ubuntu/+source/ghostscript:ubuntu/precise-security

Last commit made on 2017-04-28
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

ee8c0c3... by Steve Beattie on 2017-04-28

Import patches-unapplied version 9.05~dfsg-0ubuntu4.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e1004d3edcbb2565d0cdf6d9d114a1315ffc1186

New changelog entries:
  * SECURITY UPDATE: invalid handling of parameters to .eqproc and
    .rsdparams allowed disabling -dSAFER and thus code execution
    - debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
    - debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
    - CVE-2017-8291
  * SECURITY UPDATE: use-after-free in color management module.
    - CVE-2016-10217.patch: Don't create new ctx when pdf14 device
      reenabled
    - CVE-2016-10217
  * SECURITY UPDATE: divide-by-zero error denial of service in
    base/gxfill.c
    - CVE-2016-10219.patch: check for 0 in denominator
    - CVE-2016-10219
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2016-10220.patch: initialize device data structure correctly
    - CVE-2016-10220
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-5951.patch: use the correct param list enumerator
    - CVE-2017-5951
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-7207.patch: ensure a device has raster memory, before
      trying to read it
    - CVE-2017-7207

e1004d3... by Emily Ratliff on 2016-12-01

Import patches-unapplied version 9.05~dfsg-0ubuntu4.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 6275743cc66ee42ed61c163d71f7c8457b2f5c61

New changelog entries:
  * SECURITY UPDATE: Information disclosure through getenv, filenameforall
    - debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
      honor SAFER
    - CVE-2013-5653
  * SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
    - debian/patches/CVE-2016-7976.patch: Add a file permissions callback
    - CVE-2016-7976
  * SECURITY UPDATE: use-after-free and remote code execution
    - debian/patches/CVE-2016-7978.patch: Reference count device icc profile
    - CVE-2016-7978
  * SECURITY UPDATE: type confusion allows remote code execution
    - debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
    - CVE-2016-7979
  * SECURITY UPDATE: NULL dereference
    - debian/patches/CVE-2016-8602.patch: check for sufficient params
    - CVE-2016-8602
  * SECURITY UPDATE: fix SAFER permissions
    - debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
    - CVE-2016-7977

6275743... by Marc Deslauriers on 2015-07-29

Import patches-unapplied version 9.05~dfsg-0ubuntu4.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 3715b2795d4a8c53095c4e7c4e4e41574c00bc08

New changelog entries:
  * SECURITY UPDATE: integer overflow in gs_heap_alloc_bytes()
    - debian/patches/CVE-2015-3228.patch: added sanity check to
      base/gsmalloc.c.
    - CVE-2015-3228

3715b27... by Till Kamppeter on 2012-08-28

Import patches-unapplied version 9.05~dfsg-0ubuntu4.2 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: df3cca1ff1ee5c15b7439d7c402c4f826815087c

New changelog entries:
  * debian/patches/020120828-535d11e-disable-checking-for-the-max-pdf-object-number-during-pdf-linearisation.patch:
    Disable checking for the max pdf object number during PDF linearisation,
    because linearisation adds a few new objects to the PDF file (LP: #1032366).

df3cca1... by Till Kamppeter on 2012-07-11

Import patches-unapplied version 9.05~dfsg-0ubuntu4.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 4c742bdc8e383be6d29d64cba11c277f00b3ac84

New changelog entries:
  * debian/patches/020120711-4f6b985-write-transparent-type2-pattern-color-to-clist.patch:
    When using a clist, ensure that all the color space data for the
    pattern gets written to the clist, *and* that the clist correctly
    records all the relevant transparency data (LP: #1022516, upstream bug
    #693176).

4c742bd... by Till Kamppeter on 2012-03-29

Import patches-unapplied version 9.05~dfsg-0ubuntu4 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 6d8ba3a82580035d4b584a5a20ffaf775927df43

New changelog entries:
  * debian/patches/020120329-be64563-pdfwrite-when-a-charstring-is-not-found-for-a-glyph-use-the-notdef-width-instead-of-0.patch:
    The "pdfwrite" output device uses zero and not the width of /.notdef whn
    using /.notdef for a glyph not found in an embedded font. This leads to
    wrong spacing in a PostScript file missing a space glyph (LP: #960989,
    upstream bug #692944).

6d8ba3a... by Till Kamppeter on 2012-03-19

Import patches-unapplied version 9.05~dfsg-0ubuntu3 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 4a915ad6b9bda053873e8235a5727e86533b7ca9

New changelog entries:
  * debian/patches/020120319-d6f83df-ps2write-not3ccitt-option.patch: Added
    option to let Ghostscript's "ps2write" output device not compress images
    and bitmap glyphs with CCITTFax filter. The CCITTFax decoder in Brother's
    PostScript printers is broken (LP: #955553).

4a915ad... by Till Kamppeter on 2012-03-07

Import patches-unapplied version 9.05~dfsg-0ubuntu2 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 13220f21605c86784395f3822369d10802958fa2

New changelog entries:
  * debian/ghostscript-doc.install, debian/ghostscript-doc.doc-base: Install
    the Ghostscript documentation into /usr/share/doc/ghostscript-doc instead
    of /usr/share/doc/ghostscript (LP: #789235).
  * debian/libgs__VER__-common.postinst.in,
    debian/libgs__VER__-common.prerm.in: Create a symlink
    /usr/share/ghostscript/current to the /usr/share/ghostscript/<version>
    directory of the newest installed libgs<version>-common package, to have
    version-independent access to the Ghostscript files (LP: #327244).

13220f2... by Till Kamppeter on 2012-02-09

Import patches-unapplied version 9.05~dfsg-0ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: f6d7a31ce23a1fa03fe74f634f9855f14fc07c4e

New changelog entries:
  * New upstream release
     - Ghostscript 9.05 release, February, 8 2012
     - Ghostscript's PDF interpreter is now able to make use of the
       DroidSansFallback TrueType font to automatically substitute for
       missing CIDFonts. Whilst it is always best to ensure the original
       CIDFont is available for the best and most accurate output, the
       ability to make an automatic substitution will be valuable for
       those merely viewing or proofing such files.
     - This release includes support for a proofing ICC profile. The
       command option is specified using -sProofProfile=filename. With
       this option, the color output will emulate what would be obtained
       had the source file been rendered on a device defined by the
       proofing profile. (See GS9_Color_Management.pdf for details.)
     - This release includes support for a device link ICC profile. The
       command option is specified using -sDeviceLinkProfile=filename.
       With this option, the device link profile is added to the end of
       the link transform from source to destination. In this case, one
       can include a command line option like "-sDevice=tiff32nc
       -sOutputICCProfile=srgb.icc -sDeviceLinkProfile=linkRGBtoCMYK.icc"
       and source colors will be mapped through sRGB and through the
       device link profile to CMYK values for the device. (See
       GS9_Color_Management.pdf for details.)
     - Ghostscript now supports "unmanaged color transformations" for
       source DeviceXXX colors (in other words, they use a simplistic
       conversion, rather than the ICC profile based color workflow). This
       is beneficial in uses where performance takes precedence over
       ultimate color fidelity (the command line parameter -dUseFastColor
       enables this).
     - The font set distributed with Ghostscript has been changed to the
       standard 35 Postscript-compatible fonts distributed by URW.
     - Ghostscript now includes a simple ink-coverage device, contributed
       by Sebastian Kapfer (inkcov).
     - The TIFF, JPEG and PNG output devices now support embedding of the
       device ICC profile in the output file.
     - jbig2dec now has simple halftone region support.
     - The ps2write device has had a large number of output quality and
       stability improvements.
     - The txtwrite output was modified so that it more closely matches
       the output from MuPDF, if requested. Note that the algorithms used
       by the two products are not identical and may return slightly
       differing results (See Devices.htm for details).
  * debian/rules: Updated MD5 sum for original source tarball
  * debian/symbols.common: Updated for new upstream source. Applied patch
    which dpkg-gensymbols generated for debian/libgs9.symbols to this file.

f6d7a31... by Till Kamppeter on 2012-02-03

Import patches-unapplied version 9.05~dfsg~20120203-0ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 30e3614cee367642d9dab6334dcb334a9668d73d

New changelog entries:
  * New upstream release
     - GIT snapshot from February, 2 2012.
     - Upstream fix for X11 display output device (LP: #925950).
     - Additional fix for paper size matching of CUPS Raster output device.
  * debian/rules: Reverted changes of last package, problem fixed upstresm.