ubuntu/+source/ghostscript:ubuntu/cosmic-security

Last commit made on 2019-05-08
Get this branch:
git clone -b ubuntu/cosmic-security https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic-security
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

125b1b6... by Marc Deslauriers on 2019-05-07

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.9 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9af8e08e2663aa61837beadd141a3a1e5ef4d89d

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
      in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
      Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
      Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
    - debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
      documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
    - CVE-2019-3839

9af8e08... by Marc Deslauriers on 2019-03-19

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.8 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 392b445382eeccca5a10145267c43a0f778985be

New changelog entries:
  * SECURITY UPDATE: superexec operator is available
    - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
      gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
      Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
      it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
      Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
    - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
      Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
      psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
    - CVE-2019-3835
  * SECURITY UPDATE: forceput in DefineResource is still accessible
    - debian/patches/CVE-2019-3838-1.patch: make a transient proc
      executeonly in Resource/Init/gs_res.ps.
    - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
      executeonly in Resource/Init/gs_res.ps.
    - CVE-2019-3838

392b445... by Marc Deslauriers on 2019-02-25

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.7 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4af75dad12a082347bf36471c357c08f80726b5b

New changelog entries:
  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail,
    second fix attempt. (LP: #1815339)
    - debian/patches/lp1815339.patch: re-enable.
    - debian/patches/lp1815339-2.patch: properly map RGBW color space in
      cups/gdevcups.c.

4af75da... by Chris Coulson on 2019-02-23

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.6 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 1d94806535b35910e9d23bd0423210eb8f07dda5

New changelog entries:
  * SECURITY REGRESSION: Ghostscript update causes blue background
    (LP: #1817308)
    - disable debian/patches/lp1815339.patch

1d94806... by Marc Deslauriers on 2019-02-20

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.5 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: f996c097ba94afa9009f28bd5ac658528f2cfa40

New changelog entries:
  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail
    (LP: #1815339)
    - debian/patches/lp1815339.patch: fix logic in cups/gdevcups.c.
  * debian/libgs9.symbols: add new symbol missing in previous update.

f996c09... by Marc Deslauriers on 2019-01-16

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f049d41c518c23617e8a0311c756d4e3be65b8b

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-6116.patch: address .force* operators
      exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
      Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
      Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
      Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
      Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
      Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
      psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
    - CVE-2019-6116

3f049d4... by Marc Deslauriers on 2018-12-06

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: d5ea4a75e863439c446ec412f993fefa4980e5ae

New changelog entries:
  * SECURITY REGRESSION: multiple regressions (LP: #1806517)
    - debian/patches/020181126-96c381c*.patch: fix duplex issue.
    - debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
      -dLastPage issue.

d5ea4a7... by Marc Deslauriers on 2018-11-28

Import patches-unapplied version 9.26~dfsg+0-0ubuntu0.18.10.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: f1931c918a2cc8098c3dff266e77a1e32ebe1a6d

New changelog entries:
  * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
    - CVE-2018-19409
    - CVE-2018-19475
    - CVE-2018-19476
    - CVE-2018-19477
  * Removed patches included in new version:
    - debian/patches/0218*.patch
    - debian/patches/lp1800062.patch
  * debian/libgs9.symbols: updated for new version.

f1931c9... by Marc Deslauriers on 2018-10-30

Import patches-unapplied version 9.25~dfsg+1-0ubuntu1.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b32f7095b37aabfc4b15ac73352ab77125174235

New changelog entries:
  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0218*.patch: multiple cherry-picked upstream commits
      to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
      these for Debian's 9.25~dfsg-3 package.
    - debian/libgs9.symbols: added new symbol.
    - CVE-2018-17961
    - CVE-2018-18073
    - CVE-2018-18284
  * Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
    - debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
      logic in cups/gdevcups.c.

b32f709... by Till Kamppeter on 2018-09-13

Import patches-unapplied version 9.25~dfsg+1-0ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 67a6f88ffdd2514bd8e8ea08bdf8cd67ff04cf37

New changelog entries:
  * New upstream bug fix release
    Highlights:
    - Highly recommended by upstream, release done to fix regressions in 9.24.
    - This release fixes problems with argument handling, some unintended
      results of the security fixes to the SAFER file access restrictions
      (specifically accessing ICC profile files), and some additional security
      issues over the recent 9.24 release.
    - Note: The ps2epsi utility does not, and cannot call Ghostscript with
      the -dSAFER command line option. It should never be called with input
      from untrusted sources.
  * Removed patch 020180906-bc3df07-*.patch backported from upstream.
  * Refreshed patches 2003_support_multiarch.patch and
    2007_suggest_install_ghostscript-doc_in_code.patch with quilt.
  * debian/libgs9.symbols: Updated for new upstream source. Applied patch
    which dpkg-gensymbols generated.