ubuntu/+source/ghostscript:ubuntu/bionic-updates

Last commit made on 2019-11-14
Get this branch:
git clone -b ubuntu/bionic-updates https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/bionic-updates
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

ea47ce6... by Marc Deslauriers on 2019-11-06

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.12 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d7d471d36a32c38b539bf3c48321c27fa55dde86

New changelog entries:
  * SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput when
    loading fonts
    - debian/patches/CVE-2019-14869.patch: remove use of .forceput in
      Resource/Init/gs_ttf.ps.
    - CVE-2019-14869

d7d471d... by Steve Beattie on 2019-08-28

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.11 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a317fe40878248b735fe01802253a4674e7965e8

New changelog entries:
  * SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
    Exposures
    - debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
      Be more defensive by preventing access to .forceput from
      .setuserparams2.
    - CVE-2019-14811
    - CVE-2019-14812
    - CVE-2019-14813
    - debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
      as execteonly
    - CVE-2019-14817

a317fe4... by Steve Beattie on 2019-08-09

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.10 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 5b4468ea0da5e59532d7ed8703d4574a2dec295a

New changelog entries:
  * SECURITY UPDATE: `-dSAFER` restrictions bypass
    - debian/patches/CVE-2019-10216.patch: protect use of .forceput
      with executeonly
    - CVE-2019-10216

5b4468e... by Marc Deslauriers on 2019-05-07

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.9 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d1c830b91940ac19029eda8a87f5126a51a9766d

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
      in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
      Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
      Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
    - debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
      documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
    - CVE-2019-3839

d1c830b... by Marc Deslauriers on 2019-03-19

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 0142167941fe89a5ac40c905ddb9878a57aafb60

New changelog entries:
  * SECURITY UPDATE: superexec operator is available
    - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
      gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
      Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
      it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
      Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
    - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
      Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
      psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
    - CVE-2019-3835
  * SECURITY UPDATE: forceput in DefineResource is still accessible
    - debian/patches/CVE-2019-3838-1.patch: make a transient proc
      executeonly in Resource/Init/gs_res.ps.
    - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
      executeonly in Resource/Init/gs_res.ps.
    - CVE-2019-3838

0142167... by Marc Deslauriers on 2019-02-25

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.7 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9aaa48a357c0cefcae7ab0fa9767c0de9159b038

New changelog entries:
  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail,
    second fix attempt. (LP: #1815339)
    - debian/patches/lp1815339.patch: re-enable.
    - debian/patches/lp1815339-2.patch: properly map RGBW color space in
      cups/gdevcups.c.

9aaa48a... by Chris Coulson on 2019-02-23

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 7d89cfad5bfcc711184028c9efc1575c324f7e2e

New changelog entries:
  * SECURITY REGRESSION: Ghostscript update causes blue background
    (LP: #1817308)
    - disable debian/patches/lp1815339.patch

7d89cfa... by Marc Deslauriers on 2019-02-20

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6d4d967389cc49d0bdc5418a724d15780578b5b9

New changelog entries:
  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail
    (LP: #1815339)
    - debian/patches/lp1815339.patch: fix logic in cups/gdevcups.c.
  * debian/libgs9.symbols: add new symbol missing in previous update.

6d4d967... by Marc Deslauriers on 2019-01-16

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 33a755dbbd0af523bfd2219978d7b8c778b46588

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-6116.patch: address .force* operators
      exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
      Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
      Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
      Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
      Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
      Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
      psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
    - CVE-2019-6116

33a755d... by Marc Deslauriers on 2018-12-06

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.04.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 375df72312c010458ba0a4f05a174562f4b3ecb5

New changelog entries:
  * SECURITY REGRESSION: multiple regressions (LP: #1806517)
    - debian/patches/020181126-96c381c*.patch: fix duplex issue.
    - debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
      -dLastPage issue.