- Remove all patches except the first one as they are already in this
version
- Remove AUTORECONF = YES as we're not patching any *.ac files anymore
- Disable new nhrpd option
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
c-ares has a LICENSE.md file since version 1.12 and
4e861351d9
So use it instead of one of the source file and add its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
c-ares has a LICENSE.md file since version 1.12 and
4e861351d9
So use it instead of one of the source file and add its hash
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Archive file name changed from msgpack-python to msgpack
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since bump to version 0.99.21 and commit
b20c77321f, BR2_PACKAGE_QUAGGA_TCP_ZEBRA
has been wrongly rename into BR2_PACKAGE_QUAGGA_TCP_ZERBRA
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 2016.05-06 toolchain we've had support for is pretty outdated at
this point, so update to the latest 2018.09-02 version.
Of note besides the typical component version bumps:
- The toolchains are now provided by MIPS Tech LLC after its departure
from Imagination Technologies.
- The download site changed as a result of that.
- The toolchains are now built targeting CentOS 6 rather than CentOS 5.
Signed-off-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 2016.05-06 toolchain we've had support for is pretty outdated at
this point, so update to the latest 2018.09-02 version.
Of note besides the typical component version bumps:
- The toolchains are now provided by MIPS Tech LLC after its departure
from Imagination Technologies.
- The download site changed as a result of that.
- The toolchains are now built targeting CentOS 6 rather than CentOS 5.
Signed-off-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerability:
CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
denial of service due to resource exhaustion when processing getaddrinfo
calls with crafted host names. Reported by Guido Vranken.
Adhemerval Zanella (2):
Fix misreported errno on preadv2/pwritev2 (BZ#23579)
x86: Fix Haswell CPU string flags (BZ#23709)
Alexandra Hájková (1):
Add an additional test to resolv/tst-resolv-network.c
Andreas Schwab (2):
Fix stack overflow in tst-setcontext9 (bug 23717)
libanl: properly cleanup if first helper thread creation failed (bug 22927)
DJ Delorie (2):
malloc: tcache double free check
malloc: tcache double free check
Florian Weimer (9):
conform: XFAIL siginfo_t si_band test on sparc64
stdlib/test-bz22786: Avoid spurious test failures using alias mappings
stdlib/test-bz22786: Avoid memory leaks in the test itself
support_blob_repeat: Call mkstemp directory for the backing file
stdlib/tst-strtod-overflow: Switch to support_blob_repeat
nscd: Fix use-after-free in addgetnetgrentX [BZ #23520]
support: Print timestamps in timeout handler
Revert "malloc: tcache double free check" [BZ #23907]
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
H.J. Lu (2):
i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716]
Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509]
Ilya Yu. Malakhov (1):
signal: Use correct type for si_band in siginfo_t [BZ #23562]
Istvan Kurucsai (1):
malloc: Additional checks for unsorted bin integrity I.
Joseph Myers (2):
Update syscall-names.list for Linux 4.18.
Update kernel version in syscall-names.list to 4.19.
Moritz Eckert (1):
malloc: Mitigate null-byte overflow attacks
Paul Eggert (1):
Fix tzfile low-memory assertion failure
Paul Pluzhnikov (2):
Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test.
[BZ #20271] Add newlines in __libc_fatal calls.
Pochang Chen (1):
malloc: Verify size of top chunk.
Rafal Luzynski (1):
kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209).
Stefan Liebler (2):
Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275]
Test stdlib/test-bz22786 exits now with unsupported if malloc fails.
Szabolcs Nagy (2):
i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822]
Increase timeout of libio/tst-readline
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5 currently doesn't use HOSTCC/HOSTCXX, so it doesn't use ccache
when building all its host code (especially qmake). This means that
even with ccache enabled and a hot cache, it still takes a long time
to build qt5base.
Before this patch, building qt5base takes:
- 446 seconds with a cold ccache
- 185 seconds with a hot ccache
This is because the ccache is not used for host code.
After this patch, building qt5base takes:
- 450 seconds with a cold ccache
- 15 seconds with a hot ccache
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mini SNMPd is a minimal implementation targeted at small or embedded
UNIX systems with limited resources.
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
[Thomas: add hash file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will save 1700K on target filesystem (as tested on ARM, i686).
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
dlfcn.h must be included in modlua.ini to be able to use dlopen
otherwise build will fail on:
src/mod_lua.inl:2845:41: error: 'RTLD_LAZY' undeclared (first use in this function)
lib_handle_uuid = dlopen("libuuid.so", RTLD_LAZY);
Fixes:
- http://autobuild.buildroot.org/results/7a189f49c5a8b6f7b3d4c57cda5982adc65dbc19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes [1]:
/tmp/ccD2Tule.s: Assembler messages:
/tmp/ccD2Tule.s:682: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7'
/tmp/ccD2Tule.s:2767: Error: opcode not supported on this processor: mips32r6 (mips32r6) `movn $2,$4,$7'
[1] http://autobuild.buildroot.net/results/f0253d1ed11021d3e5914a5161360de3ef3d1641
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Debug build of qsgtexture fails on uclibc since version 5.11 and
7c507eaac3:
scenegraph/util/qsgtexture.cpp:69:22: fatal error: execinfo.h: No such file or directory
#include <execinfo.h>
Indeed, !defined(__UCLIBC__) has been replaced by defined(__GBLIBC__) to
fix build on musl but as a result, build fails on uclibc because uclibc
also defines __GLIBC__ (and it does not have execinfo like musl)
This error is raised only when building in debug mode because
CAN_BACKTRACE_EXECINFO is undefined if QT_NO_DEBUG is set
So keep defined(__GLIBC__), but put back !defined(__UCLIBC__)
Fixes:
- http://autobuild.buildroot.org/results/6fce0ce5aea943e097532efbbc8d1e28f41e5866
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps pydal to version v18.09 and moves its download location
to github cause the version on pypi is not updated anymore.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps web2py to version R-2.17.2
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In case a config script is called from a relative path, the $(dirname
$0) would return a relative path too.
Those paths are usually parts of includes or libraries search
directories, and the packagfes buildsystems may chdir() anywhere, and
thus the relative path will no longer be valid. For example:
$ ./host/powerpc-buildroot-linux-uclibc/sysroot/usr/bin/net-snmp-config --cflags
[...] -I./host/powerpc-buildroot-linux-uclibc/sysroot/usr/bin/../../.././bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/include/libnl3 [...]
Canonicalise the path to be sure we use absolute paths.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For this man file install scenario, joining the sys.prefix makes the
path absolute (this was previously working by accident). It was
found when e94280e5a5 "package/pkg-python: use proper --prefix
and --root values" was merged.
Fixes:
http://autobuild.buildroot.net/results/e214e1a539cdac07028fb58c3822f89886d86f1f
Upstream:
bc36cba139
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since 4b0f891211
squid tries to find if latomic is needed through:
AC_SEARCH_LIBS([__atomic_load_8],[atomic],[ATOMICLIB="-latomic"],[])
However, this can fails on:
configure:21147: /home/fabrice/buildroot/output/host/bin/arc-buildroot-linux-gnu-g++ -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -matomic -Os -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -g conftest.cpp -latomic >&5
conftest.cpp:55:6: error: new declaration 'char __atomic_load_8()' ambiguates built-in declaration 'long long unsigned int __atomic_load_8(const volatile void*, int)' [-fpermissive]
char __atomic_load_8 ();
^~~~~~~~~~~~~~~
conftest.cpp: In function 'int main()':
conftest.cpp:59:25: error: too few arguments to function 'long long unsigned int __atomic_load_8(const volatile void*, int)'
return __atomic_load_8 ();
So add -latomic to LIBS if BR2_TOOLCHAIN_HAS_LIBATOMIC is set
Fixes:
- http://autobuild.buildroot.org/results/13082cea836a12ac8bf85cbdb53a56a5d30c70b1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gnu atomics has been removed since version 3.5.27:
ddd4edb743
So remove squid_cv_gnu_atomics handling
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Previously the option to install tests would result in the test cases
that don't have a cunit dependency, to build and be installed.
This patch adds an optional dependency on cunit so that all test cases
can be built and installed to target.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Thomas: keep as an optional dependency, as cunit is only useful for
additional tests specific to the amdgpu backend]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also add an patch from upstream to fix building libnfs with the musl C
library. This issue was introduced upstream between version 2.0.0 and
version 3.0.0.
Note, that upstreams commit message says it fixes a warning. However, as
musl is more strictly regarding missing headers it actually fixes the
build with musl.
Furthermore, the COPYING license file was changed in the way that it now
includes a clarification about the .x files being distributed under the
simplified BSD license. We already note in LIBNFS_LICENSE that the .x
files are BSD-2-Clause. So, updating the hash for this license file is
enough.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable hardware acceleration for ARMv8 targets.
When ARMv8 hardware acceleration is enabled on AArch64 without any
additional flags, the build fails with the following messages:
/tmp/cciv7Oei.s: Assembler messages:
/tmp/cciv7Oei.s:580: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:616: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:629: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:669: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]'
/tmp/cciv7Oei.s:1211: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:1368: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
/tmp/cciv7Oei.s:1554: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:1719: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
/tmp/cciv7Oei.s:1870: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]'
/tmp/cciv7Oei.s:2043: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]'
make[3]: *** [Makefile:3801: wolfcrypt/src/port/arm/src_libwolfssl_la-armv8-aes.lo] Error 1
This is because of some inline assembly in parts of the AES structure
using the "m" constraint.
So lets use the flag -mstrict-align to prevent this error.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
[Thomas: restrict the -mstrict-align workaround to AArch64, as ARMv8-A
can also be used in an AArch32 build, and in this case, gcc doesn't
support the -mstrict-align flag]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
getArgTypeList is defined both in ext/intl/msgformat/msgformat_helpers.cpp
and icu library so add a !BR2_STATIC_LIBS dependency to
BR2_PACKAGE_PHP_EXT_INTL
Fixes:
- http://autobuild.buildroot.org/results/628b677d1ceb8b404265d89357225e0a1dce1407
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a core Perl module (ie. included in the Perl distribution), so
there is no point in having a separate package for it.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is what GCC manual says [1]:
-------------------------->8----------------------
--enable-__cxa_atexit
Define if you want to use __cxa_atexit, rather than atexit,
to register C++ destructors for local statics and global objects.
This is essential for fully standards-compliant handling of destructors,
but requires __cxa_atexit in libc.
This option is currently only available on systems with GNU libc
...
-------------------------->8----------------------
Important disadvantages of a simple atexit() are that [2]:
-------------------------->8----------------------
1999 C Standard only requires that the implementation support 32
registered functions, although most implementations support many more.
More important it does not deal at all with the ability in most implementations
to remove DSOs from a running program image by calling dlclose
prior to program termination.
-------------------------->8----------------------
Also it seems like all libc's we support in Buildroot (Glibc, uClibc and musl)
support __cxa_at_exit() so enable it unconditionally.
FWIW if we look around we'll see:
1. In OpenEmbedded it is enabled for everything except gcc-cross-initial: [3], [4]
2. In Crosstool-NG it is enabled by default: [5]
3. In OpenWrt it is disabled only for uClibc, otherwise enabled: [6]
So I think we should be good with it as well.
[1] https://gcc.gnu.org/install/configure.html
[2] https://itanium-cxx-abi.github.io/cxx-abi/abi.html#dso-dtor-motivation
[3] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-configure-common.inc#L59
[4] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-cross-initial.inc#L23
[5] https://github.com/crosstool-ng/crosstool-ng/blob/master/config/cc/gcc.in#L270
[6] https://github.com/openwrt/openwrt/blob/master/toolchain/gcc/common.mk#L170
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Claudiu Zissulescu <claziss@synopsys.com>
Cc: Cupertino Miranda <cmiranda@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is currently no version of gdbserver for RISC-V. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for RISC-V builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.
[Peter: simplify logic, add comment]
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Robert Rose <robertroyrose@gmail.com>
[Thomas:
- add missing Config.in dependencies inherited from
BR2_PACKAGE_PROTOBUF, as well as the corresponding Config.in
comment
- replace spaces by tabs in grpc.mk indentation
- remove superfluous GRPC_SOURCE variable
- improved patch description.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A host version of this package will be useful as a dependency of the
host-grpc package.
Signed-off-by: Robert Rose <robertroyrose@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lets update prebuilt ARC toolchain to the most recent arc-2018.09.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The following error is raised by minizip:
[100%] Linking C executable minizip
/home/peko/autobuild/instance-0/output/host/m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/libbsd.a(arc4random.o):
In function `_rs_init.part.1':
arc4random.c:(.text+0xaa): undefined reference to `__register_atfork'
collect2: error: ld returned 1 exit status
As specified in openssl/Config.in, uClibc on noMMU doesn't provide
__register_atfork() so add a dependency on
!(BR2_TOOLCHAIN_USES_UCLIBC && !BR2_USE_MMU) on libbsd and minizip
Don't add this dependency to netcat-opensd as it already depends on
glibc
Don't add this dependency to BR2_PACKAGE_BLUEZ_ALSA_HCITOP because
bluez-alsa already depends on BR2_USE_MMU
Concerning fwts, just update comment on BR2_USE_MMU
Fixes:
- http://autobuild.buildroot.org/results/df2dcbdceaa01a2ae37bf09140e4dbef0a5b9489
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit finally bumps ARC tools to the most recent arc-2018.09 release version.
ARC GNU tools of version arc-2018.09 bring some quite significant changes like:
* Binutils v2.31.1 with additional ARC patches
* GCC 8.2.1 with additional ARC patches
* glibc 2.28 with additional ARC patches
More information on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2018.09-release
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_PACKAGE_LAPACK is enabled (without BR2_PACKAGE_CLAPACK), build of
python-numpy will fail if lapack is built before python-numpy because
lapack does not provide blas library
So disable BLAS and LAPACK through PYTHON_NUMPTY_ENV if
BR2_PACKAGE_CLAPACK is not set
Fixes:
- http://autobuild.buildroot.org/results/41671976c7be7883f31ee5f51ca0eb90b81262fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, the go compiler will spawn as many jobs as there are CPUs
available, thus possibily over-shooting the limits set by the user.
Make it abide by the user's wish, and specify the number of jobs allowed
to run.
We can do so without fear of a package failing to build in parallel,
because they were already all building in parallel, as that is the
default for the go compiler.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass -Werror=shadow in args of cc.compiles in meson.build otherwise test
will always succeed, causing -Werror=shadow to be passed, even on older gcc versions.
GCC 4.8 changed the behaviour of -Werror=shadow to no longer complain about
local variable declariations shadowing functions, which systemd has. From
the changelog:
The option -Wshadow no longer warns if a declaration shadows a function
declaration, unless the former declares a function or pointer to function,
because this is a common and valid case in real-world code.
https://www.gnu.org/software/gcc/gcc-4.8/changes.html
Fixes:
- http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2
[Peter: extend commit message, add gcc 4.8 link]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.
- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a sandbox protection mechanism via vectors involving the 1Policy
operator.
- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
9.26. LockSafetyParams is not checked correctly if another device is
used.
- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because available
stack space is not checked when the device remains the same.
- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because of a
setcolorspace type confusion.
- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended access restrictions because of a
JBIG2Decode type confusion.
For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>