mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-28 04:19:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,127 Commits 38 Branches 619 Tags
fcaac4852d849692c4500a32d75df3aba984859b
Commit Graph

5 Commits

Author SHA1 Message Date
Davide Gardenal
a27aa2316f ghostscript: backport patch fix for CVE-2021-3781 
Upstream advisory:
https://ghostscript.com/blog/CVE-2021-3781.html

Other than the CVE fix other two commits are backported
to fit the patch.

(From OE-Core rev: ce856e5e07589d49d5ff84b515c48735cc78cd01)

Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-31 21:09:33 +01:00
Steve Sakoman
4391ddecb2 ghostscript: fix CVE-2020-15900 and CVE-2021-45949 for -native 
CVE patches (and the stack limits check patch) should have been
added to SRC_URI_BASE so that they are applied for both target
and -native packages.

(From OE-Core rev: da9b7b8973913c80c989aee1f5b34c98362725a8)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-31 21:09:33 +01:00
Minjae Kim
b03d18892c ghostscript: fix CVE-2021-45949 
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).

To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949

(From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0)

Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-16 09:48:51 +00:00
Richard Purdie
b819be5f6a ghostscript: Exclude CVE-2013-6629 from cve-check 
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.

(From OE-Core rev: 829296767ecfbd443d738367b7146a91506e25f2)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-05-20 12:36:41 +01:00
Lee Chee Yang
060ba609bd ghostscript: update to 9.52 
This is maintenance release consolidating the changes introduced
in 9.50. see :
https://www.ghostscript.com/doc/9.52/News.htm

Drop all custom objarch.h files; ghostscript nowadays generates
that with autoconf.

Freetype can no longer be disabled.

Building out of source tree is broken.

Upgrade include several CVE fixes:
CVE-2020-16287
CVE-2020-16288
CVE-2020-16289
CVE-2020-16290
CVE-2020-16291
CVE-2020-16292
CVE-2020-16293
CVE-2020-16294
CVE-2020-16295
CVE-2020-16296
CVE-2020-16297
CVE-2020-16298
CVE-2020-16299
CVE-2020-16300
CVE-2020-16301
CVE-2020-16302
CVE-2020-16303
CVE-2020-16304
CVE-2020-16305
CVE-2020-16308
CVE-2020-16309
CVE-2020-17538

(From OE-Core rev: 1cee5540ca74c38cc483b28f720e345644d6ca9b)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-08-27 08:25:50 +01:00