From patchwork Sun Aug 18 10:14:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 1148830 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46BCb167s6z9s4Y for ; Sun, 18 Aug 2019 20:14:21 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B39DA2153B; Sun, 18 Aug 2019 10:14:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6mVxTQhfCGSh; Sun, 18 Aug 2019 10:14:15 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 6BC4720553; Sun, 18 Aug 2019 10:14:15 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 9EAB21BF3AA for ; Sun, 18 Aug 2019 10:14:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 9B8F420553 for ; Sun, 18 Aug 2019 10:14:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4lCjdZY2VNj for ; Sun, 18 Aug 2019 10:14:12 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout08.t-online.de (mailout08.t-online.de [194.25.134.20]) by silver.osuosl.org (Postfix) with ESMTPS id E505320510 for ; Sun, 18 Aug 2019 10:14:11 +0000 (UTC) Received: from fwd24.aul.t-online.de (fwd24.aul.t-online.de [172.20.26.129]) by mailout08.t-online.de (Postfix) with SMTP id 5981441BF0F6 for ; Sun, 18 Aug 2019 12:14:09 +0200 (CEST) Received: from fli4l.lan.fli4l (TbxL1yZXghz9sdc673Q4QKG1pnC4vRqOMHzgMXYZocfEjWiv802DUvofHmChjVrQ5O@[84.161.182.96]) by fwd24.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1hzICN-1KB9Ci0; Sun, 18 Aug 2019 12:14:07 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:38058) by fli4l.lan.fli4l with esmtp (Exim 4.92.1) (envelope-from ) id 1hzICM-0004K0-SE for buildroot@buildroot.org; Sun, 18 Aug 2019 12:14:07 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sun, 18 Aug 2019 12:14:05 +0200 Message-Id: <20190818101406.6574-1-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-ID: TbxL1yZXghz9sdc673Q4QKG1pnC4vRqOMHzgMXYZocfEjWiv802DUvofHmChjVrQ5O X-TOI-MSGID: cef4bed1-ae44-4d9c-8a3c-ca6817998b2d Subject: [Buildroot] [PATCH v2 1/2] package/ghostscript: fix static build errors X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Patch 0003 fixes a bug which occured with pkgconfig enabled. Patch 0004 fixes the linking error with libidn. Fixes: http://autobuild.buildroot.net/results/45a/45a94a494eb2b719ac338d2e734753b11a4a0144/ Signed-off-by: Bernd Kuhls --- v2: added BUILD_PKGCONFIG=/bin/false (Thomas) fixed fontconfig/freetype linking error caused by using pkgconfig updated libidn detection (Thomas) .../ghostscript/0003-pkgconf-libs-only.patch | 28 ++++++++++ .../ghostscript/0004-pkgconfig-libidn.patch | 53 +++++++++++++++++++ package/ghostscript/ghostscript.mk | 3 ++ 3 files changed, 84 insertions(+) create mode 100644 package/ghostscript/0003-pkgconf-libs-only.patch create mode 100644 package/ghostscript/0004-pkgconfig-libidn.patch diff --git a/package/ghostscript/0003-pkgconf-libs-only.patch b/package/ghostscript/0003-pkgconf-libs-only.patch new file mode 100644 index 0000000000..8518c3b1f1 --- /dev/null +++ b/package/ghostscript/0003-pkgconf-libs-only.patch @@ -0,0 +1,28 @@ +fix build with pkg-config enabled + +Patch sent upstream: +https://bugs.ghostscript.com/show_bug.cgi?id=701440 + +Signed-off-by: Bernd Kuhls + +diff -uNr ghostscript-9.27.old/configure.ac ghostscript-9.27/configure.ac +--- ghostscript-9.27.old/configure.ac 2019-04-04 09:43:14.000000000 +0200 ++++ ghostscript-9.27/configure.ac 2019-08-18 11:32:50.163910476 +0200 +@@ -853,7 +853,7 @@ + if $PKGCONFIG --exists fontconfig; then + AC_MSG_RESULT(yes) + FONTCONFIG_CFLAGS="$CFLAGS `$PKGCONFIG --cflags fontconfig`" +- FONTCONFIG_LIBS="`$PKGCONFIG --libs fontconfig`" ++ FONTCONFIG_LIBS="`$PKGCONFIG --libs-only-l fontconfig`" + HAVE_FONTCONFIG=-DHAVE_FONTCONFIG + else + AC_MSG_RESULT(no) +@@ -996,7 +996,7 @@ + if $PKGCONFIG --atleast-version=12.0.6 freetype2; then + AC_MSG_RESULT(yes) + FT_CFLAGS="$CFLAGS `$PKGCONFIG --cflags freetype2`" +- FT_LIBS="`$PKGCONFIG --libs freetype2`" ++ FT_LIBS="`$PKGCONFIG --libs-only-l freetype2`" + FT_BRIDGE=1 + SHARE_FT=1 + else diff --git a/package/ghostscript/0004-pkgconfig-libidn.patch b/package/ghostscript/0004-pkgconfig-libidn.patch new file mode 100644 index 0000000000..6fcef0f3e5 --- /dev/null +++ b/package/ghostscript/0004-pkgconfig-libidn.patch @@ -0,0 +1,53 @@ +fix static build with libidn + +Patch sent upstream: +https://bugs.ghostscript.com/show_bug.cgi?id=701439 + +Signed-off-by: Bernd Kuhls + +diff -uNr ghostscript-9.27.old/configure.ac ghostscript-9.27/configure.ac +--- ghostscript-9.27.old/configure.ac 2019-04-04 09:43:14.000000000 +0200 ++++ ghostscript-9.27/configure.ac 2019-08-18 12:01:38.779728836 +0200 +@@ -790,22 +790,31 @@ + [Do not use libidn to support Unicode passwords])],, + [with_libidn=maybe]) + if test x$with_libidn != xno; then +- AC_CHECK_LIB(idn, stringprep, [ +- with_libidn=no +- AC_CHECK_HEADER([stringprep.h], [with_libidn=yes]) +- ], [ +- if test x$with_libidn != xmaybe; then +- AC_MSG_ERROR([libidn not found]) ++ if test "x$PKGCONFIG" != x; then ++ AC_MSG_CHECKING(for libidn with pkg-config) ++ if $PKGCONFIG --exists libidn; then ++ AC_MSG_RESULT(yes) ++ LIBS="$LIBS `$PKGCONFIG --libs libidn`" ++ HAVE_LIBIDN=-DHAVE_LIBIDN ++ else ++ AC_MSG_RESULT(no) ++ fi ++ fi ++ if test -z "$HAVE_LIBIDN"; then ++ AC_CHECK_LIB(idn, stringprep, [ ++ with_libidn=no ++ AC_CHECK_HEADER([stringprep.h], [with_libidn=yes]) ++ ], [ ++ if test x$with_libidn != xmaybe; then ++ AC_MSG_ERROR([libidn not found]) ++ fi ++ with_libidn=no ++ ]) + fi +- with_libidn=no +- ]) + fi + HAVE_LIBIDN='' + UTF8DEVS='' + if test x$with_libidn != xno; then +- HAVE_LIBIDN=-DHAVE_LIBIDN +- LIBS="$LIBS -lidn" +- + if test x$found_iconv != xno; then + UTF8DEVS='$(PSD)utf8.dev' + fi diff --git a/package/ghostscript/ghostscript.mk b/package/ghostscript/ghostscript.mk index fefac2aee3..42af344878 100644 --- a/package/ghostscript/ghostscript.mk +++ b/package/ghostscript/ghostscript.mk @@ -10,6 +10,8 @@ GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz GHOSTSCRIPT_LICENSE = AGPL-3.0 GHOSTSCRIPT_LICENSE_FILES = LICENSE # 0001-Fix-cross-compilation-issue.patch +# 0003-pkgconf-libs-only.patch +# 0004-pkgconfig-libidn.patch GHOSTSCRIPT_AUTORECONF = YES GHOSTSCRIPT_DEPENDENCIES = \ host-lcms2 \ @@ -33,6 +35,7 @@ endef GHOSTSCRIPT_POST_PATCH_HOOKS += GHOSTSCRIPT_REMOVE_LIBS GHOSTSCRIPT_CONF_ENV = \ + BUILD_PKGCONFIG=/bin/false \ CCAUX="$(HOSTCC)" \ CFLAGSAUX="$(HOST_CFLAGS) $(HOST_LDFLAGS)" From patchwork Sun Aug 18 10:14:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 1148831 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46BCbB4BmYz9s4Y for ; Sun, 18 Aug 2019 20:14:29 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 1D7D987648; Sun, 18 Aug 2019 10:14:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ae0yCBRq5yML; Sun, 18 Aug 2019 10:14:25 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id C6341874AB; Sun, 18 Aug 2019 10:14:25 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id EDFF21BF3AA for ; Sun, 18 Aug 2019 10:14:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id EB18A84543 for ; Sun, 18 Aug 2019 10:14:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ymJgfLDWhCpq for ; Sun, 18 Aug 2019 10:14:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout06.t-online.de (mailout06.t-online.de [194.25.134.19]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 8112584F61 for ; Sun, 18 Aug 2019 10:14:22 +0000 (UTC) Received: from fwd36.aul.t-online.de (fwd36.aul.t-online.de [172.20.26.137]) by mailout06.t-online.de (Postfix) with SMTP id 53257419A505 for ; Sun, 18 Aug 2019 12:14:20 +0200 (CEST) Received: from fli4l.lan.fli4l (bpQBZsZG8hrFKvmVr-RIy6WZU-r4Njn22kM1AuLzUOZQ+s2tNhBO6vLgKRfFTQZQac@[84.161.182.96]) by fwd36.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1hzICO-2KkK8m0; Sun, 18 Aug 2019 12:14:08 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:38058) by fli4l.lan.fli4l with esmtp (Exim 4.92.1) (envelope-from ) id 1hzICN-0004K0-BU for buildroot@buildroot.org; Sun, 18 Aug 2019 12:14:07 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sun, 18 Aug 2019 12:14:06 +0200 Message-Id: <20190818101406.6574-2-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190818101406.6574-1-bernd.kuhls@t-online.de> References: <20190818101406.6574-1-bernd.kuhls@t-online.de> MIME-Version: 1.0 X-ID: bpQBZsZG8hrFKvmVr-RIy6WZU-r4Njn22kM1AuLzUOZQ+s2tNhBO6vLgKRfFTQZQac X-TOI-MSGID: f0d8476a-6d56-4177-a37e-32fc842a5336 Subject: [Buildroot] [PATCH 2/2] package/ghostscript: add upstream security fix for CVE-2019-10216 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/ghostscript/0005-CVE-2019-10216.patch | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 package/ghostscript/0005-CVE-2019-10216.patch diff --git a/package/ghostscript/0005-CVE-2019-10216.patch b/package/ghostscript/0005-CVE-2019-10216.patch new file mode 100644 index 0000000000..2d624cd17b --- /dev/null +++ b/package/ghostscript/0005-CVE-2019-10216.patch @@ -0,0 +1,49 @@ +From: Chris Liddell +Date: Fri, 2 Aug 2019 14:18:26 +0000 (+0100) +Subject: Bug 701394: protect use of .forceput with executeonly +X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=5b85ddd19a8420a1bd2d5529325be35d78e94234 + +Bug 701394: protect use of .forceput with executeonly + +Fixes CVE-2019-10216 + +Signed-off-by: Bernd Kuhls +--- + +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index 6c7735b..a039cce 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -118,25 +118,25 @@ + ( to be the same as glyph: ) print 1 index //== exec } if + 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname +- } ++ }executeonly + {pop} ifelse +- } forall ++ } executeonly forall + pop pop +- } ++ } executeonly + { + pop pop pop + } ifelse +- } ++ } executeonly + { + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + pop pop + } ifelse +- } forall ++ } executeonly forall + 3 1 roll pop pop +- } if ++ } executeonly if + pop + dup /.AGLprocessed~GS //true .forceput +- } if ++ } executeonly if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there + %% are errors we can put the stack back sanely and exit. Otherwise callers won't