[Buildroot] [PATCH] package/ghostscript: security bump to v10.06.0
Titouan Christophe
titouan.christophe at mind.be
Tue Sep 30 10:40:38 UTC 2025
This fixes the following vulnerabilities:
- CVE-2025-59798:
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow
in pdf_write_cmap in devices/vector/gdevpdtw.c.
https://www.cve.org/CVERecord?id=CVE-2025-59798
- CVE-2025-59799:
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow
in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size
value.
https://www.cve.org/CVERecord?id=CVE-2025-59799
- CVE-2025-59800:
In Artifex Ghostscript through 10.05.1, ocr_begin_page in
devices/gdevpdfocr.c has an integer overflow that leads to a heap-
based buffer overflow in ocr_line8.
https://www.cve.org/CVERecord?id=CVE-2025-59800
- CVE-2025-59801:
In Artifex GhostXPS before 10.06.0, there is a stack-based buffer
overflow in xps_unpredict_tiff in xpstiff.c because the
samplesperpixel value is not checked.
https://www.cve.org/CVERecord?id=CVE-2025-59801
Also remove patch that is now applied upstream
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
...Fix-compatibility-with-C23-compilers.patch | 36 -------------------
package/ghostscript/ghostscript.hash | 2 +-
package/ghostscript/ghostscript.mk | 2 +-
3 files changed, 2 insertions(+), 38 deletions(-)
delete mode 100644 package/ghostscript/0001-Fix-compatibility-with-C23-compilers.patch
diff --git a/package/ghostscript/0001-Fix-compatibility-with-C23-compilers.patch b/package/ghostscript/0001-Fix-compatibility-with-C23-compilers.patch
deleted file mode 100644
index 0dfca9cfa2..0000000000
--- a/package/ghostscript/0001-Fix-compatibility-with-C23-compilers.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From ae940946473ceb8c5353bc6e7f04673c6e60502d Mon Sep 17 00:00:00 2001
-From: Alex Cherepanov <alex at coscript.biz>
-Date: Thu, 3 Apr 2025 17:19:41 +0100
-Subject: Bug 708160: Fix compatibility with C23 compilers
-
-Upstream: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ae940946473ceb8c5353bc6e7f04673c6e60502d
-[thomas: Only backport the bool typedef condition]
-Signed-off-by: Thomas Perale <thomas.perale at mind.be>
----
- base/stdpre.h | 6 ++++--
- 1 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/base/stdpre.h b/base/stdpre.h
-index dda30b6a4..2f9c84e0d 100644
---- a/base/stdpre.h
-+++ b/base/stdpre.h
-@@ -1,4 +1,4 @@
--/* Copyright (C) 2001-2023 Artifex Software, Inc.
-+/* Copyright (C) 2001-2025 Artifex Software, Inc.
- All Rights Reserved.
-
- This software is provided AS-IS with no warranty, either express or
-@@ -341,7 +341,9 @@ typedef signed char schar;
- * and the MetroWerks C++ compiler insists that bool be equivalent to
- * unsigned char.
- */
--#ifndef __cplusplus
-+
-+/* C23 has bool as a builtin type. */
-+#if !defined(__cplusplus) && (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 202311L)
- #ifdef __BEOS__
- typedef unsigned char bool;
- #else
---
-cgit v1.2.3
-
diff --git a/package/ghostscript/ghostscript.hash b/package/ghostscript/ghostscript.hash
index c434ac1f3a..9b6ead7cfb 100644
--- a/package/ghostscript/ghostscript.hash
+++ b/package/ghostscript/ghostscript.hash
@@ -1,5 +1,5 @@
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10051/SHA512SUMS
-sha512 1a3f2b0f53db9a00a245df19ce8fdce0fbccc6fad47b64d14fc9058b494ab07c77e21bb073df8d4a2522b3ccb0df26735f8224a9e36c07367031ed2262fb26af ghostscript-10.05.1.tar.xz
+sha512 e9efa6a334cf34703f565f5043dd794452270415b34c2bea260e9dac6c72ebbcbedfa2e4cb9029841f8f582bbce91be8160e135a190081f3262bcf04417f80f1 ghostscript-10.06.0.tar.xz
# Hash for license file:
sha256 8ce064f423b7c24a011b6ebf9431b8bf9861a5255e47c84bfb23fc526d030a8b LICENSE
diff --git a/package/ghostscript/ghostscript.mk b/package/ghostscript/ghostscript.mk
index c9d13f5545..1fc850ad20 100644
--- a/package/ghostscript/ghostscript.mk
+++ b/package/ghostscript/ghostscript.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GHOSTSCRIPT_VERSION = 10.05.1
+GHOSTSCRIPT_VERSION = 10.06.0
GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION))
GHOSTSCRIPT_LICENSE = AGPL-3.0
--
2.51.0
More information about the buildroot
mailing list