openembedded-core.git/meta/recipes-extended/ghostscript, branch thud Mirror of openembedded-core ghostscript: Fix CVE-2019-6116 2019-02-25T22:25:03+00:00 Ovidiu Panait ovidiu.panait@windriver.com 2019-02-21T09:30:57+00:00 af397d31e467d6af00ef835537221bc211d94ca6 It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. Reference: https://www.openwall.com/lists/oss-security/2019/01/23/5 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a3c4fc169e7c6c1e83874a6bf63a6fb42b Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.

Reference:
https://www.openwall.com/lists/oss-security/2019/01/23/5

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a3c4fc169e7c6c1e83874a6bf63a6fb42b

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ghostscript: 9.25 -> 9.26 2019-01-08T20:12:07+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-28T07:02:54+00:00 c62b64e771eb27089738a153ee61d34cdf6441ab - Drop backported CVE fixes 000[1-8]*.patch (From OE-Core rev: f30bd6bf01dbf81f0872382be44d507fb981f953) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
- Drop backported CVE fixes
  000[1-8]*.patch

(From OE-Core rev: f30bd6bf01dbf81f0872382be44d507fb981f953)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ghostscript: fix CVE-2018-18284 2018-11-06T11:54:30+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-05T08:03:37+00:00 98ab5c5770d20b39bf3c58083f31f31838f2e940 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving the 1Policy
operator.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ghostscript: fix CVE-2018-18073 2018-11-06T11:54:30+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-05T08:03:36+00:00 6098c19e1f179896af7013c4b5db3081549c97bc Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ghostscript: fix CVE-2018-17961 2018-11-06T11:54:30+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-05T08:03:35+00:00 6c32ea184941d292cd8f0eb898e6cc90120ada40 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ghostscript: upgrade to 9.25 2018-09-20T12:41:25+00:00 Jagadeesh Krishnanjanappa jkrishnanjanappa@mvista.com 2018-09-17T16:44:50+00:00 4340928b8878b91b5a2750eb6bc87918740511ca Removed below patches, as v9.25 source already has those changes/security fixes: 0001-Bug-699665-memory-corruption-in-aesdecode.patch 0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch 0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch 0003-Fix-Bug-699660-shading_param-incomplete-type-checkin.patch 0004-Hide-the-.shfill-operator.patch 0005-Bug-699657-properly-apply-file-permissions-to-.tempf.patch remove-direct-symlink.patch Re-worked ghostscript-9.21-native-fix-disable-system-libtiff.patch and ghostscript-9.21-prevent_recompiling.patch to fix warnings in do_patch task of ghostscript v9.25 recipe. Highlights of ghostscript v9.25 release: --------------------------------------- - This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release. - Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources. - Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits. - As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files. - IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF). - The usual round of bug fixes, compatibility changes, and incremental improvements. Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Removed below patches, as v9.25 source already has those
changes/security fixes:

0001-Bug-699665-memory-corruption-in-aesdecode.patch
0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch
0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
0003-Fix-Bug-699660-shading_param-incomplete-type-checkin.patch
0004-Hide-the-.shfill-operator.patch
0005-Bug-699657-properly-apply-file-permissions-to-.tempf.patch
remove-direct-symlink.patch

Re-worked ghostscript-9.21-native-fix-disable-system-libtiff.patch
and ghostscript-9.21-prevent_recompiling.patch
to fix warnings in do_patch task of ghostscript v9.25 recipe.

Highlights of ghostscript v9.25 release:
---------------------------------------
- This release fixes problems with argument handling, some unintended results
  of the security fixes to the SAFER file access restrictions
  (specifically accessing ICC profile files), and some additional security
  issues over the recent 9.24 release.

- Note: The ps2epsi utility does not, and cannot call Ghostscript with
  the -dSAFER command line option. It should never be called with input
  from untrusted sources.

- Security issues have been the primary focus of this release, including
  solving several (well publicised) real and potential exploits.

- As well as Ghostscript itself, jbig2dec has had a significant amount of work
  improving its robustness in the face of out specification files.

- IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread
  safe, and cannot be made thread safe without breaking the ABI.
  Our fork will be thread safe, and include performance enhancements
  (these changes have all be been offered and rejected upstream). We will
  maintain compatibility between Ghostscript and LCMS2 for a time, but not in
  perpetuity. Our fork will be available as its own package separately from
  Ghostscript (and MuPDF).

- The usual round of bug fixes, compatibility changes, and incremental
  improvements.

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ghostscript: fix CVE-2018-15908 & CVE-2018-15909 & CVE-2018-15910 & CVE-2018-15911 2018-09-11T08:05:29+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-09-10T07:21:01+00:00 b6d32d43fd2b016e932b7dc81fb943eb936b73bb Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
ghostscript: fix CVE-2018-10194 2018-07-03T07:24:34+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-07-02T08:18:38+00:00 4b56d6a61bfe4ca28d1301ae83898a979d3df73a https://nvd.nist.gov/vuln/detail/CVE-2018-10194 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
https://nvd.nist.gov/vuln/detail/CVE-2018-10194

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
ghostscript: 9.21 -> 9.23 2018-05-04T08:54:49+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-03-30T08:50:33+00:00 f8b4636472c6784fb78ca09a7dd7ebe53011f631 1. Drop backported patches - CVE-2017-7207.patch - CVE-2017-5951.patch - CVE-2017-7975.patch - CVE-2017-9216.patch - CVE-2017-9611.patch - CVE-2017-9612.patch - CVE-2017-9739.patch - CVE-2017-9726.patch - CVE-2017-9727.patch - CVE-2017-9835.patch - CVE-2017-11714.patch 2. Rebase to 9.23 - ghostscript-9.15-parallel-make.patch - ghostscript-9.16-Werror-return-type.patch - do-not-check-local-libpng-source.patch - avoid-host-contamination.patch - mkdir-p.patch - ghostscript-9.21-prevent_recompiling.patch - ghostscript-9.02-genarch.patch - cups-no-gcrypt.patch - ghostscript-9.21-native-fix-disable-system-libtiff.patch - base-genht.c-add-a-preprocessor-define-to-allow-fope.patch 3. Add packps from (native to target) to support cross compiling. 4. Add remove-direct-symlink.patch to fix do_populate_sysroot failure Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
1. Drop backported patches
- CVE-2017-7207.patch
- CVE-2017-5951.patch
- CVE-2017-7975.patch
- CVE-2017-9216.patch
- CVE-2017-9611.patch
- CVE-2017-9612.patch
- CVE-2017-9739.patch
- CVE-2017-9726.patch
- CVE-2017-9727.patch
- CVE-2017-9835.patch
- CVE-2017-11714.patch

2. Rebase to 9.23
- ghostscript-9.15-parallel-make.patch
- ghostscript-9.16-Werror-return-type.patch
- do-not-check-local-libpng-source.patch
- avoid-host-contamination.patch
- mkdir-p.patch
- ghostscript-9.21-prevent_recompiling.patch
- ghostscript-9.02-genarch.patch
- cups-no-gcrypt.patch
- ghostscript-9.21-native-fix-disable-system-libtiff.patch
- base-genht.c-add-a-preprocessor-define-to-allow-fope.patch

3. Add packps from (native to target) to support cross compiling.

4. Add remove-direct-symlink.patch to fix
   do_populate_sysroot failure

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ghostscript: drop incorrectly applied patch 2018-03-09T17:16:02+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2018-03-08T18:17:45+00:00 1fc1a5f392ec6773cd520cbbd19b58931c6a2d66 The patch was adding a change to the source file that was already there, so the lines of code were repeated twice. This didn't create a bug or a security issue, but it may well have. Long story: https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch was adding a change to the source file that was already there,
so the lines of code were repeated twice. This didn't create a bug or a
security issue, but it may well have.

Long story:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>