CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.
For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for AGPLv3 is AGPL-3.0.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/AGPLv3/AGPL-3.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ijs/ subfolder contains a bogus ltmain.sh file, which is actually a
broken symbolic link. Due to this, our logic to patch ltmain.sh files
fail with some patch versions:
>>> ghostscript 9.21 Patching libtool
File /home/buildroot/build/instance-0/output/build/ghostscript-9.21/ijs/ltmain.sh is not a regular file -- refusing to patch
Since we are anyway not using the ijs support (--without-ijs is passed),
do like we do for all other sub-components of ghostscript: get rid of
the ijs/ subfolder completely.
Fixes:
http://autobuild.buildroot.net/results/ca683d69b7fb564788c8877c3bb6466390e976a8/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- switch to version 9.21 now that it has been released
- add a hash file
- switch to Git formatted patches
- use $(HOSTCC) instead of hardcoding "gcc", and use $(HOST_CFLAGS) and
$(HOST_LDFLAGS) instead of hardcoding -L$(HOST_DIR)/usr/lib
-I$(HOST_DIR)/usr/include
- add entry to DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
