mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-05 08:02:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

ghostscript: upgrade to 10.01.1

Browse Source 
Drop the merged fix for CVE-2023-28879.

(From OE-Core rev: 659b0cf41db00420366d0eca103f16922c2c5d72)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ross Burton
2023-06-05 15:43:44 +01:00
committed by Richard Purdie
parent 816e0b9b84
commit bcb0d3f385
3 changed files with 1 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch
View File

@@ -1,40 +0,0 @@
From 4c3575346b9c7d394ebc73b4e5fabebadd8877ec Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 24 Nov 2022 16:33:47 +0000
Subject: [PATCH] Fix a little bitrot in the cross-compiling logic
Removing the option to disable FAPI meant configuring for cross compiling would
fail because the option being passed to the sub-call to configure would include
an unknown command line option.
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;f=configure.ac;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index d5c68c4b3..738eb10a9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then
echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in
AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary tools)])
- "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-fapi --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers=""
+ "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers=""
status=$?
cp config.log "$olddir/configaux.log"
if test $status -eq 0 ; then
@@ -2530,7 +2530,7 @@ PDF=
PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak"
PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak"
-if test x"$with_pdf" != x"no" ; then
+if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then
if test x"$JBIG2_DECODER" = x""; then
AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support])
--
2.25.1

60
meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
View File

@@ -1,60 +0,0 @@
From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
From: Ken Sharp <ken.sharp@artifex.com>
Date: Fri, 24 Mar 2023 13:19:57 +0000
Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
Bug #706494 "Buffer Overflow in s_xBCPE_process"
As described in detail in the bug report, if the write buffer is filled
to one byte less than full, and we then try to write an escaped
character, we overrun the buffer because we don't check before
writing two bytes to it.
This just checks if we have two bytes before starting to write an
escaped character and exits if we don't (replacing the consumed byte
of the input).
Up for further discussion; why do we even permit a BCP encoding filter
anyway ? I think we should remove this, at least when SAFER is true.
---
CVE: CVE-2023-28879
Upstream-Status: Backport [see text]
git://git.ghostscript.com/ghostpdl
cherry-pick
Signed-off-by: Joe Slater <joe.slater@windriver.com.
---
base/sbcp.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/base/sbcp.c b/base/sbcp.c
index 979ae0992..47fc233ec 100644
--- a/base/sbcp.c
+++ b/base/sbcp.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2001-2021 Artifex Software, Inc.
+/* Copyright (C) 2001-2023 Artifex Software, Inc.
All Rights Reserved.
This software is provided AS-IS with no warranty, either express or
@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
byte ch = *++p;
if (ch <= 31 && escaped[ch]) {
+ /* Make sure we have space to store two characters in the write buffer,
+ * if we don't then exit without consuming the input character, we'll process
+ * that on the next time round.
+ */
+ if (pw->limit - q < 2) {
+ p--;
+ break;
+ }
if (p == rlimit) {
p--;
break;
--
2.25.1

4
meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb → meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
View File

@@ -33,8 +33,6 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://do-not-check-local-libpng-source.patch \
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://cross-compile.patch \
file://cve-2023-28879.patch \
"
SRC_URI = "${SRC_URI_BASE} \
@@ -46,7 +44,7 @@ SRC_URI:class-native = "${SRC_URI_BASE} \
file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \
"
SRC_URI[sha256sum] = "a57764d70caf85e2fc0b0f59b83b92e25775631714dcdb97cc6e0cea414bb5a3"
SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
# Put something like
#