Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ghostscript: 9.24 -> 9.25 #47948

Merged
merged 1 commit into from Oct 6, 2018
Merged

ghostscript: 9.24 -> 9.25 #47948

merged 1 commit into from Oct 6, 2018

Conversation

flokli
Copy link
Contributor

@flokli flokli commented Oct 6, 2018

Backport of #47934 from master to release-18.09 (merged with #47903 and #47946). Please backport to 18.03 as well.

Changelog

Highlights in this release include:

This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.

CVE-2018-16802
CVE-2018-17183

Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.

Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.

As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.

IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

The usual round of bug fixes, compatibility changes, and incremental improvements.

(cherry picked from commit 5b77b0d)

cc @xeji

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@flokli
ghostscript: 9.24 -> 9.25
80f63a4 
Highlights in this release include:

This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.

CVE-2018-16802
CVE-2018-17183

Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.

Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.

As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.

IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

The usual round of bug fixes, compatibility changes, and incremental improvements.

(cherry picked from commit 5b77b0d)
@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: ghostscript

Partial log (click to expand)

shrinking RPATHs of ELF executables and libraries in /nix/store/jw17fv6rx0qzkvdimvijh73cn2dxb704-ghostscript-9.25-man
gzipping man pages under /nix/store/jw17fv6rx0qzkvdimvijh73cn2dxb704-ghostscript-9.25-man/share/man/
strip is /nix/store/h0lbngpv6ln56hjj59i6l77vxq25flbz-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/jw17fv6rx0qzkvdimvijh73cn2dxb704-ghostscript-9.25-man
checking for references to /build in /nix/store/jw17fv6rx0qzkvdimvijh73cn2dxb704-ghostscript-9.25-man...
shrinking RPATHs of ELF executables and libraries in /nix/store/hqqyj6q2kj57c044qd64y8wb59hgjd2a-ghostscript-9.25-doc
strip is /nix/store/h0lbngpv6ln56hjj59i6l77vxq25flbz-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/hqqyj6q2kj57c044qd64y8wb59hgjd2a-ghostscript-9.25-doc
checking for references to /build in /nix/store/hqqyj6q2kj57c044qd64y8wb59hgjd2a-ghostscript-9.25-doc...
/nix/store/113hnj9nlbir8lhx1s4fw81073mlfyqh-ghostscript-9.25

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: ghostscript

Partial log (click to expand)

shrinking RPATHs of ELF executables and libraries in /nix/store/m6y064a987ahqaz3sjin6pl8bkndkgbp-ghostscript-9.25-man
gzipping man pages under /nix/store/m6y064a987ahqaz3sjin6pl8bkndkgbp-ghostscript-9.25-man/share/man/
strip is /nix/store/y4ymnvgxygpq05h03kyzbj572zmh6zla-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/m6y064a987ahqaz3sjin6pl8bkndkgbp-ghostscript-9.25-man
checking for references to /build in /nix/store/m6y064a987ahqaz3sjin6pl8bkndkgbp-ghostscript-9.25-man...
shrinking RPATHs of ELF executables and libraries in /nix/store/31hzi7dmg5i3yffabikrs37d9sjxwbmg-ghostscript-9.25-doc
strip is /nix/store/y4ymnvgxygpq05h03kyzbj572zmh6zla-binutils-2.30/bin/strip
patching script interpreter paths in /nix/store/31hzi7dmg5i3yffabikrs37d9sjxwbmg-ghostscript-9.25-doc
checking for references to /build in /nix/store/31hzi7dmg5i3yffabikrs37d9sjxwbmg-ghostscript-9.25-doc...
/nix/store/kgi8mmk4xc3jlniiqpas7w737vy9wa6m-ghostscript-9.25

@GrahamcOfBorg
Copy link

Success on x86_64-darwin (full log)

Attempted: ghostscript

Partial log (click to expand)

/nix/store/918jfwp3lgzi2lp81akqhflpn3vm1bmh-ghostscript-9.25/bin/unix-lpr.sh: interpreter directive changed from "/bin/sh" to "/nix/store/cblfnvb5rmhd2z231mqasn0brzh1hhv4-bash-4.4-p23/bin/sh"
/nix/store/918jfwp3lgzi2lp81akqhflpn3vm1bmh-ghostscript-9.25/bin/pdf2ps: interpreter directive changed from "/bin/sh" to "/nix/store/cblfnvb5rmhd2z231mqasn0brzh1hhv4-bash-4.4-p23/bin/sh"
/nix/store/918jfwp3lgzi2lp81akqhflpn3vm1bmh-ghostscript-9.25/bin/eps2eps: interpreter directive changed from "/bin/sh" to "/nix/store/cblfnvb5rmhd2z231mqasn0brzh1hhv4-bash-4.4-p23/bin/sh"
/nix/store/918jfwp3lgzi2lp81akqhflpn3vm1bmh-ghostscript-9.25/bin/lprsetup.sh: interpreter directive changed from "/bin/sh" to "/nix/store/cblfnvb5rmhd2z231mqasn0brzh1hhv4-bash-4.4-p23/bin/sh"
gzipping man pages under /nix/store/ch81asrvdqayx49y6dry09wam4h4jr43-ghostscript-9.25-man/share/man/
strip is /nix/store/df6k4mgdjxciy0f637lryp7c9ln7n1m3-cctools-binutils-darwin/bin/strip
patching script interpreter paths in /nix/store/ch81asrvdqayx49y6dry09wam4h4jr43-ghostscript-9.25-man
strip is /nix/store/df6k4mgdjxciy0f637lryp7c9ln7n1m3-cctools-binutils-darwin/bin/strip
patching script interpreter paths in /nix/store/8k6ql1wxyxxb8ykkrmp4x7k69zl64sn1-ghostscript-9.25-doc
/nix/store/918jfwp3lgzi2lp81akqhflpn3vm1bmh-ghostscript-9.25

@xeji
Copy link
Contributor

xeji commented Oct 6, 2018

@GrahamcOfBorg test printing

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: tests.printing

Partial log (click to expand)

client: running command: sync
client: exit status 0
4 out of 4 tests succeeded
test script finished in 211.68s
cleaning up
killing server (pid 631)
killing client (pid 643)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
/nix/store/in8wbxl9rs4yxljwpdhq2jlsj2ikw68g-vm-test-run-printing

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: tests.printing

Partial log (click to expand)

client: running command: sync
client: exit status 0
4 out of 4 tests succeeded
test script finished in 144.52s
cleaning up
killing server (pid 600)
killing client (pid 612)
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
/nix/store/5s6d0wc6p9m93mqcqrfjxqwangndnk0m-vm-test-run-printing

@xeji xeji merged commit dbcbf7c into NixOS:release-18.09 Oct 6, 2018
xeji pushed a commit that referenced this pull request Oct 6, 2018
@flokli @xeji
ghostscript: 9.24 -> 9.25 (#47948)
54a2076 
Highlights in this release include:

This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release.

CVE-2018-16802
CVE-2018-17183

Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources.

Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues.

As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files.

IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF).

The usual round of bug fixes, compatibility changes, and incremental improvements.

(cherry picked from commit 5b77b0d)
(cherry picked from commit dbcbf7c)
@xeji
Copy link
Contributor

xeji commented Oct 6, 2018

18.03 backport in 54a2076

@flokli flokli deleted the ghostscript-9.25-18.09 branch October 7, 2018 19:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 101-500 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@flokli @GrahamcOfBorg @xeji @samueldr