| Message ID | 20230610153819.936259-1-bernd.kuhls@t-online.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/ghostscript: security bump version to 10.01.1 | expand |
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes: > Switch tarball to .xz > Fixes CVE-2023-28879: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28879 > Release notes: > https://ghostscript.readthedocs.io/en/latest/News.html?utm_source=ghostscript&utm_medium=website&utm_content=inline-link > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes: >> Switch tarball to .xz >> Fixes CVE-2023-28879: >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28879 >> Release notes: >> https://ghostscript.readthedocs.io/en/latest/News.html?utm_source=ghostscript&utm_medium=website&utm_content=inline-link >> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> > Committed, thanks. Committed to 2023.02.x and 2023.05.x, thanks.
diff --git a/package/ghostscript/ghostscript.hash b/package/ghostscript/ghostscript.hash index ca26a38a02..30c45a5a74 100644 --- a/package/ghostscript/ghostscript.hash +++ b/package/ghostscript/ghostscript.hash @@ -1,5 +1,5 @@ -# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9561/SHA512SUMS -sha512 f498384af80654c040635564b8bc9a64c4bb5b0769bb00aade4042bbe9117c482362dc1a1fac72db3ce9487dd5a5bb8fb81b35b360680fe598df33dfbbe79499 ghostscript-9.56.1.tar.gz +# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10011/SHA512SUMS +sha512 d944be9e8aef68d1176d64c40db6fa86d55d0c9e30047f2147c02806ab61cfe9ac2cb00d4e5b218ff3c51cc6ed47ceffe1bac4dd9d4cc1760b7974f30c6c2735 ghostscript-10.01.1.tar.xz # Hash for license file: sha256 8ce064f423b7c24a011b6ebf9431b8bf9861a5255e47c84bfb23fc526d030a8b LICENSE diff --git a/package/ghostscript/ghostscript.mk b/package/ghostscript/ghostscript.mk index 364fa1469a..d215afccd2 100644 --- a/package/ghostscript/ghostscript.mk +++ b/package/ghostscript/ghostscript.mk @@ -4,7 +4,8 @@ # ################################################################################ -GHOSTSCRIPT_VERSION = 9.56.1 +GHOSTSCRIPT_VERSION = 10.01.1 +GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION)) GHOSTSCRIPT_LICENSE = AGPL-3.0 GHOSTSCRIPT_LICENSE_FILES = LICENSE
Switch tarball to .xz Fixes CVE-2023-28879: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28879 Release notes: https://ghostscript.readthedocs.io/en/latest/News.html?utm_source=ghostscript&utm_medium=website&utm_content=inline-link Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> --- package/ghostscript/ghostscript.hash | 4 ++-- package/ghostscript/ghostscript.mk | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-)