-
ghostscript (9.05~dfsg-0ubuntu4.5) precise-security; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Don't create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 19:05:47 -0700
-
ghostscript (9.05~dfsg-0ubuntu4.4) precise-security; urgency=medium
* SECURITY UPDATE: Information disclosure through getenv, filenameforall
- debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
honor SAFER
- CVE-2013-5653
* SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
- debian/patches/CVE-2016-7976.patch: Add a file permissions callback
- CVE-2016-7976
* SECURITY UPDATE: use-after-free and remote code execution
- debian/patches/CVE-2016-7978.patch: Reference count device icc profile
- CVE-2016-7978
* SECURITY UPDATE: type confusion allows remote code execution
- debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
- CVE-2016-7979
* SECURITY UPDATE: NULL dereference
- debian/patches/CVE-2016-8602.patch: check for sufficient params
- CVE-2016-8602
* SECURITY UPDATE: fix SAFER permissions
- debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
- CVE-2016-7977
-- Emily Ratliff <email address hidden> Thu, 01 Dec 2016 08:37:22 -0600
-
ghostscript (9.05~dfsg-0ubuntu4.3) precise-security; urgency=medium
* SECURITY UPDATE: integer overflow in gs_heap_alloc_bytes()
- debian/patches/CVE-2015-3228.patch: added sanity check to
base/gsmalloc.c.
- CVE-2015-3228
-- Marc Deslauriers <email address hidden> Wed, 29 Jul 2015 16:05:11 -0400
-
ghostscript (9.05~dfsg-0ubuntu4.2) precise-proposed; urgency=low
* debian/patches/020120828-535d11e-disable-checking-for-the-max-pdf-object-number-during-pdf-linearisation.patch:
Disable checking for the max pdf object number during PDF linearisation,
because linearisation adds a few new objects to the PDF file (LP: #1032366).
-- Till Kamppeter <email address hidden> Tue, 28 Aug 2012 21:07:13 +0200
-
ghostscript (9.05~dfsg-0ubuntu4.1) precise-proposed; urgency=low
* debian/patches/020120711-4f6b985-write-transparent-type2-pattern-color-to-clist.patch:
When using a clist, ensure that all the color space data for the
pattern gets written to the clist, *and* that the clist correctly
records all the relevant transparency data (LP: #1022516, upstream bug
#693176).
-- Till Kamppeter <email address hidden> Wed, 11 Jul 2012 17:08:13 +0200
-
ghostscript (9.05~dfsg-0ubuntu4) precise; urgency=low
* debian/patches/020120329-be64563-pdfwrite-when-a-charstring-is-not-found-for-a-glyph-use-the-notdef-width-instead-of-0.patch:
The "pdfwrite" output device uses zero and not the width of /.notdef whn
using /.notdef for a glyph not found in an embedded font. This leads to
wrong spacing in a PostScript file missing a space glyph (LP: #960989,
upstream bug #692944).
-- Till Kamppeter <email address hidden> Thu, 29 Mar 2012 15:41:13 +0100
-
ghostscript (9.05~dfsg-0ubuntu3) precise; urgency=low
* debian/patches/020120319-d6f83df-ps2write-not3ccitt-option.patch: Added
option to let Ghostscript's "ps2write" output device not compress images
and bitmap glyphs with CCITTFax filter. The CCITTFax decoder in Brother's
PostScript printers is broken (LP: #955553).
-- Till Kamppeter <email address hidden> Mon, 19 Mar 2012 11:45:13 +0100
-
ghostscript (9.05~dfsg-0ubuntu2) precise; urgency=low
* debian/ghostscript-doc.install, debian/ghostscript-doc.doc-base: Install
the Ghostscript documentation into /usr/share/doc/ghostscript-doc instead
of /usr/share/doc/ghostscript (LP: #789235).
* debian/libgs__VER__-common.postinst.in,
debian/libgs__VER__-common.prerm.in: Create a symlink
/usr/share/ghostscript/current to the /usr/share/ghostscript/<version>
directory of the newest installed libgs<version>-common package, to have
version-independent access to the Ghostscript files (LP: #327244).
-- Till Kamppeter <email address hidden> Wed, 7 Mar 2012 17:31:13 +0100
-
ghostscript (9.05~dfsg-0ubuntu1) precise; urgency=low
* New upstream release
- Ghostscript 9.05 release, February, 8 2012
- Ghostscript's PDF interpreter is now able to make use of the
DroidSansFallback TrueType font to automatically substitute for
missing CIDFonts. Whilst it is always best to ensure the original
CIDFont is available for the best and most accurate output, the
ability to make an automatic substitution will be valuable for
those merely viewing or proofing such files.
- This release includes support for a proofing ICC profile. The
command option is specified using -sProofProfile=filename. With
this option, the color output will emulate what would be obtained
had the source file been rendered on a device defined by the
proofing profile. (See GS9_Color_Management.pdf for details.)
- This release includes support for a device link ICC profile. The
command option is specified using -sDeviceLinkProfile=filename.
With this option, the device link profile is added to the end of
the link transform from source to destination. In this case, one
can include a command line option like "-sDevice=tiff32nc
-sOutputICCProfile=srgb.icc -sDeviceLinkProfile=linkRGBtoCMYK.icc"
and source colors will be mapped through sRGB and through the
device link profile to CMYK values for the device. (See
GS9_Color_Management.pdf for details.)
- Ghostscript now supports "unmanaged color transformations" for
source DeviceXXX colors (in other words, they use a simplistic
conversion, rather than the ICC profile based color workflow). This
is beneficial in uses where performance takes precedence over
ultimate color fidelity (the command line parameter -dUseFastColor
enables this).
- The font set distributed with Ghostscript has been changed to the
standard 35 Postscript-compatible fonts distributed by URW.
- Ghostscript now includes a simple ink-coverage device, contributed
by Sebastian Kapfer (inkcov).
- The TIFF, JPEG and PNG output devices now support embedding of the
device ICC profile in the output file.
- jbig2dec now has simple halftone region support.
- The ps2write device has had a large number of output quality and
stability improvements.
- The txtwrite output was modified so that it more closely matches
the output from MuPDF, if requested. Note that the algorithms used
by the two products are not identical and may return slightly
differing results (See Devices.htm for details).
* debian/rules: Updated MD5 sum for original source tarball
* debian/symbols.common: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated for debian/libgs9.symbols to this file.
-- Till Kamppeter <email address hidden> Thu, 09 Feb 2012 13:22:13 +0100
-
ghostscript (9.05~dfsg~20120203-0ubuntu1) precise; urgency=low
* New upstream release
- GIT snapshot from February, 2 2012.
- Upstream fix for X11 display output device (LP: #925950).
- Additional fix for paper size matching of CUPS Raster output device.
* debian/rules: Reverted changes of last package, problem fixed upstresm.
-- Till Kamppeter <email address hidden> Fri, 03 Feb 2012 17:39:41 +0100
-
ghostscript (9.05~dfsg~20120202-0ubuntu2) precise; urgency=low
* debian/rules: Force '-DGS_DEVS_SHARED_DIR=\"/usr/lib/ghostscript/9.05\"'
into the gcc command lines via CFLAGS, so that X11 display device support
works (LP: #925950).
-- Till Kamppeter <email address hidden> Fri, 03 Feb 2012 13:54:15 +0100
-
ghostscript (9.05~dfsg~20120202-0ubuntu1) precise; urgency=low
* New upstream release
- GIT snapshot from February, 2 2012.
- Ghostscript 9.05rc1 + fix of paper size matching in CUPS Raster
output device (LP: #917148).
-- Till Kamppeter <email address hidden> Thu, 02 Feb 2012 22:16:15 +0100
-
ghostscript (9.05~dfsg~20120125-0ubuntu1) precise; urgency=low
* New upstream release
- GIT snapshot from January, 25 2012.
- Snapshot close before GS 9.05 upstream release to test for last bugs\
before the release.
* debian/patches/020110812~46b4ee6-pxl-landscape.patch,
debian/patches/020110812~d9e044e-lips4v-fix.patch,
debian/patches/020110815-05b517b-gdevcups-c-eliminate-compiler-warning.patch,
debian/patches/020110815-1920f21-cups-raster-set-default-color-profiles.patch,
debian/patches/020110815-eb6b631-cups-raster-generate-cups-rgbw.patch,
debian/patches/020110816-781b738-cups-raster-fix-segfaults-on-color-model-change.patch,
debian/patches/020110816-d8da050-cups-raster-improve-black-recognition-on-cmyk-to-rgbw.patch,
debian/patches/020110817-766df64-cups-raster-suppress-warnings.patch,
debian/patches/020110819~fa67a1d.patch,
debian/patches/020110923-5688545-fix-setting-the-iccprofilesdir-userparam.patch,
debian/patches/020110923-7e048c5-dont-crash-when-not-finding-icc-profile.patch,
debian/patches/020111005-d5f1e72-clist-fix-for-rgbw-color-mode.patch,
debian/patches/020111114-4258227-lzw-encode-filter-fix.patch,
debian/patches/029111114-08dc129-ps2write-truetype-fix.patch,
debian/patches/020111122-5cce070-ps2write-postscript-duplex-command-insertion.patch,
debian/patches/020111122-cd8f397-ps2write-fix-handling-of-format-4-cmap-subtables-in-truetype-fonts.patch,
debian/patches/020111125-979f218-ps2write-fix-conversion-of-escaped-string-to-hex-string.patch,
debian/patches/020111209-5359a2d-do-not-use-hexadecimal-names-for-type42-charstrings-and-encoding.patch: Removed upstream patches.
* debian/patches/1001_autoconfigure_cms_choice.patch: Removed, build system
is appropriately approved by upstream.
* debian/rules: linked base/configure.ac and base/Makefile.in to package
root directory so that the autotools find them (needed on GIT snapshots).
* debian/rules, debian/control: Removed build dependency on liblcms1-dev,
icc34.h is shipped with Ghostscript now.
* debian/rules: Added ./icclib/ and ./openjpeg/ directories to
DEB_UPSTREAM_REPACKAGE_EXCLUDES and removed the files in Resource/CMap/
(they are free now).
* debian/copyright: Added icclib/* and openjpeg/* to the list of excluded
files. Updated entries for the files in Resource/CMap/. Updated for renaming
cups/psto* to cups/gsto*.
* debian/symbols.common: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated for debian/libgs9.symbols to this file.
* Merge from Debian testing, remaining changes (recover after accidental sync
in previous (upload):
- debian/control:
+ Keep gs-common with dependency on ghostscript, still too many
packages assuming gs-common has the binaries.
+ Really break and replace older ghostscript in libgs9-common.
- debian/control, debian/rules, debian/libgs__VER__.install.in,
debian/libgs-dev.install: Stop using d-shlibmove, it is not compatible
with libcms2.
- debian/rules, debian/ubuntu/apport-hook.py: Apport hook.
- debian/rules, debian/ghostscript-cups.ppd-updater: Added data file to
trigger the update of the PPD files of existing print queues by CUPS and
to tell CUPS which PPD files to use for the update and how to match them
with the PPDs of the existing queues.
- debian/rules:
+ Generate ABI version number (variable "abi") correctly, cutting off
repackaging and pre-release parts.
+ The scripts pv.sh and fixmswrd.pl are not shipped upstream any more,
so we do not need to delete them any more.
+ Install ghostscript-cups.ppd-updater and remove the dependency on
cups-client from ghostscript-cups.
- debian/symbols.common: resync with Debian, with the exception of lcms2
symbols which were only enabled in 9.04~dfsg-0ubuntu12 in Ubuntu.
- debian/copyright: update credits for the Ubuntu changes.
- debian/ghostscript.preinst: Use Ubuntu version numbers.
- debian/ghostscript-cups.postinst: Removed the post-install script which
was only there to update the PPDs of existing print queues.
- debian/watch: Search for .tar.bz2 source tarballs
-- Till Kamppeter <email address hidden> Wed, 25 Jan 2012 21:22:59 +0100
-
ghostscript (9.04~dfsg-3) unstable; urgency=low
[ Steve Langasek ]
* Mark ghostscript Multi-Arch: foreign, so that the package manager knows
the package satisfies dependencies and build-dependencies of packages
regardless of architecture.
* Drop gs-gpl package: it was already a transitional package in lenny,
and html2ps in squeeze is the last package to recommend it (nothing in
wheezy references it).
* Eliminate the gs provides; nothing in squeeze or wheezy references it.
* Drop gs-common package: it was also transitional from lenny on, and
latexmk in wheezy is the last package to reference it as a Suggests
only.
Closes: bug#646870. Thanks to Jakub Wilk and Didier Raboud.
[ Jonas Smedegaard ]
* Update copyright file: Fix add missing copyright paragraph.
Thanks to lintian.
* Drop transitional Replaces: affecting only testing.
-- Jonas Smedegaard <email address hidden> Thu, 24 Nov 2011 13:01:31 +0700
-
ghostscript (9.04~dfsg-2ubuntu6) precise; urgency=low
* debian/patches/020111209-5359a2d-do-not-use-hexadecimal-names-for-type42-charstrings-and-encoding.patch:
Do not use hexadecimal names for type42 Charstrings and Encoding. This fixes
substitution of certain characters by others when converting PDF to
PostScript with the "ps2write" output device (LP: #898532, upstream bug
#692711)
* debian/patches/020111125-979f218-ps2write-fix-conversion-of-escaped-string-to-hex-string.patch:
ps2write: Fix conversion of escaped string to Hex string (LP: #902145,
upstream bug #692612).
-- Till Kamppeter <email address hidden> Fri, 9 Dec 2011 13:45:59 +0100
-
ghostscript (9.04~dfsg-2ubuntu5) precise; urgency=low
* No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
-- Adam Conrad <email address hidden> Fri, 02 Dec 2011 17:27:55 -0700
-
ghostscript (9.04~dfsg-2ubuntu4) precise; urgency=low
* debian/rules: Let the ghostscript binary package also provide gs-esp,
as several proprietary printer drivers still depend on gs-esp (LP: #897309).
-- Till Kamppeter <email address hidden> Fri, 2 Dec 2011 11:35:59 +0100
-
ghostscript (9.04~dfsg-2ubuntu3) precise; urgency=low
* debian/patches/020111122-cd8f397-ps2write-fix-handling-of-format-4-cmap-subtables-in-truetype-fonts.patch:
ps2write: Fixed handling of format 4 CMAP subtables in TrueType fonte. This
made several characters coming out as garbage when converting PDF to
PostScript (LP: #891074).
* debian/patches/020111122-5cce070-ps2write-postscript-duplex-command-insertion.patch:
ps2write: Insertion of duplex printing commands from PPD files into
ps2write-generated PostScript did not have any effect, making duplex
printing on PostScript printers not work in many cases (LP: #885118).
-- Till Kamppeter <email address hidden> Tue, 22 Nov 2011 10:46:59 +0100
-
ghostscript (9.04~dfsg-2ubuntu2) precise; urgency=low
* debian/patches/020111114-4258227-lzw-encode-filter-fix.patch: In the LZW
encoder filter increment the code size before writing out EOD when the
last code reaches the current limit code. Fix incorrect bytes or decoding
errors at the end of some LZW-encoded streams. Fixes problems of
ps2write producing PostScript output with spurious extra bytes
(LP: #890270, upstream bug #692679).
* debian/patches/029111114-08dc129-ps2write-truetype-fix.patch: Improved
the TrueType composite glyph handling of the "ps2write" output device.
This way PDF output of LibreOffice gets correctly converted to PostScript
for PostScript printers and PostScript-based drivers (LP: #879977, upstream
bug #879977).
-- Till Kamppeter <email address hidden> Mon, 14 Nov 2011 12:59:59 +0100
-
ghostscript (9.04~dfsg-2ubuntu1) precise; urgency=low
* Merge from Debian testing, remaining changes:
- debian/control:
+ gs-common: Reintroduce dependency on ghostscript, still too many
packages assuming gs-common has the binaries.
+ Really break and replace older ghostscript in libgs9-common.
- debian/control, debian/rules, debian/libgs__VER__.install.in,
debian/libgs-dev.install: Stop using d-shlibmove, it is not compatible
with libcms2.
- Apport hook.
- debian/ghostscript-cups.ppd-updater: Added data file to trigger the
update of the PPD files of existing print queues by CUPS and to tell
CUPS which PPD files to use for the update and how to match them with
the PPDs of the existing queues.
- debian/rules:
+ Generate ABI version number (variable "abi") correctly, cutting off
repackaging and pre-release parts.
+ The scripts pv.sh and fixmswrd.pl are not shipped upstream any more,
so we do not need to delete them any more.
+ Install ghostscript-cups.ppd-updater and remove the dependency on
cups-client from ghostscript-cups.
- debian/symbols.common: resync with Debian, with the exception of lcms2
symbols which were only enabled in 9.04~dfsg-0ubuntu12 in Ubuntu.
- debian/copyright: update credits for the Ubuntu changes.
- upstream patches:
+ 020110812~46b4ee6-pxl-landscape.patch: Fixed rendering
landscape-oriented input files with PCL-XL output through the pxlmono
and pxlcolor output devices
+ 020110812~d9e044e-lips4v-fix.patch: Fixed lips4v driver
+ 020110815-1920f21-cups-raster-set-default-color-profiles.patch:
Let the CUPS Raster output device set the correct default output
color space if none is explicitly selected via -sOutputICCProfile=
+ 020110815-05b517b-gdevcups-c-eliminate-compiler-warning.patch:
Eliminated a compiler warning caused by the previous patch.
+ 020110815-eb6b631-cups-raster-generate-cups-rgbw.patch: Let the CUPS
Raster output device generate RGBW as it is described in the CUPS
specification for the CUPS Raster format.
+ 020110816-d8da050-cups-raster-improve-black-recognition-on-cmyk-to-rgbw.patch:
CUPS Raster: Improved recognition of black pixels on CMYK -> RGBW
conversion
+ 020110816-781b738-cups-raster-fix-segfaults-on-color-model-change.patch:
Fix for segfaults in the CUPS Raster output device.
+ 020110817-766df64-cups-raster-suppress-warnings.patch: Code cleanup
of the CUPS Raster device to suppress compiler warnings.
+ 020110923-7e048c5-dont-crash-when-not-finding-icc-profile.patch,
020110923-5688545-fix-setting-the-iccprofilesdir-userparam.patch:
correctly find color profiles, and correctly handle error when not
found instead of crashing.
+ 020111005-d5f1e72-clist-fix-for-rgbw-color-mode.patch: Fixed color
handling in clist (banding) mode to correctly support RGBW color space
- debian/ghostscript.preinst: Use Ubuntu version numbers.
- debian/ghostscript-cups.postinst: Removed the post-install script which
was only there to update the PPDs of existing print queues.
- debian/watch: Search for .tar.bz2 source tarballs
* Dropped changes, included in Debian:
- debian/control: Build-depend on libdbus-1-dev.
- debian/copyright: Added lcms2/* to the list of excluded files.
- debian/rules:
+ Added new "--with-install-cups" option to the ./configure command
line.
+ Added ./lcms2/ directory to DEB_UPSTREAM_REPACKAGE_EXCLUDES.
+ remove unneeded cidfmap correctly
- Enable D-Bus in the ./configure command line, build-depend on
libdbus-1-dev, and let ghostscript-cups recommend colord.
- Build Ghostscript against liblcms instead of liblcms1.
- debian/ghostscript.preinst: Clean up traces of Ghostscript in defoma
via "defoma-app purge gs", so that when updating packages which still
use defoma no warnings get issued.
* Mark ghostscript Multi-Arch: foreign.
-- Steve Langasek <email address hidden> Sun, 06 Nov 2011 10:50:36 -0800
-
ghostscript (9.04~dfsg-0ubuntu12) precise; urgency=low
* debian/patches/1001_dont-crash-when-not-finding-icc-profile.patch,
debian/patches/020110923-5688545-fix-setting-the-iccprofilesdir-userparam.patch,
debian/patches/020110923-7e048c5-dont-crash-when-not-finding-icc-profile.patch:
Patch got applied upstream, replaced the patch by "official" upstream GIT
patches. No change in source code.
* debian/control, debian/rules: Build Ghostscript against liblcms instead
of liblcms1, to fix a crash on Apple-generated EPS figures (both
standalone or embedded in LaTeX-generated PostScript files, LP: #787067).
* debian/control, debian/rules, debian/libgs__VER__.install.in,
debian/libgs-dev.install: Stop using d-shlibmove, it is not compatible
with libcms2.
* debian/symbols.common: Updated. Applied patch which dpkg-gensymbols
generated for debian/libgs9.symbols to this file.
-- Till Kamppeter <email address hidden> Mon, 17 Oct 2011 15:52:31 +0200
-
ghostscript (9.04~dfsg-0ubuntu11) oneiric; urgency=low
* debian/patches/020111005-d5f1e72-clist-fix-for-rgbw-color-mode.patch:
Fixed color handling in clist (banding) mode to correctly support RGBW
color space (LP: #864509, Upstream bug 692568).
-- Till Kamppeter <email address hidden> Thu, 6 Oct 2011 09:00:00 +0200
