ubuntu/+source/ghostscript:debian/stretch

Last commit made on 2019-09-07
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

6497722... by Salvatore Bonaccorso on 2019-08-08

Import patches-unapplied version 9.26a~dfsg-0+deb9u4 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: ed94b7cc575f71f98d5110d5028ad86e1890a9a7

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * protect use of .forceput with executeonly (CVE-2019-10216)
  * Non-maintainer upload by the Security Team.
  * Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp)
    (CVE-2019-3839)
  * Fix lib/pdf2dsc.ps to use documented Ghostscript pdf procedures

ed94b7c... by Salvatore Bonaccorso on 2019-04-13

Import patches-unapplied version 9.26a~dfsg-0+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: ac6df50f689501628ecfe1ae200ac4c8df45f57b

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Have gs_cet.ps run from gs_init.ps
  * Undef /odef in gs_init.ps
  * Restrict superexec and remove it from internals and gs_cet.ps
    (CVE-2019-3835) (Closes: #925256)
  * Obliterate "superexec". We don't need it, nor do any known apps
    (CVE-2019-3835) (Closes: #925256)
  * Make a transient proc executeonly (in DefineResource) (CVE-2019-3838)
    (Closes: #925257)
  * an extra transient proc needs executeonly'ed (CVE-2019-3838)
    (Closes: #925257)

ac6df50... by Salvatore Bonaccorso on 2019-01-24

Import patches-unapplied version 9.26a~dfsg-0+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: c4f30d914b3f96ead5555075babec700f8324450

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * New upstream version 9.26a~dfsg
    + Includes fix for CVE-2019-6116
  * Temporarily split ABI at ~ (not a).
  * Update symbols: 1 private added
  * Non-maintainer upload by the Security Team.
  * Add patches cherry-picked upstream to fix segfault with certain PDFs with
    -dLastPage=1. (Closes: #915832)
  * Non-maintainer upload by the Security Team.
  * New upstream version 9.26~dfsg
    + Includes fixes for the following security vulnerabilities:
      CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477
  * Drop patches cherry-picked upstream now applied
  * Unfuzz patch 2009.
  * Update symbols: 12 private added.
  * Non-maintainer upload by the Security Team.
  * New upstream version 9.25~dfsg
    + Fixes regression using ps2ascii after fix for CVE-2018-17183
      (Closes: #909076)
    + status operator honour SAFER option (CVE-2018-11645)
  * Drop patches applied upstream
  * Rebase 2001_docdir_fix_for_debian.patch for 9.25
  * Rebase 2010_add_build_timestamp_setting.patch for 9.25
  * Add patches cherry-picked upstream to fix execution issues.
    + Implement .currentoutputdevice operator
    + Change "executeonly" to throw typecheck on gstatetype and
      devicetype objects
    + Undefine some additional internal operators.
    + Fix handling of .needinput if used from interpreter
    + Ensure all errors are included from initialization
    + setundercolorremoval memory corruption
    + copydevice fails after stack device copies invalidated
    + add operand checking to .setnativefontmapbuilt
    + add object type check for AES key
    + Add parameter type checking on .bigstring
    + zparse_dsc_comments can crash with invalid dsc_state
    + Catch errors in setpagesize, .setpagesize and setpagedevice and
      cleanup
    + Catch errors and cleanup stack on statusdict page size definitions
    + Add parameter checking in setresolution
    + device subclass open_device call must return child code
    + fix DSC comment parsing in pdfwrite
    + Check all uses of dict_find* to ensure 0 return properly handled
    + permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite
    + Avoid overrunning non terminated string buffer.
    + Prevent SEGV in gs_setdevice_no_erase.
    + Fix uninitialised value for render_cond.
    + Hide the .needinput operator
    + filenameforall calls bad iodev with insufficent scratch
    + Improve hiding of security critical custom operators (CVE-2018-17961)
      (Closes: #911175)
    + Prevent SEGV after calling gs_image_class_1_simple.
    + don't push userdict in preparation for Type 1 fonts
    + add control over hiding error handlers. (Closes: #909929)
    + For hidden operators, pass a name object to error handler.
      (CVE-2018-17961) (Closes: #911175)
    + Explicitly exclude /unknownerror from the SAFERERRORLIST
    + don't include operator arrays in execstack output (CVE-2018-18073)
      (Closes: #910758)
    + Make .forceput unavailable from '.policyprocs' helper dictionary
      (CVE-2018-18284) (Closes: #911175)
    + .loadfontloop must be an operator (CVE-2018-17961) (Closes: #911175)
    + font parsing - prevent SEGV in .cffparse
  * openjpeg allocator must return NULL if size too large
  * debian/copyright: Refresh with version from 9.25~dfsg-5
  * debian/libgs9.symbols: Update (and sync from 9.25~dfsg-5) for new version.
    Adjust version for errorexec_find@Base.
  * Fix cups get/put_params LeadingEdge logic (cf. #912664)
  * Avoid privacy breach linking documentation to jquery:
    + Add patch 2009 to use local jquery.
    + Add symlink from relative link to system-shared jquery library.
    + Have ghostscript-doc depend on libjs-jquery.
  * Avoid privacy breach linking documentation to font:
    + Avoid linking to remote fonts in documentation.
  * Avoid privacy breach linking documentation with Google:
    + Strip googletagmanager code from documentation.

c4f30d9... by Moritz Mühlenhoff <email address hidden> on 2018-09-14

Import patches-unapplied version 9.20~dfsg-3.2+deb9u5 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 69e38db44f267666775e0e01ce08c646e97c6703

New changelog entries:
  * Fixes for CVE-2018-16509 (fourth patch, rest were applied in deb9u4)
    CVE-2018-16802 and one additional issue with a CVE ID (yet)
  * Add additional patch for CVE-2018-16543
  * Fix a regression introduced in a054156d425b4dbdaaa9fda4b5f1182b27598c2b,
    see https://github.com/apple/cups/issues/5392
  * Multiple security issues, see Security Tracker for details

69e38db... by Salvatore Bonaccorso on 2018-04-29

Import patches-unapplied version 9.20~dfsg-3.2+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 29230b3e0abfd80c787f96716163552f4f5f2e67

New changelog entries:
  * Non-maintainer upload.
  * Segfault with fuzzing file in gxht_thresh_image_init
  * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
    (Closes: #860869)
  * pdfwrite - Guard against trying to output an infinite number
    (CVE-2018-10194) (Closes: #896069)

29230b3... by Salvatore Bonaccorso on 2017-09-28

Import patches-unapplied version 9.20~dfsg-3.2+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 9c0f90f77615fae1acd707e070282ddcab3d8d71

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Bounds check the array allocations methods (CVE-2017-9835)
    (Closes: #869907)
  * Bounds check zone pointer in Ins_MIRP() (CVE-2017-9611) (Closes: #869917)
  * Bounds check zone pointers in Ins_IP() (CVE-2017-9612) (Closes: #869916)
  * Bounds check zone pointer in Ins_MDRP (CVE-2017-9726) (Closes: #869915)
  * Make bounds check in gx_ttfReader__Read more robust (CVE-2017-9727)
    (Closes: #869913)
  * Bounds check Ins_JMPR (CVE-2017-9739) (Closes: #869910)
  * Prevent trying to reloc a freed object (CVE-2017-11714) (Closes: #869977)

9c0f90f... by Salvatore Bonaccorso on 2017-05-21

Import patches-unapplied version 9.20~dfsg-3.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5b3272a23b8ef3dee8e0d85292527c0621122d64

New changelog entries:
  * Non-maintainer upload.
  * Fix regression introduced by CVE-2017-8291 fix.
    When using the "DELAYBIND" feature, it turns out that .eqproc can be
    called with parameters that are not both procedures. In this case, it
    turns out, the expectation is for the operator to return 'false', rather
    than throw an error. (Closes: #862779)

5b3272a... by Salvatore Bonaccorso on 2017-04-28

Import patches-unapplied version 9.20~dfsg-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 72cd44c3765852e11fdb05cb520f4169b81bb248

New changelog entries:
  * Non-maintainer upload.
  * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%"
    substring (CVE-2017-8291) (Closes: #861295)
  * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
  * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
    (Closes: #859694)
  * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
    (Closes: #859666)
  * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
    (Closes: #859662)

72cd44c... by Jonas Smedegaard <email address hidden> on 2017-03-21

Import patches-unapplied version 9.20~dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4212796001d83edb54a972f9280bd18271637e40

New changelog entries:
  * Fix NULL pointer dereference in mem_get_bits_rectangle().
    Closes: Bug#697676 (CVE-2017-7207). Thanks to Salvatore Bonaccorso.

4212796... by Jonas Smedegaard <email address hidden> on 2017-01-25

Import patches-unapplied version 9.20~dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4aa11af9fba4a9ea5a2b78ace9cf89aab87ce92d

New changelog entries:
  * Add patch cherry-picked upstream to always print full PWG Raster
    bitmap.
    Closes: Bug#843095. Thanks to Brian Potkin.
  * Modernize Vcs-Browser field: Use git subdir (not cgit).
  * Stop override lintian for
    package-needs-versioned-debhelper-build-depends: Fixed in lintian.
  * Update watch file: Use github pattern from documentation.
  * Update copyright info: Extend coverage of Debian packaging.
  * Git-ignore quilt .pc subdir.
  * Revert to not have git import-orig use merge-strategy replace.