ubuntu/+source/ghostscript:ubuntu/hardy-security

Last commit made on 2012-09-24
Get this branch:
git clone -b ubuntu/hardy-security https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy-security
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

3eaa4d8... by Marc Deslauriers on 2012-09-21

Import patches-unapplied version 8.61.dfsg.1-1ubuntu3.5 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 180d296a199a127afcf5c564d6a31a7cf9537607

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    icclib overflow
    - debian/patches/CVE-2012-4405.dpatch: validate input channels in
      icclib/icc.c.
    - CVE-2012-4405

180d296... by Marc Deslauriers on 2011-12-20

Import patches-unapplied version 8.61.dfsg.1-1ubuntu3.4 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 770666fa4f770ae6f45ef7dc22d013b801a3d22f

New changelog entries:
  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    off-by-one in TrueType interpreter.
    - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c.
    - CVE-2009-3743
  * SECURITY UPDATE: denial of service via crafted font data
    - debian/patches/CVE-2010-4054.dpatch: check for null pointers in
      src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}.
    - CVE-2010-4054
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517

770666f... by Marc Deslauriers on 2010-07-12

Import patches-unapplied version 8.61.dfsg.1-1ubuntu3.3 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: e900ea617330a2ab07a7ecdab506af2a11b09c50

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via unlimited recursive
    procedure invocations (LP: #546009)
    - debian/patches/CVE-2010-1628.dpatch: only initialize structures if
      all allocations were successful in src/ialloc.c, src/idosave.h,
      src/isave.c.
    - CVE-2010-1628
  * SECURITY UPDATE: arbitrary code execution via crafted PostScript file
    (LP: #546009)
    - debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
      src/int.mak, src/iscan.c, src/iscan.h.
    - CVE-2010-1869
  * SECURITY UPDATE: arbitrary code execution via long names
    - debian/patches/security-long-names.dpatch: check against maximum size
      in psi/iscan.c.
    - No CVE number yet.

e900ea6... by Marc Deslauriers on 2009-04-09

Import patches-unapplied version 8.61.dfsg.1-1ubuntu3.2 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 8ad36e7a04f4f35e437f9483e2d4535476280cbb

New changelog entries:
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via buffer underflow in the CCITTFax decoding filter
    - debian/patches/33_CVE-2007-6725.dpatch: work around the buffer
      underflow in src/scfd.c.
    - CVE-2007-6725
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via BaseFont writer module
    - debian/patches/34_CVE-2008-6679.dpatch: increase size of buffer in
      src/gdevpdtb.c.
    - CVE-2008-6679
  * SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
    dictionary segments
    - debian/patches/35_CVE-2009-0196.dpatch: validate size of runlength
      in export symbol table in jbig2dec/jbig2_symbol_dict.c.
    - CVE-2009-0196
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via integer overflows in icclib
    - debian/patches/36_CVE-2009-0792.dpatch: fix numerous overflows in
      icclib/icc.c.
    - CVE-2009-0792

8ad36e7... by Marc Deslauriers on 2009-03-23

Import patches-unapplied version 8.61.dfsg.1-1ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 5b0ff1de1218f0cecdef453ac32fb09d2cb9d08b

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution due to integer overflows and
    insufficient upper-bounds checks in the ICC library
    - debian/patches/32_CVE-2009-0583_0584.dpatch: fix multiple integer
      overflows and perform bounds checking in icclib/icc.c.
    - CVE-2009-0583
    - CVE-2009-0584

5b0ff1d... by Jamie Strandboge on 2008-04-08

Import patches-unapplied version 8.61.dfsg.1-1ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: d944c4d8c1d6669d389e883040d266899f6ec5b3

New changelog entries:
  * SECURITY UPDATE: buffer overflow in color space handling code
  * debian/patches/31_CVE-2008-0411.dpatch: fix zseticcspace() to perform
    range checks
  * References
    CVE-2008-0411

d944c4d... by Jonathan Riddell on 2008-02-16

Import patches-unapplied version 8.61.dfsg.1-1ubuntu2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 7a44cf493680930465565348ffe1e6bd0785242d

New changelog entries:
  * Fix debian/libgs8.shlibs for ubuntu version number

7a44cf4... by Till Kamppeter on 2008-02-06

Import patches-unapplied version 8.61.dfsg.1-1ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 3763aab602e3bea4c2c3563b91b3a833d623486b

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - gs-esp and gs-common depend only on ghostscript, not on ghostscript-x,
      as gs-esp had already split off gs-esp-x in Ubuntu
    - Updated the KRGB patch from HP to the newest upstream version with
      added checks for null forward device in the graphic procedures to fix
      segfault bug LP: #69905 and corrected "force banding" code in gsijs_open
      for small images (IE: hagaki in landscape).
  [Masayuki Hatta]
  * New upstream release.
  * Now pdf2dsc can handle PageLabels properly - closes: #266166
  * Bumped up Standards-Version to 3.7.3 (no physical changes).
  * NEWS, README.Debian, copyright: Revised.
  * NEWS: Fixed wrong version number - closes: #454514, #454515
  * Sorted out dpatches:
    01-09: Debian-specific patches
    10-19: Bigger 3rd party patches (KRGB & CJKV)
    20-: Temporary bug fixes (should be incorporated into the upstream)
  * debian/patches/29_gs_css_fix.dpatch: Fixes a syntax error in gs.css
    - closes: #457118
  * debian/patches/30_ps2pdf_man_improvement.dpatch: Improved manpages for
    ps2pdf - closes: #193461
  [Till Kamppeter]
  * debian/patches/09_ijs_krgb_support.dpatch: Adapted to upstream changes.
  * debian/rules: Updated CUPS-related variables for "make install" calls.
  * debian/rules: Remove /usr/include/ghostscript from the ghostscript
    package, they go into libgs-dev.
  * debian/patches/40_cups_filters_with_buffered_input.dpatch: Modified
    cups/psto* filters to let Ghostscript always use buffered input. This
    works around a Ghostscript bug which prevents printing encrypted PDF
    files with Adobe Reader 8.1.1 and Ghostscript built as shared library
    (Ghostscript bug #689577, Ubuntu bug LP: #172264)
  * debian/patches/42_print_encrypted_PDFs_from_adobe_reader_8.dpatch:
    Fixed printing of encrypted PDF files from Adobe Reader 8.1.1. This
    is the real fix now and not only a workaround. (Ghostscript bug
    #689577, Ubuntu bug LP: #172264).

3763aab... by Martin Pitt on 2008-01-30

Import patches-unapplied version 8.61.dfsg.1-0ubuntu5 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: b5a8dcdd0ea5b9c5d0c82b0e9f4e39ddbb00bbca

New changelog entries:
  * debian/rules: Do not ship README.gz in ghostscript, it collides with
    ghostscript-doc. (LP: #185602, Debian #460692)

b5a8dcd... by Till Kamppeter on 2008-01-23

Import patches-unapplied version 8.61.dfsg.1-0ubuntu4 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 6d0477de1226ce4ee4b6ca7207a5eea4a18c9315

New changelog entries:
  * debian/patches/09_ijs_krgb_support.dpatch: Updated the KRGB patch from
    HP to the newest upstream version with added checks for null forward
    device in the graphic procedures to fix segfault bug LP: #69905 and
    corrected "force banding" code in gsijs_open for small images (IE:
    hagaki in landscape).