(MAKEDIRS) : $(pnglibconf_h)
Line 83: $(pnglibconf_h) : $(PNGSRC)scripts$(D)pnglibconf.h.prebuilt $(TOP_MAKEFILES) $(MAKEDIRS)
So remove png_mak.patch.
(From OE-Core rev: 8a5890cc0b0a6c110edb36aec3614c3ebeb54e24)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
(From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add information necessary to build for x11, but
do not enable that option.
Fix parallel build directory creation issue.
(From OE-Core rev: 2bfc7be412da501d8a9138a3dde33636c5fe2616)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate CVE patches that are now in source.
Add CUPSCONFIG to configure options.
(From OE-Core rev: 3041f94896b50a5a5d19caf0dd0e7910c730e18e)
Signed-off-by: Joe Slater <jslater@windriver.com>
to be scrunched
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER
mode protection mechanism and consequently read arbitrary files via the
use of the .libfile operator in a crafted postscript document.
Use-after-free vulnerability in Ghostscript 9.20 might allow remote
attackers to execute arbitrary code via vectors related to a reference
leak in .setdevice.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER
mode protection mechanism and consequently execute arbitrary code by
leveraging type confusion in .initialize_dsc_parser.
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,
has a NULL pointer dereference in the jbig2_huffman_get function in
jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-7977
https://nvd.nist.gov/vuln/detail/CVE-2016-7978
https://nvd.nist.gov/vuln/detail/CVE-2016-7979
https://nvd.nist.gov/vuln/detail/CVE-2017-9216
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=875a0095f37626a721c7ff57d606a0f95af03913
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853
(From OE-Core rev: 584dfa2f780d5785aaff01f84fbabc18b3478d76)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following warning occurs when building with meta-zephyr
with MACHINE set to arduino-101-sss:
WARNING: /srv/sdc/builds/11319/meta/recipes-extended/ghostscript/ghostscript_9.20.bb: Unable to get checksum for ghostscript SRC_URI entry objarch.h: file could not be found
This is due to the the TARGET_ARCH = "arc" for meta-zephyr is not
supported by ghostscript and causing bitbake unable to locate the
correct config file during recipe parse.
Adding checker in the recipe to raise an exception if the target
architecture is "arc". This would then only display an error if
someone specifically tries to build the recipe:
ERROR: ghostscript was skipped: incompatible with host arc-yocto-elf (not in COMPATIBLE_HOST)
[YOCTO #11344]
(From OE-Core rev: 720a7230b92d734106d5340a426270dd4e921e8e)
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote
attackers to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted Postscript document that calls .sethalftone5 with an
empty operand stack.
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because
of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c
during operations on a crafted JBIG2 file, leading to a denial of service (application
crash) or possibly execution of arbitrary code.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8602
https://nvd.nist.gov/vuln/detail/CVE-2017-7975
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298
(From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
(From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207
Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091
(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 10001924baf112a4556c5e85c16c482cbf435950)
(From OE-Core rev: 4e8e884054b56c578d51d7b4af7150b77806368d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1)Upgrade ghostscript from 9.19 to 9.20.
2)Modify ghostscript-9.15-parallel-make.patch, since the data has been changed.
(From OE-Core rev: 4f3483c3a0ba22f46d768d78d6f56880e8ac5608)
(From OE-Core rev: 9133ba6b8138951f3ef798f0a1cc6f694fe71868)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MIPS MACHINE_OVERRIDES can be used to provide the same objarch.h
files for MIPS pre-R2 and R6 ISA versions.
Use them to reduce duplication in supporting MIPS R6 ISA
(From OE-Core rev: a169f11cee3f4288467120cbc363f5e664b86f0c)
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Reduce duplication in MIPS variants now that the MACHINEOVERRIDES
variable is defined
(From OE-Core rev: c4aefe37ef5ff34ebd8e1a077c9198dcf3634e07)
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Ghostscript and GhostPDL releases from version 9.19 have been moved to GitHub
hosting, tweak download site
- Drop 0001-Bug-696497-Fix-support-for-building-with-no-jbig2-de.patch, and
0002-Bug-696497-part-2-fix-support-for-building-with-a-JP.patch, ghostscript
9.19 has fixed them.
- Fix QA Warning unrecognised options: --enable-little-endian. It use AC_C_BIGENDIAN
to detect big/little endian.
http://www.delorie.com/gnu/docs/autoconf/autoconf_64.html
(From OE-Core rev: 227ca0a373b5a93602a419296ff1da1a96615ba2)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Set UPSTREAM_CHECK_URI (a github location), so package checking system gets the
latest version of the package.
(From OE-Core rev: 94d80ae33e0671e439c845f25e54aab0ee69843b)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Ghostcript project started to place their tarballs in two places
starting at 9.19 as explained in [1]. 9.18 version is considered old,
so including the 'old-gs-releases' in the URL.
[1] http://downloads.ghostscript.com/public/
[YOCTO #9573]
(From OE-Core rev: f4232f796875b007a438eb75fe438db6aba30572)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Backport patches to fix build failure caused by
'--without-jbig2dec' and '--without-jbig2dec'.
...
|make[1]: *** No rule to make target `obj/sjbig2_.dev',
needed by `obj/sjbig2.dev'. Stop.
...
http://bugs.ghostscript.com/show_bug.cgi?id=696497
- Previously, it did not build the whole local libpng
source in ghostscript, only picked up specific files
and compile them. But on ghostscript 9.18, when the
arm's FPU has been set to NEON (-mfpu=neon * with GCC),
the selected file "libpng/pngrutil.c" needs to link
'png_init_filter_functions_neon' which should be
compiled by a non-selected file "libpng/arm/arm_init.c".
...
|./obj/pngrutil.o: In function `png_init_filter_functions':
|armv7a-neon-poky-linux-gnueabi/ghostscript/9.18-r0/build/../
ghostscript-9.18/libpng/pngrutil.c:3921: undefined reference to
`png_init_filter_functions_neon'
...
So do not compile local libpng source in ghostscript,
use shared libpng to instead.
(From OE-Core rev: c7da39c43fc20e634c45212151400c663b39399a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using parallel make jobs, we need to be sure that
pnglibconf.h is created before we try to reference it,
so add a rule to png.mak.
(From OE-Core rev: fad19750d23aad2d14a1726c4e3c2c0d05f6e13d)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add objarch.h for NIOS2 architecture.
(From OE-Core rev: 29298e2c2be939764f1bbf0fb1c14530c4e8e563)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@intel.com>
Cc: Walter Goossens <waltergoossens@home.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update LICENSE's md5sum, the new version added a "of" in the file, the
license is the same.
* Remove ghostscript-9.02-parallel-make.patch, it has 932 lines and
modified 24 files, which is hard to maintain, and it can't be applied
since the code has changed, and if we meet parallel issues again, we
need fix it in other ways.
* Fix a build error of -Werror=return-type.
(From OE-Core rev: c5adb5903bd93f1c71acd52062d8c8620de2f944)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
* Add objarch.h for MicroBlaze big and little endian
(From OE-Core rev: cb7e4f8e3dcbe1d85eabc7d1545fddcd2500e02b)
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ghostscript application fails to fetch objarch.h file while building for armeb.
The fetch failure is due to absence of this file in the default set of
directories that the OpenEmbedded build system searches (i.e FILESPATH)
for patches and files. This patch adds the required objarch.h file for
armeb in one of the default locations where OpenEmbedded build system searches.
(From OE-Core rev: c520165f8fe7c01865ddb2565908211c0cfd2185)
Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 065f4034698caaaab9c8076d3c7e4ebafb8a9353)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[YOCTO #7230]
In certain system configurations TRANSLATED_TARGET_ARCH will not
expand in the right order for gcc-cross-candian-mips64n32 to be
generated properly.
This will cause SDKs to fail to generate properly.
Changing the global definition of TRANSLATED_TARGET_ARCH always
expands the ABIEXTENSION, which causes the OVERRIDES to pick it up
as well. This effectively defines a new class of overrides for the 'n32'.
The side effect is that we need to duplicate some mips64 overrides, and
redefine others that were previously 'n32' or 'mips64' exclusive to have
the correct semantics.
(From OE-Core rev: 4b3a2b703b20583bd107f00a297d972e9bfb514a)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0f7d0bb0fa422d188493150b1ffcc8d68f6e65d1)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|