<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-extended/ghostscript, branch dunfell-23.0.20</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=dunfell-23.0.20</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=dunfell-23.0.20'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2022-03-31T20:09:33+00:00</updated>
<entry>
<title>ghostscript: backport patch fix for CVE-2021-3781</title>
<updated>2022-03-31T20:09:33+00:00</updated>
<author>
<name>Davide Gardenal</name>
<email>davidegarde2000@gmail.com</email>
</author>
<published>2022-03-25T16:46:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a27aa2316f383735d5c4cba7f7e502bff579979b'/>
<id>urn:sha1:a27aa2316f383735d5c4cba7f7e502bff579979b</id>
<content type='text'>
Upstream advisory:
https://ghostscript.com/blog/CVE-2021-3781.html

Other than the CVE fix other two commits are backported
to fit the patch.

(From OE-Core rev: ce856e5e07589d49d5ff84b515c48735cc78cd01)

Signed-off-by: Davide Gardenal &lt;davide.gardenal@huawei.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native</title>
<updated>2022-03-31T20:09:33+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2022-03-25T17:11:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4391ddecb2c5903a4c00d62646add0988a79c6d9'/>
<id>urn:sha1:4391ddecb2c5903a4c00d62646add0988a79c6d9</id>
<content type='text'>
CVE patches (and the stack limits check patch) should have been
added to SRC_URI_BASE so that they are applied for both target
and -native packages.

(From OE-Core rev: da9b7b8973913c80c989aee1f5b34c98362725a8)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: fix CVE-2021-45949</title>
<updated>2022-02-16T09:48:51+00:00</updated>
<author>
<name>Minjae Kim</name>
<email>flowergom@gmail.com</email>
</author>
<published>2022-01-28T08:54:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b03d18892cdd59418bebcf9f7f7a3d12815beb76'/>
<id>urn:sha1:b03d18892cdd59418bebcf9f7f7a3d12815beb76</id>
<content type='text'>
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).

To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949

(From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0)

Signed-off-by: Minjae Kim &lt;flowergom@gmail.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: Exclude CVE-2013-6629 from cve-check</title>
<updated>2021-05-20T11:36:41+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2021-05-11T12:44:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b819be5f6aee6e890e136bc9dbf114df0cc93620'/>
<id>urn:sha1:b819be5f6aee6e890e136bc9dbf114df0cc93620</id>
<content type='text'>
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.

(From OE-Core rev: 829296767ecfbd443d738367b7146a91506e25f2)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: update to 9.52</title>
<updated>2020-08-27T07:25:50+00:00</updated>
<author>
<name>Lee Chee Yang</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2020-08-18T14:06:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=060ba609bd6ed40c8407934191da60c5e3ad8de7'/>
<id>urn:sha1:060ba609bd6ed40c8407934191da60c5e3ad8de7</id>
<content type='text'>
This is maintenance release consolidating the changes introduced
in 9.50. see :
https://www.ghostscript.com/doc/9.52/News.htm

Drop all custom objarch.h files; ghostscript nowadays generates
that with autoconf.

Freetype can no longer be disabled.

Building out of source tree is broken.

Upgrade include several CVE fixes:
CVE-2020-16287
CVE-2020-16288
CVE-2020-16289
CVE-2020-16290
CVE-2020-16291
CVE-2020-16292
CVE-2020-16293
CVE-2020-16294
CVE-2020-16295
CVE-2020-16296
CVE-2020-16297
CVE-2020-16298
CVE-2020-16299
CVE-2020-16300
CVE-2020-16301
CVE-2020-16302
CVE-2020-16303
CVE-2020-16304
CVE-2020-16305
CVE-2020-16308
CVE-2020-16309
CVE-2020-17538

(From OE-Core rev: 1cee5540ca74c38cc483b28f720e345644d6ca9b)

Signed-off-by: Lee Chee Yang &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: fix CVE-2020-15900</title>
<updated>2020-08-12T09:53:46+00:00</updated>
<author>
<name>Lee Chee Yang</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2020-08-07T09:45:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=fa2385ad96a79ffbdad6c7084378848576e082a1'/>
<id>urn:sha1:fa2385ad96a79ffbdad6c7084378848576e082a1</id>
<content type='text'>
(From OE-Core rev: a58aa3017925617da1eec732a0e68bfda83410a1)

Signed-off-by: Lee Chee Yang &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>microblaze: Adjust Linux items from microblazeeb to microblaze</title>
<updated>2020-02-06T12:16:34+00:00</updated>
<author>
<name>Mark Hatle</name>
<email>mark.hatle@kernel.crashing.org</email>
</author>
<published>2020-02-04T21:06:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cdcacf26ec95cfa874b2060c059478666956cdca'/>
<id>urn:sha1:cdcacf26ec95cfa874b2060c059478666956cdca</id>
<content type='text'>
Due to recent changes to the tune, in order to match config.guess, the name
of the big-endian microblaze architecture was changes to 'microblaze'.

(From OE-Core rev: 6f6a6bbac684ead3fe6d070d61f17c2f611a2c87)

Signed-off-by: Mark Hatle &lt;mark.hatle@kernel.crashing.org&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: Add powerpc64 LE specific objarch.h</title>
<updated>2020-01-19T23:49:39+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2020-01-18T19:41:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1471a16b2e55b314a2a1118013f82121cfa0f789'/>
<id>urn:sha1:1471a16b2e55b314a2a1118013f82121cfa0f789</id>
<content type='text'>
(From OE-Core rev: 2b2ebb11da16975e3b0cba7854c3cfe54e0305a3)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: upgrade 9.27 -&gt; 9.50</title>
<updated>2019-12-09T12:00:43+00:00</updated>
<author>
<name>Trevor Gamblin</name>
<email>trevor.gamblin@windriver.com</email>
</author>
<published>2019-12-06T20:49:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f901ea834c7043d714e865fc592c06fa63f00bf1'/>
<id>urn:sha1:f901ea834c7043d714e865fc592c06fa63f00bf1</id>
<content type='text'>
Version 9.50 incorporates previously-backported fixes for
CVE-2019-14811 and CVE-2019-14817.

CVE: CVE-2019-14811
CVE: CVE-2019-14817

(From OE-Core rev: 8c626421840da9441be03587a57e9cf1ebd3d6f0)

Signed-off-by: Trevor Gamblin &lt;trevor.gamblin@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript: fix for CVE-2019-14811 is same as CVE-2019-14813</title>
<updated>2019-11-29T17:43:40+00:00</updated>
<author>
<name>Anuj Mittal</name>
<email>anuj.mittal@intel.com</email>
</author>
<published>2019-11-27T00:53:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8e16704ae40b30f6eabdcce9a6c43e5d0ecc643c'/>
<id>urn:sha1:8e16704ae40b30f6eabdcce9a6c43e5d0ecc643c</id>
<content type='text'>
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
https://www.openwall.com/lists/oss-security/2019/08/28/2

(From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944)

Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
