mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-28 06:32:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
36fa7fce0212e5b8eb9913996156cb5db5c104f3
poky/meta/recipes-extended
History
Ovidiu Panait e6058824bb ghostscript: Fix 3 CVEs 
It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.

It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.

It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6116
https://www.openwall.com/lists/oss-security/2019/01/23/5
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e

(From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18)

(From OE-Core rev: cf5d29dcac6247e8476f7af78b4e0bb129b94677)

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fix for CVE-2019-6116 is already in thud, so that has been removed]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-29 23:50:43 +01:00
..
acpica
acpica: Add missing DEPENDS on bison-native
2018-08-16 09:49:39 +01:00
asciidoc
asciidoc: drop distutils inherit, not actually required
2017-05-16 14:08:29 +01:00
at
at: add libselinux to PACKAGECONFIG
2018-05-29 21:07:17 +01:00
bash
bash: 4.4.18 -> 4.4.23
2018-09-27 23:41:41 +01:00
bc
bc: upgrade to 1.07.1
2018-07-24 11:52:26 +01:00
blktool
blktool: Fix build with glibc 2.28
2018-08-08 10:51:59 +01:00
bzip2
bzip2: fix CVE-2019-12900
2019-07-29 23:50:43 +01:00
chkconfig
chkconfig: replace fedorahosted.org SRC_URI with github.com source
2017-04-05 23:22:12 +01:00
cpio
cpio: fix crash when appending to archives
2019-01-08 20:14:43 +00:00
cracklib
cracklib: Apply patch to fix CVE-2016-6318
2016-09-24 07:30:10 +01:00
cronie
cronie: upgrade to 1.5.2
2018-06-18 11:07:57 +01:00
cups
cups: upgrade to 2.2.10
2019-07-27 18:05:18 +01:00
cwautomacros
cwautomacros: cleanup buildpath in autogen.sh
2015-10-01 07:43:34 +01:00
diffutils
diffutils-ptest: add runtime dependency on make
2018-07-06 22:55:01 +01:00
ed
ed: update to 1.14.2
2017-05-23 17:45:36 +01:00
ethtool
ethtool: 4.17 -> 4.19
2019-01-08 20:14:42 +00:00
findutils
findutils: Fix build with glibc 2.28
2018-08-08 10:51:59 +01:00
foomatic
foomatic: Add HOMEPAGE info into recipe file.
2017-09-11 17:30:30 +01:00
gawk
gawk: fix command location in ptest script
2018-05-29 21:07:17 +01:00
ghostscript
ghostscript: Fix 3 CVEs
2019-07-29 23:50:43 +01:00
go-examples
oe-core: take UPSTREAM_CHECK_COMMITS into use where possible
2017-11-30 10:49:22 +00:00
gperf
gperf: don't use aclocal.m4/acinclude.m4 dance
2017-12-10 22:45:19 +00:00
grep
grep: support Perl regular expression
2018-01-23 23:43:45 +00:00
groff
groff: not search fonts on build host
2018-10-29 17:26:47 +00:00
gzip
gzip: Fix build with glibc 2.28
2018-08-08 10:51:59 +01:00
hdparm
hdparm: upgrade 9.55 -> 9.56
2018-05-29 21:07:15 +01:00
images
core-image-lsb-sdk: Lower IMAGE_OVERHEAD_FACTOR
2017-03-01 23:27:11 +00:00
iptables
iptables: Split the iptables modules into separate packages
2018-07-30 12:44:35 +01:00
iputils
iputils: upgrade to s20190629
2018-07-26 13:16:40 +01:00
less
less: update to 530
2018-05-04 13:28:01 +01:00
libaio
libaio: Extend to native
2019-02-25 22:27:40 +00:00
libarchive
libarchive: integrate security fixes
2019-07-29 23:50:43 +01:00
libidn
libidn2: Fix libunistring detection
2018-08-20 17:38:22 +01:00
libmnl
libmnl: enable native
2017-12-02 11:25:32 +00:00
libnsl
libnsl2: Install into /usr/include and /usr/lib
2018-05-09 10:47:51 +01:00
libnss-nis
libnss-nis: Limit parse skip only for target recipe on musl
2018-07-05 11:39:06 +01:00
libpipeline
libpipeline: add a recipe
2018-02-24 10:31:45 +00:00
libsolv
libsolv: make rpm optional
2018-09-21 18:45:47 -07:00
libtirpc
libtirpc: Upgrade to 1.0.4-tc1
2018-05-09 10:47:50 +01:00
lighttpd
lighttpd: fix CVE-2019-11072
2019-07-27 18:05:18 +01:00
logrotate
logrotate: Improve configurability of the installed systemd service files
2018-07-26 13:16:40 +01:00
lsb
lsb: fix usrmerge install paths
2018-07-26 13:16:40 +01:00
lsof
lsof: Make it compatible with externalsrc
2018-10-10 17:59:09 +01:00
ltp
ltp: modify mmap_24-2 testcase
2018-10-16 20:35:43 +01:00
lzip
lzip: upgrade 1.19 -> 1.20
2018-05-04 13:28:01 +01:00
man-db
man-db: fix multilib install file conflict
2018-10-04 14:21:41 +01:00
man-pages
man-pages: respect api-documentation
2018-08-14 11:36:31 +01:00
mc
mc: upgrade to 4.8.21
2018-06-18 11:07:57 +01:00
mdadm
mdadm: add init and service scripts
2019-02-25 22:27:38 +00:00
mingetty
mingetty: fix usrmerge install path
2018-08-24 07:53:14 +01:00
minicom
minicom: remove dead URL from UPSTREAM_CHECK_URI
2018-07-06 22:59:33 +01:00
msmtp
msmtp: update to 1.6.6
2016-11-30 15:48:09 +00:00
net-tools
recipes: Remove tab indentations in python code
2019-01-08 20:14:42 +00:00
newt
libnewt-python: Add nativesdk
2018-06-27 13:55:21 +01:00
packagegroups
packagegroup-core-lsb/-x11-sato: no udev-extraconf in case of systemd
2018-10-25 14:53:44 +01:00
pam
libpam: libpamc is licensed under its own BSD-style licence
2019-03-24 16:48:38 +00:00
parted
parted: use update-alternatives for partprobe
2018-10-09 19:04:02 +01:00
pbzip2
pbzip2: fix upstream check URL
2018-05-15 10:56:49 +01:00
perl
libxml-sax-perl: upgrade 0.99 -> 1.00
2018-05-04 13:28:02 +01:00
pigz
pigz: use maintainer-built tarballs
2018-02-16 18:05:38 +00:00
procps
procps:3.3.14 -> 3.3.15
2018-07-15 16:16:16 +01:00
psmisc
psmisc:23.0 -> 23.1
2018-07-15 16:16:16 +01:00
quota
quota: upgrade to 4.04
2017-11-21 13:06:11 +00:00
rpcbind
rpcbind: add option to make user able to use fixed port number
2018-06-15 17:56:24 +01:00
rpcsvc-proto
rpcsvc-proto: Update to 1.4
2018-05-29 21:07:17 +01:00
screen
screen: Add virtual/crypt dependency
2018-08-15 09:44:33 +01:00
sed
sed-ptest: improve reproducibility
2018-01-05 11:55:35 +00:00
shadow
shadow: improve reproducibility by hard-coding shell path
2018-11-24 22:02:47 +00:00
slang
slang: add nativesdk
2018-06-27 13:55:21 +01:00
stress
meta: Add/fix missing Upstream-Status to patches
2017-06-27 10:38:43 +01:00
sudo
sudo: Add missing dep on virtual/crypt
2018-09-05 18:00:24 +01:00
sysklogd
sysklogd: Re-enable alternatives for syslogd.8 man page
2018-10-01 13:04:49 +01:00
sysstat
sysstat: upgrade 11.7.3 -> 11.7.4
2018-07-24 11:52:26 +01:00
tar
Tar: Security fix CVE-2019-0023
2019-07-27 18:05:18 +01:00
tcp-wrappers
tcp-wrapper: Use external libnsl
2018-05-09 10:47:51 +01:00
texi2html
texi2html: Add a dependency on perl
2017-06-23 11:44:14 +01:00
texinfo
texinfo: upgrade to 6.5
2017-11-05 22:33:22 +00:00
texinfo-dummy-native
texinfo-dummy-native: port to Python 3
2017-09-11 17:30:29 +01:00
time
time:1.8 -> 1.9
2018-05-04 13:28:05 +01:00
timezone
timezone: update to 2019a
2019-05-22 00:31:47 +01:00
unzip
unzip: actually apply CVE-2018-18384
2018-11-09 17:46:18 +00:00
watchdog
watchdog: fix init script for sysvinit
2018-06-18 11:07:57 +01:00
wget
wget: Security fix for CVE-2019-5953
2019-07-27 18:05:18 +01:00
which
which: fix it so the manpage will respect alternatives
2017-03-17 16:53:04 +00:00
xdg-utils
xdg-utils: upgrade to 1.1.3
2018-06-18 11:07:57 +01:00
xinetd
xinetd: Fix systemd service for systemd>237
2018-06-15 17:56:24 +01:00
xz
xz: upgrade 5.2.3 -> 5.2.4
2018-07-24 11:52:26 +01:00
zip
selftest: fix distrodata.py to use per-recipe UPSTREAM_VERSION_UNKNOWN setting
2017-08-16 00:03:13 +01:00