From 1116fd46a477c58472e98b797dc67c96020883e1 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sat, 10 Jun 2023 17:38:19 +0200 Subject: [PATCH] package/ghostscript: security bump version to 10.01.1 Switch tarball to .xz Fixes CVE-2023-28879: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28879 Release notes: https://ghostscript.readthedocs.io/en/latest/News.html?utm_source=ghostscript&utm_medium=website&utm_content=inline-link Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard --- package/ghostscript/ghostscript.hash | 4 ++-- package/ghostscript/ghostscript.mk | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/package/ghostscript/ghostscript.hash b/package/ghostscript/ghostscript.hash index ca26a38a02..30c45a5a74 100644 --- a/package/ghostscript/ghostscript.hash +++ b/package/ghostscript/ghostscript.hash @@ -1,5 +1,5 @@ -# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9561/SHA512SUMS -sha512 f498384af80654c040635564b8bc9a64c4bb5b0769bb00aade4042bbe9117c482362dc1a1fac72db3ce9487dd5a5bb8fb81b35b360680fe598df33dfbbe79499 ghostscript-9.56.1.tar.gz +# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10011/SHA512SUMS +sha512 d944be9e8aef68d1176d64c40db6fa86d55d0c9e30047f2147c02806ab61cfe9ac2cb00d4e5b218ff3c51cc6ed47ceffe1bac4dd9d4cc1760b7974f30c6c2735 ghostscript-10.01.1.tar.xz # Hash for license file: sha256 8ce064f423b7c24a011b6ebf9431b8bf9861a5255e47c84bfb23fc526d030a8b LICENSE diff --git a/package/ghostscript/ghostscript.mk b/package/ghostscript/ghostscript.mk index 364fa1469a..d215afccd2 100644 --- a/package/ghostscript/ghostscript.mk +++ b/package/ghostscript/ghostscript.mk @@ -4,7 +4,8 @@ # ################################################################################ -GHOSTSCRIPT_VERSION = 9.56.1 +GHOSTSCRIPT_VERSION = 10.01.1 +GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION)) GHOSTSCRIPT_LICENSE = AGPL-3.0 GHOSTSCRIPT_LICENSE_FILES = LICENSE