-
ghostscript (8.71.dfsg.2-0ubuntu7.1) maverick-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Tue, 20 Dec 2011 14:09:50 -0500
-
ghostscript (8.71.dfsg.2-0ubuntu7) maverick; urgency=low
* debian/control: Updated versioned dependency of ghostscript on gsfonts,
we need at least gsfonts 1:8.11+urwcyr1.0.7~pre44-4.1 now due to the
dropping of defoma.
-- Till Kamppeter <email address hidden> Mon, 20 Sep 2010 18:57:20 +0200
-
ghostscript (8.71.dfsg.2-0ubuntu6) maverick; urgency=low
* debian/patches/substractive-gray-fix: Fixed the handling of substractive
monochrome/grayscale color spaces by the PDF interpreter. Such color
space is often used by the CUPS Raster output device, especially by
Gutenprint on monochrome laser printers.
-- Till Kamppeter <email address hidden> Wed, 1 Sep 2010 10:21:20 +0200
-
ghostscript (8.71.dfsg.2-0ubuntu5) maverick; urgency=low
* debian/patches/cups-raster-fixes.dpatch: Do not do over-verbose debug
logging. This made rendering sigificantly slower and also made it more
difficult to read the CUPS error_log file (Upstream bug #690581).
-- Till Kamppeter <email address hidden> Thu, 12 Aug 2010 20:32:20 +0200
-
ghostscript (8.71.dfsg.2-0ubuntu4) maverick; urgency=low
* debian/patches/cups-raster-fixes.dpatch: Added following fixes to the
patch:
o Eliminated compiler warning appearing after the recent memory
reallocation fixes.
o Support CUPS Raster level 2 (compressed) output (Upstream bug #689885).
o Improved memory management: Automatic buffer size determination if
RIP_MAX_CACHE variable is not set or not a non-zero number, BufferSpace
size is same as MaxBitmap, not 1/10 (Upstream bug #691499).
o Reallocate memory also if color depth changes during the job (Upstream
bug #690435).
* debian/patches/x11-device-do-not-create-huge-windows.dpatch: Some input
files made Ghostscript opening a huge window, much bigger than the usual
desktop, and sometimes using up all the computer's memory and making the
computer crash (Upstream bug #690444).
* debian/patches/check-all-pdfs-for-transparency.dpatch: Transparency in
PDFs is was only introduced in PDF 1.4 according to the Adobe specs, but
there are PDFs claiming to be of an older standard but they contain
transparency. With this patch all PDFs are checked for transparency
(Upstream bug #691273).
* debian/patches/pdf-rendering-performance.dpatch: Improved PDF rendering
performance by replacing the standard C floor() function by a simple macro
(Upstream bug #691504).
* debian/patches/x11-device-modularization-fixes.dpatch: Assorted fixes in
the modularization of the X11 output devices (Upstream bug #691510).
* debian/patches/device-n-init-variables-to-avoid-segfault.dpatch: Added
some missing initializations in DeviceN to avoid possible segmentation
faults (Upstream bug #690428).
* debian/patches/fix-imagem-output-device.dpatch: Fixed double-free
corruption of "imagen" output device (Upstream bug #690561).
-- Till Kamppeter <email address hidden> Mon, 19 Jul 2010 19:15:20 +0200
-
ghostscript (8.71.dfsg.2-0ubuntu3) maverick; urgency=low
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
procedure invocations (LP: #546009)
- debian/patches/CVE-2010-1628.dpatch: only initialize structures if
all allocations were successful in psi/ialloc.c, psi/idosave.h,
psi/isave.c.
- CVE-2010-1628
-- Marc Deslauriers <email address hidden> Thu, 22 Jul 2010 12:19:37 +0200
-
ghostscript (8.71.dfsg.2-0ubuntu2) maverick; urgency=low
* debian/patches/ps2pdf-hyperlinks.dpatch: Let ps2pdf create proper hyperlinks
(LP: #583990, upstream bug #691344).
-- Till Kamppeter <email address hidden> Mon, 19 Jul 2010 19:15:20 +0200
-
ghostscript (8.71.dfsg.2-0ubuntu1) maverick; urgency=low
* New source tarball, still based on Ghostscript 8.71, but with less files
removed. As for most files in Resource/CMap/ Adobe has changed the license
we do not remove the files in Resource/CMap/ entirely but only the files
which have still a non-free license. As these files are only needed for
old CJK PDF files (of the Adobe Acrobat Reader 3-6 generation) for most
users this will reintroduce the same PDF and font compatibility as
upstream Ghostscript. See Ghostscript upstream bug 691212. This should fix
upstream bug 691345 and the Ghostscript part of LP: #321932. Used the
command line "grep -li 'not altered' Resource/CMap/* | xargs rm" to
remove these files.
* debian/README.Debian: Updated for the change in the removal of non-free
files from the upstream source tarball.
* debian/ghostscript.links: Removed links which got obsolete from defoma
removal.
* debian/dirs: Removed directories which got obsolete from defomo removal.
* debian/rules: Removed "fail-if-cmaps-exist" rule, as we do not remove
the entire Resource/CMap/ any more.
-- Till Kamppeter <email address hidden> Fri, 04 Jun 2010 10:54:20 +0200
-
ghostscript (8.71.dfsg.1-0ubuntu6) maverick; urgency=low
* debian/ghostscript.prerm, debian/gs.defoma, debian/ghostscript.postrm,
debian/dirs, debian/ghostscript.links, debian/control, debian/rules,
debian/ghostscript.postinst, debian/ghostscript.preinst,
debian/update-gsfontmap: Merge changes from 8.71~dfsg2-1.1 (LP: #584597):
- Drop defoma.
- Add update-gsfontmap to provide cidfmap and Fontmap.
-- Stefano Rivera <email address hidden> Sun, 23 May 2010 18:13:43 +0200
-
ghostscript (8.71.dfsg.1-0ubuntu5.1) lucid-proposed; urgency=low
* debian/patches/pdf-interpreter-segfault-fixes.dpatch,
debian/patches/cups-raster-fixes.dpatch,
debian/patches/fapi-buildchar-object-null-check.dpatch,
debian/patches/cups-raster-error-out-without-segfault-and-force-banding.dpatch,
debian/patches/cups-raster-fix-memory-reallocation.dpatch: Fixed several
problems in the PDF interpreter and the CUPS Raster output device of
Ghostscript to avoid Ghostscript erroring out or even crashing on many
input files when printing with a CUPS Raster driver (LP: 539708, upstream
bug #691014). Joined all changes on cups/gdevcups.c into one patch as
the patches are overlapping and parts of the old patches are undone.
-- Till Kamppeter <email address hidden> Thu, 29 Apr 2010 09:43:23 +0200
-
ghostscript (8.71.dfsg.1-0ubuntu5) lucid; urgency=low
* debian/patches/pdf2dsc-fix-for-pdflatex-preview.dpatch:
Fix pdflatex preview mode using the patch from http://svn.ghostscript.com/viewvc?view=rev&revision=10778
by William Bader (LP: #543266)
-- Josh Holland <email address hidden> Fri, 02 Apr 2010 08:25:31 +0100
