<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/ghostscript, branch 2019.02-op-build</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2019-02-12T19:02:46+00:00</updated>
<entry>
<title>package/ghostscript: add upstream security fixes</title>
<updated>2019-02-12T19:02:46+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2019-02-12T18:42:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2e060d64e21a8f4dd8943acdbc3e1e563df13aba'/>
<id>urn:sha1:2e060d64e21a8f4dd8943acdbc3e1e563df13aba</id>
<content type='text'>
CVE-2019-6116: Remote code execution.

https://www.openwall.com/lists/oss-security/2019/01/23/5

Cc: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>ghostscript: security bump to version 9.26</title>
<updated>2018-11-29T18:57:09+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2018-11-29T15:50:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=e52b02677a2b207e89092bcd67a1c03450a26f66'/>
<id>urn:sha1:e52b02677a2b207e89092bcd67a1c03450a26f66</id>
<content type='text'>
Fixes the following security vulnerabilities:

 - CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to
   bypass a sandbox protection mechanism via vectors involving errorhandler
   setup.  NOTE: this issue exists because of an incomplete fix for
   CVE-2018-17183.

- CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to
  bypass a sandbox protection mechanism via vectors involving the 1Policy
  operator.

- CVE-2018-19409: An issue was discovered in Artifex Ghostscript before
  9.26.  LockSafetyParams is not checked correctly if another device is
  used.

- CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because available
  stack space is not checked when the device remains the same.

- CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  setcolorspace type confusion.

- CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows
  remote attackers to bypass intended access restrictions because of a
  JBIG2Decode type confusion.

For more details, see the release notes:
https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/ghostscript: fix removal of included lcms2</title>
<updated>2018-10-03T07:38:34+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2018-10-01T16:34:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d5f83cfc885c4a9ea6d35d38b7d5a8eaf725aee2'/>
<id>urn:sha1:d5f83cfc885c4a9ea6d35d38b7d5a8eaf725aee2</id>
<content type='text'>
Ghostscript 9.24 changed the internal lcms2 version:
https://www.ghostscript.com/doc/9.24/News.htm

With this change the directory name was also changed which broke our
code to force the usage of the buildroot lcms2 package.

Fixes
http://autobuild.buildroot.net/results/d04/d04ad017bf06a442a7397f935959994ba72824e1/

Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>ghostscript: security bump to version 9.25</title>
<updated>2018-09-28T13:07:45+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2018-09-27T16:00:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b054797ecafec2b4b8945ad654242133749bf653'/>
<id>urn:sha1:b054797ecafec2b4b8945ad654242133749bf653</id>
<content type='text'>
Fixes the following security issues:

- CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and
  gsgetresolution allow attackers to have an unspecified impact

- CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable
  error exception table, which could be used by remote attackers able to
  supply crafted PostScript to potentially overwrite or replace error
  handlers to inject code.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>ghostscript: set correct font path on target</title>
<updated>2018-07-28T21:57:10+00:00</updated>
<author>
<name>Thomas Ehrhardt</name>
<email>e.thomas@gmx.de</email>
</author>
<published>2018-07-25T11:46:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=a76eab228f0bde8597bb6431733e3e1a8d25f806'/>
<id>urn:sha1:a76eab228f0bde8597bb6431733e3e1a8d25f806</id>
<content type='text'>
GHOSTSCRIPT_FONTS_TARGET_DIR is set to $(TARGET_DIR)/usr/share/fonts/gs
in ghostscript-fonts.mk. If we pass this full path to ghostscript, it
will look for fonts in $(TARGET_DIR), which doesn't exist on the
target.

Instead of /usr/share/fonts/gs, use /usr/share/fonts so ghostscript can
also access other fonts than the ones installed by ghostscript-fonts.

Signed-off-by: Thomas Ehrhardt &lt;tehrhardt@innovaphone.com&gt;
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) &lt;arnout@mind.be&gt;
</content>
</entry>
<entry>
<title>ghostscript: don't use lcms2art</title>
<updated>2018-05-06T07:05:03+00:00</updated>
<author>
<name>Fabrice Fontaine</name>
<email>fontaine.fabrice@gmail.com</email>
</author>
<published>2018-05-05T16:58:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b0bf1f5888eac726368c264c588ad5be33421efd'/>
<id>urn:sha1:b0bf1f5888eac726368c264c588ad5be33421efd</id>
<content type='text'>
Delete lcsm2art directory to use the buildroot lcms2 library

Fixes:
 - http://autobuild.buildroot.net/results/cda9c22bf29278cc24ab852094df19b773d0f151

Signed-off-by: Fabrice Fontaine &lt;fontaine.fabrice@gmail.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>ghostscript: bump to version 9.23</title>
<updated>2018-05-03T20:07:23+00:00</updated>
<author>
<name>Fabrice Fontaine</name>
<email>fontaine.fabrice@gmail.com</email>
</author>
<published>2018-05-03T11:33:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=60c4bd8ba4b0282d9c4549ade485def414959e60'/>
<id>urn:sha1:60c4bd8ba4b0282d9c4549ade485def414959e60</id>
<content type='text'>
- Remove sha256 (not provided anymore) and keep only sha512
- Update patch
- Add hash for license file

Signed-off-by: Fabrice Fontaine &lt;fontaine.fabrice@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@bootlin.com&gt;
</content>
</entry>
<entry>
<title>ghostscript: bump version to 9.22</title>
<updated>2017-10-17T20:36:20+00:00</updated>
<author>
<name>Olivier Schonken</name>
<email>olivier.schonken@gmail.com</email>
</author>
<published>2017-10-17T13:48:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=535cc2f03ea421b70fe81f3e5c76c805de16f8e4'/>
<id>urn:sha1:535cc2f03ea421b70fe81f3e5c76c805de16f8e4</id>
<content type='text'>
Remove patches that has been merged/updated upstream

0002-Host-tool-mkromfs_1-needs-libz.patch
-&gt; http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=284f5fe121d8eb0a0f50a6f2465ee2f99a061018
0003-Bug-697799-have-.eqproc-check-its-parameters.patch
-&gt; http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
   http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
   http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
0004-Bug-697799-have-.rsdparams-check-its-parameters
-&gt; http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
   http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad

Signed-off-by: Olivier Schonken &lt;olivier.schonken@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>ghostscript: add upstream security fixes for CVE-2017-8291</title>
<updated>2017-04-28T12:15:32+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-04-28T07:49:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=874becfd019bc8f4e126684d08c4164e984b11c3'/>
<id>urn:sha1:874becfd019bc8f4e126684d08c4164e984b11c3</id>
<content type='text'>
CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.

For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package: use SPDX short identifier for AGPLv3</title>
<updated>2017-04-01T13:18:47+00:00</updated>
<author>
<name>Rahul Bedarkar</name>
<email>rahulbedarkar89@gmail.com</email>
</author>
<published>2017-03-30T13:43:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=13c72e379b8ff14612b86cee85997842f9523a8b'/>
<id>urn:sha1:13c72e379b8ff14612b86cee85997842f9523a8b</id>
<content type='text'>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for AGPLv3 is AGPL-3.0.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/AGPLv3/AGPL-3.0/g'

Signed-off-by: Rahul Bedarkar &lt;rahulbedarkar89@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
</feed>
