Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).
To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949
(From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.
(From OE-Core rev: 829296767ecfbd443d738367b7146a91506e25f2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is maintenance release consolidating the changes introduced
in 9.50. see :
https://www.ghostscript.com/doc/9.52/News.htm
Drop all custom objarch.h files; ghostscript nowadays generates
that with autoconf.
Freetype can no longer be disabled.
Building out of source tree is broken.
Upgrade include several CVE fixes:
CVE-2020-16287
CVE-2020-16288
CVE-2020-16289
CVE-2020-16290
CVE-2020-16291
CVE-2020-16292
CVE-2020-16293
CVE-2020-16294
CVE-2020-16295
CVE-2020-16296
CVE-2020-16297
CVE-2020-16298
CVE-2020-16299
CVE-2020-16300
CVE-2020-16301
CVE-2020-16302
CVE-2020-16303
CVE-2020-16304
CVE-2020-16305
CVE-2020-16308
CVE-2020-16309
CVE-2020-17538
(From OE-Core rev: 1cee5540ca74c38cc483b28f720e345644d6ca9b)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
