| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory
bug when appending to an existing archive, which is an operation we perform when
building an image.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Drop backported CVE fixes
000[1-8]*.patch
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* There are 120+ cases under ${libdir}/mdadm/ptest/tests,
but the test will break if one test fails as
below logic in run-ptest.
./test &>./test.log
That's to say, the tests after the failed test
have no chance to run with the current logic.
To guarantee all the tests can run even one
of the tests fails, the option --keep-going
should be added.
* Refactor the test report to make the report
more detailed and more common
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bzip2 could also be provided by busybox. So extend the alternatives
list to include bzip2.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use 4 spaces to replace a tab.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Remove 5 backported patches
* Refresh patches to remove fuzz warnings
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This testcase fails on mips32. The process is killed by SIGBUS which
is not as expect.
This is because:
((void *)-1) is not a legal bad address which causes the process
killed by SIGBUG on mips.
'tst_get_bad_addr()' returns an address that should works on mips
and other arches.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch in question was reworked, merged and released by
upstream version 20180926, as commit 822ad2043379.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
New patches
* 0001-statx-fix-compile-errors.patch
Rebased patches
* 0039-commands-ar01-Fix-for-test-in-deterministic-mode.patch
Removed removed (accepted in upstream)
* 0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch
* 0042-fs-ftest-ftest06.c-Fix-too-small-name-string-and-rel.patch
* 0043-open-creat-skip-S_ISGID-check-on-files-created-by-no.patch
Removed patches (different fix accepted in upstream)
* 0001-mmap15-mips64-return-EINVAL.patch
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
- Drop backport fixes
0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
- Do not manually move binaries from bindir to sbindir,
the upstream already moved rpcbind from bin_PROGRAMS
to sbin_PROGRAMS in Makefile.am
https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=9afccfcd5ab350d6bc72622f3d1ccfb9e54652b0
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lvm2 currently requires libaio. So building lvm2-native will result in
the following error.
ERROR: Required build target 'lvm2-native' has no buildable providers.
Missing or unbuildable dependency chain was: ['lvm2-native', 'libaio-native']
Extend libaio to native to fix this issue.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The shadow configure script tries really hard to detect the running
shell to make sure it doesn't do unsupported calls.
On my system the shell is detected as /bin/sh, while a build in an
ubuntu docker it resolves to /bin/bash. And since the shell path is
baked into the target binaries through config.h, the build becomes
inreproducible.
Fix reproducibility by hard-coding the shell to be /bin/sh
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving the 1Policy
operator.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to past time zone abbreviations
Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
This reverts to 2011h, as the abbreviation change in 2011i was
likely inadvertent.
Changes to documentation
tzfile.5 has new sections on interoperability issues.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to past time zone abbreviations
Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
This reverts to 2011h, as the abbreviation change in 2011i was
likely inadvertent.
Changes to documentation
tzfile.5 has new sections on interoperability issues.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Briefly:
Volgograd moves from +03 to +04 on 2018-10-28.
Fiji ends DST 2019-01-13, not 2019-01-20.
Most of Chile changes DST dates, effective 2019-04-06.
Changes to future timestamps
Volgograd moves from +03 to +04 on 2018-10-28 at 02:00.
(Thanks to Alexander Fetisov and Stepan Golosunov.)
Fiji ends DST 2019-01-13 instead of the 2019-01-20 previously
predicted. (Thanks to Raymond Kumar.) Adjust future predictions
accordingly.
Most of Chile will end DST on the first Saturday in April at 24:00 mainland
time, and resume DST on the first Saturday in September at 24:00 mainland
time. The changes are effective from 2019-04-06, and do not affect the
Magallanes region modeled by America/Punta_Arenas. (Thanks to Juan Correa
and Tim Parenti.) Adjust future predictions accordingly.
Changes to past timestamps
The 2018-05-05 North Korea 30-minute time zone change took place
at 23:30 the previous day, not at 00:00 that day.
China's 1988 spring-forward transition was on April 17, not
April 10. Its DST transitions in 1986/91 were at 02:00, not 00:00.
(Thanks to P Chan.)
Fix several issues for Macau before 1992. Macau's pre-1904 LMT
was off by 10 s. Macau switched to +08 in 1904 not 1912, and
temporarily switched to +09/+10 during World War II. Macau
observed DST in 1942/79, not 1961/80, and there were several
errors for transition times and dates. (Thanks to P Chan.)
The 1948-1951 fallback transitions in Japan were at 25:00 on
September's second Saturday, not at 24:00. (Thanks to Phake Nick.)
zic turns this into 01:00 on the day after September's second
Saturday, which is the best that POSIX or C platforms can do.
Incorporate 1940-1949 Asia/Shanghai DST transitions from a 2014
paper by Li Yu, replacing more-questionable data from Shanks.
Changes to time zone abbreviations
Use "PST" and "PDT" for Philippine time. (Thanks to Paul Goyette.)
Changes to documentation
New restrictions: A Rule name must start with a character that
is neither an ASCII digit nor "-" nor "+", and an unquoted name
should not use characters in the set "!$%&'()*,/:;<=>?@[\]^`{|}~".
The latter restriction makes room for future extensions (a
possibility noted by Tom Lane).
tzfile.5 now documents what time types apply before the first and
after the last transition, if any.
Documentation now uses the spelling "timezone" for a TZ setting
that determines timestamp history, and "time zone" for a
geographic region currently sharing the same standard time.
The name "TZif" is now used for the tz binary data format.
tz-link.htm now mentions the A0 TimeZone Migration utilities.
(Thanks to Aldrin Martoq for the link.)
Changes to build procedure
New 'make' target 'rearguard_tarballs' to build the rearguard
tarball only. This is a convenience on platforms that lack lzip
if you want to build the rearguard tarball. (Problem reported by
Deborah Goldsmith.)
tzdata.zi is now more stable from release to release. (Problem
noted by Tom Lane.) It is also a bit shorter.
tzdata.zi now can contain comment lines documenting configuration
information, such as which data format was selected, which input
files were used, and how leap seconds are treated. (Problems
noted by Lester Caine and Brian Inglis.) If the Makefile defaults
are used these comment lines are absent, for backward
compatibility. A redistributor intending to alter its copy of the
files should also append "-LABEL" to the 'version' file's first
line, where "LABEL" identifies the redistributor's change.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes to code
zic now always generates TZif files where time type 0 is used for
timestamps before the first transition. This simplifies the
reading of TZif files and should not affect behavior of existing
TZif readers because the same set of time types is used; only
their internal indexes may have changed. This affects only the
legacy zones EST5EDT, CST6CDT, MST7MDT, PST8PDT, CET, MET, and
EET, which previously used nonzero types for these timestamps.
Because of the type 0 change, zic no longer outputs a dummy
transition at time -2**59 (before the Big Bang), as clients should
no longer need this to handle historical timestamps correctly.
This reverts a change introduced in 2013d and shrinks most TZif
files by a few bytes.
zic now supports negative time-of-day in Rule and Leap lines, e.g.,
"Rule X min max - Apr lastSun -6:00 1:00 -" means the transition
occurs at 18:00 on the Saturday before the last Sunday in April.
This behavior was documented in 2018a but the code did not
entirely match the documentation.
localtime.c no longer requires at least one time type in TZif
files that lack transitions or have a POSIX-style TZ string. This
future-proofs the code against possible future extensions to the
format that would allow TZif files with POSIX-style TZ strings and
without transitions or time types.
A read-access subscript error in localtime.c has been fixed.
It could occur only in TZif files with timecnt == 0, something that
does not happen in practice now but could happen in future versions.
localtime.c no longer ignores TZif POSIX-style TZ strings that
specify only standard time. Instead, these TZ strings now
override the default time type for timestamps after the last
transition (or for all time stamps if there are no transitions),
just as DST strings specifying DST have always done.
leapseconds.awk now outputs "#updated" and "#expires" comments,
and supports leap seconds at the ends of months other than June
and December. (Inspired by suggestions from Chris Woodbury.)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
groff searches fonts on build host which are provided by ghostscript.
The number of font files installed by groff are different according to
whether ghostscript fonts are installed on build host. Fix it by not
search font dirs on the host.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lvm2 currently requires libaio. So building nativesdk-lvm2 will
result in the following error.
ERROR: Required build target 'nativesdk-lvm2' has no buildable providers.
Missing or unbuildable dependency chain was: ['nativesdk-lvm2', 'nativesdk-libaio']
Extend libaio to nativesdk to fix this issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The automount udev rule in udev-extraconf is likely to cause conflicts
or failures in case of systemd. We are seeing errors like below for
qemu bsps.
run-media-hdc.mount loaded failed failed /run/media/hdc
So do not install udev-extraconf in case of systemd in these two
packagegroups.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mips will return EINVAL instead of ENOMEM as expected
if the range [addr + len) exceeds TASK_SIZE.
Linux kernel code: arch/mips/mm/mmap.c
if (flags & MAP_FIXED) {
/* Even MAP_FIXED mappings must reside within TASK_SIZE */
if (TASK_SIZE - len < addr)
return -EINVAL;
Relax the condition and accept both ENOMEM and EINVAL
as expected outcome.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We are having the following error when using 'tar' from tar
recipe to decompress .tar.bz2 files.
tar (child): bzip2: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
The tar package is introduced by these two packagegroups into image.
>From the README file from tar's source codes:
"""
** gzip and bzip2.
GNU tar uses the gzip and bzip2 programs to read and write compressed
archives. If you don't have these programs already, you need to
install them.
"""
So we'd better cluster gzip and bzip2 with tar. These two packagegroups
already get 'gzip', so we also add 'bzip2'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The iputils-ping6 was dropped since the 'ping6' command had been merged
into ping command. Backport patch from upstream to let both 'ping6' and
'ping -6' work.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix out of bounds read on empty string filename for guntar, pax and v7tar
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the unpack task do nothing if externalsrc is in use. This avoids
the following error after having done `devtool modify lsof`:
ERROR: lsof-4.91-r0 do_unpack: Unpack failure for URL:
'file://.../builds/qemux86-64/tmp/work/core2-64-poky-linux/lsof/4.91-r0/lsof_4.91/lsof_4.91_src.tar'.
Unpack command PATH="..." tar x --no-same-owner -f
.../builds/qemux86-64/tmp/work/core2-64-poky-linux/lsof/4.91-r0/lsof_4.91/lsof_4.91_src.tar
failed with return value 2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
busybox may also provide a partprobe implementation, so use u-a to allow
installing them side by side.
If one installs both, busybox and parted, one gets the following error:
| ERROR: image do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
| then please place them into pkg_postinst_ontarget_${PN} ().
| Deferring to first boot via 'exit 1' is no longer supported.
And the coresponding log.do_rootfs extract:
| ...
| update-alternatives: Error: not linking ...image/rootfs/usr/sbin/partprobe to /bin/busybox.nosuid since ...image/rootfs/usr/sbin/partprobe exists and is not a link
| ...
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For some reason, the copyright part was left out of the license
information included in LIC_FILES_CHKSUM, preventing it from being
used in, e.g., documentation to satisfy the requirements of the
license.
License-Update: Include the complete license information
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The case of sigwaitinfo related to sigwaitinfo API failed.
glibc commit
8b0e795aaa44 ("Simplify Linux sig{timed}wait{info} implementations")
changed sigwaitinfo to call sigtimedwait, which calls rt_sigtimedwait
syscall directly.
So, an invalid pointer no longer crashes child process and test
reports failure. Fix it by accepting either crash or EFAULT.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The first line of config file man_db.conf is the package name. It causes
multilib install file conflict. So add a patch to remove the line.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A comment line of conf file cups-files.conf refers to var @CUPS_SERVERBIN@
is ${libdir} related and then it causes multilib install file conflict.
Remove @CUPS_SERVERBIN@ from the comment line to avoid the conflict.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Perl scripts ${bindir}/{gpinyin, groffer, grog} are ${libdir} related
and cause multilib install file conflicts:
| Error: Transaction check error:
| file /usr/bin/gpinyin conflicts between attempted installs of groff-1.22.3-r0.core2_64 and lib32-groff-1.22.3-r0.x86
| file /usr/bin/groffer conflicts between attempted installs of groff-1.22.3-r0.core2_64 and lib32-groff-1.22.3-r0.x86
| file /usr/bin/grog conflicts between attempted installs of groff-1.22.3-r0.core2_64 and lib32-groff-1.22.3-r0.x86
Inherit multilib_script.bbclass to fix the errors.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Other recipes, such as meta-networking inetutils may also provide a man page
for syslogd.8. Use the alternatives mechanism to select the man page to
display.
This is a partial revert of commit: 988aad01b20c18a8850db0ad6dc547525d94116c
The syslogd tool itself is provided by both recipes in their respective runtime
packages. In the inet case, it is inetutils-syslogd, which has an appropriate
RCONFLICTS with the syslogd version. Only one or the other will be installed.
This is the conflict resolution the original commit of
"988aad01b20c18a8850db0ad6dc547525d94116c" was referring to.
HOWEVER, both syslogd and inetutils each only have a singular 'doc' package.
(As do most packages it seems.) Since this is the case, if both syslogd and
inetutils (not syslogd part) is requested for a configuration -- AND ---
doc-pkgs are configured in, you get an error of conflicting files.
Now does the documentation match whichever package was installed, maybe not...
but this isn't a big deal as it turns out, since most syslogd share a common set
of arguments and those are the things a run-time user would query from the man
pages.
The only alternative is to start spliting up the docs into their relevant
subpackages, as we have the runtime items. But this then complicates the
doc-pkgs processing and related...
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apply point release patches from upstream which includes a fix for
indefinitely spinning process and a zombie by a simple $() statement
in a long running script.
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This upgrades to 3.3.3 release and drop the backported patches when
doing the recipe update.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The testcases of fcntl fail on 32-bit arch
To cope with glibc commit:
06ab719d30b0 ("Fix Linux fcntl OFD locks for non-LFS architectures
(BZ#20251)")
Make OFD command use fcntl64() syscall on 32-bit.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Removed below patches, as v9.25 source already has those
changes/security fixes:
0001-Bug-699665-memory-corruption-in-aesdecode.patch
0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch
0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
0003-Fix-Bug-699660-shading_param-incomplete-type-checkin.patch
0004-Hide-the-.shfill-operator.patch
0005-Bug-699657-properly-apply-file-permissions-to-.tempf.patch
remove-direct-symlink.patch
Re-worked ghostscript-9.21-native-fix-disable-system-libtiff.patch
and ghostscript-9.21-prevent_recompiling.patch
to fix warnings in do_patch task of ghostscript v9.25 recipe.
Highlights of ghostscript v9.25 release:
---------------------------------------
- This release fixes problems with argument handling, some unintended results
of the security fixes to the SAFER file access restrictions
(specifically accessing ICC profile files), and some additional security
issues over the recent 9.24 release.
- Note: The ps2epsi utility does not, and cannot call Ghostscript with
the -dSAFER command line option. It should never be called with input
from untrusted sources.
- Security issues have been the primary focus of this release, including
solving several (well publicised) real and potential exploits.
- As well as Ghostscript itself, jbig2dec has had a significant amount of work
improving its robustness in the face of out specification files.
- IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread
safe, and cannot be made thread safe without breaking the ABI.
Our fork will be thread safe, and include performance enhancements
(these changes have all be been offered and rejected upstream). We will
maintain compatibility between Ghostscript and LCMS2 for a time, but not in
perpetuity. Our fork will be available as its own package separately from
Ghostscript (and MuPDF).
- The usual round of bug fixes, compatibility changes, and incremental
improvements.
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Actually, this is not a bug, mmap15 only run on 64bit system.
On qemumips64, mmap15 return EINVAL, x86-64 and arm64 return
ENOMEM. This is because mips system check the addr that passed
to the syscall mmap15:
https://github.com/torvalds/linux/blob/master/arch/mips/mm/mmap.c#L71
If the addr larger than (TASK_SIZE - page_size), mips think it is invalid.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Ross Burton
Hongxu Jia
Mingli Yu
Changhyeok Bae
Chen Qi
Robert Yang
Alexander Kanavin
Hongzhi.Song
Daniel Díaz
Petr Vorel
Peter Kjellerstedt
Martin Hundebøll
Changqing Li
Armin Kuster
Kai Kang
Yi Zhao
Andrej Valek
Max Krummenacher
Mark Hatle
Jeroen Hofstee
Max Kellermann
Otavio Salvador
Jagadeesh Krishnanjanappa
Dengke Du