e52b02677a
Fixes the following security vulnerabilities: - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. - CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. - CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. - CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. - CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. - CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. For more details, see the release notes: https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
65 lines
1.7 KiB
Makefile
65 lines
1.7 KiB
Makefile
################################################################################
|
|
#
|
|
# ghostscript
|
|
#
|
|
################################################################################
|
|
|
|
GHOSTSCRIPT_VERSION = 9.26
|
|
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926
|
|
GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
|
|
GHOSTSCRIPT_LICENSE = AGPL-3.0
|
|
GHOSTSCRIPT_LICENSE_FILES = LICENSE
|
|
# 0001-Fix-cross-compilation-issue.patch
|
|
GHOSTSCRIPT_AUTORECONF = YES
|
|
GHOSTSCRIPT_DEPENDENCIES = \
|
|
host-lcms2 \
|
|
host-libjpeg \
|
|
host-pkgconf \
|
|
host-zlib \
|
|
fontconfig \
|
|
ghostscript-fonts \
|
|
jpeg \
|
|
lcms2 \
|
|
libpng \
|
|
tiff
|
|
|
|
# Ghostscript includes (old) copies of several libraries, delete them.
|
|
# Inspired by linuxfromscratch:
|
|
# http://www.linuxfromscratch.org/blfs/view/svn/pst/gs.html
|
|
define GHOSTSCRIPT_REMOVE_LIBS
|
|
rm -rf $(@D)/freetype $(@D)/ijs $(@D)/jpeg $(@D)/lcms2mt \
|
|
$(@D)/libpng $(@D)/tiff $(@D)/zlib
|
|
endef
|
|
GHOSTSCRIPT_POST_PATCH_HOOKS += GHOSTSCRIPT_REMOVE_LIBS
|
|
|
|
GHOSTSCRIPT_CONF_ENV = \
|
|
CCAUX="$(HOSTCC)" \
|
|
CFLAGSAUX="$(HOST_CFLAGS) $(HOST_LDFLAGS)"
|
|
|
|
GHOSTSCRIPT_CONF_OPTS = \
|
|
--disable-compile-inits \
|
|
--disable-cups \
|
|
--enable-fontconfig \
|
|
--with-fontpath=/usr/share/fonts \
|
|
--enable-freetype \
|
|
--disable-gtk \
|
|
--without-jbig2dec \
|
|
--without-libpaper \
|
|
--with-system-libtiff
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBIDN),y)
|
|
GHOSTSCRIPT_DEPENDENCIES += libidn
|
|
GHOSTSCRIPT_CONF_OPTS += --with-libidn
|
|
else
|
|
GHOSTSCRIPT_CONF_OPTS += --without-libidn
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBX11),y)
|
|
GHOSTSCRIPT_DEPENDENCIES += xlib_libX11
|
|
GHOSTSCRIPT_CONF_OPTS += --with-x
|
|
else
|
|
GHOSTSCRIPT_CONF_OPTS += --without-x
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|