mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-26 03:19:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,197 Commits 38 Branches 617 Tags
0f437fb0f2bc7f27aab3dee70544f2a339cdccaa
Commit Graph

11 Commits

Author SHA1 Message Date
Kai Kang
355838a15e ghostscript: correct LICENSE with AGPLv3 
The license of ghostscript has switched to Affero GPL since version 9.07
via commit:

* 3cc5318 Switch Ghostscript/GhostPDL to Affero GPL

https://github.com/ArtifexSoftware/ghostpdl/commit/3cc5318

Correct it with `AGPL-3.0-or-later`.

(From OE-Core rev: 8e192a2e0c2fdad18ea4c08774493225f31931a0)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-02-15 03:51:57 -10:00
Vijay Anusuri
a7f86b0e78 ghostscript: Backport fix for CVE-2023-46751 
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a]

(From OE-Core rev: f01a0e7fcf3c2d277be0cd85c0cd6b2eff2e5f0a)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-12-22 16:36:54 -10:00
Lee Chee Yang
a7657ca5ff ghostscript: ignore GhostPCL CVE-2023-38560 
issue in GhostPCL.
GhostPCL not part of this GhostScript recipe.

(From OE-Core rev: 7c4b4daeeca8fab257475eacb83c58b7e5dfee24)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-11-28 05:00:32 -10:00
Archana Polampalli
df7a37d54f ghostscript: fix CVE-2023-43115 
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote
code execution via crafted PostScript documents because they can switch to the
IJS device, or change the IjsServer parameter, after SAFER has been activated.
NOTE: it is a documented risk that the IJS server can be specified on a gs
command line (the IJS device inherently must execute a command to start the IJS server).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-43115

Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe

(From OE-Core rev: 1d169e50f28c93434461aa3ecbc47c21509143e9)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-09-30 09:43:59 -10:00
Archana Polampalli
8e90df16f5 ghostscript: fix CVE-2023-38559 
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559

Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f

(From OE-Core rev: e77c0b35969ae690b390ffae682fd6552ff8aff8)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-08-19 05:56:58 -10:00
Archana Polampalli
ba1a77347c ghostscript: fix CVE-2023-36664 
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664

Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099

(From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-07-26 05:20:36 -10:00
Joe Slater
20e0e5ebfb ghostscript: fix CVE-2023-29979 
Backport from 10.02.0 (unreleased).

(From OE-Core rev: 6d5baff50aa83c663856cccc375c522add97625e)

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-03 04:17:12 -10:00
Lee Chee Yang
0a954bf5d7 ghostscript: fix CVE-2022-2085 
(From OE-Core rev: 645a619524d04aa6a2029a2810e2d84dc751fc48)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-07-08 08:27:15 +01:00
Richard Purdie
71ef319193 meta/scripts: Automated conversion of OE renamed variables 
(From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-21 23:37:27 +00:00
Richard Purdie
b0130fcf91 meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers 
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.

(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-20 16:45:25 +00:00
Alexander Kanavin
6f138098b1 ghostscript: update 9.54.0 -> 9.55.0 
jbig2dec seems no longer optional; the source for it
is bundle with ghostscript.

License-Update: removed patent references
(From OE-Core rev: 44a3bea7e8fedbc76b6e8f97e1f669def81e158a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 17:42:25 +01:00