ubuntu/+source/ghostscript:ubuntu/disco

Last commit made on 2019-03-21
Get this branch:
git clone -b ubuntu/disco https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/disco
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

56b280e... by Marc Deslauriers on 2019-03-21

Import patches-unapplied version 9.26~dfsg+0-0ubuntu7 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 34810fcdc24441d6176a62c966cdb35382ca1c99

New changelog entries:
  * SECURITY UPDATE: superexec operator is available
    - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
      gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
      Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
      it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
      Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
    - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
      Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
      psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
    - CVE-2019-3835
  * SECURITY UPDATE: forceput in DefineResource is still accessible
    - debian/patches/CVE-2019-3838-1.patch: make a transient proc
      executeonly in Resource/Init/gs_res.ps.
    - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
      executeonly in Resource/Init/gs_res.ps.
    - CVE-2019-3838

34810fc... by Marc Deslauriers on 2019-02-25

Import patches-unapplied version 9.26~dfsg+0-0ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: a386c42ad4d256021eaa83911c548da9ac291e48

New changelog entries:
  * SECURITY REGRESSION: Previous regression fix causes blue background
    (LP: #1817308)
    - debian/patches/lp1815339-2.patch: properly map RGBW color space in
      cups/gdevcups.c.

a386c42... by Marc Deslauriers on 2019-02-20

Import patches-unapplied version 9.26~dfsg+0-0ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: ff6345037c5d8e2814b8e78daa7d72cab3be049e

New changelog entries:
  * SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail
    (LP: #1815339)
    - debian/patches/lp1815339.patch: fix logic in cups/gdevcups.c.

ff63450... by Marc Deslauriers on 2019-01-23

Import patches-unapplied version 9.26~dfsg+0-0ubuntu4 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: d42bb47076550d884d39e88c68b166b25c1f0ae0

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-6116.patch: address .force* operators
      exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
      Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
      Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
      Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
      Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
      Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
      psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
    - CVE-2019-6116
  * debian/libgs9.symbols: added new symbol.

d42bb47... by Till Kamppeter on 2018-12-05

Import patches-unapplied version 9.26~dfsg+0-0ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 079ae94f13baa4120ecb0385ae3bff72274ca588

New changelog entries:
  * Backported upstream patch to prevent crashes when calling Ghostscript
    with a PDF file and "-dLastPage=1" (LP: #1806517, upstream bug #700315).

079ae94... by Till Kamppeter on 2018-11-29

Import patches-unapplied version 9.26~dfsg+0-0ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 861e78756dfbf1ec854216e724a30198425bd6e2

New changelog entries:
  * Backported upstream patch to make Duplex on non-default page sizes work
    (on certain PostScript printers, upstream bug #700232).

861e787... by Marc Deslauriers on 2018-11-28

Import patches-unapplied version 9.26~dfsg+0-0ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: f1931c918a2cc8098c3dff266e77a1e32ebe1a6d

New changelog entries:
  * SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
    - CVE-2018-19409
    - CVE-2018-19475
    - CVE-2018-19476
    - CVE-2018-19477
  * Removed patches included in new version:
    - debian/patches/0218*.patch
    - debian/patches/lp1800062.patch
  * debian/libgs9.symbols: updated for new version.

f1931c9... by Marc Deslauriers on 2018-10-30

Import patches-unapplied version 9.25~dfsg+1-0ubuntu1.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b32f7095b37aabfc4b15ac73352ab77125174235

New changelog entries:
  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0218*.patch: multiple cherry-picked upstream commits
      to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
      these for Debian's 9.25~dfsg-3 package.
    - debian/libgs9.symbols: added new symbol.
    - CVE-2018-17961
    - CVE-2018-18073
    - CVE-2018-18284
  * Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
    - debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
      logic in cups/gdevcups.c.

b32f709... by Till Kamppeter on 2018-09-13

Import patches-unapplied version 9.25~dfsg+1-0ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 67a6f88ffdd2514bd8e8ea08bdf8cd67ff04cf37

New changelog entries:
  * New upstream bug fix release
    Highlights:
    - Highly recommended by upstream, release done to fix regressions in 9.24.
    - This release fixes problems with argument handling, some unintended
      results of the security fixes to the SAFER file access restrictions
      (specifically accessing ICC profile files), and some additional security
      issues over the recent 9.24 release.
    - Note: The ps2epsi utility does not, and cannot call Ghostscript with
      the -dSAFER command line option. It should never be called with input
      from untrusted sources.
  * Removed patch 020180906-bc3df07-*.patch backported from upstream.
  * Refreshed patches 2003_support_multiarch.patch and
    2007_suggest_install_ghostscript-doc_in_code.patch with quilt.
  * debian/libgs9.symbols: Updated for new upstream source. Applied patch
    which dpkg-gensymbols generated.

67a6f88... by Till Kamppeter on 2018-09-06

Import patches-unapplied version 9.24~dfsg+1-0ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: e11f2aca881662d909db02fd10b78cf1b418b58b

New changelog entries:
  * New upstream release (LP: #1791279)
    Highlights:
    - Security issues have been the primary focus of this release,
      including solving several (well publicised) real and potential
      exploits.
      Upstream highly recommends this due to the many security fixes
      and improvements.
  * debian/copyright, debian/rules: Upstream renamed the lcms2art/ directory
    to lcms2mt/.
  * Removed patch CVE-2018-10194.patch backported from upstream.
  * Refreshed patch 2010_add_build_timestamp_setting.patch with quilt.
  * 020180906-bc3df07-for-icc-profile-validation-have-cups-id-itself-as-device-n.patch:
    "cups" output device did not work because there were no output profiles
    for all color spaces (Upstream bug #699713).
  * Merged from Debian package:
    - Update copyright-check maintainer script: Extract metadata from png files.
    - Update copyright info:
      + Extend coverage for main upstream author.
      + Extend coverage for Adobe.
    - Extend lintian overrides regarding License-Reference.
    - Declare compliance with Debian Policy 4.2.0.
  * debian/libgs9.symbols: Updated for new upstream source. Applied patch
    which dpkg-gensymbols generated.