mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-03-15 03:39:42 +01:00

Author	SHA1	Message	Date
Peter Marko	bc35e81080	ghostscript: ignore CVE-2024-46954 Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe. [1] points to [2] as patch, while file base/gp_utf8.c is not part of ghostscript source tarball. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-46954 [2] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934 (From OE-Core rev: 7f1b174b8f12fcf377c45c27022bac99b6652823) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-01-09 08:41:03 -08:00
Vijay Anusuri	86be079fa4	ghostscript: Backport fix for multiple CVE's import patch from ubuntu to fix CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955 CVE-2024-46956 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee & https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 & https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a & https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a & https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c] (From OE-Core rev: 21a81b592a33504d90f8c53842719cb1fcf96271) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-11-27 06:27:25 -08:00
Archana Polampalli	a84e68cd5d	ghostscript: fix CVE-2023-46361 Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. (From OE-Core rev: 3e9018fb14466495be7472a8620918347c732e86) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-11-15 06:05:32 -08:00
Ashish Sharma	f167cac856	ghostscript: Backport CVE-2024-29508 Import patch from ubuntu to fix CVE-2024-29508 Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/ghostscript/commit/?h=ubuntu/focal-security&id=22b23aa6de7613a4d9c1da9c84d72427c9d0cf1a] Upstream commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ff1013a0ab485b66783b70145e342a82c670906a (From OE-Core rev: c5a85dfe661543137e40976e832ac22e4815406a) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-11-02 06:32:36 -07:00
Archana Polampalli	5c036f07cc	ghostscript: fix CVE-2024-29506 (From OE-Core rev: 68a6482244532e61bc467e1ef23661260bac8572) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-08-16 08:09:14 -07:00
Archana Polampalli	52cfc78696	ghostscript: fix CVE-2024-29509 (From OE-Core rev: 18c55a131b0627b906de29f8c4cbd1526154cd60) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-08-16 08:09:14 -07:00
Archana Polampalli	6313a595f9	ghostscript: fix CVE-2024-29511 (From OE-Core rev: 1710676f80df2ba1ee77d15b4e0e532df10be5a5) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-08-16 08:09:14 -07:00
Archana Polampalli	b0b5da10e1	ghostscript: fix CVE-2023-52722 (From OE-Core rev: 66228a9e8177e70a5653b61742836a3ad83e78af) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-06-01 19:07:52 -07:00
Archana Polampalli	2db6158ba5	ghostscript: fix CVE-2024-29510 (From OE-Core rev: 18e03cadcad0b416ef9fe65627e2e5c2924e3f26) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-06-01 19:07:52 -07:00
Archana Polampalli	c44a4b4958	ghostscript: fix CVE-2024-33871 Added dependent patch [1] for backporting this CVE [1] `8b47f269b8` (From OE-Core rev: edcaa55aa53d51528ae77d1f4b544309c8e1e48e) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-06-01 19:07:52 -07:00
Archana Polampalli	acf74d7113	ghostscript: fix CVE-2024-33869 (From OE-Core rev: fb0271a2d4e847764816b673aa37ea03ee4b3325) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-06-01 19:07:52 -07:00
Archana Polampalli	f60be736e6	ghostscript: fix CVE-2024-33870 (From OE-Core rev: 9f0c63b568312da93daeb31eeb2874b98d1e3eea) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-06-01 19:07:52 -07:00
Kai Kang	355838a15e	ghostscript: correct LICENSE with AGPLv3 The license of ghostscript has switched to Affero GPL since version 9.07 via commit: * 3cc5318 Switch Ghostscript/GhostPDL to Affero GPL https://github.com/ArtifexSoftware/ghostpdl/commit/3cc5318 Correct it with `AGPL-3.0-or-later`. (From OE-Core rev: 8e192a2e0c2fdad18ea4c08774493225f31931a0) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-02-15 03:51:57 -10:00
Vijay Anusuri	a7f86b0e78	ghostscript: Backport fix for CVE-2023-46751 Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5d2da96e81c7455338302c71a291088a8396245a] (From OE-Core rev: f01a0e7fcf3c2d277be0cd85c0cd6b2eff2e5f0a) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-12-22 16:36:54 -10:00
Lee Chee Yang	a7657ca5ff	ghostscript: ignore GhostPCL CVE-2023-38560 issue in GhostPCL. GhostPCL not part of this GhostScript recipe. (From OE-Core rev: 7c4b4daeeca8fab257475eacb83c58b7e5dfee24) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-11-28 05:00:32 -10:00
Archana Polampalli	df7a37d54f	ghostscript: fix CVE-2023-43115 In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). References: https://nvd.nist.gov/vuln/detail/CVE-2023-43115 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe (From OE-Core rev: 1d169e50f28c93434461aa3ecbc47c21509143e9) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-09-30 09:43:59 -10:00
Archana Polampalli	8e90df16f5	ghostscript: fix CVE-2023-38559 A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-38559 Upstream patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f (From OE-Core rev: e77c0b35969ae690b390ffae682fd6552ff8aff8) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-08-19 05:56:58 -10:00
Archana Polampalli	ba1a77347c	ghostscript: fix CVE-2023-36664 Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the \| pipe character prefix). Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36664 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099 (From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-07-26 05:20:36 -10:00
Joe Slater	20e0e5ebfb	ghostscript: fix CVE-2023-29979 Backport from 10.02.0 (unreleased). (From OE-Core rev: 6d5baff50aa83c663856cccc375c522add97625e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-05-03 04:17:12 -10:00
Lee Chee Yang	0a954bf5d7	ghostscript: fix CVE-2022-2085 (From OE-Core rev: 645a619524d04aa6a2029a2810e2d84dc751fc48) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-08 08:27:15 +01:00
Richard Purdie	71ef319193	meta/scripts: Automated conversion of OE renamed variables (From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-21 23:37:27 +00:00
Richard Purdie	b0130fcf91	meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers An automated conversion using scripts/contrib/convert-spdx-licenses.py to convert to use the standard SPDX license identifiers. Two recipes in meta-selftest were not converted as they're that way specifically for testing. A change in linux-firmware was also skipped and may need a more manual tweak. (From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-20 16:45:25 +00:00
Alexander Kanavin	6f138098b1	ghostscript: update 9.54.0 -> 9.55.0 jbig2dec seems no longer optional; the source for it is bundle with ghostscript. License-Update: removed patent references (From OE-Core rev: 44a3bea7e8fedbc76b6e8f97e1f669def81e158a) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 17:42:25 +01:00

23 Commits