debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #09848
[Bug 2130127] [NEW] Merge ghostscript from Debian Unstable for resolute
Public bug reported:
Scheduled-For: ubuntu-25.11
Ubuntu: 10.05.0dfsg1-0ubuntu4
Debian Unstable: 10.06.0~dfsg-3
The current version in Ubuntu went ahead of Debian in the past, so this
package may be diverged from Debian and require more review than usual
to get back to mergeability.
If this package should not be considered for merges or syncs in the
future, you may wish to consider adding it to the `sync-blocklist` at:
https://code.launchpad.net/~ubuntu-archive/+git/sync-blocklist
A new release of ghostscript is available for merging from Debian
Unstable.
If it turns out this needs a sync rather than a merge, please change the
tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the
title as desired.
If this merge pulls in a new upstream version, also consider adding an
entry to the resolute Release Notes:
https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/
### New Debian Changes ###
ghostscript (10.06.0~dfsg-3) unstable; urgency=medium
[ Steve Robbins ]
* [703426f] Remove -Werror=declaration-after-statement to
fix build on armhf.
* [9258e4c] Fix two booleans that were meant to be integers
-- Steve M. Robbins <smr@xxxxxxxxxx> Tue, 30 Sep 2025 19:08:44 -0500
ghostscript (10.06.0~dfsg-2) unstable; urgency=medium
[ Steve Robbins ]
* [f3af481] Patch calls to check_64bit_multiply().
* [da00d5b] Wrap overlong changelog line.
-- Steve M. Robbins <smr@xxxxxxxxxx> Mon, 29 Sep 2025 21:47:31 -0500
ghostscript (10.06.0~dfsg-1) unstable; urgency=medium
* New upstream version
- Closes: #1116443, #1116444.
* Standards-Version: 4.7.2 (routine-update)
* Reorder sequence of d/control fields by cme (routine-update)
* Remove trailing whitespace in debian/changelog (routine-update)
Update lintian override info format in d/source/lintian-overrides
on line 2-12, 15.
* [c267038] Remove patches applied upstream
-- Steve M. Robbins <smr@xxxxxxxxxx> Mon, 29 Sep 2025 08:37:38 -0500
ghostscript (10.05.1~dfsg-3) unstable; urgency=medium
[ Steve Robbins ]
* [fb1ee5b] Fixes for C23.
* [4a94390] Additional fixes for C23. Closes: #1096702
-- Steve M. Robbins <smr@xxxxxxxxxx> Sat, 06 Sep 2025 21:25:01 -0500
ghostscript (10.05.1~dfsg-2) unstable; urgency=medium
[ Steve Robbins ]
* [a7443cd] Upstream fix for CVE-2025-7462. Closes: #1109270.
* [510df70] Apply upstream patch that closes: #1101348.
-- Steve M. Robbins <smr@xxxxxxxxxx> Sun, 24 Aug 2025 14:57:41 -0500
ghostscript (10.05.1~dfsg-1) unstable; urgency=medium
[ Steve Robbins ]
* [592d479] New upstream version 10.05.1~dfsg
-- Steve M. Robbins <smr@xxxxxxxxxx> Sun, 04 May 2025 21:32:27 -0500
### Old Ubuntu Delta ###
ghostscript (10.05.0dfsg1-0ubuntu4) questing; urgency=medium
* SECURITY UPDATE: null pointer deref on file write failure
- debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
pdfwrite in devices/vector/gdevpdf.c.
- CVE-2025-7462
* SECURITY UPDATE: stack overflow in pdf_write_cmap
- debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
and check return codes in devices/vector/gdevpdtw.c.
- CVE-2025-59798
* SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
- debian/patches/CVE-2025-59799.patch: bounds check some strings in
devices/vector/gdevpdfm.c.
- CVE-2025-59799
* SECURITY UPDATE: heap overflow in ocr_begin_page
- debian/patches/CVE-2025-59800.patch: fix int overflow in
devices/gdevpdfocr.c.
- CVE-2025-59800
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Thu, 25 Sep 2025
12:14:26 -0400
ghostscript (10.05.0dfsg1-0ubuntu3) questing; urgency=medium
* Build with -std=gnu17 to avoid FTBFS with GCC 15 (LP: #2124948)
-- Graham Inggs <ginggs@xxxxxxxxxx> Wed, 24 Sep 2025 14:24:58 +0000
ghostscript (10.05.0dfsg1-0ubuntu2) questing; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2025-48708.patch: Argument sanitization handle
'#' as per '='
- CVE-2025-48708
-- Bruce Cable <bruce.cable@xxxxxxxxxxxxx> Thu, 03 Jul 2025 15:29:54
+1000
ghostscript (10.05.0dfsg1-0ubuntu1) plucky; urgency=low
* New upstream version 10.05.0dfsg1
-- Till Kamppeter <till.kamppeter@xxxxxxxxx> Wed, 12 Mar 2025 22:22:22
+0100
ghostscript (10.05.0~rc1~dfsg1-0ubuntu1) plucky; urgency=low
* New upstream version 10.05.0~rc1~dfsg1
* Refreshed patches.
* Removed use of sphinxcontrib.googleanalytics Sphinx extension, the
extension is not available in Ubuntu.
-- Till Kamppeter <till.kamppeter@xxxxxxxxx> Thu, 20 Feb 2025 18:35:22
+0100
ghostscript (10.04.0~dfsg1-2ubuntu1) plucky; urgency=low
* Merge from Debian unstable. Remaining changes:
- New re-packaging of Ghostscript 10.04.0, keeping the leptonica and
tesseract convenience copies in as they are not in Ubuntu Main. Added
appropriate remark to debian/copyright.
- Also keep the lcms2mt convenience copy as it is heavily patched by
Ghostscript's upstream developers, especially for multi-threading
(mt) support.
- Do not compile with Neon FPU support on 32-bit ARM (see also Debian bug
#1012254). Otherwise we get FTBFS on armhf.
* Drop CVE* patches, included upstream.
* Refreshed remaining patches with quilt.
-- Till Kamppeter <till.kamppeter@xxxxxxxxx> Thu, 13 Feb 2025 22:22:22
+0100
** Affects: ghostscript (Ubuntu)
Importance: Undecided
Status: New
** Tags: dcr-merge
** Changed in: ghostscript (Ubuntu)
Milestone: None => ubuntu-25.11
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to ghostscript in Ubuntu.
https://bugs.launchpad.net/bugs/2130127
Title:
Merge ghostscript from Debian Unstable for resolute
Status in ghostscript package in Ubuntu:
New
Bug description:
Scheduled-For: ubuntu-25.11
Ubuntu: 10.05.0dfsg1-0ubuntu4
Debian Unstable: 10.06.0~dfsg-3
The current version in Ubuntu went ahead of Debian in the past, so
this package may be diverged from Debian and require more review than
usual to get back to mergeability.
If this package should not be considered for merges or syncs in the
future, you may wish to consider adding it to the `sync-blocklist` at:
https://code.launchpad.net/~ubuntu-archive/+git/sync-blocklist
A new release of ghostscript is available for merging from Debian
Unstable.
If it turns out this needs a sync rather than a merge, please change
the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally)
update the title as desired.
If this merge pulls in a new upstream version, also consider adding an
entry to the resolute Release Notes:
https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/
### New Debian Changes ###
ghostscript (10.06.0~dfsg-3) unstable; urgency=medium
[ Steve Robbins ]
* [703426f] Remove -Werror=declaration-after-statement to
fix build on armhf.
* [9258e4c] Fix two booleans that were meant to be integers
-- Steve M. Robbins <smr@xxxxxxxxxx> Tue, 30 Sep 2025 19:08:44 -0500
ghostscript (10.06.0~dfsg-2) unstable; urgency=medium
[ Steve Robbins ]
* [f3af481] Patch calls to check_64bit_multiply().
* [da00d5b] Wrap overlong changelog line.
-- Steve M. Robbins <smr@xxxxxxxxxx> Mon, 29 Sep 2025 21:47:31 -0500
ghostscript (10.06.0~dfsg-1) unstable; urgency=medium
* New upstream version
- Closes: #1116443, #1116444.
* Standards-Version: 4.7.2 (routine-update)
* Reorder sequence of d/control fields by cme (routine-update)
* Remove trailing whitespace in debian/changelog (routine-update)
Update lintian override info format in d/source/lintian-overrides
on line 2-12, 15.
* [c267038] Remove patches applied upstream
-- Steve M. Robbins <smr@xxxxxxxxxx> Mon, 29 Sep 2025 08:37:38 -0500
ghostscript (10.05.1~dfsg-3) unstable; urgency=medium
[ Steve Robbins ]
* [fb1ee5b] Fixes for C23.
* [4a94390] Additional fixes for C23. Closes: #1096702
-- Steve M. Robbins <smr@xxxxxxxxxx> Sat, 06 Sep 2025 21:25:01 -0500
ghostscript (10.05.1~dfsg-2) unstable; urgency=medium
[ Steve Robbins ]
* [a7443cd] Upstream fix for CVE-2025-7462. Closes: #1109270.
* [510df70] Apply upstream patch that closes: #1101348.
-- Steve M. Robbins <smr@xxxxxxxxxx> Sun, 24 Aug 2025 14:57:41 -0500
ghostscript (10.05.1~dfsg-1) unstable; urgency=medium
[ Steve Robbins ]
* [592d479] New upstream version 10.05.1~dfsg
-- Steve M. Robbins <smr@xxxxxxxxxx> Sun, 04 May 2025 21:32:27 -0500
### Old Ubuntu Delta ###
ghostscript (10.05.0dfsg1-0ubuntu4) questing; urgency=medium
* SECURITY UPDATE: null pointer deref on file write failure
- debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
pdfwrite in devices/vector/gdevpdf.c.
- CVE-2025-7462
* SECURITY UPDATE: stack overflow in pdf_write_cmap
- debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
and check return codes in devices/vector/gdevpdtw.c.
- CVE-2025-59798
* SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
- debian/patches/CVE-2025-59799.patch: bounds check some strings in
devices/vector/gdevpdfm.c.
- CVE-2025-59799
* SECURITY UPDATE: heap overflow in ocr_begin_page
- debian/patches/CVE-2025-59800.patch: fix int overflow in
devices/gdevpdfocr.c.
- CVE-2025-59800
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Thu, 25 Sep 2025
12:14:26 -0400
ghostscript (10.05.0dfsg1-0ubuntu3) questing; urgency=medium
* Build with -std=gnu17 to avoid FTBFS with GCC 15 (LP: #2124948)
-- Graham Inggs <ginggs@xxxxxxxxxx> Wed, 24 Sep 2025 14:24:58 +0000
ghostscript (10.05.0dfsg1-0ubuntu2) questing; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2025-48708.patch: Argument sanitization handle
'#' as per '='
- CVE-2025-48708
-- Bruce Cable <bruce.cable@xxxxxxxxxxxxx> Thu, 03 Jul 2025 15:29:54
+1000
ghostscript (10.05.0dfsg1-0ubuntu1) plucky; urgency=low
* New upstream version 10.05.0dfsg1
-- Till Kamppeter <till.kamppeter@xxxxxxxxx> Wed, 12 Mar 2025
22:22:22 +0100
ghostscript (10.05.0~rc1~dfsg1-0ubuntu1) plucky; urgency=low
* New upstream version 10.05.0~rc1~dfsg1
* Refreshed patches.
* Removed use of sphinxcontrib.googleanalytics Sphinx extension, the
extension is not available in Ubuntu.
-- Till Kamppeter <till.kamppeter@xxxxxxxxx> Thu, 20 Feb 2025
18:35:22 +0100
ghostscript (10.04.0~dfsg1-2ubuntu1) plucky; urgency=low
* Merge from Debian unstable. Remaining changes:
- New re-packaging of Ghostscript 10.04.0, keeping the leptonica and
tesseract convenience copies in as they are not in Ubuntu Main. Added
appropriate remark to debian/copyright.
- Also keep the lcms2mt convenience copy as it is heavily patched by
Ghostscript's upstream developers, especially for multi-threading
(mt) support.
- Do not compile with Neon FPU support on 32-bit ARM (see also Debian bug
#1012254). Otherwise we get FTBFS on armhf.
* Drop CVE* patches, included upstream.
* Refreshed remaining patches with quilt.
-- Till Kamppeter <till.kamppeter@xxxxxxxxx> Thu, 13 Feb 2025
22:22:22 +0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/2130127/+subscriptions
