From patchwork Mon Jun 5 14:43:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 25138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98F34C7EE24 for ; Mon, 5 Jun 2023 14:43:53 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.10048.1685976230428824848 for ; Mon, 05 Jun 2023 07:43:50 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1315FD75; Mon, 5 Jun 2023 07:44:35 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 1402E3F663; Mon, 5 Jun 2023 07:43:48 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH] ghostscript: upgrade to 10.01.1 Date: Mon, 5 Jun 2023 15:43:44 +0100 Message-Id: <20230605144344.2569937-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 05 Jun 2023 14:43:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/182387 From: Ross Burton Drop the merged fix for CVE-2023-28879. Signed-off-by: Ross Burton --- .../ghostscript/cross-compile.patch | 40 ------------- .../ghostscript/cve-2023-28879.patch | 60 ------------------- ...cript_10.0.0.bb => ghostscript_10.01.1.bb} | 4 +- 3 files changed, 1 insertion(+), 103 deletions(-) delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch delete mode 100644 meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch rename meta/recipes-extended/ghostscript/{ghostscript_10.0.0.bb => ghostscript_10.01.1.bb} (96%) diff --git a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch b/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch deleted file mode 100644 index ba62820df1e..00000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/cross-compile.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 4c3575346b9c7d394ebc73b4e5fabebadd8877ec Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Thu, 24 Nov 2022 16:33:47 +0000 -Subject: [PATCH] Fix a little bitrot in the cross-compiling logic - -Removing the option to disable FAPI meant configuring for cross compiling would -fail because the option being passed to the sub-call to configure would include -an unknown command line option. - -Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;f=configure.ac;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec] -Signed-off-by: Alexander Kanavin ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d5c68c4b3..738eb10a9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then - echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in - - AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary tools)]) -- "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-fapi --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers="" -+ "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers="" - status=$? - cp config.log "$olddir/configaux.log" - if test $status -eq 0 ; then -@@ -2530,7 +2530,7 @@ PDF= - PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak" - PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak" - --if test x"$with_pdf" != x"no" ; then -+if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then - - if test x"$JBIG2_DECODER" = x""; then - AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support]) --- -2.25.1 - diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch deleted file mode 100644 index 604b927521c..00000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Fri, 24 Mar 2023 13:19:57 +0000 -Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding - -Bug #706494 "Buffer Overflow in s_xBCPE_process" - -As described in detail in the bug report, if the write buffer is filled -to one byte less than full, and we then try to write an escaped -character, we overrun the buffer because we don't check before -writing two bytes to it. - -This just checks if we have two bytes before starting to write an -escaped character and exits if we don't (replacing the consumed byte -of the input). - -Up for further discussion; why do we even permit a BCP encoding filter -anyway ? I think we should remove this, at least when SAFER is true. ---- -CVE: CVE-2023-28879 - -Upstream-Status: Backport [see text] - -git://git.ghostscript.com/ghostpdl -cherry-pick - -Signed-off-by: Joe Slater limit - q < 2) { -+ p--; -+ break; -+ } - if (p == rlimit) { - p--; - break; --- -2.25.1 - diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb similarity index 96% rename from meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb rename to meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb index 86ecdbe24af..5d4b8cdc913 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb @@ -33,8 +33,6 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://do-not-check-local-libpng-source.patch \ file://avoid-host-contamination.patch \ file://mkdir-p.patch \ - file://cross-compile.patch \ - file://cve-2023-28879.patch \ " SRC_URI = "${SRC_URI_BASE} \ @@ -46,7 +44,7 @@ SRC_URI:class-native = "${SRC_URI_BASE} \ file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \ " -SRC_URI[sha256sum] = "a57764d70caf85e2fc0b0f59b83b92e25775631714dcdb97cc6e0cea414bb5a3" +SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce" # Put something like #