Commit Graph

6 Commits

Author SHA1 Message Date
Baruch Siach
10a6ea5a30 package/ghostscript: security bump to version 9.27
Fixes CVE-2019-3835, CVE-2019-3838: A specially crafted PostScript file
could use these flaws to have access to the file system outside of the
constrains imposed by -dSAFER.

Drop upstream patches.

Use the make subst function to compute the download site from version.

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-10 07:42:28 +02:00
Peter Korsgaard
e52b02677a ghostscript: security bump to version 9.26
Fixes the following security vulnerabilities:

 - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
   bypass a sandbox protection mechanism via vectors involving errorhandler
   setup.  NOTE: this issue exists because of an incomplete fix for
   CVE-2018-17183.

- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
  bypass a sandbox protection mechanism via vectors involving the 1Policy
  operator.

- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
  9.26.  LockSafetyParams is not checked correctly if another device is
  used.

- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because available
  stack space is not checked when the device remains the same.

- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  setcolorspace type confusion.

- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  JBIG2Decode type confusion.

For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-29 19:57:09 +01:00
Peter Korsgaard
b054797eca ghostscript: security bump to version 9.25
Fixes the following security issues:

- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
  gsgetresolution allow attackers to have an unspecified impact

- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
  error exception table, which could be used by remote attackers able to
  supply crafted PostScript to potentially overwrite or replace error
  handlers to inject code.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 15:07:45 +02:00
Fabrice Fontaine
60c4bd8ba4 ghostscript: bump to version 9.23
- Remove sha256 (not provided anymore) and keep only sha512
- Update patch
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-03 22:07:23 +02:00
Olivier Schonken
535cc2f03e ghostscript: bump version to 9.22
Remove patches that has been merged/updated upstream

0002-Host-tool-mkromfs_1-needs-libz.patch
-> http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=284f5fe121d8eb0a0f50a6f2465ee2f99a061018
0003-Bug-697799-have-.eqproc-check-its-parameters.patch
-> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
   http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
   http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
0004-Bug-697799-have-.rsdparams-check-its-parameters
-> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
   http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad

Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-17 22:36:20 +02:00
Bernd Kuhls
1a83dda003 package/ghostscript: new package
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
 - switch to version 9.21 now that it has been released
 - add a hash file
 - switch to Git formatted patches
 - use $(HOSTCC) instead of hardcoding "gcc", and use $(HOST_CFLAGS) and
   $(HOST_LDFLAGS) instead of hardcoding -L$(HOST_DIR)/usr/lib
   -I$(HOST_DIR)/usr/include
 - add entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-20 23:54:43 +01:00