diff options
author | Ross Burton <ross.burton@arm.com> | 2023-06-05 15:43:44 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-06-06 07:41:03 +0100 |
commit | 659b0cf41db00420366d0eca103f16922c2c5d72 (patch) | |
tree | 5dc829bf084c28af562a378f79748d5d8ca68fbf | |
parent | fb9e05592e7c1c61a677d9cb842c9adc84689dde (diff) | |
download | openembedded-core-659b0cf41db00420366d0eca103f16922c2c5d72.tar.gz |
ghostscript: upgrade to 10.01.1
Drop the merged fix for CVE-2023-28879.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch | 40 | ||||
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch | 60 | ||||
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb (renamed from meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb) | 4 |
3 files changed, 1 insertions, 103 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch b/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch deleted file mode 100644 index ba62820df1..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 4c3575346b9c7d394ebc73b4e5fabebadd8877ec Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 24 Nov 2022 16:33:47 +0000 -Subject: [PATCH] Fix a little bitrot in the cross-compiling logic - -Removing the option to disable FAPI meant configuring for cross compiling would -fail because the option being passed to the sub-call to configure would include -an unknown command line option. - -Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;f=configure.ac;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d5c68c4b3..738eb10a9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then - echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in - - AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary tools)]) -- "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-fapi --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers="" -+ "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers="" - status=$? - cp config.log "$olddir/configaux.log" - if test $status -eq 0 ; then -@@ -2530,7 +2530,7 @@ PDF= - PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak" - PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak" - --if test x"$with_pdf" != x"no" ; then -+if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then - - if test x"$JBIG2_DECODER" = x""; then - AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support]) --- -2.25.1 - diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch deleted file mode 100644 index 604b927521..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 -From: Ken Sharp <ken.sharp@artifex.com> -Date: Fri, 24 Mar 2023 13:19:57 +0000 -Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding - -Bug #706494 "Buffer Overflow in s_xBCPE_process" - -As described in detail in the bug report, if the write buffer is filled -to one byte less than full, and we then try to write an escaped -character, we overrun the buffer because we don't check before -writing two bytes to it. - -This just checks if we have two bytes before starting to write an -escaped character and exits if we don't (replacing the consumed byte -of the input). - -Up for further discussion; why do we even permit a BCP encoding filter -anyway ? I think we should remove this, at least when SAFER is true. ---- -CVE: CVE-2023-28879 - -Upstream-Status: Backport [see text] - -git://git.ghostscript.com/ghostpdl -cherry-pick - -Signed-off-by: Joe Slater <joe.slater@windriver.com. - ---- - base/sbcp.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/base/sbcp.c b/base/sbcp.c -index 979ae0992..47fc233ec 100644 ---- a/base/sbcp.c -+++ b/base/sbcp.c -@@ -1,4 +1,4 @@ --/* Copyright (C) 2001-2021 Artifex Software, Inc. -+/* Copyright (C) 2001-2023 Artifex Software, Inc. - All Rights Reserved. - - This software is provided AS-IS with no warranty, either express or -@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, - byte ch = *++p; - - if (ch <= 31 && escaped[ch]) { -+ /* Make sure we have space to store two characters in the write buffer, -+ * if we don't then exit without consuming the input character, we'll process -+ * that on the next time round. -+ */ -+ if (pw->limit - q < 2) { -+ p--; -+ break; -+ } - if (p == rlimit) { - p--; - break; --- -2.25.1 - diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb index 86ecdbe24a..5d4b8cdc91 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb @@ -33,8 +33,6 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://do-not-check-local-libpng-source.patch \ file://avoid-host-contamination.patch \ file://mkdir-p.patch \ - file://cross-compile.patch \ - file://cve-2023-28879.patch \ " SRC_URI = "${SRC_URI_BASE} \ @@ -46,7 +44,7 @@ SRC_URI:class-native = "${SRC_URI_BASE} \ file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \ " -SRC_URI[sha256sum] = "a57764d70caf85e2fc0b0f59b83b92e25775631714dcdb97cc6e0cea414bb5a3" +SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce" # Put something like # |