~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-security : changes

~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-security » Changes from revision 73

From Revision 73 to 54

Rev	Summary	Authors	Tags	Date
73	* SECURITY UPDATE: denial of service via crafted ICC color p... * SECURITY UPDATE: denial of service via crafted ICC color profile - debian/patches/CVE-2014-8137.dpatch: prevent double-free in jasper/src/libjasper/base/jas_icc.c, remove assert in jasper/src/libjasper/jp2/jp2_dec.c. - CVE-2014-8137 * SECURITY UPDATE: denial of service or code execution via invalid channel number - debian/patches/CVE-2014-8138.dpatch: validate channel number in jasper/src/libjasper/jp2/jp2_dec.c. - CVE-2014-8138 * SECURITY UPDATE: denial of service or code execution via off-by-one - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in jasper/src/libjasper/jpc/jpc_dec.c. - CVE-2014-8157 * SECURITY UPDATE: denial of service or code execution via memory corruption - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c. - CVE-2014-8158	Marc Deslauriers	8.71.dfsg.1-0ubuntu5.7	9 years ago
72	* SECURITY UPDATE: heap overflows via crafted jp2 file * SECURITY UPDATE: heap overflows via crafted jp2 file - debian/patches/CVE-2014-9029.dpatch: fix off-by-one in jasper/src/libjasper/jpc/jpc_dec.c. - CVE-2014-9029	Marc Deslauriers	8.71.dfsg.1-0ubuntu5.6	9 years ago
71	* SECURITY UPDATE: denial of service and possible code execu... * SECURITY UPDATE: denial of service and possible code execution via icclib overflow - debian/patches/CVE-2012-4405.dpatch: validate input channels in icclib/icc.c. - CVE-2012-4405	Marc Deslauriers	8.71.dfsg.1-0ubuntu5.5	11 years ago
70	* SECURITY UPDATE: integer overflows via integer multiplicat... * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517	Marc Deslauriers	8.71.dfsg.1-0ubuntu5.4	12 years ago
69	* SECURITY UPDATE: arbitrary code execution via unlimited re... * SECURITY UPDATE: arbitrary code execution via unlimited recursive procedure invocations (LP: #546009) - debian/patches/CVE-2010-1628.dpatch: only initialize structures if all allocations were successful in psi/ialloc.c, psi/idosave.h, psi/isave.c. - CVE-2010-1628	Marc Deslauriers	8.71.dfsg.1-0ubuntu5.2	13 years ago
68	Fix pdflatex preview mode. Fix pdflatex preview mode.	James Westby	8.71.dfsg.1-0ubuntu5	14 years ago
67	debian/patches/cups-raster-error-out-without-segfault-and-fo... debian/patches/cups-raster-error-out-without-segfault-and-force-banding.dpatch: Make the "cups" output device (CUPS Raster) error out correctly without causing segfaults and also force banding mode as some PDFs do not render otherwise (LP: #534525).	Till Kamppeter	8.71.dfsg.1-0ubuntu4	14 years ago
66	* debian/patches/pdftoraster-wait-for-ghostscript.dpatch: pd... * debian/patches/pdftoraster-wait-for-ghostscript.dpatch: pdftoraster exited already before its Ghostscript subprocess finished. Thanks to Tim Waugh from Red Hat for the fix. * debian/patches/cups-raster-fix-memory-reallocation.dpatch: Fixed bug in memory reallocation on bitmap size changes. Color depth was not taken into account. This caused black pages to be printed with some CUPS Raster drivers, like Turboprint. Fixes upstream bugs #691029 and #691108. * debian/patches/fix-broken-korean-example.dpatch: Fixed example file for rendering Korean text.	Till Kamppeter	8.71.dfsg.1-0ubuntu3	14 years ago
65	no-cant-refill-scanner-input-buffer-error.dpatch: Ghostscrip... no-cant-refill-scanner-input-buffer-error.dpatch: Ghostscript errored out when getting fed with the Ubuntu test page (/usr/share/system-config-printer/testpage-a4.ps) on stdin giving a "Can't refill scanner input buffer" error. (Upstream bugs #691137, #690909).	Till Kamppeter	8.71.dfsg.1-0ubuntu2	14 years ago
64	* New upstream release * New upstream release o libtiff-based tiff file output o New "tiffsep1" output device produces halftoned separations at 1 bit per pixel o Improved FreeType-based font rasterizing (not yet used as default) o Improved graphics library for vector graphics conversions o Many bug fixes on the PCL-XL printer drivers ("pxlmono", "pxlcolor") o Fixes on back side handling for duplex printing in the CUPS Raster output device ("cups"). * debian/patches/gs-cups-rgb-gamma.dpatch, debian/patches/cljet5-mediasize-fix.dpatch, debian/patches/pxl-driver-fixes.dpatch, debian/patches/gs-cups-fix-backside-on-duplex-jobs.dpatch: Removed patches backported from upstream. * debian/patches/fix-build-of-executables.dpatch: Fix build of the "gs" executable, it was built as a shared library and not as an executable. This lead to an immediate segfault even before "main()" got called. Thanks to Robin Watts from Ghostscript for the quick fix. * debian/control: Added build dependency on libtiff-dev. * debian/ghostscript.links: s/8.70/8.71/	Till Kamppeter	8.71.dfsg.1-0ubuntu1	14 years ago
63	debian/patches/gs-cups-fix-backside-on-duplex-jobs.dpatch: T... debian/patches/gs-cups-fix-backside-on-duplex-jobs.dpatch: The "cups" output device (generating input for the CUPS Raster drivers) did not update the margins and page orientation for the back sides in time and so the back side was often the wrong way around, especially with printers which print the back sides backwards, like HP inkjets. The problem occurs only with PostScript as input and not with PDF, which made the bug not showing in Ubuntu and Debian. This change is applied to Ubuntu's Ghostscript so that Lucid users regression-test it before Ghostscript 8.71 gets released in February (HPLIP upstream bug: LP: #484928).	Till Kamppeter	8.70.dfsg.1-0ubuntu5	14 years ago
62	debian/patches/pxl-driver-fixes.dpatch: Several upstream bug... debian/patches/pxl-driver-fixes.dpatch: Several upstream bug fixes on the PCL-XL drivers ("pxlcolor"/"pxlmono") in Ghostscript, especially also for PDF input. Thanks to Hin-Tak Leung on putting all that work into this driver which stayed nearly untouched for around 10 years. (LP: #361772).	Till Kamppeter	8.70.dfsg.1-0ubuntu4	14 years ago
61	debian/patches/cljet5-mediasize-fix.dpatch: Upstream fix for... debian/patches/cljet5-mediasize-fix.dpatch: Upstream fix for the media size handling of the "cljet5" printer driver.	Till Kamppeter	8.70.dfsg.1-0ubuntu3	14 years ago
60	* debian/ghostscript-cups.postinst: Fixed "lpstat -r" check ... * debian/ghostscript-cups.postinst: Fixed "lpstat -r" check for the auto update of PPDs of existing queues. "lpstat -r" exits always with status 0, we must check the actual output. Call lpstat, lpadmin, and cupsctl with "-h /var/run/cups/cups.sock" to avoid querying remote servers set up in /etc/cups/client.conf, and asking for passwords. Thanks to Martin-Éric Racine for tracking this down and the solution! See Debian bug #543468. Use signal names instead of numbers for trap. Quiesces a lintian bashism warning. * debian/rules: Remove /usr/bin/ps2pdf from the ghostscript package, it was treated by update-alternatives for a longer time already (LP: #429856).	Till Kamppeter	8.70.dfsg.1-0ubuntu2	14 years ago
59	* New upstream release * New upstream release o License is now GPLv3 or later o No functional change. This is only to let the final release not appear as a release candidate in the help output and documentation and also to reflect the new license. * debian/copyright: License change.	Till Kamppeter	8.70.dfsg.1-0ubuntu1	14 years ago
58	* New upstream release * New upstream release o Fixes many transparency problems: color space conversion, mask contexts, patterns, ... o Fixes in font handling, especially when generating PDF o Improvements in robustness, correctness, and performance o New generic Esc/Page drivers: "eplmono", "eplcolor" o New "cdnj500" driver for many HP DesignJet printers o License is now GPLv2 or later and not GPLv2-only any more o Merged all patches of the Ubuntu and Debian packages upstream o Fixes LP: #196009 * debian/patches/33_bad-params-to-xinitimage-on-large-bitmaps.dpatch, debian/patches/35_bitcmyk-blank-output.dpatch, debian/patches/37_fix-segfault-in-cups-raster-output-device.dpatch, debian/patches/38_CVE-2009-0583_0584.dpatch, debian/patches/40_pdfwrite-numcopies.dpatch, debian/patches/41_CVE-2009-0196.dpatch, debian/patches/42_CVE-2009-0792.dpatch, debian/patches/43_add-cdnj500-driver.dpatch, debian/patches/45_cups-device-pagesize-margins-duplex-fixes.dpatch, debian/patches/47_ps2write-segfault-fix.dpatch, debian/patches/50_ps2write-do-not-advertize-dsc-conformance.dpatch, debian/patches/53_fix-pstoraster-for-call-with-input-filename.dpatch: Removed patches backported from upstream. * debian/copyright: License change. * debian/ghostscript.links: s/8.64/8.70/	Till Kamppeter	8.70.dfsg.1~rc1-0ubuntu1	14 years ago
57	debian/patches/43_add-cdnj500-driver.dpatch: Set rendering i... debian/patches/43_add-cdnj500-driver.dpatch: Set rendering intent for the "Presentation" quality in the "cdnj500" driver to "Perceptual", this gives better colors than the original "SATURATION".	Till Kamppeter	8.64.dfsg.1-0ubuntu15	14 years ago
56	debian/control: Moved dependencies of ghostscript-cups on cu... debian/control: Moved dependencies of ghostscript-cups on cups, cups-client back to Depends:, for post-install this is sufficient.	Till Kamppeter	8.64.dfsg.1-0ubuntu14	14 years ago
55	debian/control: Moved dependencies of ghostscript-cups on cu... debian/control: Moved dependencies of ghostscript-cups on cups, cups-client, and perl-base to Pre-Depends:, as only this way it is assured that these packages are configured (especially CUPS daemon running) before this package gets configured (update of the PPDs of existing queues).	Till Kamppeter	8.64.dfsg.1-0ubuntu13	14 years ago
54	debian/control: Removed unneeded "perl" from Depends:. This ... debian/control: Removed unneeded "perl" from Depends:. This is only needed for Perl applications, not for a simple "perl -p -e ..." in the postinst script.	Till Kamppeter	8.64.dfsg.1-0ubuntu12	14 years ago

Older »