CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.
For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for AGPLv3 is AGPL-3.0.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/AGPLv3/AGPL-3.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ghostscript configure script checks for zlib on the host when
configuring the build of auxiliary programs used in the compilation
process and fails if such library is not found.
Add 'host-zlib' as a dependency and, while at it, also enclose $(HOSTCC)
in double quotes, otherwise configure fails when that variable expands
to a command containing spaces (e.g. when ccache is enabled).
Fixes:
http://autobuild.buildroot.net/results/61af9caa7fe6fce6b11f78f66b9d3590f37e92e7/http://autobuild.buildroot.net/results/904f06e14247c22f740d8fd8902618017e0518f6/
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ijs/ subfolder contains a bogus ltmain.sh file, which is actually a
broken symbolic link. Due to this, our logic to patch ltmain.sh files
fail with some patch versions:
>>> ghostscript 9.21 Patching libtool
File /home/buildroot/build/instance-0/output/build/ghostscript-9.21/ijs/ltmain.sh is not a regular file -- refusing to patch
Since we are anyway not using the ijs support (--without-ijs is passed),
do like we do for all other sub-components of ghostscript: get rid of
the ijs/ subfolder completely.
Fixes:
http://autobuild.buildroot.net/results/ca683d69b7fb564788c8877c3bb6466390e976a8/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- switch to version 9.21 now that it has been released
- add a hash file
- switch to Git formatted patches
- use $(HOSTCC) instead of hardcoding "gcc", and use $(HOST_CFLAGS) and
$(HOST_LDFLAGS) instead of hardcoding -L$(HOST_DIR)/usr/lib
-I$(HOST_DIR)/usr/include
- add entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
