diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-23 00:55:50 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 04:36:32 +0300 |
commit | a5c52ff0bb57fccc2dcd3bd10647d2fa77ddf8c3 (patch) | |
tree | e085aadbd071233b82de4a8c76d269f9d746daaa /poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch | |
parent | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (diff) | |
download | openbmc-a5c52ff0bb57fccc2dcd3bd10647d2fa77ddf8c3.tar.xz |
poky: thud refresh 87e3a9739d..1cab405d88
Update poky to thud HEAD.
Adrian Bunk (1):
archiver.bbclass: Fix COPYLEFT_LICENSE_{IN, EX}CLUDE
Adrian Freihofer (2):
systemd: fix PN-container package splitting
devtool: fix target-deploy --strip
Alejandro Enedino Hernandez Samaniego (1):
python: Adds instructions to the manifest file
Alexander Kanavin (3):
meson: do not manipulate the environment when looking for python via pkg-config
openssl: update to 1.1.1a
libc-package: fix postinst error when ENABLE_BINARY_LOCALE_GENERATION = "0"
Alexey Brodkin (1):
gdb: Remove long ago upstreamed patch
André Draszik (1):
linux-firmware: better packaging for TI wl12xx & wl18xx firmwares
Anuj Mittal (13):
maintainers.inc: update Intel owners
gst-plugins-bad: add PACKAGECONFIG for msdk
gstreamer1.0: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-plugins-base: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-plugins-good: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-plugins-bad: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-plugins-ugly: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-libav: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-vaapi: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-rtsp-server: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-omx: upgrade 1.14.3 -> 1.14.4
gstreamer1.0-python: upgrade 1.14.3 -> 1.14.4
gst-validate: upgrade 1.14.2 -> 1.14.4
Armin Kuster (1):
gnutls: update to 3.6.4
Bruce Ashfield (13):
linux-yocto: remove obselete options from lxc config
linux-yocto/4.14: configuration cleanups
linux-yocto/4.18: -rt sync and config cleanups
linux-yocto/tiny: switch default branch to standard/tiny/base
linux-yocto/tiny: restore qemuarm support
linux-yocto/4.18: bug fixes and configuration tweaks
linux-yocto/4.18: update to v4.18.17
linux-yocto/4.14: update to v4.14.79
linux-yocto/4.18: integrate CVE fixes
linux-yocto/4.18: update to v4.18.20
linux-yocto/4.18: update to v4.18.21
linux-yocto: configuration updates (virtio and tpm)
linux-yocto: correct qemumips64el definition
Carlos Rafael Giani (10):
gstreamer1.0: upgrade to version 1.14.3
gstreamer1.0-plugin-base: upgrade to version 1.14.3
gstreamer1.0-plugin-good: upgrade to version 1.14.3
gstreamer1.0-plugin-bad: upgrade to version 1.14.3
gstreamer1.0-plugin-ugly: upgrade to version 1.14.3
gstreamer1.0-libav: upgrade to version 1.14.3
gstreamer1.0-rtsp-server: upgrade to version 1.14.3
gstreamer1.0-vaapi: upgrade to version 1.14.3
gstreamer1.0-omx: upgrade to version 1.14.3
gstreamer1.0-python: upgrade to version 1.14.3
Changhyeok Bae (2):
iproute2: 4.18.0 -> 4.19.0
ethtool: 4.17 -> 4.19
Christophe PRIOUZEAU (1):
openssl: correct bad path on package preprocess
Douglas Royds (4):
boost-context: Reproducibility: Set .file section for all *_elf_gas.S files
reproducible: Refactor: Break out fixed_source_date_epoch() function
reproducible: Don't look for youngest file when no source tarball
ptest: Reproducibility: Take control of umask
Eric Chanudet (1):
licence: Add license file CC-BY-SA-4.0
Hongxu Jia (6):
elfutils: 0.174 -> 0.175
gnupg: upgrade 2.2.9 -> 2.2.10
gnupg: upgrade 2.2.10 -> 2.2.11
libgcrypt: upgrade 1.8.3 -> 1.8.4
ghostscript: 9.25 -> 9.26
go 1.9/1.11: fix textrel qa warning for non mips arch
Joshua Watt (3):
meta/icecc.bbclass: Move system blacklist to variables
meta/icecc.bbclass: Update system blacklists
classes/icecc.bbclass: Fix ccache disable
Kai Kang (1):
multilib_script: fix packages split
Khem Raj (3):
valgrind: Skip vgpreload_memcheck shared object from stripping
populate_sdk_ext.bbclass: Include site.conf in parsing for contents for local.conf
local.conf.sample: Update the sample config as per new migration manual
Ming Liu (1):
image.bbclass: fix a wrong position blank
Mingli Yu (2):
mdadm: improve the run-ptest
nspr: improve reproducibility
Niko Mauno (1):
opkg-utils: Fix update-alternatives link relocation
Otavio Salvador (1):
linux-firmware: Bump revision to 1baa348
Paul Eggleton (1):
socat: fix LICENSE
Peter Kjellerstedt (3):
meson: Correct use of the _append operator
bitbake: bitbake-diffsigs: Merge with bitbake-dumpsig
bitbake: bitbake-diffsigs: Support recursive deps with signature files
Richard Purdie (9):
meson: Disable rpath stripping at install time
scripts/runqemu: Fix logic error causing failures with MACHINE from the environment
meta-selftest/error: Cleanup large trailing whitespace
bitbake: server/process: Make lockfile handling clearer
bitbake: server/process: Show the last 60 log lines, not the last 10
bitbake: server/process: Show last 60 lines of the log if the server didn't start
poky.conf: Update the distros we test against on the autobuilder
poky: Update version to 2.6.1
build-appliance-image: Update to thud head revision
Robert Yang (5):
classes: Remove tab indentations in python code
recipes: Remove tab indentations in python code
bugzilla.bbclass: Remove it since obsoleted
sstate.bbclass: Only remove sstate file when task is existed
bitbake: server/process: print a message when no logfile
Ross Burton (12):
cpio: fix crash when appending to archives
image_types: use cpio-native to build cpio images
libtasn1: no need to inherit binconfig
binconfig: only try to mangles files
piglit: add missing waffle-bin dependency
ruby: upgrade 2.5.1 -> 2.5.3
insane: Clarify GNU_HASH warning
patchreview: Various fixes/improvements
python3: don't cripple target distutils
python3: drop redundant patch
bitbake: layerindex: don't use shell=True when cloning
bitbake: fetch: don't use shell=True when listing ar files
Zheng Ruoqin (2):
nss: Fix SHA_HTONL bug for arm 32be.
createrepo-c: Fix setup of logging (log domains)
Change-Id: I025dd27f44e57af38abff110ebc331e371bc461b
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch')
-rw-r--r-- | poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch | 197 |
1 files changed, 0 insertions, 197 deletions
diff --git a/poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch b/poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch deleted file mode 100644 index ad66fc3d6e..0000000000 --- a/poky/meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 430f39144244ba4fd7b720cf87031e415e0fabce Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Mon, 5 Nov 2018 15:42:52 +0800 -Subject: [PATCH 2/2] Bug 699927: don't include operator arrays in execstack - output - -When we transfer the contents of the execution stack into the array, take the -extra step of replacing any operator arrays on the stack with the operator -that reference them. - -This prevents the contents of Postscript defined, internal only operators (those -created with .makeoperator) being exposed via execstack (and thus, via error -handling). - -This necessitates a change in the resource remapping 'resource', which contains -a procedure which relies on the contents of the operators arrays being present. -As we already had internal-only variants of countexecstack and execstack -(.countexecstack and .execstack) - using those, and leaving thier operation -including the operator arrays means the procedure continues to work correctly. - -Both .countexecstack and .execstack are undefined after initialization. - -Also, when we store the execstack (or part thereof) for an execstackoverflow -error, make the same oparray/operator substitution as above for execstack. - -CVE: CVE-2018-18073 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - Resource/Init/gs_init.ps | 4 ++-- - Resource/Init/gs_resmp.ps | 2 +- - psi/int.mak | 2 +- - psi/interp.c | 14 +++++++++++--- - psi/interp.h | 2 ++ - psi/zcontrol.c | 13 ++++++++++--- - 6 files changed, 27 insertions(+), 10 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 7c71d18..f4c1053 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2191,7 +2191,7 @@ SAFER { .setsafeglobal } if - %% but can be easily restored (just delete the name from the list in the array). In future - %% we may remove the operator and the code implementation entirely. - [ -- /.bitadd /.charboxpath /.cond /.countexecstack /.execstack /.runandhide /.popdevicefilter -+ /.bitadd /.charboxpath /.cond /.runandhide /.popdevicefilter - /.execfile /.filenamesplit /.file_name_parent - /.setdefaultmatrix /.isprocfilter /.unread /.psstringencode - /.buildsampledfunction /.isencapfunction /.currentaccuratecurves /.currentcurvejoin /.currentdashadapt /.currentdotlength -@@ -2230,7 +2230,7 @@ SAFER { .setsafeglobal } if - /.localvmarray /.localvmdict /.localvmpackedarray /.localvmstring /.systemvmarray /.systemvmdict /.systemvmpackedarray /.systemvmstring /.systemvmfile /.systemvmlibfile - /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams - /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath -- /.type /.writecvs /.setSMask /.currentSMask -+ /.type /.writecvs /.setSMask /.currentSMask /.countexecstack /.execstack - - % Used by a free user in the Library of Congress. Apparently this is used to - % draw a partial page, which is then filled in by the results of a barcode -diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps -index 7cacaf8..9bb4263 100644 ---- a/Resource/Init/gs_resmp.ps -+++ b/Resource/Init/gs_resmp.ps -@@ -183,7 +183,7 @@ setpacking - % We don't check them. - - currentglobal //false setglobal % <object> bGlobal -- countexecstack array execstack % <object> bGlobal [execstack] -+ //false .countexecstack array //false .execstack % <object> bGlobal [execstack] - dup //null exch % <object> bGlobal [execstack] null [execstack] - length 3 sub -1 0 { % <object> bGlobal [execstack] null i - 2 index exch get % <object> bGlobal [execstack] null proc -diff --git a/psi/int.mak b/psi/int.mak -index 5d9b3d5..6ab5bf0 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -323,7 +323,7 @@ $(PSOBJ)zarray.$(OBJ) : $(PSSRC)zarray.c $(OP) $(memory__h)\ - - $(PSOBJ)zcontrol.$(OBJ) : $(PSSRC)zcontrol.c $(OP) $(string__h)\ - $(estack_h) $(files_h) $(ipacked_h) $(iutil_h) $(store_h) $(stream_h)\ -- $(INT_MAK) $(MAKEDIRS) -+ $(interp_h) $(INT_MAK) $(MAKEDIRS) - $(PSCC) $(PSO_)zcontrol.$(OBJ) $(C_) $(PSSRC)zcontrol.c - - $(PSOBJ)zdict.$(OBJ) : $(PSSRC)zdict.c $(OP)\ -diff --git a/psi/interp.c b/psi/interp.c -index b70769d..6dc0dda 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -142,7 +142,6 @@ static int oparray_pop(i_ctx_t *); - static int oparray_cleanup(i_ctx_t *); - static int zerrorexec(i_ctx_t *); - static int zfinderrorobject(i_ctx_t *); --static int errorexec_find(i_ctx_t *, ref *); - static int errorexec_pop(i_ctx_t *); - static int errorexec_cleanup(i_ctx_t *); - static int zsetstackprotect(i_ctx_t *); -@@ -761,7 +760,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - { - uint size = ref_stack_count(pstack) - skip; - uint save_space = ialloc_space(idmemory); -- int code; -+ int code, i; - - if (size > 65535) - size = 65535; -@@ -770,6 +769,15 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - if (code >= 0) - code = ref_stack_store(pstack, arr, size, 0, 1, true, idmemory, - "copy_stack"); -+ /* If we are copying the exec stack, try to replace any oparrays with -+ * with the operator than references them -+ */ -+ if (pstack == &e_stack) { -+ for (i = 0; i < size; i++) { -+ if (errorexec_find(i_ctx_p, &arr->value.refs[i]) < 0) -+ make_null(&arr->value.refs[i]); -+ } -+ } - ialloc_set_space(idmemory, save_space); - return code; - } -@@ -1934,7 +1942,7 @@ zfinderrorobject(i_ctx_t *i_ctx_p) - * .errorexec with errobj != null, store it in *perror_object and return 1, - * otherwise return 0; - */ --static int -+int - errorexec_find(i_ctx_t *i_ctx_p, ref *perror_object) - { - long i; -diff --git a/psi/interp.h b/psi/interp.h -index e9275b9..4f551d1 100644 ---- a/psi/interp.h -+++ b/psi/interp.h -@@ -91,5 +91,7 @@ void gs_interp_reset(i_ctx_t *i_ctx_p); - /* Define the top-level interface to the interpreter. */ - int gs_interpret(i_ctx_t **pi_ctx_p, ref * pref, int user_errors, - int *pexit_code, ref * perror_object); -+int -+errorexec_find(i_ctx_t *i_ctx_p, ref *perror_object); - - #endif /* interp_INCLUDED */ -diff --git a/psi/zcontrol.c b/psi/zcontrol.c -index 36da22c..0362cf4 100644 ---- a/psi/zcontrol.c -+++ b/psi/zcontrol.c -@@ -24,6 +24,7 @@ - #include "ipacked.h" - #include "iutil.h" - #include "store.h" -+#include "interp.h" - - /* Forward references */ - static int check_for_exec(const_os_ptr); -@@ -787,7 +788,7 @@ zexecstack2(i_ctx_t *i_ctx_p) - /* Continuation operator to do the actual transfer. */ - /* r_size(op1) was set just above. */ - static int --do_execstack(i_ctx_t *i_ctx_p, bool include_marks, os_ptr op1) -+do_execstack(i_ctx_t *i_ctx_p, bool include_marks, bool include_oparrays, os_ptr op1) - { - os_ptr op = osp; - ref *arefs = op1->value.refs; -@@ -829,6 +830,12 @@ do_execstack(i_ctx_t *i_ctx_p, bool include_marks, os_ptr op1) - strlen(tname), (const byte *)tname); - break; - } -+ case t_array: -+ case t_shortarray: -+ case t_mixedarray: -+ if (!include_oparrays && errorexec_find(i_ctx_p, rq) < 0) -+ make_null(rq); -+ break; - default: - ; - } -@@ -841,14 +848,14 @@ execstack_continue(i_ctx_t *i_ctx_p) - { - os_ptr op = osp; - -- return do_execstack(i_ctx_p, false, op); -+ return do_execstack(i_ctx_p, false, false, op); - } - static int - execstack2_continue(i_ctx_t *i_ctx_p) - { - os_ptr op = osp; - -- return do_execstack(i_ctx_p, op->value.boolval, op - 1); -+ return do_execstack(i_ctx_p, op->value.boolval, true, op - 1); - } - - /* - .needinput - */ --- -2.7.4 - |