mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-24 02:19:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,721 Commits 38 Branches 617 Tags
a3039415bbd2eab2ff2cd146bab4e5e746d59817
Commit Graph

6 Commits

Author SHA1 Message Date
Chang Rebecca Swee Fun
f9fc722182 ghostscript: check for incompatible host 
The following warning occurs when building with meta-zephyr
with MACHINE set to arduino-101-sss:

WARNING: /srv/sdc/builds/11319/meta/recipes-extended/ghostscript/ghostscript_9.20.bb: Unable to get checksum for ghostscript SRC_URI entry objarch.h: file could not be found

This is due to the the TARGET_ARCH = "arc" for meta-zephyr is not
supported by ghostscript and causing bitbake unable to locate the
correct config file during recipe parse.

Adding checker in the recipe to raise an exception if the target
architecture is "arc". This would then only display an error if
someone specifically tries to build the recipe:

ERROR: ghostscript was skipped: incompatible with host arc-yocto-elf (not in COMPATIBLE_HOST)

[YOCTO #11344]

(From OE-Core rev: 720a7230b92d734106d5340a426270dd4e921e8e)

Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 14:01:48 +01:00
Catalin Enache
7bf386d5ff ghostscript: CVE-2016-8602, CVE-2017-7975 
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote
attackers to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted Postscript document that calls .sethalftone5 with an
empty operand stack.

Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because
of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c
during operations on a crafted JBIG2 file, leading to a denial of service (application
crash) or possibly execution of arbitrary code.

References:
https://nvd.nist.gov/vuln/detail/CVE-2016-8602
https://nvd.nist.gov/vuln/detail/CVE-2017-7975

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298

(From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 14:01:48 +01:00
Catalin Enache
5970acb3fe ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951 
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8

(From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-04-29 11:17:23 +01:00
Catalin Enache
6df3fde8e9 ghostscript: CVE-2017-7207 
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207

Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091

(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-04-10 23:00:42 +01:00
Alexander Kanavin
4dcf0fed51 ghostscript: fix upstream version check 
(From OE-Core rev: 10001924baf112a4556c5e85c16c482cbf435950)

(From OE-Core rev: 4e8e884054b56c578d51d7b4af7150b77806368d)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-12-17 09:57:04 +00:00
Huang Qiyu
bd06c3641a ghostscript 9.19 -> 9.20 
1)Upgrade ghostscript from 9.19 to 9.20.
2)Modify ghostscript-9.15-parallel-make.patch, since the data has been changed.

(From OE-Core rev: 4f3483c3a0ba22f46d768d78d6f56880e8ac5608)

(From OE-Core rev: 9133ba6b8138951f3ef798f0a1cc6f694fe71868)

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-12-17 09:57:03 +00:00