[Buildroot] [PATCH 1/1] package/ghostscript: bump to version 9.55.0

* [Buildroot] [PATCH 1/1] package/ghostscript: bump to version 9.55.0
@ 2022-01-15 14:39 Fabrice Fontaine
  2022-02-03 20:43 ` Arnout Vandecappelle
  0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-01-15 14:39 UTC (permalink / raw)
  To: buildroot; +Cc: Bernd Kuhls, Fabrice Fontaine

- Drop patches (already in version)
- Disable pdf which fails to build and was added by
  https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=316c3a08269212f1005709da64efcb383f8f5ce0
- Update hash of license file (references on ETS related patents removed
  with
  https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=431167121968b066d90b0506347b6eb779e08a3f)

https://www.ghostscript.com/doc/9.54.0/News.htm
https://www.ghostscript.com/doc/9.55.0/News.htm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...05-Fix-typo-in-non-forked-lcms2-code.patch |  28 +++
 ...g-702985-drop-use-of-FT_CALLBACK_DEF.patch |  55 ----
 ...de-device-specifier-strings-in-acces.patch | 234 ------------------
 ...ack-limits-after-function-evaluation.patch |  52 ----
 ...-management-in-sampled_data_continue.patch |  68 -----
 package/ghostscript/ghostscript.hash          |   6 +-
 package/ghostscript/ghostscript.mk            |  12 +-
 7 files changed, 33 insertions(+), 422 deletions(-)
 create mode 100644 package/ghostscript/0001-Bug-704405-Fix-typo-in-non-forked-lcms2-code.patch
 delete mode 100644 package/ghostscript/0001-bug-702985-drop-use-of-FT_CALLBACK_DEF.patch
 delete mode 100644 package/ghostscript/0002-Bug-704342-Include-device-specifier-strings-in-acces.patch
 delete mode 100644 package/ghostscript/0003-oss-fuzz-30715-Check-stack-limits-after-function-evaluation.patch
 delete mode 100644 package/ghostscript/0004-Bug-703902-Fix-op-stack-management-in-sampled_data_continue.patch

diff --git a/package/ghostscript/0001-Bug-704405-Fix-typo-in-non-forked-lcms2-code.patch b/package/ghostscript/0001-Bug-704405-Fix-typo-in-non-forked-lcms2-code.patch
new file mode 100644
index 0000000000..bb1227f687
--- /dev/null
+++ b/package/ghostscript/0001-Bug-704405-Fix-typo-in-non-forked-lcms2-code.patch
@@ -0,0 +1,28 @@
+From 830afae5454dea3bff903869d82022306890a96c Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Fri, 1 Oct 2021 12:44:44 +0100
+Subject: [PATCH] Bug 704405: Fix typo in non-forked lcms2 code.
+
+[Retrieved from:
+https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=830afae5454dea3bff903869d82022306890a96c]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ base/gsicc_lcms2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gsicc_lcms2.c b/base/gsicc_lcms2.c
+index ccf1d7051..9badb6dee 100644
+--- a/base/gsicc_lcms2.c
++++ b/base/gsicc_lcms2.c
+@@ -462,7 +462,7 @@ int
+ gscms_transform_color(gx_device *dev, gsicc_link_t *icclink, void *inputcolor,
+                              void *outputcolor, int num_bytes)
+ {
+-    return gscms_transformm_color_const(dev, icclink, inputcolor, outputcolor, num_bytes);
++    return gscms_transform_color_const(dev, icclink, inputcolor, outputcolor, num_bytes);
+ }
+ 
+ int
+-- 
+2.25.1
+
diff --git a/package/ghostscript/0001-bug-702985-drop-use-of-FT_CALLBACK_DEF.patch b/package/ghostscript/0001-bug-702985-drop-use-of-FT_CALLBACK_DEF.patch
deleted file mode 100644
index 044dcc72f1..0000000000
--- a/package/ghostscript/0001-bug-702985-drop-use-of-FT_CALLBACK_DEF.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 41ef9a0bc36b9db7115fbe9623f989bfb47bbade Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 20 Oct 2020 09:49:45 +0100
-Subject: [PATCH] Bug 702985: drop use of FT_CALLBACK_DEF() def
-
-From 2.10.3, Freetype disappeared the FT_CALLBACK_DEF() macro, which is what
-we used when defining our callbacks from Freetype.
-
-No guidance forthcoming from the Freetype developer who made those changes,
-so change to explicitly declaring the callbacks file static.
-
-Should fix the reported build failures.
-
-Downloaded from upstream commit:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- base/fapi_ft.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/base/fapi_ft.c b/base/fapi_ft.c
-index 65fa6dcf4..21aef2f06 100644
---- a/base/fapi_ft.c
-+++ b/base/fapi_ft.c
-@@ -125,7 +125,7 @@ static void
- delete_inc_int_info(gs_fapi_server * a_server,
-                     FT_IncrementalRec * a_inc_int_info);
- 
--FT_CALLBACK_DEF(void *)
-+static void *
- FF_alloc(FT_Memory memory, long size)
- {
-     gs_memory_t *mem = (gs_memory_t *) memory->user;
-@@ -133,7 +133,7 @@ FF_alloc(FT_Memory memory, long size)
-     return (gs_malloc(mem, size, 1, "FF_alloc"));
- }
- 
--FT_CALLBACK_DEF(void *)
-+static void *
-     FF_realloc(FT_Memory memory, long cur_size, long new_size, void *block)
- {
-     gs_memory_t *mem = (gs_memory_t *) memory->user;
-@@ -153,7 +153,7 @@ FT_CALLBACK_DEF(void *)
-     return (tmp);
- }
- 
--FT_CALLBACK_DEF(void)
-+static void
-     FF_free(FT_Memory memory, void *block)
- {
-     gs_memory_t *mem = (gs_memory_t *) memory->user;
--- 
-2.17.1
-
diff --git a/package/ghostscript/0002-Bug-704342-Include-device-specifier-strings-in-acces.patch b/package/ghostscript/0002-Bug-704342-Include-device-specifier-strings-in-acces.patch
deleted file mode 100644
index 81436d8228..0000000000
--- a/package/ghostscript/0002-Bug-704342-Include-device-specifier-strings-in-acces.patch
+++ /dev/null
@@ -1,234 +0,0 @@
-From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 7 Sep 2021 20:36:12 +0100
-Subject: [PATCH] Bug 704342: Include device specifier strings in access
- validation
-
-for the "%pipe%", %handle%" and %printer% io devices.
-
-We previously validated only the part after the "%pipe%" Postscript device
-specifier, but this proved insufficient.
-
-This rebuilds the original file name string, and validates it complete. The
-slight complication for "%pipe%" is it can be reached implicitly using
-"|" so we have to check both prefixes.
-
-Addresses CVE-2021-3781
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- base/gdevpipe.c | 22 +++++++++++++++-
- base/gp_mshdl.c | 11 +++++++-
- base/gp_msprn.c | 10 ++++++-
- base/gp_os2pr.c | 13 +++++++++-
- base/gslibctx.c | 69 ++++++++++---------------------------------------
- 5 files changed, 65 insertions(+), 60 deletions(-)
-
-diff --git a/base/gdevpipe.c b/base/gdevpipe.c
-index 96d71f5d8..5bdc485be 100644
---- a/base/gdevpipe.c
-+++ b/base/gdevpipe.c
-@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
- #else
-     gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
-     gs_fs_list_t *fs = ctx->core->fs;
-+    /* The pipe device can be reached in two ways, explicltly with %pipe%
-+       or implicitly with "|", so we have to check for both
-+     */
-+    char f[gp_file_name_sizeof];
-+    const char *pipestr = "|";
-+    const size_t pipestrlen = strlen(pipestr);
-+    const size_t preflen = strlen(iodev->dname);
-+    const size_t nlen = strlen(fname);
-+    int code1;
-+
-+    if (preflen + nlen >= gp_file_name_sizeof)
-+        return_error(gs_error_invalidaccess);
-+
-+    memcpy(f, iodev->dname, preflen);
-+    memcpy(f + preflen, fname, nlen + 1);
-+
-+    code1 = gp_validate_path(mem, f, access);
-+
-+    memcpy(f, pipestr, pipestrlen);
-+    memcpy(f + pipestrlen, fname, nlen + 1);
- 
--    if (gp_validate_path(mem, fname, access) != 0)
-+    if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
-         return gs_error_invalidfileaccess;
- 
-     /*
-diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c
-index 2b964ed74..8d87ceadc 100644
---- a/base/gp_mshdl.c
-+++ b/base/gp_mshdl.c
-@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
-     long hfile;	/* Correct for Win32, may be wrong for Win64 */
-     gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
-     gs_fs_list_t *fs = ctx->core->fs;
-+    char f[gp_file_name_sizeof];
-+    const size_t preflen = strlen(iodev->dname);
-+    const size_t nlen = strlen(fname);
- 
--    if (gp_validate_path(mem, fname, access) != 0)
-+    if (preflen + nlen >= gp_file_name_sizeof)
-+        return_error(gs_error_invalidaccess);
-+
-+    memcpy(f, iodev->dname, preflen);
-+    memcpy(f + preflen, fname, nlen + 1);
-+
-+    if (gp_validate_path(mem, f, access) != 0)
-         return gs_error_invalidfileaccess;
- 
-     /* First we try the open_handle method. */
-diff --git a/base/gp_msprn.c b/base/gp_msprn.c
-index ed4827968..746a974f7 100644
---- a/base/gp_msprn.c
-+++ b/base/gp_msprn.c
-@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
-     uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
-     gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
-     gs_fs_list_t *fs = ctx->core->fs;
-+    const size_t preflen = strlen(iodev->dname);
-+    const size_t nlen = strlen(fname);
- 
--    if (gp_validate_path(mem, fname, access) != 0)
-+    if (preflen + nlen >= gp_file_name_sizeof)
-+        return_error(gs_error_invalidaccess);
-+
-+    memcpy(pname, iodev->dname, preflen);
-+    memcpy(pname + preflen, fname, nlen + 1);
-+
-+    if (gp_validate_path(mem, pname, access) != 0)
-         return gs_error_invalidfileaccess;
- 
-     /* First we try the open_printer method. */
-diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c
-index f852c71fc..ba54cde66 100644
---- a/base/gp_os2pr.c
-+++ b/base/gp_os2pr.c
-@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
-            FILE ** pfile, char *rfname, uint rnamelen)
- {
-     os2_printer_t *pr = (os2_printer_t *)iodev->state;
--    char driver_name[256];
-+    char driver_name[gp_file_name_sizeof];
-     gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
-     gs_fs_list_t *fs = ctx->core->fs;
-+    const size_t preflen = strlen(iodev->dname);
-+    const int size_t = strlen(fname);
-+
-+    if (preflen + nlen >= gp_file_name_sizeof)
-+        return_error(gs_error_invalidaccess);
-+
-+    memcpy(driver_name, iodev->dname, preflen);
-+    memcpy(driver_name + preflen, fname, nlen + 1);
-+
-+    if (gp_validate_path(mem, driver_name, access) != 0)
-+        return gs_error_invalidfileaccess;
- 
-     /* First we try the open_printer method. */
-     /* Note that the loop condition here ensures we don't
-diff --git a/base/gslibctx.c b/base/gslibctx.c
-index 6dfed6cd5..318039fad 100644
---- a/base/gslibctx.c
-+++ b/base/gslibctx.c
-@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
- int
- gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
- {
--    char *fp, f[gp_file_name_sizeof];
--    const int pipe = 124; /* ASCII code for '|' */
--    const int len = strlen(fname);
--    int i, code;
-+    char f[gp_file_name_sizeof];
-+    int code;
- 
-     /* Be sure the string copy will fit */
--    if (len >= gp_file_name_sizeof)
-+    if (strlen(fname) >= gp_file_name_sizeof)
-         return gs_error_rangecheck;
-     strcpy(f, fname);
--    fp = f;
-     /* Try to rewrite any %d (or similar) in the string */
-     rewrite_percent_specifiers(f);
--    for (i = 0; i < len; i++) {
--        if (f[i] == pipe) {
--           fp = &f[i + 1];
--           /* Because we potentially have to check file permissions at two levels
--              for the output file (gx_device_open_output_file and the low level
--              fopen API, if we're using a pipe, we have to add both the full string,
--              (including the '|', and just the command to which we pipe - since at
--              the pipe_fopen(), the leading '|' has been stripped.
--            */
--           code = gs_add_control_path(mem, gs_permit_file_writing, f);
--           if (code < 0)
--               return code;
--           code = gs_add_control_path(mem, gs_permit_file_control, f);
--           if (code < 0)
--               return code;
--           break;
--        }
--        if (!IS_WHITESPACE(f[i]))
--            break;
--    }
--    code = gs_add_control_path(mem, gs_permit_file_control, fp);
-+
-+    code = gs_add_control_path(mem, gs_permit_file_control, f);
-     if (code < 0)
-         return code;
--    return gs_add_control_path(mem, gs_permit_file_writing, fp);
-+    return gs_add_control_path(mem, gs_permit_file_writing, f);
- }
- 
- int
- gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
- {
--    char *fp, f[gp_file_name_sizeof];
--    const int pipe = 124; /* ASCII code for '|' */
--    const int len = strlen(fname);
--    int i, code;
-+    char f[gp_file_name_sizeof];
-+    int code;
- 
-     /* Be sure the string copy will fit */
--    if (len >= gp_file_name_sizeof)
-+    if (strlen(fname) >= gp_file_name_sizeof)
-         return gs_error_rangecheck;
-     strcpy(f, fname);
--    fp = f;
-     /* Try to rewrite any %d (or similar) in the string */
--    for (i = 0; i < len; i++) {
--        if (f[i] == pipe) {
--           fp = &f[i + 1];
--           /* Because we potentially have to check file permissions at two levels
--              for the output file (gx_device_open_output_file and the low level
--              fopen API, if we're using a pipe, we have to add both the full string,
--              (including the '|', and just the command to which we pipe - since at
--              the pipe_fopen(), the leading '|' has been stripped.
--            */
--           code = gs_remove_control_path(mem, gs_permit_file_writing, f);
--           if (code < 0)
--               return code;
--           code = gs_remove_control_path(mem, gs_permit_file_control, f);
--           if (code < 0)
--               return code;
--           break;
--        }
--        if (!IS_WHITESPACE(f[i]))
--            break;
--    }
--    code = gs_remove_control_path(mem, gs_permit_file_control, fp);
-+    rewrite_percent_specifiers(f);
-+
-+    code = gs_remove_control_path(mem, gs_permit_file_control, f);
-     if (code < 0)
-         return code;
--    return gs_remove_control_path(mem, gs_permit_file_writing, fp);
-+    return gs_remove_control_path(mem, gs_permit_file_writing, f);
- }
- 
- int
--- 
-2.20.1
-
diff --git a/package/ghostscript/0003-oss-fuzz-30715-Check-stack-limits-after-function-evaluation.patch b/package/ghostscript/0003-oss-fuzz-30715-Check-stack-limits-after-function-evaluation.patch
deleted file mode 100644
index 352f1754f6..0000000000
--- a/package/ghostscript/0003-oss-fuzz-30715-Check-stack-limits-after-function-evaluation.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 7861fcad13c497728189feafb41cd57b5b50ea25 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Fri, 12 Feb 2021 10:34:23 +0000
-Subject: [PATCH] oss-fuzz 30715: Check stack limits after function evaluation.
-
-During function result sampling, after the callout to the Postscript
-interpreter, make sure there is enough stack space available before pushing
-or popping entries.
-
-In thise case, the Postscript procedure for the "function" is totally invalid
-(as a function), and leaves the op stack in an unrecoverable state (as far as
-function evaluation is concerned). We end up popping more entries off the
-stack than are available.
-
-To cope, add in stack limit checking to throw an appropriate error when this
-happens.
-
-[Retrieved from:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- psi/zfsample.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/psi/zfsample.c b/psi/zfsample.c
-index 290809405..652ae02c6 100644
---- a/psi/zfsample.c
-+++ b/psi/zfsample.c
-@@ -551,9 +551,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
-     } else {
-         if (stack_depth_adjust) {
-             stack_depth_adjust -= num_out;
--            push(O_STACK_PAD - stack_depth_adjust);
--            for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
--                make_null(op - i);
-+            if ((O_STACK_PAD - stack_depth_adjust) < 0) {
-+                stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust);
-+                check_op(stack_depth_adjust);
-+                pop(stack_depth_adjust);
-+            }
-+            else {
-+                check_ostack(O_STACK_PAD - stack_depth_adjust);
-+                push(O_STACK_PAD - stack_depth_adjust);
-+                for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
-+                    make_null(op - i);
-+            }
-         }
-     }
- 
--- 
-2.25.1
-
diff --git a/package/ghostscript/0004-Bug-703902-Fix-op-stack-management-in-sampled_data_continue.patch b/package/ghostscript/0004-Bug-703902-Fix-op-stack-management-in-sampled_data_continue.patch
deleted file mode 100644
index 72e07df0ac..0000000000
--- a/package/ghostscript/0004-Bug-703902-Fix-op-stack-management-in-sampled_data_continue.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 2a3129365d3bc0d4a41f107ef175920d1505d1f7 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 1 Jun 2021 19:57:16 +0100
-Subject: [PATCH] Bug 703902: Fix op stack management in
- sampled_data_continue()
-
-Replace pop() (which does no checking, and doesn't handle stack extension
-blocks) with ref_stack_pop() which does do all that.
-
-We still use pop() in one case (it's faster), but we have to later use
-ref_stack_pop() before calling sampled_data_sample() which also accesses the
-op stack.
-
-Fixes:
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
-
-[Retrieved from:
-https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- psi/zfsample.c | 16 ++++++++++------
- 1 file changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/psi/zfsample.c b/psi/zfsample.c
-index 0e8e4bc8d..00cd0cfdd 100644
---- a/psi/zfsample.c
-+++ b/psi/zfsample.c
-@@ -533,15 +533,19 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
-         for (j = 0; j < bps; j++)
-             data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8));	/* MSB first */
-     }
--    pop(num_out);		    /* Move op to base of result values */
- 
--    /* Check if we are done collecting data. */
-+    pop(num_out); /* Move op to base of result values */
- 
-+    /* From here on, we have to use ref_stack_pop() rather than pop()
-+       so that it handles stack extension blocks properly, before calling
-+       sampled_data_sample() which also uses the op stack.
-+     */
-+    /* Check if we are done collecting data. */
-     if (increment_cube_indexes(params, penum->indexes)) {
-         if (stack_depth_adjust == 0)
--            pop(O_STACK_PAD);	    /* Remove spare stack space */
-+            ref_stack_pop(&o_stack, O_STACK_PAD);	    /* Remove spare stack space */
-         else
--            pop(stack_depth_adjust - num_out);
-+            ref_stack_pop(&o_stack, stack_depth_adjust - num_out);
-         /* Execute the closing procedure, if given */
-         code = 0;
-         if (esp_finish_proc != 0)
-@@ -554,11 +558,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
-             if ((O_STACK_PAD - stack_depth_adjust) < 0) {
-                 stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust);
-                 check_op(stack_depth_adjust);
--                pop(stack_depth_adjust);
-+                ref_stack_pop(&o_stack, stack_depth_adjust);
-             }
-             else {
-                 check_ostack(O_STACK_PAD - stack_depth_adjust);
--                push(O_STACK_PAD - stack_depth_adjust);
-+                ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust);
-                 for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
-                     make_null(op - i);
-             }
--- 
-2.25.1
-
diff --git a/package/ghostscript/ghostscript.hash b/package/ghostscript/ghostscript.hash
index f6cedc6198..95305a5e06 100644
--- a/package/ghostscript/ghostscript.hash
+++ b/package/ghostscript/ghostscript.hash
@@ -1,5 +1,5 @@
-# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9533/SHA512SUMS
-sha512  c142ef9d83896aa8fd18c8e412220fe8f4950614be00d327d27ab051fe85e16524bf2ee00f46c2aca7a352ce47bc3acf2c4de0f7bbea7e4c55474b8af6cdc0a6  ghostscript-9.53.3.tar.gz
+# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9550/SHA512SUMS
+sha512  3646b7981dced443559ba97c74c08463139e86a5479661e4dcd217c51e3f8e766da9cf4d7889a98ba3c079a17e9e5b452cc765b633e0720deab2337e77efdd09  ghostscript-9.55.0.tar.gz
 
 # Hash for license file:
-sha256  6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2  LICENSE
+sha256  8ce064f423b7c24a011b6ebf9431b8bf9861a5255e47c84bfb23fc526d030a8b  LICENSE
diff --git a/package/ghostscript/ghostscript.mk b/package/ghostscript/ghostscript.mk
index 9e13f29fe9..24a0c489a8 100644
--- a/package/ghostscript/ghostscript.mk
+++ b/package/ghostscript/ghostscript.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GHOSTSCRIPT_VERSION = 9.53.3
+GHOSTSCRIPT_VERSION = 9.55.0
 GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION))
 GHOSTSCRIPT_LICENSE = AGPL-3.0
 GHOSTSCRIPT_LICENSE_FILES = LICENSE
@@ -21,15 +21,6 @@ GHOSTSCRIPT_DEPENDENCIES = \
 	libpng \
 	tiff
 
-# 0002-Bug-704342-Include-device-specifier-strings-in-acces.patch
-GHOSTSCRIPT_IGNORE_CVES += CVE-2021-3781
-
-# 0003-oss-fuzz-30715-Check-stack-limits-after-function-evaluation.patch
-GHOSTSCRIPT_IGNORE_CVES += CVE-2021-45944
-
-# 0004-Bug-703902-Fix-op-stack-management-in-sampled_data_continue.patch
-GHOSTSCRIPT_IGNORE_CVES += CVE-2021-45949
-
 # Ghostscript includes (old) copies of several libraries, delete them.
 # Inspired by linuxfromscratch:
 # http://www.linuxfromscratch.org/blfs/view/svn/pst/gs.html
@@ -52,6 +43,7 @@ GHOSTSCRIPT_CONF_OPTS = \
 	--enable-freetype \
 	--disable-gtk \
 	--without-libpaper \
+	--without-pdf \
 	--with-system-libtiff
 
 ifeq ($(BR2_PACKAGE_JBIG2DEC),y)
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread