ubuntu/+source/ghostscript:ubuntu/yakkety-security

Last commit made on 2017-05-16
Get this branch:
git clone -b ubuntu/yakkety-security https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/yakkety-security
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

73eb1fa... by Steve Beattie on 2017-05-15

Import patches-unapplied version 9.19~dfsg+1-0ubuntu6.6 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 3d57183e7601ba4d3a2ad010875547bf18579626

New changelog entries:
  * REGRESSION UPDATE: Fix for CVE-2017-8291 broke pstoedit when using
    DELAYBIND feature (LP: #1687614).
    - debian/patches/CVE-2017-8291-regression.patch: return false rather
      than raise error when .eqproc is called with parameters that are
      not both procedures; correct stack underflow detection.

3d57183... by Steve Beattie on 2017-04-28

Import patches-unapplied version 9.19~dfsg+1-0ubuntu6.4 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 71a4bfc916e1b7d2d8c08202dee454a3c4bc0ff7

New changelog entries:
  * SECURITY UPDATE: invalid handling of parameters to .eqproc and
    .rsdparams allowed disabling -dSAFER and thus code execution
    - debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
    - debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
    - CVE-2017-8291
  * SECURITY UPDATE: use-after-free in color management module.
    - CVE-2016-10217.patch: Dont create new ctx when pdf14 device
      reenabled
    - CVE-2016-10217
  * SECURITY UPDATE: divide-by-zero error denial of service in
    base/gxfill.c
    - CVE-2016-10219.patch: check for 0 in denominator
    - CVE-2016-10219
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2016-10220.patch: initialize device data structure correctly
    - CVE-2016-10220
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-5951.patch: use the correct param list enumerator
    - CVE-2017-5951
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-7207.patch: ensure a device has raster memory, before
      trying to read it
    - CVE-2017-7207

71a4bfc... by Emily Ratliff on 2016-12-05

Import patches-unapplied version 9.19~dfsg+1-0ubuntu6.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 4ce43e0dab5cf29c61ac4844e826ec232a02c6dc

New changelog entries:
  * SECURITY UPDATE: Fix regression introduced by fix for CVE-2013-5653
    (LP: #1647276)
    - debian/patches/CVE-2013-5653-regression.patch

4ce43e0... by Emily Ratliff on 2016-12-01

Import patches-unapplied version 9.19~dfsg+1-0ubuntu6.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: b6f13711a220bf295ddfc777e6a1f1c52e5931a4

New changelog entries:
  * SECURITY UPDATE: Information disclosure through getenv, filenameforall
    - debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
      honor SAFER
    - CVE-2013-5653
  * SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
    - debian/patches/CVE-2016-7976.patch: Add a file permissions callback
    - CVE-2016-7976
  * SECURITY UPDATE: use-after-free and remote code execution
    - debian/patches/CVE-2016-7978.patch: Reference count device icc profile
    - CVE-2016-7978
  * SECURITY UPDATE: type confusion allows remote code execution
    - debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
    - CVE-2016-7979
  * SECURITY UPDATE: NULL dereference
    - debian/patches/CVE-2016-8602.patch: check for sufficient params
    - CVE-2016-8602
  * SECURITY UPDATE: fix SAFER permissions
    - debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
    - CVE-2016-7977

b6f1371... by Till Kamppeter on 2016-11-14

Import patches-unapplied version 9.19~dfsg+1-0ubuntu6.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: f603943b777bc1c1985e4f288dca15fe264be933

New changelog entries:
  * debian/patches/020161028~0726780_gdevcups-pwgraster-bitmap-always-without-margins.patch:
    "cups" output device: When creating PWG Raster output, always output
    the bitmap of the full page, ignoring any unprintable margins suggested
    by the PPD file (LP: #1637583).

f603943... by Gunnar Hjalmarsson on 2016-09-22

Import patches-unapplied version 9.19~dfsg+1-0ubuntu6 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: f75f177d159e8f648fb24a4a839ab558f7fe62ec

New changelog entries:
  * debian/rules:
    + Revert the dependency change in 9.19~dfsg+1-0ubuntu3
      (LP: #1625734, LP: #1626245).

f75f177... by Till Kamppeter on 2016-09-23

Import patches-unapplied version 9.19~dfsg+1-0ubuntu5 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 912a8a23139f6bc41f2479e9ab8cd1dd29fa69ca

New changelog entries:
  * Fixed MediaPosition, ManualFeed, and MediaType options for the "pxlcolor"
    and "pxlmono" drivers (PCL-XL printers, upstream bug #697025).

912a8a2... by Till Kamppeter on 2016-09-16

Import patches-unapplied version 9.19~dfsg+1-0ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 2c7174de6887598edb9020fc8a9fb2785d021703

New changelog entries:
  * Multiarchify the library packages.

2c7174d... by Gunnar Hjalmarsson on 2016-09-15

Import patches-unapplied version 9.19~dfsg+1-0ubuntu3 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 1dd2a9913a7db806214447af22c75b199213b883

New changelog entries:
  * debian/rules:
    + Make libgs9-common recommend fonts-noto-cjk instead of
      fonts-droid-fallback (LP: #1621210).

1dd2a99... by Till Kamppeter on 2016-08-12

Import patches-unapplied version 9.19~dfsg+1-0ubuntu2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 1d2bb5343c7eb16305032acfb3f405f902a4918f

New changelog entries:
  * Merged Debian's Ghostscript 9.19~dfsg-2 package, remaining Ubuntu change:
    + openjpeg library bundled with upstream Ghostscript/GhostPDL used
      instead of the original openjpeg library, as the original library
      is not accepted into Ubuntu Main
      (https://bugs.launchpad.net/bugs/711061). Due to this, the new patch
      1001 which fixes the use of external libopenjpeg was not overtaken.
    Changes from the Debian package:
    + Modernize cdbs use. Tighten build-dependency on cdbs.
    + Declare compliance with Debian Policy 3.9.8.
    + Update watch file: Fix avoid use of uupdate (unneeded with gbp).
    + Build-depend on licensecheck (not devscripts).