ghostscript: upgrade 10.02.1 -> 10.03.1

avoid-host-contamination.patch refreshed for 10.03.1 Below patches are no longer needed as it's included in this upgrade. 1. CVE-2024-29510.patch 2. CVE-2024-33869-0001.patch 3. CVE-2024-33869-0002.patch 4. CVE-2024-33870.patch 5. CVE-2024-33871.patch 6. configure.ac-add-option-to-explicitly-disable-neon.patch other patch release to address security bugs: CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509 CVE-2024-29511 (From OE-Core rev: 9a424fbcdc0c792ff3b99bf0e8a5e380582f53bc) (From OE-Core rev: 2a19132aca9d62be0d1e58444b0a8881456311dc) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2024-07-08 11:58:40 +0530
committer: Steve Sakoman <steve@sakoman.com> 2024-07-12 05:47:20 -0700
commit: 262cb8eb147844e746464f97c12f772d1c33563e (patch)
tree: 9324069b402896ecb25ef9d9b7ee8f8f3e9dd619 /meta/recipes-extended
parent: ca27724b44031fe11b631ee50eb1e20f7a60009d (diff)
download: poky-262cb8eb147844e746464f97c12f772d1c33563e.tar.gz
8 files changed, 5 insertions, 430 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
deleted file mode 100644
index 692d35157f..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 3b1735085ecef20b29e8db3416ab36de93e86d1f Mon Sep 17 00:00:00 2001
-From: Ken Sharp <Ken.Sharp@artifex.com>
-Date: Thu, 21 Mar 2024 09:01:15 +0000
-Subject: [PATCH 5/5] Uniprint device - prevent string configuration changes
- when SAFER
-Bug #707662
-We cannot sanitise the string arguments used by the Uniprint device
-because they can potentially include anything.
-This commit ensures that these strings are locked and cannot be
-changed by PostScript once SAFER is activated. Full configuration from
-the command line is still possible (see the *.upp files in lib).
-This addresses CVE-2024-29510
-CVE: CVE-2024-29510
-Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e]
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
- devices/gdevupd.c | 31 +++++++++++++++++++++++++++++++
- 1 file changed, 31 insertions(+)
-diff --git a/devices/gdevupd.c b/devices/gdevupd.c
-index 740dae0..a50571a 100644
--- a/devices/gdevupd.c
-+++ b/devices/gdevupd.c
-@@ -1887,6 +1887,16 @@ out on this copies.
-       if(!upd_strings[i]) continue;
-       UPD_PARAM_READ(param_read_string,upd_strings[i],value,udev->memory);
-       if(0 == code) {
-+        if (gs_is_path_control_active(udev->memory)) {
-+            if (strings[i].size != value.size)
-+              error = gs_error_invalidaccess;
-+            else {
-+                if (strings[i].data && memcmp(strings[i].data, value.data, strings[i].size) != 0)
-+                    error = gs_error_invalidaccess;
-+            }
-+            if (error < 0)
-+                goto exit;
-+        }
-          if(0 <= error) error |= UPD_PUT_STRINGS;
-          UPD_MM_DEL_PARAM(udev->memory, strings[i]);
-          if(!value.size) {
-@@ -1904,6 +1914,26 @@ out on this copies.
-       if(!upd_string_a[i]) continue;
-       UPD_PARAM_READ(param_read_string_array,upd_string_a[i],value,udev->memory);
-       if(0 == code) {
-+          if (gs_is_path_control_active(udev->memory)) {
-+              if (string_a[i].size != value.size)
-+                  error = gs_error_invalidaccess;
-+              else {
-+                  int loop;
-+                  for (loop = 0;loop < string_a[i].size;loop++) {
-+                      gs_param_string *tmp1 = (gs_param_string *)&(string_a[i].data[loop]);
-+                      gs_param_string *tmp2 = (gs_param_string *)&value.data[loop];
-+
-+                      if (tmp1->size != tmp2->size)
-+                          error = gs_error_invalidaccess;
-+                      else {
-+                          if (tmp1->data && memcmp(tmp1->data, tmp2->data, tmp1->size) != 0)
-+                              error = gs_error_invalidaccess;
-+                      }
-+                  }
-+              }
-+            if (error < 0)
-+                goto exit;
-+          }
-          if(0 <= error) error |= UPD_PUT_STRING_A;
-          UPD_MM_DEL_APARAM(udev->memory, string_a[i]);
-          if(!value.size) {
-@@ -2098,6 +2128,7 @@ transferred into the device-structure. In the case of "uniprint", this may
-       if(0 > code) error = code;
-    }
-+exit:
-    if(0 < error) { /* Actually something loaded without error */
-       if(!(upd = udev->upd)) {
--
-2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
deleted file mode 100644
index 2f20c66ea3..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <Ken.Sharp@artifex.com>
-Date: Tue, 26 Mar 2024 12:02:57 +0000
-Subject: [PATCH 2/5] Bug #707691
-Part 1; when stripping a potential Current Working Dirctory specifier
-from a path, make certain it really is a CWD, and not simply large
-ebough to be a CWD.
-Reasons are in the bug thread, this is not (IMO) serious.
-This is part of the fix for CVE-2024-33869
-CVE: CVE-2024-33869
-Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973]
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
- base/gpmisc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/base/gpmisc.c b/base/gpmisc.c
-index c4a69b0..1d4d5d8 100644
--- a/base/gpmisc.c
-+++ b/base/gpmisc.c
-@@ -1164,8 +1164,8 @@ gp_validate_path_len(const gs_memory_t *mem,
-             continue;
-         }
-        else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
-            buffer = bufferfull + cdirstrl + dirsepstrl;
-+        else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull
-+            && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) {
-             continue;
-         }
-         break;
--
-2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
deleted file mode 100644
index 5dcbcca998..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f5336e5b4154f515ac83bc5b9eba94302e6618d4 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <Ken.Sharp@artifex.com>
-Date: Tue, 26 Mar 2024 12:07:18 +0000
-Subject: [PATCH 3/5] Bug 707691 part 2
-See bug thread for details
-This is the second part of the fix for CVE-2024-33869
-CVE: CVE-2024-33869
-Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83]
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
- base/gpmisc.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-diff --git a/base/gpmisc.c b/base/gpmisc.c
-index 1d4d5d8..b0d5c71 100644
--- a/base/gpmisc.c
-+++ b/base/gpmisc.c
-@@ -1090,6 +1090,27 @@ gp_validate_path_len(const gs_memory_t *mem,
-         rlen = len;
-     }
-     else {
-+        char *test = (char *)path, *test1;
-+        uint tlen = len, slen;
-+
-+        /* Look for any pipe (%pipe% or '|' specifications between path separators
-+         * Reject any path spec which has a %pipe% or '|' anywhere except at the start.
-+         */
-+        while (tlen > 0) {
-+            if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
-+                code = gs_note_error(gs_error_invalidfileaccess);
-+                goto exit;
-+            }
-+            test1 = test;
-+            slen = search_separator((const char **)&test, path + len, test1, 1);
-+            if(slen == 0)
-+                break;
-+            test += slen;
-+            tlen -= test - test1;
-+            if (test >= path + len)
-+                break;
-+        }
-+
-         rlen = len+1;
-         bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
-         if (bufferfull == NULL)
--
-2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
deleted file mode 100644
index 9c2b9dcfa2..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 79aef19c685984dc3da2dc090450407d9fbcff80 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <Ken.Sharp@artifex.com>
-Date: Tue, 26 Mar 2024 12:00:14 +0000
-Subject: [PATCH 1/5] Bug #707686
-See bug thread for details
-In addition to the noted bug; an error path (return from
-gp_file_name_reduce not successful) could elad to a memory leak as we
-did not free 'bufferfull'. Fix that too.
-This addresses CVE-2024-33870
-CVE: CVE-2024-33870
-Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc]
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
- base/gpmisc.c | 36 ++++++++++++++++++++++++++++++++----
- 1 file changed, 32 insertions(+), 4 deletions(-)
-diff --git a/base/gpmisc.c b/base/gpmisc.c
-index 2b0064b..c4a69b0 100644
--- a/base/gpmisc.c
-+++ b/base/gpmisc.c
-@@ -1,4 +1,4 @@
-/* Copyright (C) 2001-2023 Artifex Software, Inc.
-+/* Copyright (C) 2001-2024 Artifex Software, Inc.
-    All Rights Reserved.
-    This software is provided AS-IS with no warranty, either express or
-@@ -1042,7 +1042,7 @@ gp_validate_path_len(const gs_memory_t *mem,
-                      const uint         len,
-                      const char        *mode)
- {
-    char *buffer, *bufferfull;
-+    char *buffer, *bufferfull = NULL;
-     uint rlen;
-     int code = 0;
-     const char *cdirstr = gp_file_name_current();
-@@ -1096,8 +1096,10 @@ gp_validate_path_len(const gs_memory_t *mem,
-             return gs_error_VMerror;
-         buffer = bufferfull + prefix_len;
-        if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
-            return gs_error_invalidfileaccess;
-+        if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) {
-+            code = gs_note_error(gs_error_invalidfileaccess);
-+            goto exit;
-+        }
-         buffer[rlen] = 0;
-     }
-     while (1) {
-@@ -1132,9 +1134,34 @@ gp_validate_path_len(const gs_memory_t *mem,
-             code = gs_note_error(gs_error_invalidfileaccess);
-         }
-         if (code < 0 && prefix_len > 0 && buffer > bufferfull) {
-+            uint newlen = rlen + cdirstrl + dirsepstrl;
-+            char *newbuffer;
-+            int code;
-+
-             buffer = bufferfull;
-             memcpy(buffer, cdirstr, cdirstrl);
-             memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl);
-+
-+            /* We've prepended a './' or similar for the current working directory. We need
-+             * to execute file_name_reduce on that, to eliminate any '../' or similar from
-+             * the (new) full path.
-+             */
-+            newbuffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, newlen + 1, "gp_validate_path");
-+            if (newbuffer == NULL) {
-+                code = gs_note_error(gs_error_VMerror);
-+                goto exit;
-+            }
-+
-+            memcpy(newbuffer, buffer, rlen + cdirstrl + dirsepstrl);
-+            newbuffer[newlen] = 0x00;
-+
-+            code = gp_file_name_reduce(newbuffer, (uint)newlen, buffer, &newlen);
-+            gs_free_object(mem->thread_safe_memory, newbuffer, "gp_validate_path");
-+            if (code != gp_combine_success) {
-+                code = gs_note_error(gs_error_invalidfileaccess);
-+                goto exit;
-+            }
-+
-             continue;
-         }
-         else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
-@@ -1153,6 +1180,7 @@ gp_validate_path_len(const gs_memory_t *mem,
-                                            gs_path_control_flag_is_scratch_file);
-     }
-+exit:
-     gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path");
- #ifdef EACCES
-     if (code == gs_error_invalidfileaccess)
--
-2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
deleted file mode 100644
index abe6384997..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001
-From: Zdenek Hutyra <zhutyra@centrum.cz>
-Date: Mon, 22 Apr 2024 13:33:47 +0100
-Subject: [PATCH 4/5] OPVP device - prevent unsafe parameter change with SAFER
-Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library"
-The "Driver" parameter for the "opvp"/"oprp" device specifies the name
-of a dynamic library and allows any library to be loaded.
-The patch does not allow changing this parameter after activating path
-control.
-This addresses CVE-2024-33871
-CVE: CVE-2024-33871
-Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc2396]
-Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
- contrib/opvp/gdevopvp.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
-index 74200cf..80eb23b 100644
--- a/contrib/opvp/gdevopvp.c
-+++ b/contrib/opvp/gdevopvp.c
-@@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist)
-     code = param_read_string(plist, pname, &vdps);
-     switch (code) {
-     case 0:
-+        if (gs_is_path_control_active(dev->memory)
-+            && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size
-+                || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
-+            param_signal_error(plist, pname, gs_error_invalidaccess);
-+            return_error(gs_error_invalidaccess);
-+        }
-         buff = realloc(buff, vdps.size + 1);
-         memcpy(buff, vdps.data, vdps.size);
-         buff[vdps.size] = 0;
--
-2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
index 15c7eb5a77..67f14bd368 100644
--- a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
@@ -1,7 +1,7 @@
-From 0ccbaa134093bf6afc79f2d20d061bca5a8754ed Mon Sep 17 00:00:00 2001
+From b36713c8f1ba0e5755b78845a433354a63663b1a Mon Sep 17 00:00:00 2001
 From: Kai Kang <kai.kang@windriver.com>
 Date: Thu, 29 Mar 2018 16:02:05 +0800
-Subject: [PATCH 04/10] avoid host contamination
+Subject: [PATCH] avoid host contamination
 Remove hardcode path refer to host to avoid host contamination.
@@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/devices/devs.mak b/devices/devs.mak
-index 846aa50..9570182 100644
+index 186f704..88ab8c9 100644
 --- a/devices/devs.mak
 +++ b/devices/devs.mak
-@@ -393,7 +393,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
+@@ -397,7 +397,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
 ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT
 
 $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS)
@@ -27,6 +27,3 @@ index 846aa50..9570182 100644
 
 ###### --------------- Memory-buffered printer devices --------------- ######
 
-- 
-1.8.3.1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch b/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch
deleted file mode 100644
index 7873396045..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From fd37229a17822c5ad21a369f670b8a6f6cc6b95b Mon Sep 17 00:00:00 2001
-From: Benjamin Bara <benjamin.bara@skidata.com>
-Date: Mon, 4 Sep 2023 12:16:39 +0200
-Subject: [PATCH] configure.ac: add option to explicitly disable neon
-Uncomment an already existing possibility to explicitly disable neon and
-use it on both implemented neon checks.
-Upstream-Status: Submitted [https://bugs.ghostscript.com/show_bug.cgi?id=707097]
-Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
---
- configure.ac | 52 +++++++++++++++++++++++++++++-----------------------
- 1 file changed, 29 insertions(+), 23 deletions(-)
-diff --git a/configure.ac b/configure.ac
-index 09d881dd1..62718e15e 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -749,6 +749,33 @@ SUBCONFIG_OPTS="--build=$build --host=$host"
- #  SUBCONFIG_OPTS="$SUBCONFIG_OPTS --host=$host_alias"
- #fi
- 
-+dnl --------------------------------------------------
-+dnl Check for NEON support
-+dnl --------------------------------------------------
-+save_cflags=$CFLAGS
-+AC_MSG_CHECKING([neon support])
-+CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53"
-+HAVE_NEON=""
-+AC_LINK_IFELSE(
-+  [AC_LANG_PROGRAM([#include "arm_neon.h"], [
-+  int32x4_t round = vdupq_n_s32(10);
-+  return(0);
-+  ])],
-+  [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""])
-+
-+AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon],
-+       [Do not use neon instrinsics]), [
-+             if test "x$enable_neon" = xno; then
-+                HAVE_NEON=""
-+             fi])
-+
-+if test "x$HAVE_NEON" != x; then
-+  AC_MSG_RESULT(yes)
-+else
-+  AC_MSG_RESULT(no)
-+fi
-+CFLAGS=$save_cflags
-+
- dnl --------------------------------------------------
- dnl Check for libraries
- dnl --------------------------------------------------
-@@ -971,11 +998,12 @@ if test x$with_tesseract != xno; then
-          [TESS_NEON="-mfpu=neon -mcpu=cortex-a53 -D__ARM_NEON__"],
-          [TESS_NEON=""])
- 
-        if test "x$TESS_NEON" != x; then
-+        if test "x$TESS_NEON" != x && test "x$enable_neon" != xno; then
-           AC_MSG_RESULT(yes)
-           TESS_CXXFLAGS="$TESS_CXXFLAGS -DHAVE_NEON"
-         else
-           AC_MSG_RESULT(no)
-+          TESS_NEON=""
-         fi
- 
-         CXXFLAGS="$save_cxxflags"
-@@ -2387,28 +2415,6 @@ if test x$WITH_CAL != x0; then
-     AC_MSG_RESULT(no)
-   fi
- 
-  AC_MSG_CHECKING([neon support])
-  CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53"
-  HAVE_NEON=""
-  AC_LINK_IFELSE(
-    [AC_LANG_PROGRAM([#include "arm_neon.h"], [
-    int32x4_t round = vdupq_n_s32(10);
-    return(0);
-    ])],
-    [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""])
-
-  #AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon],
-  #       [Do not use neon instrinsics]), [
-  #             if test "x$enable_neon" = xno; then
-  #                HAVE_NEON=""
-  #             fi])
-
-  if test "x$HAVE_NEON" != x; then
-    AC_MSG_RESULT(yes)
-  else
-    AC_MSG_RESULT(no)
-  fi
-
-   #AC_SUBST(HAVE_SSE4_2)
-   #AC_SUBST(HAVE_NEON)
-   CFLAGS=$save_cflags
-- 
-2.34.1
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb
index db9481816a..0504f5244f 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb
@@ -25,15 +25,9 @@ def gs_verdir(v):
 SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \
           file://ghostscript-9.16-Werror-return-type.patch \
           file://avoid-host-contamination.patch \
-           file://configure.ac-add-option-to-explicitly-disable-neon.patch \
-           file://CVE-2024-33870.patch \
-           file://CVE-2024-33869-0001.patch \
-           file://CVE-2024-33869-0002.patch \
-           file://CVE-2024-33871.patch \
-           file://CVE-2024-29510.patch \
           "
-SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"
+SRC_URI[sha256sum] = "31cd01682ad23a801cc3bbc222a55f07c4ea3e068bdfb447792d54db21a2e8ad"
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
author	Hitendra Prajapati <hprajapati@mvista.com>	2024-07-08 11:58:40 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-07-12 05:47:20 -0700
commit	262cb8eb147844e746464f97c12f772d1c33563e (patch)
tree	9324069b402896ecb25ef9d9b7ee8f8f3e9dd619 /meta/recipes-extended
parent	ca27724b44031fe11b631ee50eb1e20f7a60009d (diff)
download	poky-262cb8eb147844e746464f97c12f772d1c33563e.tar.gz

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch deleted file mode 100644 index 692d35157f..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch +++ /dev/null
@@ -1,84 +0,0 @@
1	From 3b1735085ecef20b29e8db3416ab36de93e86d1f Mon Sep 17 00:00:00 2001
2	From: Ken Sharp <Ken.Sharp@artifex.com>
3	Date: Thu, 21 Mar 2024 09:01:15 +0000
4	Subject: [PATCH 5/5] Uniprint device - prevent string configuration changes
5	when SAFER
6
7	Bug #707662
8
9	We cannot sanitise the string arguments used by the Uniprint device
10	because they can potentially include anything.
11
12	This commit ensures that these strings are locked and cannot be
13	changed by PostScript once SAFER is activated. Full configuration from
14	the command line is still possible (see the *.upp files in lib).
15
16	This addresses CVE-2024-29510
17
18	CVE: CVE-2024-29510
19
20	Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e]
21
22	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
23	---
24	devices/gdevupd.c \| 31 +++++++++++++++++++++++++++++++
25	1 file changed, 31 insertions(+)
26
27	diff --git a/devices/gdevupd.c b/devices/gdevupd.c
28	index 740dae0..a50571a 100644
29	--- a/devices/gdevupd.c
30	+++ b/devices/gdevupd.c
31	@@ -1887,6 +1887,16 @@ out on this copies.
32	if(!upd_strings[i]) continue;
33	UPD_PARAM_READ(param_read_string,upd_strings[i],value,udev->memory);
34	if(0 == code) {
35	+ if (gs_is_path_control_active(udev->memory)) {
36	+ if (strings[i].size != value.size)
37	+ error = gs_error_invalidaccess;
38	+ else {
39	+ if (strings[i].data && memcmp(strings[i].data, value.data, strings[i].size) != 0)
40	+ error = gs_error_invalidaccess;
41	+ }
42	+ if (error < 0)
43	+ goto exit;
44	+ }
45	if(0 <= error) error \|= UPD_PUT_STRINGS;
46	UPD_MM_DEL_PARAM(udev->memory, strings[i]);
47	if(!value.size) {
48	@@ -1904,6 +1914,26 @@ out on this copies.
49	if(!upd_string_a[i]) continue;
50	UPD_PARAM_READ(param_read_string_array,upd_string_a[i],value,udev->memory);
51	if(0 == code) {
52	+ if (gs_is_path_control_active(udev->memory)) {
53	+ if (string_a[i].size != value.size)
54	+ error = gs_error_invalidaccess;
55	+ else {
56	+ int loop;
57	+ for (loop = 0;loop < string_a[i].size;loop++) {
58	+ gs_param_string tmp1 = (gs_param_string )&(string_a[i].data[loop]);
59	+ gs_param_string tmp2 = (gs_param_string )&value.data[loop];
60	+
61	+ if (tmp1->size != tmp2->size)
62	+ error = gs_error_invalidaccess;
63	+ else {
64	+ if (tmp1->data && memcmp(tmp1->data, tmp2->data, tmp1->size) != 0)
65	+ error = gs_error_invalidaccess;
66	+ }
67	+ }
68	+ }
69	+ if (error < 0)
70	+ goto exit;
71	+ }
72	if(0 <= error) error \|= UPD_PUT_STRING_A;
73	UPD_MM_DEL_APARAM(udev->memory, string_a[i]);
74	if(!value.size) {
75	@@ -2098,6 +2128,7 @@ transferred into the device-structure. In the case of "uniprint", this may
76	if(0 > code) error = code;
77	}
78
79	+exit:
80	if(0 < error) { /* Actually something loaded without error */
81
82	if(!(upd = udev->upd)) {
83	--
84	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch deleted file mode 100644 index 2f20c66ea3..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch +++ /dev/null
@@ -1,39 +0,0 @@
1	From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001
2	From: Ken Sharp <Ken.Sharp@artifex.com>
3	Date: Tue, 26 Mar 2024 12:02:57 +0000
4	Subject: [PATCH 2/5] Bug #707691
5
6	Part 1; when stripping a potential Current Working Dirctory specifier
7	from a path, make certain it really is a CWD, and not simply large
8	ebough to be a CWD.
9
10	Reasons are in the bug thread, this is not (IMO) serious.
11
12	This is part of the fix for CVE-2024-33869
13
14	CVE: CVE-2024-33869
15
16	Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973]
17
18	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
19	---
20	base/gpmisc.c \| 4 ++--
21	1 file changed, 2 insertions(+), 2 deletions(-)
22
23	diff --git a/base/gpmisc.c b/base/gpmisc.c
24	index c4a69b0..1d4d5d8 100644
25	--- a/base/gpmisc.c
26	+++ b/base/gpmisc.c
27	@@ -1164,8 +1164,8 @@ gp_validate_path_len(const gs_memory_t *mem,
28
29	continue;
30	}
31	- else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
32	- buffer = bufferfull + cdirstrl + dirsepstrl;
33	+ else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull
34	+ && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) {
35	continue;
36	}
37	break;
38	--
39	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch deleted file mode 100644 index 5dcbcca998..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From f5336e5b4154f515ac83bc5b9eba94302e6618d4 Mon Sep 17 00:00:00 2001
2	From: Ken Sharp <Ken.Sharp@artifex.com>
3	Date: Tue, 26 Mar 2024 12:07:18 +0000
4	Subject: [PATCH 3/5] Bug 707691 part 2
5
6	See bug thread for details
7
8	This is the second part of the fix for CVE-2024-33869
9
10	CVE: CVE-2024-33869
11
12	Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83]
13
14	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
15	---
16	base/gpmisc.c \| 21 +++++++++++++++++++++
17	1 file changed, 21 insertions(+)
18
19	diff --git a/base/gpmisc.c b/base/gpmisc.c
20	index 1d4d5d8..b0d5c71 100644
21	--- a/base/gpmisc.c
22	+++ b/base/gpmisc.c
23	@@ -1090,6 +1090,27 @@ gp_validate_path_len(const gs_memory_t *mem,
24	rlen = len;
25	}
26	else {
27	+ char test = (char )path, *test1;
28	+ uint tlen = len, slen;
29	+
30	+ /* Look for any pipe (%pipe% or '\|' specifications between path separators
31	+ * Reject any path spec which has a %pipe% or '\|' anywhere except at the start.
32	+ */
33	+ while (tlen > 0) {
34	+ if (test[0] == '\|' \|\| (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
35	+ code = gs_note_error(gs_error_invalidfileaccess);
36	+ goto exit;
37	+ }
38	+ test1 = test;
39	+ slen = search_separator((const char **)&test, path + len, test1, 1);
40	+ if(slen == 0)
41	+ break;
42	+ test += slen;
43	+ tlen -= test - test1;
44	+ if (test >= path + len)
45	+ break;
46	+ }
47	+
48	rlen = len+1;
49	bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
50	if (bufferfull == NULL)
51	--
52	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch deleted file mode 100644 index 9c2b9dcfa2..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch +++ /dev/null
@@ -1,99 +0,0 @@
1	From 79aef19c685984dc3da2dc090450407d9fbcff80 Mon Sep 17 00:00:00 2001
2	From: Ken Sharp <Ken.Sharp@artifex.com>
3	Date: Tue, 26 Mar 2024 12:00:14 +0000
4	Subject: [PATCH 1/5] Bug #707686
5
6	See bug thread for details
7
8	In addition to the noted bug; an error path (return from
9	gp_file_name_reduce not successful) could elad to a memory leak as we
10	did not free 'bufferfull'. Fix that too.
11
12	This addresses CVE-2024-33870
13
14	CVE: CVE-2024-33870
15
16	Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc]
17
18	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
19	---
20	base/gpmisc.c \| 36 ++++++++++++++++++++++++++++++++----
21	1 file changed, 32 insertions(+), 4 deletions(-)
22
23	diff --git a/base/gpmisc.c b/base/gpmisc.c
24	index 2b0064b..c4a69b0 100644
25	--- a/base/gpmisc.c
26	+++ b/base/gpmisc.c
27	@@ -1,4 +1,4 @@
28	-/* Copyright (C) 2001-2023 Artifex Software, Inc.
29	+/* Copyright (C) 2001-2024 Artifex Software, Inc.
30	All Rights Reserved.
31
32	This software is provided AS-IS with no warranty, either express or
33	@@ -1042,7 +1042,7 @@ gp_validate_path_len(const gs_memory_t *mem,
34	const uint len,
35	const char *mode)
36	{
37	- char buffer, bufferfull;
38	+ char buffer, bufferfull = NULL;
39	uint rlen;
40	int code = 0;
41	const char *cdirstr = gp_file_name_current();
42	@@ -1096,8 +1096,10 @@ gp_validate_path_len(const gs_memory_t *mem,
43	return gs_error_VMerror;
44
45	buffer = bufferfull + prefix_len;
46	- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
47	- return gs_error_invalidfileaccess;
48	+ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) {
49	+ code = gs_note_error(gs_error_invalidfileaccess);
50	+ goto exit;
51	+ }
52	buffer[rlen] = 0;
53	}
54	while (1) {
55	@@ -1132,9 +1134,34 @@ gp_validate_path_len(const gs_memory_t *mem,
56	code = gs_note_error(gs_error_invalidfileaccess);
57	}
58	if (code < 0 && prefix_len > 0 && buffer > bufferfull) {
59	+ uint newlen = rlen + cdirstrl + dirsepstrl;
60	+ char *newbuffer;
61	+ int code;
62	+
63	buffer = bufferfull;
64	memcpy(buffer, cdirstr, cdirstrl);
65	memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl);
66	+
67	+ /* We've prepended a './' or similar for the current working directory. We need
68	+ * to execute file_name_reduce on that, to eliminate any '../' or similar from
69	+ * the (new) full path.
70	+ */
71	+ newbuffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, newlen + 1, "gp_validate_path");
72	+ if (newbuffer == NULL) {
73	+ code = gs_note_error(gs_error_VMerror);
74	+ goto exit;
75	+ }
76	+
77	+ memcpy(newbuffer, buffer, rlen + cdirstrl + dirsepstrl);
78	+ newbuffer[newlen] = 0x00;
79	+
80	+ code = gp_file_name_reduce(newbuffer, (uint)newlen, buffer, &newlen);
81	+ gs_free_object(mem->thread_safe_memory, newbuffer, "gp_validate_path");
82	+ if (code != gp_combine_success) {
83	+ code = gs_note_error(gs_error_invalidfileaccess);
84	+ goto exit;
85	+ }
86	+
87	continue;
88	}
89	else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
90	@@ -1153,6 +1180,7 @@ gp_validate_path_len(const gs_memory_t *mem,
91	gs_path_control_flag_is_scratch_file);
92	}
93
94	+exit:
95	gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path");
96	#ifdef EACCES
97	if (code == gs_error_invalidfileaccess)
98	--
99	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch deleted file mode 100644 index abe6384997..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch +++ /dev/null
@@ -1,43 +0,0 @@
1	From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001
2	From: Zdenek Hutyra <zhutyra@centrum.cz>
3	Date: Mon, 22 Apr 2024 13:33:47 +0100
4	Subject: [PATCH 4/5] OPVP device - prevent unsafe parameter change with SAFER
5
6	Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library"
7
8	The "Driver" parameter for the "opvp"/"oprp" device specifies the name
9	of a dynamic library and allows any library to be loaded.
10
11	The patch does not allow changing this parameter after activating path
12	control.
13
14	This addresses CVE-2024-33871
15
16	CVE: CVE-2024-33871
17
18	Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc2396]
19
20	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
21	---
22	contrib/opvp/gdevopvp.c \| 6 ++++++
23	1 file changed, 6 insertions(+)
24
25	diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
26	index 74200cf..80eb23b 100644
27	--- a/contrib/opvp/gdevopvp.c
28	+++ b/contrib/opvp/gdevopvp.c
29	@@ -3456,6 +3456,12 @@ _put_params(gx_device dev, gs_param_list plist)
30	code = param_read_string(plist, pname, &vdps);
31	switch (code) {
32	case 0:
33	+ if (gs_is_path_control_active(dev->memory)
34	+ && (!opdev->globals.vectorDriver \|\| strlen(opdev->globals.vectorDriver) != vdps.size
35	+ \|\| memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
36	+ param_signal_error(plist, pname, gs_error_invalidaccess);
37	+ return_error(gs_error_invalidaccess);
38	+ }
39	buff = realloc(buff, vdps.size + 1);
40	memcpy(buff, vdps.data, vdps.size);
41	buff[vdps.size] = 0;
42	--
43	2.40.0


diff --git a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch index 15c7eb5a77..67f14bd368 100644 --- a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch +++ b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
@@ -1,7 +1,7 @@
1	From 0ccbaa134093bf6afc79f2d20d061bca5a8754ed Mon Sep 17 00:00:00 2001	1	From b36713c8f1ba0e5755b78845a433354a63663b1a Mon Sep 17 00:00:00 2001
2	From: Kai Kang <kai.kang@windriver.com>	2	From: Kai Kang <kai.kang@windriver.com>
3	Date: Thu, 29 Mar 2018 16:02:05 +0800	3	Date: Thu, 29 Mar 2018 16:02:05 +0800
4	Subject: [PATCH 04/10] avoid host contamination	4	Subject: [PATCH] avoid host contamination
5		5
6	Remove hardcode path refer to host to avoid host contamination.	6	Remove hardcode path refer to host to avoid host contamination.
7		7
@@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
15	1 file changed, 1 insertion(+), 1 deletion(-)	15	1 file changed, 1 insertion(+), 1 deletion(-)
16		16
17	diff --git a/devices/devs.mak b/devices/devs.mak	17	diff --git a/devices/devs.mak b/devices/devs.mak
18	index 846aa50..9570182 100644	18	index 186f704..88ab8c9 100644
19	--- a/devices/devs.mak	19	--- a/devices/devs.mak
20	+++ b/devices/devs.mak	20	+++ b/devices/devs.mak
21	@@ -393,7 +393,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\	21	@@ -397,7 +397,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
22	### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT	22	### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT
23		23
24	$(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS)	24	$(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS)
@@ -27,6 +27,3 @@ index 846aa50..9570182 100644
27		27
28	###### --------------- Memory-buffered printer devices --------------- ######	28	###### --------------- Memory-buffered printer devices --------------- ######
29		29
30	--
31	1.8.3.1
32


diff --git a/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch b/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch deleted file mode 100644 index 7873396045..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch +++ /dev/null
@@ -1,99 +0,0 @@
1	From fd37229a17822c5ad21a369f670b8a6f6cc6b95b Mon Sep 17 00:00:00 2001
2	From: Benjamin Bara <benjamin.bara@skidata.com>
3	Date: Mon, 4 Sep 2023 12:16:39 +0200
4	Subject: [PATCH] configure.ac: add option to explicitly disable neon
5
6	Uncomment an already existing possibility to explicitly disable neon and
7	use it on both implemented neon checks.
8
9	Upstream-Status: Submitted [https://bugs.ghostscript.com/show_bug.cgi?id=707097]
10
11	Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
12	---
13	configure.ac \| 52 +++++++++++++++++++++++++++++-----------------------
14	1 file changed, 29 insertions(+), 23 deletions(-)
15
16	diff --git a/configure.ac b/configure.ac
17	index 09d881dd1..62718e15e 100644
18	--- a/configure.ac
19	+++ b/configure.ac
20	@@ -749,6 +749,33 @@ SUBCONFIG_OPTS="--build=$build --host=$host"
21	# SUBCONFIG_OPTS="$SUBCONFIG_OPTS --host=$host_alias"
22	#fi
23
24	+dnl --------------------------------------------------
25	+dnl Check for NEON support
26	+dnl --------------------------------------------------
27	+save_cflags=$CFLAGS
28	+AC_MSG_CHECKING([neon support])
29	+CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53"
30	+HAVE_NEON=""
31	+AC_LINK_IFELSE(
32	+ [AC_LANG_PROGRAM([#include "arm_neon.h"], [
33	+ int32x4_t round = vdupq_n_s32(10);
34	+ return(0);
35	+ ])],
36	+ [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""])
37	+
38	+AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon],
39	+ [Do not use neon instrinsics]), [
40	+ if test "x$enable_neon" = xno; then
41	+ HAVE_NEON=""
42	+ fi])
43	+
44	+if test "x$HAVE_NEON" != x; then
45	+ AC_MSG_RESULT(yes)
46	+else
47	+ AC_MSG_RESULT(no)
48	+fi
49	+CFLAGS=$save_cflags
50	+
51	dnl --------------------------------------------------
52	dnl Check for libraries
53	dnl --------------------------------------------------
54	@@ -971,11 +998,12 @@ if test x$with_tesseract != xno; then
55	[TESS_NEON="-mfpu=neon -mcpu=cortex-a53 -D__ARM_NEON__"],
56	[TESS_NEON=""])
57
58	- if test "x$TESS_NEON" != x; then
59	+ if test "x$TESS_NEON" != x && test "x$enable_neon" != xno; then
60	AC_MSG_RESULT(yes)
61	TESS_CXXFLAGS="$TESS_CXXFLAGS -DHAVE_NEON"
62	else
63	AC_MSG_RESULT(no)
64	+ TESS_NEON=""
65	fi
66
67	CXXFLAGS="$save_cxxflags"
68	@@ -2387,28 +2415,6 @@ if test x$WITH_CAL != x0; then
69	AC_MSG_RESULT(no)
70	fi
71
72	- AC_MSG_CHECKING([neon support])
73	- CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53"
74	- HAVE_NEON=""
75	- AC_LINK_IFELSE(
76	- [AC_LANG_PROGRAM([#include "arm_neon.h"], [
77	- int32x4_t round = vdupq_n_s32(10);
78	- return(0);
79	- ])],
80	- [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""])
81	-
82	- #AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon],
83	- # [Do not use neon instrinsics]), [
84	- # if test "x$enable_neon" = xno; then
85	- # HAVE_NEON=""
86	- # fi])
87	-
88	- if test "x$HAVE_NEON" != x; then
89	- AC_MSG_RESULT(yes)
90	- else
91	- AC_MSG_RESULT(no)
92	- fi
93	-
94	#AC_SUBST(HAVE_SSE4_2)
95	#AC_SUBST(HAVE_NEON)
96	CFLAGS=$save_cflags
97	--
98	2.34.1
99


diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb index db9481816a..0504f5244f 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb
@@ -25,15 +25,9 @@ def gs_verdir(v):
25	SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \	25	SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \
26	file://ghostscript-9.16-Werror-return-type.patch \	26	file://ghostscript-9.16-Werror-return-type.patch \
27	file://avoid-host-contamination.patch \	27	file://avoid-host-contamination.patch \
28	file://configure.ac-add-option-to-explicitly-disable-neon.patch \
29	file://CVE-2024-33870.patch \
30	file://CVE-2024-33869-0001.patch \
31	file://CVE-2024-33869-0002.patch \
32	file://CVE-2024-33871.patch \
33	file://CVE-2024-29510.patch \
34	"	28	"
35		29
36	SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"	30	SRC_URI[sha256sum] = "31cd01682ad23a801cc3bbc222a55f07c4ea3e068bdfb447792d54db21a2e8ad"
37		31
38	PACKAGECONFIG ??= ""	32	PACKAGECONFIG ??= ""
39	PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"	33	PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"