diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
| commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
| tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch | |
| parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
| download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz | |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch')
| -rw-r--r-- | poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch b/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch new file mode 100644 index 000000000..19cf7cc8c --- /dev/null +++ b/poky/meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch @@ -0,0 +1,42 @@ +From 37d7c9117b70e75ebed21c6c8192251f127c0fb0 Mon Sep 17 00:00:00 2001 +From: Nancy Durgin <nancy.durgin@artifex.com> +Date: Mon, 5 Nov 2018 15:36:27 +0800 +Subject: [PATCH 1/2] Undefine some additional internal operators. + +.type, .writecvs, .setSMask, .currentSMask + +These don't seem to be referenced anywhere outside of the initialization code, +which binds their usages. Passes cluster if they are removed. + +CVE: CVE-2018-18073 +Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Resource/Init/gs_init.ps | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index f952f32..7c71d18 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2230,6 +2230,7 @@ SAFER { .setsafeglobal } if + /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile + /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams + /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath ++ /.type /.writecvs /.setSMask /.currentSMask + + % Used by a free user in the Library of Congress. Apparently this is used to + % draw a partial page, which is then filled in by the results of a barcode +@@ -2248,7 +2249,7 @@ SAFER { .setsafeglobal } if + % test files/utilities, or engineers expressed a desire to keep them visible. + % + %/currentdevice /.sort /.buildfont0 /.buildfont1 /.buildfont2 /.buildfont3 /.buildfont4 /.buildfont9 /.buildfont10 /.buildfont11 +- %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors ++ %/.buildfont32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors + %/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget + %/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 + %/.tempfile /.numicc_components /.set_outputintent /.max /.min /.vmreclaim /.getpath /.setglobal +-- +2.7.4 + |